Personal Data Policy

Protection and Processing of Personal Data

Clarification Text within the Scope

1. Purpose

The purpose of this document, prepared within the scope of protection and processing of personal data, is to legally process and protect the personal data obtained by various methods and technologies during the ongoing commercial activities of LTD.ŞTİ. on the www.elli2nightwear.com website. By making a statement about technical measures, we aim to fulfill the obligation to inform our existing customers, potential customers, company employees, company partners, company officials and third parties, especially our personal data protection law no. When they visit www.elli2nightwear.com and log in to the system, information collected by ELLI2 is collected by ELLI2 in order to provide more effective service to its visitors and customers, such as product ordering, delivery, payment, administration, advertising, marketing, etc. To inform the relevant parties in a transparent manner about the purposes of processing the data collected during the processes, their legal reasons and their rights.

As ELLİ2, we have taken the highest level technical and administrative measures to ensure the security and confidentiality of the data we have collected in order to provide better service at www.elli2nightwear.com.

2. Identity of the Data Controller

Addressee Data Controller in accordance with KVKK: Kınıklı mh. Almelo st. Elli2 Tekstil LTD ŞTİ. located at 6007 sk no.3/4 Pamukkale / Denizli. is.

3. Personal Data We Process

For the continuity of our services, personal data is collected in the following data categories.

● Identity Data

● Communication Data

● Location Data

● Customer Data

● Customer Transaction Data

● Marketing Data

● Demand and Complaint Management Data

Personal Data Provided by You: Name-surname, TR ID number, telephone number, e-mail address, address, photographs and video recordings submitted within the scope of surveys, voice data recorded due to conversations made via corporate e-mail or through the call center, other Your other data and any other Personal Data that you share with us in any way through channels for the purpose of benefiting from our products or services.

4. Storage Periods of Personal Data

Your Personal Data will be retained in any case, in accordance with the KVKK and other legislation regarding the protection of personal data and the mandatory periods, and if a period is not stipulated in the legislation, for the period required for the purpose of processing Personal Data. The retained data is deleted, destroyed or anonymized after the reasons requiring the processing of data cease. Detailed information about storage periods is included in the KVKK Policy Document.

5. Purposes of Processing Personal Data

As a rule, your Personal Data is processed by us based on your explicit consent. However, in order to fulfill our legal obligations within the scope of Article 5.2 and Article 6.3 in accordance with the basic principles stipulated by KVKK, to establish or perform a contract, to fulfill our legal obligations, to establish, exercise or protect a right and to protect our legitimate interests without harming your fundamental rights and freedoms, and Personal data you have made public may also be processed without your explicit consent.

In this context, if the above situations exist, the performance of the products and services provided by our Company, contacting you when necessary in this context, shopping through the www.elli2.com.tr website and mobile application, payment transactions, return transactions, shipping. services, our legitimate interests such as establishing a distance selling contract within the scope of electronic commerce, selling, supplying and delivering products or services, receiving your questions and complaints, responding to you, using them in case of a possible dispute when necessary, reducing costs, efficient use of resources, monitoring call center service quality. We process your Personal Data in order to protect it.

Your Personal Data may be processed for the purposes specified in this Information Text, provided that your explicit consent is obtained within the scope of KVKK Article 5.1 and Article 6.2. In addition, in cases where you give your explicit consent, your data may be processed once you are included in the programs/membership in order to benefit from the program/membership benefits, as our existing programs and memberships offer special advantages to their members. Based on this explicit consent, it is processed for the purpose of offering you opportunities for special products and services such as internet advertising, cross-selling, campaigns, opportunities and product/service advertisements, using cookies for this purpose, making commercial offers taking into account your preferences and recent purchases, and also www. Tracking your usage habits according to your previous records and offering you special products during your visit to elli2.com.tr website and mobile applications; Processing for the purpose of presenting you special advertisements, campaigns, advantages and other benefits for sales and marketing activities and carrying out other marketing and customer service activities, processing for the purpose of creating new product and service models, sending of electronic commercial messages (campaigns, newsletters, customer satisfaction surveys). , product and service advertisements); sending gifts and promotions; It can be processed for the purpose of organizing corporate communications and other events and invitations and providing information about them.

7. Collection and Legal Reasons for Personal Data

Your Personal Data may be collected through channels such as application forms, website membership and contact forms, website e-bulletin registration forms, cookies, job application forms delivered to us by Elli2 via www.elli2nightwear.com and mobile application; In order for Elli2 to continue its activities based on relevant websites and different legal reasons, it can be collected, processed and transferred for the purposes specified in this Information Text, in line with the principles and procedures stipulated by KVKK and other relevant legislation.

8. Your Rights Under KVKK

By applying to ELLI2 as the Relevant Person in accordance with Article 11 of the Personal Data Protection Law;

● Learning whether your Personal Data is being processed or not,

● Requesting information if your Personal Data has been processed,

● Learning the purpose of processing your Personal Data and whether they are used for their intended purpose,

● To request correction of your Personal Data if it has been processed incompletely or incorrectly, and to request that the action taken in this context be notified to third parties to whom your Personal Data has been transferred,

● Although it is processed in accordance with KVKK and other relevant legislation; In order to be evaluated within the principles of purpose, duration and legitimacy, in case the reasons requiring the processing of your Personal Data disappear, request the deletion or destruction of your Personal Data and request that the action taken in this context be notified to third parties to whom the Personal Data has been transferred,

● If your Personal Data is damaged due to unlawful processing, you have the right to request compensation for the damage.

In this context, you can submit your request regarding your above-mentioned rights to us by filling in the ELLI2 Related Person Application Form within the framework of the procedures and principles specified in the form and using the communication methods specified in the form.

ELLI2 will finalize the request free of charge as soon as possible and within 30 (thirty) days at the latest, depending on the nature of the request. However, if a fee is stipulated by the Personal Data Protection Board and if an additional cost arises for the finalization of the requests by ELLİ2, the fees in the tariff determined by the Personal Data Protection Board may be requested by ELLİ2. We would like to emphasize that in cases where your Personal Data is processed with explicit consent, if you withdraw your express consent, you will be removed from the membership program where processing based on such express consent is required and you will not be able to benefit from the advantages you benefit from such processing as of the relevant date.

You can always follow the changes in our legislation and practice regarding Personal Data on the relevant page of our website.

Working hours

Weekdays: 09.00-18.00
Saturday: 09.00-18.00

For any questions you may have, you can contact us at the call center at 0258 211 60 52.

Data Controller: Elli2 Tekstil LTD. ŞTİ.

Address: Kınıklı mh. Almelo st. 6007 sk no.3/4 Pamukkale / Denizli

For your requests regarding your personal data, e-mail: info@elli2nightwear.com

For your support and information requests on other issues, e-mail: info@elli2nightwear.com

PERSONAL DATA PROTECTION POLICY

1. Purpose

The purpose of this policy is; Elli2 Textile LTD. Administrative and technical measures for the legal processing and protection of personal data obtained from various sources during the commercial activities carried out by ŞTİ. (hereinafter referred to as ELLİ2) in a manner that meets the Personal Data Protection Law No. 6698, GDPR and other legal requirements. make a statement about; Thus, to provide information about the KVK processes in our Company to real and legal persons, especially our existing customers, potential customers, website visitors, working company personnel, company partners, company officials and third parties.

2. Scope

Automatic or any data recording of our customers, potential customers, employee candidates, company shareholders, company officials, visitors, employees, shareholders and officials of the institutions we cooperate with, and third parties, including all physical locations and digital environments where Elli2 carries out its commercial activities. It covers all personal data processed by non-automatic means, provided that it is part of the system.

Physical Locations

1- Elli2 Head Office: Kınıklı mh. Almelo st. 6007 sk no.3/4 Pamukkale / Denizli

Digital Environments: Including digital environments in Elli2's asset inventory;

1-www.elli2nightwear.com


2- Local servers

3- Cloud media servers

4- User computers

5- Data hosting and transport environments

3. Terms and Definitions

KVKK: Personal Data Protection Law No. 6698

GDPR: European Union Data Protection Directive (EU General Data Protection Regulation)

Explicit Consent: Consent regarding a specific issue, based on information and expressed with free will.

Anonymization: These are the operations carried out on personal data in order for the personal data to lose its nature as personal data and this situation cannot be retrieved. Ex: Masking, aggregation, data corruption, etc. Making personal data unable to be associated with a natural person using techniques.

Deletion and Destruction: Although personal data has been processed in accordance with the provisions of KVKK and other relevant laws, if the reasons requiring processing are eliminated, personal data is deleted, destroyed or anonymized by the data controller ex officio or upon the request of the relevant person.

Employee Candidate: Real persons who have applied for a job to our company by any means or have made their CV and relevant information available for review by our company.

Employees, Shareholders and Officials of the Institutions We Collaborate with: Real persons working in the institutions with which our company has all kinds of business relations (such as but not limited to business partners, suppliers), including the shareholders and officials of these institutions.

Processing of Personal Data: Obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making available, classifying personal data by fully or partially automatic or non-automatic means provided that it is part of any data recording system. or any action performed on the data, such as preventing its use.

Relevant Person: The real person whose personal data is processed. For example; Customers and employees.

Data subject person group: The category of relevant person whose personal data data controllers process.

Personal Data: Any information regarding an identified or identifiable natural person. Therefore, processing of information regarding legal entities is not within the scope of the Law. For example; name-surname, TR ID number, e-mail, address, date of birth, credit card number, etc.

Customer: Real persons who use or have used the products and services offered by our Company, regardless of whether they have any contractual relationship with our Company.

Special Personal Data: Data regarding race, ethnic origin, political thought, philosophical belief, religion, sect or other beliefs, appearance, association, foundation or union membership, health, sexual life, criminal conviction and security measures, and biometric and genetic data. These are special quality data.

Potential Customer: Real persons who have requested to use or are interested in our products and services, or who have been evaluated in accordance with commercial practices and rules of honesty as they may have this interest.

Company Shareholder: Real persons who are shareholders of our company

Company Official: Member of the board of directors of our company and other authorized real persons

Third Party: Third party real persons (e.g. guarantors, companions, family members and relatives) who are associated with these persons in order to ensure the security of commercial transactions between our company and the above-mentioned parties or to protect the rights of the mentioned persons and to obtain benefits.

Data Processor: Real or legal person who processes personal data on behalf of the data controller, based on the authority given by the data controller.

Data Controller: The person who determines the purposes and means of processing personal data and manages the place where the data is systematically kept (data recording system) is the data controller.

Data Controller Contact Person: The real person notified by the data controller during registration to the Registry for the communication to be established with the Institution, regarding the obligations of legal entities resident in Turkey and the legal entity data controller representative who are not resident in Turkey within the scope of the Law and secondary regulations to be issued based on this Law. person

Visitor: Real persons who enter the physical premises owned by our company for various purposes or visit our websites.

4. Legal Basis

This policy has been prepared to fulfill the requirements of the Personal Data Protection Law No. 6698, related legal regulations and the European Union Data Protection Regulation (GDPR). In the face of changes or regulations that may occur in the relevant laws and regulations, Elli2 will adopt all changes and complete the necessary improvement works as soon as possible.

5. Procedures and Principles Regarding the Protection of Personal Data

5.1. Principles regarding the Processing of Personal Data

ELLI2 processes personal data in accordance with the procedures and principles stipulated in KVKK and other relevant laws. In this context, when personal data is processed by ELLİ2, it fully complies with the following principles in the KVKK.

● Compliance with the law and the rules of honesty; In accordance with this principle, ELLI2 data processing processes are carried out within the limits required by all relevant legislation, especially the Constitution and KVKK, and the rules of honesty.

● Be accurate and up to date when necessary; Necessary measures are taken to ensure that the personal data processed by ELLI2 is accurate and up to date, and necessary opportunities are provided to data owners by providing information in order to ensure that the data being processed reflects the real situation.

● Processing for specific, explicit and legitimate purposes; ELLI2 processes personal data only for clearly and precisely determined legitimate purposes; It does not engage in data processing activities other than these purposes. In this context, www.elli2.com.tr processes personal data only in connection with the business relationship established with the data owners and if necessary.

● Be relevant, limited and proportionate to the purpose for which they are processed; Our company processes personal data in a manner suitable for achieving the specified purposes and avoids the processing of personal data that is not relevant or needed to achieve the purpose. For example, personal data processing activities are not carried out to meet needs that may arise later.

● Keeping for the period stipulated in the relevant legislation or necessary for the purpose for which they are stored; Our company retains personal data only for the period specified in the relevant legislation or necessary for the purpose for which they are processed. In this context, our Company first determines whether a period of time is stipulated in the relevant legislation for the storage of personal data, if a period is determined, it acts in accordance with this period, and if a period is not determined, it stores personal data for the period necessary for the purpose for which they are processed. If the period expires or the reasons requiring processing disappear, personal data is deleted, destroyed or anonymized by our Company. Personal data is not stored by our Company for possible use in the future.

5.2. Ensuring the Security of Personal Data

ELLİ2, in accordance with Article 12 of the KVK Law, takes the necessary technical and administrative measures to ensure the appropriate level of security to prevent the unlawful processing of the personal data it processes, to prevent unlawful access to the data and to ensure the preservation of the data, and to carry out the necessary inspections in this context. or has it done.

5.2.1. Technical and Administrative Measures Taken to Ensure Lawful Processing of Personal Data and Prevent Unlawful Access

5.2.1.1. Technical Measures

a. Technical measures are taken in accordance with the developments in technology, and the measures taken are updated periodically.

b. Necessary firewalls, blocking hardware and software are used against attacks that may harm the system, such as virus protection, external attacks, system slowing down attacks, and hijacking attacks.

c. It carries out the necessary internal controls within the scope of the established systems.

D. It carries out the processes of information technologies risk assessment and business impact analysis within the scope of the established systems.

to. It ensures the provision of technical infrastructure that will prevent or monitor data leakage outside the institution and the creation of relevant matrices (authorization matrix, etc.).

f. It ensures control of system vulnerabilities by receiving penetration testing service regularly and when needed.

g. Only authorized persons were determined to process the data obtained from digital environments, and only authorized persons were ensured access and processing of the data.

l. Destruction of personal data is ensured in a way that cannot be recycled and does not leave an audit trail.

j. In accordance with Article 12 of the Law, any digital environment where personal data is stored is protected by encrypted or cryptographic methods to meet information security requirements.

5.2.1.2. Administrative Measures

a. It limits internal access to stored personal data to personnel who are required to access it according to their job description. In restricting access, whether the data is of special nature and its degree of importance are also taken into account.

b. In case the processed personal data is obtained by others through illegal means, it notifies the relevant person and the Board as soon as possible.

c. Regarding the sharing of personal data, it signs a framework contract regarding the protection of personal data and data security with the persons with whom the personal data is shared, or ensures data security by adding provisions to the existing contract.

D. It carries out the necessary inspections and has them carried out in order to ensure the implementation of the provisions of the Law within its own legal entity. It eliminates privacy and security vulnerabilities that arise as a result of audits.

to. As Elli2, we act on the principle of preparing and signing all legal employment contracts, additional commitments and Confidentiality Agreements within the Scope of Information Security required within the scope of the Personal Data Protection Law with all our suppliers.

f. We act on the principle of preparing and signing employment contracts, letters of undertaking and confidentiality agreements with ELLI2 employees or third parties belonging to the suppliers from whom ELLI2 receives service.

g. A process has been created to meet the demands from our customers, to carry out transactions within the legal periods applicable within the scope of KVKK and to return to the applicant.

5.3. Purposes for Processing Personal Data

In accordance with the law, personal data cannot, as a rule, be processed without the explicit consent of the data owner. However, within the scope of Articles 5 and 6, the Law has determined certain situations in which data may be processed without explicit consent in terms of personal data and special categories of personal data.

Personal data in accordance with Article 5;

• Data processing is clearly foreseen by law,

• It is mandatory to process the relevant data in order to protect the life or physical integrity of the person or someone else who is unable to express his/her consent due to actual impossibility or whose consent is not given legal validity,

• It is necessary to process personal data of the parties to the contract, provided that it is directly related to the establishment or performance of a contract,

• Data processing is mandatory for the data controller to fulfill its legal obligation,

• Personal data has been made public by the relevant person himself,

• Data processing is mandatory for the establishment, exercise or protection of a right,

• In cases where data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject, it may be processed even if there is no prior explicit consent of the data owner (provided that the necessary information is provided).

5.6. Situations Outside the Scope of the Law

In accordance with Article 28 of the Law, it is stated that the conditions of the Personal Data Protection Law may be ignored in the following cases. In this context;

• Processing of personal data by natural persons within the scope of activities related to themselves or their family members living in the same residence, provided that they are not given to third parties and obligations regarding data security are complied with.

• Processing of personal data for purposes such as research, planning and statistics by anonymizing them with official statistics.

• Processing of personal data for artistic, historical, literary or scientific purposes or within the scope of freedom of expression, provided that it does not violate national defence, national security, public security, public order, economic security, privacy of private life or personal rights or constitute a crime.

• Processing of personal data within the scope of preventive, protective and intelligence activities carried out by public institutions and organizations authorized by law to ensure national defence, national security, public safety, public order or economic security.

• Processing of personal data by judicial authorities or enforcement authorities regarding investigation, prosecution, trial or enforcement proceedings.

6. Data Subject Person Groups in Magnetic Bracelet

As Magnetikbileklik, our actors in personal data processing processes within the scope of KVKK, Data Subject Person Groups expressed within the framework of the Regulation on Data Controllers Registry No. 30286 dated 30 December 2017, are defined below.

DATA SUBJECT PERSON GROUP

EXPLANATION

Employee Personnel: Real persons employed in our company within the scope of labor law.

Candidate personnel: Real persons whose applications have been received for employment in our company or provided by 3rd party human resources companies / platforms.

Intern: Real persons employed part-time in our company to support theoretical training and professional practical knowledge.

Partners: Real persons who own the shares that constitute the material assets of our company.

Shareholder: Real persons who become shareholders of the company by purchasing company shares.

Managers: Real persons who take part in the management of our company.

Public Official: The real person who represents the authority that carries out our company's relations with official institutions and organizations (Audit, investigation, trial, other public services, etc.) is a public official.

Supplier: Real and legal persons who provide external services in order for our company to carry out its activities.

Supplier Candidate: Real and legal persons who are evaluated to provide externally provided services in order for our company to carry out its activities.

Supplier Personnel: A real person working for a supplier or supplier candidate with whom our company has a relationship.

Online Visitor: Real persons who visit our company's web pages or other electronic sales channels without registering for membership and purchasing products.

Online Member: Real persons who register for membership through our company's web pages or other sales channels.

Customer: Real persons who purchase products through our company's websites or other sales channels.

Visitor: Real persons who are not subject to any contract and come to the physical environments of the company.

Applicant: Real persons who submit their requests, requests and complaints regarding the activities of our Company without being subject to a contract with our Company.

7. Categories of Data Processed at Elli2

In order to carry out its commercial activities, Elli2 collects various personal and special data from its employees, customers and suppliers in accordance with the procedures and principles specified in this policy document.

Elli2 processes data according to the data category given in the table below.

Data Category

Category Description

Identity Data

Information contained in documents such as driver's license, identity card, residence, passport, lawyer ID, marriage certificate (e.g. TR ID number, passport number, identity card serial number, Name-Surname, photograph, place of birth, date of birth, age, registered in the civil registry location, certified copy of identity card)

Communication Data

Information used to contact the person (e.g. e-mail address, telephone number, mobile phone number, address)

Location Data

Data used to identify the location of the data owner (e.g. location data obtained while driving)

Customer Data

Information about customers who benefit from our products and services (e.g. customer number, professional information, etc.)

Customer Transaction Data

Information regarding all kinds of transactions carried out by customers who benefit from our products and services (e.g. requests and instructions, order and basket information, etc.)

Transaction Security Data

Personal data processed for the purpose of ensuring the technical, administrative, legal and commercial security of our company and relevant parties (e.g. information such as website password and password that show that the person is authorized to match that person with the transaction associated with the personal data owner and that the person is authorized to perform that transaction).

Risk Management Data

Personal data processed to manage our company's commercial, technical and administrative risks (e.g. records such as IP address, Mac ID, etc.)

Financial Data

Personal data within the scope of information, documents and records showing all kinds of financial results created according to the type of legal relationship existing with the personal data owner (For example: information showing the financial results of the transactions made by the data owner, invoices, etc.).

Personnel Data

Personal data that forms the basis for the formation of personnel rights of the Company's suppliers and employees (all kinds of information and documents that must be included in the personnel file by law)

Employee Candidate Data

Personal data belonging to data owners who share their information to apply for a job at our company, used in the application evaluation process (e.g. CV, interview notes, personality test results, etc.).

Marketing Data

Data to be used by our company in marketing activities (e.g. reports and evaluations showing the habits and tastes of the person collected for marketing purposes, targeting information, cookie records, data enrichment activities)

Legal Transaction and Compliance Data

Personal data processed for the purpose of determining and pursuing legal receivables and rights and fulfilling debts and legal obligations (e.g. data contained in documents such as court and administrative authority decisions).

Audit and Inspection Data

Personal data processed within the scope of our company's legal obligations and compliance with company policies (e.g. audit and inspection reports, relevant interview records and similar records)

Request/Complaint Management Data

Personal data regarding the receipt and evaluation of any requests or complaints directed to our Company (e.g. requests and complaints directed to the Company, records and reports regarding them)

8. Purposes of Processing of Magnetic Bracelet Personal Data

Elli2 produces textile clothing etc. with its own design. It is an e-commerce company operating for the online sale of its products.

Elli2, which started its operations in 2019, ensures the processing of data according to the Data category explained in detail in Article 7 of this Policy document. These processing operations are carried out for the following purposes.

As a result of our commercial activities, it is processed to fulfill the requirements of the laws of the Republic of Turkey that concern our activities, such as the Commercial Code, Tax Code, Code of Obligations, and Labor Law. On the other hand;

● To fulfill business requirements in accordance with commercial purposes,

● To fulfill the obligations of employees under the labor law

●Carrying out the necessary authorization activities within the scope of protecting the personal data of users, customers, employees and suppliers

● Carrying out accounting and finance business and transactions

● Carrying out legal affairs and transactions

● Ensuring the operation and sustainability of business processes in the institution within the scope of business activities

● In order to ensure information security and physical security within the institution

● Providing, operating and ensuring the sustainability of corporate communication and administrative activities

● Ensuring the sustainability of the realization and operation of Logistics, Storage, Transportation and transportation activities

● Planning, operating and ensuring sustainability of the customer relationship management process

● For survey studies carried out to monitor customer satisfaction levels

● Meeting customer expectations and demands

● In order to manage requests or complaints from customers and increase customer satisfaction

● To ensure institutional continuity and sustainability of services

● For the use of information technologies and system security

● Ensuring the realization and continuity of institutional operations

● To evaluate contract processes or legal requests

● To plan and maintain market research activities for marketing product and service sales

● For product promotions

● To carry out product promotions and advertising and promotional activities on social media platforms

● In order to make evaluations and analyzes in order to create marketing and sales strategies by automatically recording customer website movements within the framework of marketing and sales activities.

● In order to deliver the products abroad to the customer within the promised time.

● In order to effectively carry out and maintain product return and cancellation processes by customers

● In order to receive product payments internationally, in accordance with the payment systems in the world, and in accordance with the laws of the Republic of Turkey.

● In order for the data to be accurate and up-to-date

● To authorized institutions in order to fulfill the demands arising from the legislation.

● To create and track records of visitors coming to the institution

● In order to manage the customer management of the website in use more effectively,

● Updating corporate applications as a result of various requirements, or creating new modules, and testing the created modules

● To ensure database security

● To ensure system and network security

● To perform infiltration and penetration or service slowdown tests

● For testing secure software application requirements

It is being processed.

9. Destruction Procedures of Personal Data

Although the person has been processed in accordance with the provisions of other relevant laws within the scope of the Data Protection Law, if the reasons requiring processing are eliminated, personal data is deleted, destroyed or anonymized by the data controller ex officio or upon the request of the relevant person.

In our institution, the deletion, destruction and anonymization of personal data is carried out according to the following techniques and methods.

9.1. Deletion, Destruction and Anonymization of Personal Data

Article 7 of the KVKK law states that "Although it has been processed in accordance with the provisions of this Law and other relevant laws, personal data is deleted, destroyed or made anonymous by the data controller ex officio or upon the request of the relevant person, in case the reasons requiring processing are eliminated." Our policy regarding the deletion, destruction and anonymization of the data we process in accordance with the data processing purposes we have determined as a result of our activities is explained below.

In our company, data that needs to be periodically deleted, destroyed and anonymized is researched and scanned every 6 months in order to effectively monitor situations where the legal retention period has expired or the purpose of data processing has been eliminated. LOG records regarding deletion, destruction and anonymization performed automatically or manually by our systems are kept for 3 years.

9.1.1. Deletion and Destruction of Personal Data

9.1.1.1. Deletion and Destruction of Personal Data in Physical Environments

Personal data can be processed by non-automatic means, provided that it is part of any recording system. When such data is deleted or destroyed, personal data is physically destroyed so that it cannot be used again later.

9.1.1.2. Deletion and Destruction from Application Software and Databases

In order to carry out its activities, magnetic wristband collects data from various channels, digital platforms, using various application software and processes it in accordance with the procedures and principles specified within the framework of this policy.

For the request for deletion of personal data made by the owner of personal data, personal data in groups (such as invoice information) that do not expire according to the retention periods determined in accordance with the laws regulating commercial life in the Republic of Turkey, such as the Turkish Commercial Code, the Code of Obligations, the Code of Obligations, and specified in this policy document. Personal data other than personal data in all our relevant tables are deleted.

10. Enlightening and Informing the Personal Data Owner

10.2. Clarification Text and Information

Our company aims to inform data owners about the data it collects and processes in accordance with the provisions of the personal data protection law determined by this policy. In this context, in accordance with Article 10 of the KVKK, data owners are informed through the "ELLI2 KVKK Clarification Text" during the acquisition of personal data.

In the information text, it is clearly stated how ELLI2 processes the data it collects within the scope of personal data and special personal data and for what purpose. It is stated what type of data is collected and processed according to the determined data categories.

ELLI2 KVKK Clarification Text has been announced on our institution's website www.elli2.com.tr and has been made accessible to all relevant parties. It is given as a printout to our employees and suppliers whose express consent is required.

10.3. Rights of the Relevant Person (Data Owner)

In accordance with the provision of Article 11 of the KVKK, the rights of the relevant person (Data Owner) regarding the personal and special data shared are defined. In this context, the relevant person;

a) Whether personal data is processed or not,

b) Requesting information about personal data if it has been processed,

c) Learning the purpose of processing personal data and whether they are processed in accordance with their purpose,

d) Learning the third parties with whom personal data and sensitive personal data are shared abroad and domestically,

e) Requesting correction of personal data in case of incomplete or incorrect processing,

f) Requesting the deletion and destruction of personal data within the framework of the conditions stipulated in Article 7 of the Law,

g) To request that the transactions carried out in accordance with paragraphs (d) and (e) in Article 11 of the Law be notified to the third parties to whom personal data is transferred,

h) Object to a conclusion against the individual arising from the analysis of the processed data exclusively through automatic systems,

i) Request compensation for damages in case of damage due to personal data being processed unlawfully,

They have rights.

Relevant persons can apply to our institution through the following methods and channels within the framework of the issues specified in Article 11 of the KVKK.

Working hours

Weekdays: 09:00 – 18:00

Call center

0258 211 60 52

Data Contact Person

Nazan Irrigation Güme

Address

Kınıklı mh. Almelo st. 6007 sk no.3/4 Pamukkale / Denizli

Email

www.elli2nightwear.com


Information requests that reach us through the specified channels and methods are evaluated by the data contact person, and according to the request, the relevant person is informed within 30 days at the latest, through the communication and contact channel specified by the relevant person.

10.4. Explicit Consent

KVK is defined in Article 3 of the Law. In this context, explicit consent is defined as "consent based on information regarding a specific issue and expressed with free will".

As part of ELLI2's commercial activities, data is collected in relevant data categories from Employees, Candidate Employees, customers to whom it sells products and services, suppliers from whom it procures products in accordance with its commercial activities or from which it receives services in order to provide the service quality it undertakes to provide to its customers in order to continue its commercial activities.

In cases where there is no contractual basis or legal obligation, the express consent of the relevant parties is obtained in the data processing processes carried out within the framework of the issues specified in the KVKK Open Consent document prepared within the framework of the KVKK provisions.

11. Storage Periods of Personal Data

As a requirement of the "purpose limitation principle", personal data must be kept for the period required for the purpose for which they are processed. ELLI2 data controller has taken the necessary legal and administrative measures regarding this issue. Details on the subject are given in this policy document.

In cases where the purpose of data processing is eliminated or upon the application of the data owner within the framework of KVKK Article 11 "rights of the relevant person", the collected personal data will be deleted, but in physical environments for the storage periods clearly stated in the laws of the Republic of Turkey and all legal regulations arising from the commercial activities we have carried out as ELLI2. or personal data and special personal data found in our digital environments will be stored.

Personal and special personal data whose legal retention periods have expired are deleted, destroyed or anonymized within the framework of the details set out in Article 9 of this policy document.

The retention periods of personal data processed in our company are determined as follows. Specified retention periods begin after the legal relationship with the individual groups ends. any legal liability not specified herein.

PERSON GROUP

DATA CATEGORY

STORAGE PERIOD

LEGAL BASIS

Working staff,

Intern,

Partners,

Shareholders,

Managers

Identity Data,

Communication Data,

Running Process Data,

Transaction Security,

Financial Data,

Personnel Data,

Side Rights and Benefits,

Legal Transactions and Compliance Data,

Audit and Inspection

15 years

Pursuant to the Contract, During the Contract Period,

10 years according to the Labor Law and Social Security Institution (SGK) legislation,

15 years according to the Occupational Health and Safety Law (OHSK) legislation,

10 years within the scope of Social Insurance and General Health Insurance Law No. 5510 (SSK, GSSK),

5 years according to the Tax Procedure Law (VUK),

10 years according to the Turkish Code of Obligations (TBK),

During the statute of limitations within the scope of the employer's burden of proof

Risk Management Data,

Transaction Security Data,

Physical Space Security Data

2 years

2 years within the scope of law no. 5651

Working staff,

Intern

Employee Performance and Career Development Data

10 years

Based on the Contract, Labor Law, SSI Legislation

Candidate Personnel

Identity Data,

Communication Data,

Employee Candidate Data

10 years

KVKK (Data received within the scope of explicit consent)

Working Personnel (model)

Visual and Audio Data

70 Years

Pursuant to the Agreement, Intellectual and Artistic Works Art. 70 years based on 27

Special Personal Data

During the Contract Period

Based on the Agreement

supplier,

Supplier Candidate, Supplier Personnel

Identity Data,

Communication Data,

Financial Data,

Location Data,

Demand Complaint Management Data

10 years

Based on the Contract, TTK, TBK, VUK

Visitor

Risk Management Data,

Transaction Security Data

Identity Data

2 years

Within the scope of law no. 5651

Online Member,

Customer

Identity Data, Contact Data,

Customer Data,

Customer Transaction Data,

Location Data,

Financial Data

10 years

Based on the Contract, TTK, TBK, VUK

Online Visitor,

Online Member,

Customer

Identity Data,

Marketing Data,

Communication Data,

Customer Data,

Customer Transaction Data,

Location Data,

Financial Data

10 years

KVKK (Data received within the scope of explicit consent)

Applicant

Identity Data,

Communication Data,

Request/Complaint Management Data

10 years

KVKK, within the scope of the Employer's burden of proof, during the limitation period

12. Policy Going into Force

This policy, prepared within our company, was approved and accepted by our authorized bodies on 11.11.2019 and was published on our company's website www.elli2.com.tr. It will also be made accessible upon the request of personal data owners.

Kınıklı mh. Almelo st. 6007 sk no.3/4 Pamukkale / Denizli

Phone: 0258 211 60 52
Email: info@elli2nightwear.com

www.elli2nightwear.com