Customer Information Text

  1. ARTICLE - INTRODUCTION
    • 1.1. Introduction

      With the Law No. 6698 on the Protection of Personal Data ("Law"), important obligations have been imposed on personal data processors in order to protect the fundamental rights and freedoms of individuals, especially the privacy of private life. Headquarters address Beylikdüzü OSB Mah. Hürriyet Bulvarı No:10/9, 34524 Beylikdüzü Istanbul, Ekom Elektrik Elektronik Sanayi ve Ticaret Anonim Şirketi ("Company"), registered in the Istanbul Trade Registry, takes a meticulous and sensitive approach as Data Controller in order to fulfill the relevant obligations and to make all processes related to data processing in accordance with the legislation.
      In light of this approach, the Company explains the processes of processing the personal data obtained about the Member in all aspects and aims to enlighten and inform the Data Subjects with this text ("Clarification Text").

    • 1.2 Scope

      In this Clarification Text, Members will be enlightened within the scope of the following questions regarding the Company's personal data processing activities regarding the Members:

      • What are the minimum credentials of the Company?
      • What is the method and legal reason for collecting personal data?
      • For what purposes are the personal data obtained in the Company processed?
      • To whom and for what purpose are the processed personal data transferred by the Company?
      • What are the rights of the Data Subject against the Company's personal data processing activities?

  2. ARTICLE - DEFINITIONS
    Definition Description
    “Buyer Group” Refers to the category of natural or legal person to whom personal data is transferred by the data controller.
    “Contact Person” Refers to the Member whose personal data is processed. It may be used instead of Member in the Clarification Text.
    “Personal Data” Any information relating to an identified or identifiable natural person.
    “Processing of Personal Data” It refers to all kinds of operations performed on personal data such as obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making available, classifying or preventing the use of personal data by fully or partially automatic means or by non-automatic means provided that it is part of any data recording system.
    “Sensitive Personal Data” Data relating to race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, clothing, membership of associations, foundations or trade unions, health, sexual life, criminal convictions and security measures, and biometric and genetic data.
    “Data Category” It refers to the class of personal data belonging to the data subject group or groups of persons in which personal data are grouped according to their common characteristics.
    “Data Subject Person Group” Refers to the category of data subjects whose personal data are processed by data controllers.
    “Board” Personal Data Protection Board.
    “Demand Management Procedure” It refers to the guiding procedure that determines the details of the Data Subject's right to apply to the Company, which is the Data Controller recognized in Article 11 of the Law, and the Company's response process regarding the application.
    “Member” It refers to the person who is a member of the e-corporate website as a potential product / service buyer or product / service buyer on the company's corporate website www.e-kom.com .
    “Data Controller” It refers to the real or legal persons who determine the purposes and means of processing personal data, who are responsible for the establishment and management of the data recording system, and the Company responsible for this activity in the context of this Clarification Text.

  3. METHOD AND LEGAL REASON FOR PERSONAL DATA COLLECTİON

    The personal data requested from the Member during the membership process is processed by the Company in the following ways within various data recording systems in software and/or internet-based electronic media in a manner accessible by authorized employees of the Company;

    1. In order to manage the corporate website membership and offer request processes, the data of the Membership Agreement signed Member in the categories of identity, communication, finance and marketing data are obtained during membership and offer request via the corporate website and by sending cookie files to the Member's device via the corporate website
    2. Within the scope of the activities of keeping log records, Member personal data within the scope of transaction security are obtained directly during the Member's entry to the corporate website.

  4. PURPOSES OF PROCESSING MEMBER DATA

    Member personal data are processed by the Company electronically within various data recording systems within the scope of the personal data processing conditions and purposes specified in Articles 5 and 6 of the Law and for various legitimate purposes, especially the execution of the Company's e-commerce processes. These purposes are listed below:

    1. Carrying out the activities in accordance with the legislation and in this context, fulfillment of the Company's obligations within the scope of the Law No. 6502 on Consumer Protection, Law No. 5651 on the Regulation of Publications on the Internet and Combating Crimes Committed through These Publications and the Regulation on Distance Contracts,
    2. Execution of company / product / service commitment processes,
    3. Follow-up and execution of legal affairs and preparation of invoices, delivery notes and similar documents required for sales,
    4. Conducting internal audit / investigation / intelligence activities,
    5. Carrying out communication activities and in this context, fulfilling the rights and obligations of the Company arising from the Law on the Regulation of Electronic Commerce,
    6. Execution/supervision of business activities,
    7. Receiving and evaluating suggestions for improving business processes,
    8. Carrying out logistics activities and ensuring the delivery of products to the Member who makes purchases within this scope through contracted cargo companies,
    9. Execution of after-sales support services for goods/services,
    10. Execution of goods / service sales processes,
    11. Execution of goods/service production and operation processes,
    12. Execution of customer relationship management processes
    13. Conducting activities for customer satisfaction,
    14. Conducting marketing analysis studies and in this context, conducting studies to improve the user experience on the e-commerce site,
    15. Execution of advertising / campaign / promotion processes,
    16. Execution of risk management processes,
    17. Execution of contract processes,
    18. Ensuring the security of company information systems and in this context;
      • Ensuring physical space security,
      • Execution of information security processes,
      • Ensuring workplace safety,
      • Execution of access authorizations,
    19. Follow-up of requests / complaints,
    20. Carrying out the marketing processes of the products/services and in this context, displaying the products of interest to the Member, monitoring the Member's visit movements on the web page,
    21. Informing influential people, institutions and organizations.

  5. TRANSFER TO THIRD PARTIES

    The Company hereby informs the Member about the processing of the Member's personal data with this Clarification Text and will carry out data processing activities by obtaining explicit consent in a way that leaves no room for doubt.
    Member personal data may be transferred to third parties for the purposes listed in the table below, provided that necessary measures are taken.

    Domestic Transfer
    Buyer Group Transfer Tool
    1. Natural persons or private legal entities (Company lawyer etc.)
    2. Authorized public institutions and organizations (Courts, etc.)
    1. Execution / supervision of business activities
    2. Ensuring business continuity
    3. Carrying out storage and archive activities
    4. Informing authorized persons, institutions and organizations
    5. Creation and follow-up of visitor records
    Transfer Abroad
    Buyer Group Transfer Tool
    By using Microsoft Office 365 e-mail infrastructure, the transfer is made to a private legal entity that provides e-mail infrastructure.
    1. Execution / supervision of business activities
    2. Ensuring business continuity
    3. Execution of after-sales support services for goods/services
    4. Execution of goods / service sales processes
    5. Carrying out storage and archive activities
    6. Informing authorized persons, institutions and organizations
    Natural persons or private legal entities (Facebook, Google, Twitter, Linkedin, etc.)
    1. Conducting marketing analysis studies
    2. Execution of advertising / campaign / promotion processes
    3. Carrying out strategic planning activities
    4. Execution of marketing processes of products/services

    • 5.1. Domestic Transfer

      As a rule, the processed data can be transferred domestically with the explicit consent of the Data Subject.
      Personal data may be transferred without the explicit consent of the Data Subject if there is a clear regulation in the legislation regarding the transfer of personal data. Personal data may be transferred without the explicit consent of the Data Subject;

      1. If it is mandatory for the protection of the life or physical integrity of the personal data owner or someone else, and if the personal data owner is unable to disclose his consent due to actual impossibility or if his consent is not legally valid, it may be transferred to third parties.
      2. Personal data may be transferred to third parties if it is necessary to transfer personal data belonging to the parties to the contract, provided that it is directly related to the establishment or performance of a contract.
      3. If personal data transfer is mandatory for the Company to fulfill its legal obligation, personal data may be transferred to third parties.
      4. If personal data has been made public by the personal data owner, it may be transferred to third parties limited to the purpose of publicization.
      5. Personal data may be transferred to third parties if personal data transfer is mandatory for the establishment, exercise or protection of a right.
      6. Provided that it does not harm the fundamental rights and freedoms of the Data Subject, personal data may be transferred to third parties if it is mandatory for the legitimate interests of the Company.

    • 5.2. Transfer Abroad

      The Company transfers the personal data of the Member abroad only if the Data Subject has Explicit Consent.
      The Company may also transfer the personal data of the Data Subjects abroad without explicit consent. In cases where the country or countries to which the personal data will be transferred (a) is one of the countries declared by the Board to have adequate protection or (b) if it is not one of the countries declared by the Board, permission has been obtained from the Board by obtaining a written commitment from the data controllers in the relevant foreign country providing adequate protection, personal data may be transferred abroad without explicit consent if one or more of the following conditions are present.

      1. If there is a clear regulation in the legislation regarding the transfer of personal data, it can be transferred abroad.
      2. If it is mandatory for the protection of the life or physical integrity of the personal data owner or someone else and if the personal data owner is unable to disclose his consent due to actual impossibility or if his consent is not legally valid, it may be transferred abroad.
      3. Personal data may be transferred abroad if it is necessary to transfer the personal data of the parties to the contract, provided that it is directly related to the establishment or performance of a contract without the explicit consent of the Data Subject.
      4. If personal data transfer is mandatory for the Company to fulfill its legal obligation, personal data may be transferred abroad.
      5. If personal data is publicized by the owner, it may be transferred abroad limited to the purpose of publicization.
      6. Personal data may be transferred abroad if personal data transfer is mandatory for the establishment, exercise or protection of a right.
      7. Personal data may be transferred to third parties without the explicit consent of the Data Subject, provided that it does not harm the fundamental rights and freedoms of the Data Subject, if personal data transfer is mandatory for the legitimate interests of the Company.

      The Company may transfer Special Categories of Personal Data abroad by taking the Explicit Consent of the Data Subject by applying administrative and technical measures and complying with the special measures taken by the Board. In order for the Company to transfer Special Categories of Personal Data abroad even without obtaining the Explicit Consent of the Data Subject, the country or countries to which the personal data will be transferred (a) must be one of the countries declared by the Board to have adequate protection or (b) if it is not one of the countries declared by the Board, permission must be obtained from the Board by obtaining a written commitment from the data controllers in the relevant foreign country providing adequate protection, and (c) one or more of the following conditions must be present.

      1. Sensitive Personal Data other than health and sexual life: The Company will be able to process Sensitive Personal Data other than health and sexual life without obtaining the explicit consent of the data subject if explicitly stipulated in the legislation.
      2. Sensitive Personal Data related to health and sexual life: For the protection of public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing, persons under the obligation of confidentiality or authorized institutions and organizations can be processed without seeking explicit consent.

  6. RIGHTS OF THE SUBJECT and APPLICATION TO THE COMPANY
    • 6.1. Rights of the Data Subject

      The Data Subject has the right to apply to the Company regarding his/her personal data in the following matters;

      1. Learn whether personal data is being processed,
      2. Request information if their personal data has been processed,
      3. To learn the purpose of processing personal data and whether they are used for their intended purpose,
      4. To know the third parties to whom personal data are transferred domestically or abroad,
      5. To request correction of personal data in case of incomplete or incorrect processing,
      6. Request deletion or destruction of personal data,
      7. In case of incomplete or incorrect processing of personal data, to request that third parties to whom personal data are transferred be notified of the transactions regarding the correction and/or deletion or destruction of personal data,
      8. To object to the emergence of a result to the detriment of the person himself/herself by analyzing the processed data exclusively through automated systems,
      9. In case of damage due to unlawful processing of personal data, to demand compensation for the damage.

    • 6.2. Application to the Company

      The Company has prepared a Procedure in order to protect the rights of the Data Subject regulated in the Law and this Clarification Text and to fulfill its own obligations in this respect. In accordance with this Procedure, the Company shall make maximum effort to provide the information requested by the Data Subject by applying to the Company regarding the personal data of the Data Subject free of charge as soon as possible, within thirty days at the latest. If the transaction requires an additional cost, the fee in the tariff determined by the Board may be charged to the Data Subject. As a result of the examination of the request, the Company accepts the request or rejects it by explaining its reasoning and notifies its response to the Relevant Person in writing or electronically. If the request in the application is accepted, the Company shall fulfill the requirements of the request. In case the application is caused by the Company's error, the fee charged shall be refunded to the Relevant Person.
      The Relevant Persons shall exercise their rights specified in Article 6.1. by filling out the Request Application Form and submitting it with wet signature, via notary public, KEP or electronic mail to Beylikdüzü OSB Mah. Hürriyet Bulvarı No:10/9, 34524 Beylikdüzü - İstanbul or delivering it to the same address in person or by proxy or sending it to the e-mail address info@e-kom.com .
      Documents proving his/her identity, documents supporting the request, if any, and if the Relevant Person wishes to exercise this right through his/her proxy, a copy of the power of attorney containing special authorization in this regard must be attached to the form.