Personal Data Protection and Disclosure Statement
General information about the Personal Data Protection Law
The Law No. 6698 on the Protection of Personal Data (hereinafter, the “PDPL”) was adopted on 24 March 2016 and
published in the Official Gazette dated 7 April 2016 and numbered 29677. Certain provisions of the PDPL entered
into force on the date of publication, while the remaining provisions became effective on 7 October 2016.
Information in the capacity of Data Controller
Pursuant to the PDPL and in our capacity as Data Controller, your personal data may be recorded, stored,
updated, disclosed / transferred to third parties where legislation so permits, classified and otherwise
processed
in the manner set forth in this Statement.
Scope of personal data processing
Within the framework of the PDPL, the personal data you share with our Company may be processed by us—whether
wholly or partially, automatically or by non‑automatic means provided that they form part of a data filing
system—by being obtained, recorded, stored, altered, reorganised or subjected to any other operation performed
on
data. Under the PDPL, every operation performed on data is deemed “processing of personal data.”
Purposes and legal grounds for processing your personal data
Your personal data that you share with us may be processed for the following purposes in order to fulfil the
requirements of the services we provide to our customers, in line with contractual obligations and technological
necessities, and to improve the products and services we offer:
• To record identity, address and other necessary information to determine the identity of the transaction
owner, in accordance with the Law No. 6563 on the Regulation of Electronic Commerce, the Law No. 6502 on the
Protection of Consumers, and the secondary legislation such as the Regulation on Service Providers and
Intermediary Service Providers in Electronic Commerce dated 26 August 2015 and published in the Official Gazette
No. 29457, the Distance Contracts Regulation dated 27 November 2014 and published in the Official Gazette
No. 29188, and other relevant legislation;
• To arrange all records and documents that will constitute the basis of payment systems, electronic contracts
or transactions in paper form, required in the field of banking and electronic payment; and to comply with the
obligations of information retention, reporting and informing stipulated by legislation and by other competent
authorities;
• To provide information to public prosecutors’ offices, courts and relevant public officials upon request and in
accordance with legislation, in matters related to public security and in legal disputes;
Your personal data will be processed in compliance with the PDPL and its secondary legislation.
Transfer of your personal data to third parties
For the purposes described above, the personal data you share with our Company may be transferred to
suppliers, cargo / delivery companies, other persons or entities related to the services provided, programme
partner entities from which services are obtained or with which cooperation is undertaken in order to conduct
our
activities (in the capacity of Data Processor), domestic / international organisations and other third parties.
Method of collecting personal data
Information you enter on our website or otherwise provide to our website (excluding your credit‑card information)
is stored. For example, information is collected when you place an order, register with us, send us an e‑mail,
call us or visit our website. This information includes any existing and / or new data you provide in any manner
and obtained automatically or by non‑automatic means, including but not limited to:
- Name, surname
- Postal address
- E‑mail address
- Telephone number
- Purchase information
- Saved addresses
-
Data such as preferences on pages accessed with user name and password, IP logs of transactions, cookie data
collected by the browser, and browsing duration and details.
This information may also include details you provide about other persons, such as the name and address of the
recipient of an order.
Your personal data are collected only with your consent (for example, by using the on‑line forms on our websites
and / or applications).
We will never request via e‑mail your password, user name, credit‑card information or other personal data.
This practice, known as “phishing,” is an attempt to steal your personal information. If you receive a message
that appears to be from us but requests personal information, you should not respond.
Our sales and marketing staff, branches, suppliers, other sales channels, paper forms, business cards, digital
marketing and call‑centre channels may collect your data verbally, in writing or electronically;
Individuals who share personal data with our Company for purposes such as establishing a commercial relationship,
applying for employment, submitting a quotation, etc., may provide these data through physical or virtual media,
face‑to‑face or remote, verbally or in writing or electronically;
Data obtained indirectly through different channels—such as websites, blogs, contests, surveys, games, campaigns
and similar micro‑sites and social media—e‑newsletter reading or click movements, publicly available database
information, and publicly shared profiles and data on social‑media platforms—may also be processed and
collected.
Storage and protection of personal data
Your personal data will be kept confidential in the databases and systems within our Company in accordance with
Article 12 of the PDPL and will not be shared with third parties in any way other than under the circumstances
stipulated by law and this Statement. Our Company is obligated to prevent unlawful processing of personal data,
to prevent unauthorised access, and to take software‑based security measures such as access‑management as well
as
physical security measures for the systems and databases where your personal data are housed. If it is learned
that personal data are obtained by others through unlawful means, the situation will be reported in writing to
the Personal Data Protection Authority without delay and in accordance with legal requirements.
Keeping personal data accurate and up‑to‑date
Pursuant to Article 4 of the PDPL, our Company has the obligation to keep your personal data accurate and
up‑to‑date. Accordingly, in order for our Company to fulfil its obligations under current legislation, our
customers must share accurate and current data or update them via the website / mobile application.
Rights of the personal data subject under the PDPL
Article 11 of the PDPL, which entered into force on 7 October 2016, grants the following rights to the personal
data subject. By applying to our Company (the Data Controller), the data subject may:
• Learn whether personal data are processed;
• Request information if personal data have been processed;
• Learn the purpose of processing personal data and whether they are used in accordance with that purpose;
• Know the third parties to whom personal data are transferred at home or abroad;
• Request the correction of personal data if they are incomplete or inaccurate;
• Request the deletion or destruction of personal data under the conditions set forth in Article 7 of the PDPL;
• Request that the correction, deletion or destruction operations be notified to third parties to whom the
personal data have been transferred;
• Object to a result that is to the detriment of the person concerned and has arisen by analysing processed data
exclusively through automated systems;
• Request compensation for damages in case of loss due to unlawful processing of personal data.
Our Company, located at Ankara, Türkiye, acts as Data Controller under the PDPL. Once the legal infrastructure is
established, the Data Controller Representative to be appointed by our Company will be announced in the Data
Controllers Registry and on the internet address where this document is located. Personal data subjects may
direct their questions, opinions or requests through any of the contact channels below:
E‑mail: info@enduransteknoloji.com
Phone: +90 554 263 19 03