Personal Data Protection Policy

PERSONAL DATA PROTECTION AND PROCESSING POLICY

This text has been prepared within the scope of the Turkish Personal Data Protection Law No. 6698, between SADİYE ALKAN FASHION TEKSTİL SAN. VE TİC. LTD. ŞTİ. (hereinafter referred to as SADİYE ALKAN FASHION) on one side, and the individuals who come into contact with the Company and whose data are processed (hereinafter referred to as the Data Subject) on the other.

This Policy is binding at every stage for all natural and legal persons who come into contact with SADİYE ALKAN FASHION in any manner. The parties shall fulfill their obligations in good faith. By reading this text, the parties shall be deemed to have been informed of which of their personal data are processed and of the Company’s internal personal data processing policy.

SADİYE ALKAN FASHION is a fashion house established in Fatih, Istanbul, distinguished by its originality in bridal gown design. From the order stage of custom-made products through delivery—and even after delivery—the Company demonstrates the highest level of sensitivity regarding the protection and processing of personal data. SADİYE ALKAN FASHION follows a lawful data policy in all data processing activities and uses personal data solely for the purposes specified in this Policy.

Personal Data Protection and Processing Policy

As SADİYE ALKAN FASHION, we attach the utmost importance to the lawful processing and protection of personal data in accordance with the Turkish Personal Data Protection Law No. 6698 (“Law”) and act with due care in all our planning and activities. With this awareness, our Company undertakes to comply with all obligations imposed by the Law. This Personal Data Protection and Processing Policy (“Policy”) has been prepared and is implemented for this purpose.

Purpose of the Policy

The purpose of this Policy is to explain the systems and processes implemented for the lawful processing and protection of personal data in accordance with the Law and its objectives, and to ensure transparency by informing our customers, employees, job applicants, visitors, institutions we cooperate with, and third parties.

Importance Given by Our Company to the Fundamental Principles of Personal Data Processing

a) Compliance with law and good faith:
Except for the exceptions set forth in Article 5/2 of the Law, our Company processes personal data with the explicit consent of the data subject. It questions the source of the data it collects or receives from other companies and attaches importance to ensuring that such data are obtained lawfully and in accordance with the principles of good faith.

b) Accuracy and being up to date when necessary:
Our Company ensures that all data held within the organization are accurate and free from incorrect information and updates personal data when changes are communicated. Information declared by the data subject is deemed accurate. Data subjects are kindly requested to notify the Company of any changes to their information.

c) Processing for specific, explicit, and legitimate purposes:
Our Company processes personal data only for purposes that are approved by individuals during the provision of services and does not process, use, or allow the use of data outside business purposes.

d) Being relevant, limited, and proportionate to the purpose:
Our Company uses personal data only to the extent required for the purpose for which they are processed and as necessitated by the service.

e) Retention for the period required by legislation or the processing purpose:
Our Company retains data arising from contractual relationships for the periods required by dispute resolution timelines, commercial law, and tax legislation. When these purposes cease to exist, the data are deleted or anonymized.

f) Our Company may share personal data with relevant institutions and organizations due to business and contractual relationships or for the performance of judicial duties or the lawful exercise of authority by public bodies.

g) Where personal data are collected, processed, or used through the Company’s websites, mobile applications, or other systems, data subjects are informed through privacy notices and, where necessary, cookie disclosures.

Confidentiality and Data Security

Personal data are confidential, and our Company strictly observes this confidentiality. Access to personal data within the Company is limited to authorized personnel only. All necessary technical and administrative measures are taken to protect personal data collected by the Company, prevent unauthorized access, and avoid harm to customers. These measures include ensuring software compliance with standards, carefully selecting third parties, and enforcing the internal Information Security Policy. Companies with whom personal data are lawfully shared are also required to protect such data. Our Company conducts necessary internal and external audits regarding personal data protection.

Personal Data Processed by Our Company

SADİYE ALKAN FASHION may process personal data of a general or special nature with the explicit consent of the data subject or under the circumstances set forth in Articles 5 and 6 of the Law. Examples of such data include, but are not limited to:

  • (i) Identifying data such as name, surname, profession, title, employer information, education and employment history, gender, marital status, citizenship status, tax liability status, and information regarding parents, guardians, or legal representatives

  • (ii) Data contained in identification documents such as identity cards, passports, and driver’s licenses

  • (iii) Contact information such as home, workplace, or temporary residence addresses, telephone numbers, email addresses, and fax numbers

  • (iv) Information regarding products, projects, and services offered, purchased, or deemed suitable for the data subject; physical characteristics such as height and weight; and tax identification numbers required for invoicing

  • (v) Communication records such as phone calls and email correspondence, as well as other audio and visual data

  • (vi) Details regarding website usage (behavior, transactions, preferences, viewed products, etc.)

  • (vii) Usernames and passwords assigned exclusively to the data subject

Personal Data Not Processed by Our Company

Special category personal data defined under Article 6 of the Law—such as race, ethnic origin, political opinions, philosophical beliefs, religion, sect or other beliefs, clothing, association, foundation or trade union membership, criminal convictions, health and sexual life, biometric and genetic data—are not processed by our Company.

Purposes of Processing Personal Data

Within the scope described above, our company processes personal data for the following purposes:

  • (i) Fulfillment of legal and administrative obligations by the company,

  • (ii) Negotiation, execution, and performance of contracts that have been concluded or are contemplated to be concluded,

  • (iii) Determination of suitable products, projects, and services for customers; customization and development of such products and services; and provision of effective customer services,

  • (iv) Ensuring and improving coordination, cooperation, and efficiency within the company and among its departments,

  • (v) Ensuring the security of the websites, other electronic systems, and physical premises owned by or used by SADİYE ALKAN FASHİON,

  • (vi) Notifying data subjects of amendments to legislation or to the rules and policies adopted by SADİYE ALKAN FASHİON, as well as making other notifications that may concern the data subject,

  • (vii) Promotion and marketing of SADİYE ALKAN FASHİON’s projects and services, development thereof, and obtaining the opinions of data subjects through surveys and polls,

  • (viii) Investigation, detection, prevention, and reporting of breaches of contract and violations of law to the relevant administrative or judicial authorities,

  • (ix) Resolution of existing or potential legal disputes,

  • (x) Responding to requests and inquiries,

  • (xi) Measuring customer satisfaction,

  • (xi) Conducting customer service operations,

  • (xii) Carrying out transactions related to company and partnership law,

  • (xiii) Meeting personnel needs within the framework of SADİYE ALKAN FASHİON’s human resources policies and conducting, developing, and improving recruitment processes,

  • (xiv) Assessing the suitability of job applications, finalizing such applications, and communicating with job applicants,

  • (xv) Developing and improving SADİYE ALKAN FASHİON’s human resources, public relations, and marketing policies,

  • (xvi) Where data processing is mandatory for the establishment, exercise, or protection of a legal right,

  • (xvii) Protecting the legitimate interests of SADİYE ALKAN FASHİON, provided that such processing does not harm the fundamental rights and freedoms of the data subject.

Collection and Processing of Data for Contractual Relationships

If a contractual relationship has been established with our customers or potential customers, the collected personal data are processed based on the explicit consent obtained. However, such use is limited to the purposes of the contract. Personal data are used to the extent necessary for the proper performance of the contract and the requirements of the service, and where necessary, customers may be contacted to update such data.
The data provided by our prospective customers (potential customers) are processed with their explicit consent for the purposes of providing information and delivering quality services. Upon request, and provided that the legal requirements are met, such data shall be deleted.

Data Sharing with Business and Solution Partners

Our company shares personal data recorded by our company with its business and solution partners within the scope of the consent obtained from the relevant data subject. Only the data required for the provision of the service are shared. No data processing activity beyond what is stipulated by law is carried out. In cross-border data transfers, compliance with the GDPR is ensured.

Processing of Personal Data Without the Explicit Consent of the Data Subject

Pursuant to Article 5, paragraph 2 of the Law on the Protection of Personal Data (KVKK), personal data may be processed without obtaining the explicit consent of the data subject if one of the following conditions exists. In such cases, our company may process personal data without obtaining explicit consent:

  1. Where it is explicitly provided for by law,
  2. Where it is mandatory for the protection of the life or physical integrity of the data subject or another person who is unable to express consent due to actual impossibility or whose consent is not legally valid,
  3. Where it is necessary to process personal data of the parties to a contract, provided that it is directly related to the establishment or performance of a contract,
  4. Where it is mandatory for the data controller to fulfill its legal obligations,
  5. Where the personal data have been made public by the data subject,
  6. Where data processing is mandatory for the establishment, exercise, or protection of a legal right,
  7. Where data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject.

Processing of Special Categories of Personal Data

Our company does not record or process special categories of personal data. Nevertheless, our company is informed about Article 6 of the KVKK, which regulates such data.

Transfer of Personal Data Abroad

Personal data may be transferred abroad with the explicit consent of the data subject or in accordance with the conditions set forth in Article 9 of the Law, provided that adequate protection exists in the country to which the data are transferred. In cases where adequate protection does not exist, such transfer may only be carried out if the data controller and the data controller in the relevant foreign country jointly undertake in writing to ensure adequate protection and obtain the approval of the Personal Data Protection Board.

Rights of the Data Subject Under Article 11 of the Law on the Protection of Personal Data

Pursuant to Article 11 of the KVKK, you have the following rights. Applications regarding these rights will be responded to as soon as possible and no later than within 30 days.

Data subjects whose personal data are processed may apply to our contact person announced on our website and exercise their rights to:

  1. Learn whether their personal data are processed,
  2. Request information if their personal data have been processed,
  3. Learn the purpose of processing personal data and whether such data are used in accordance with that purpose,
  4. Know the third parties to whom personal data are transferred domestically or abroad,
  5. Request the correction of personal data if they are incomplete or inaccurate and request that such correction be notified to third parties to whom the personal data have been transferred,
  6. Request the deletion or destruction of personal data in accordance with Article 7 of the KVKK where the reasons requiring processing no longer exist, even though the data have been processed in compliance with the KVKK and other relevant laws, and request that such action be notified to third parties to whom the personal data have been transferred,
  7. Object to the occurrence of a result against the data subject arising from the analysis of processed data exclusively through automated systems,
  8. Request compensation for damages incurred due to unlawful processing of personal data.

As a company, we respect these rights. All applications submitted to our legal address will be duly responded to.

Applications may be submitted, in accordance with legal procedures, either from your registered email address via sadiye.alkan.fashion@gmail.com, which has been designated by our company as the data controller for such applications, or in writing and duly signed to the following address:
Tepebaşı Mahallesi, Mardin Cd., Dunaysır İş Merkezi No:21/A, Kızıltepe / Mardin.

Tel: +90 544 517 1757.