GDPR (Personal Data Protection Law) Clarification Text

GDPR (Personal Data Protection Law) Clarification Text

  1. INTRODUCTION

The security and/or protection of your personal data is one of our priorities at Dagi Giyim Sanayi ve Ticaret Anonim Şirketi (“Company/Our Company”). With this awareness, we attach great importance to the processing and preservation of all kinds of personal data belonging to all persons associated with the Company, including people who use our products and services as a Company, in accordance with the Law on the Protection of Personal Data No. 6698 (“GDPR”). Accordingly, in the capacity of "Data Controller" as defined in the GDPR, and in accordance with the Communiqué on the Procedures and Principles to be Complied with in Fulfilling the Disclosure Obligation, published in the Official Gazette No. 30356 on 10 March 2018 by the Personal Data Protection Board; in order to fulfill the duty of enlightening the personal data owners during the acquisition of personal data; we provide this information to the personal data owners about the identity of our Company, the purpose of processing the personal data, to whom and for what purpose the processed personal data can be transferred, the method of collecting personal data and the legal reason, and the rights of the personal data owner within the scope of Article 11 of the GDPR.

Expressions such as "we" and "our" in this Clarification Text are used to express Dagi Giyim A.Ş., unless otherwise expressly stated.

  1. PERSONAL DATA

Definition of Personal Data

Within the framework of the article 3/I(d) of GDPR, “personal data” means all kinds of information regarding natural persons who are identified or can be identified. In this context, personal data refers to all kinds of information related to an identified or identifiable natural person. The information about you such as your name, surname, Turkish identity number, address, phone number, e-mail address, date of birth, IP number you accessed, and information about the transactions you made are your personal data. Furthermore, according to the GDPR; data such as race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, clothing, memberships such as associations, foundations, unions, health, sexual life, criminal convictions and security measures, as well as biometric and genetic data are special categories of personal data. In this context, anonymous information, anonymized information and other data that cannot be associated with a particular person are not considered personal data in accordance with our Company's Policy on this subject.

The Concept of Processing Personal Data

Processing of personal data within the framework of the article 3/I(e) of GDPR means all kinds of operations performed on the data. These processes refer to obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making available, classifying or preventing personal data in whole or in part by automatic or non-automatic means provided that it is a part of any data recording system.

  1. SCOPE OF CLARIFICATION

Identity of the Data Controller

According to the GDPR, "Data Controller" means a natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system. Therefore, the Corporate Identity Information of Dagi Giyim Sanayi ve Ticaret Anonim Şirketi, which is the Addressee "Data Controller" in accordance with the GDPR, is as follows:

Trade Registration No:

248953, Istanbul

Central Registration System No:

Tax Office:

0265052789984775

Boğaziçi Corporate Tax Office

Taxpayer ID:

2650527899

Head Office Address:

Merkez Mh. Birahane Sk.

Koç Plaza No.3/1, 34381 Bomonti-Şişli/İstanbul / TURKEY

Tel:

0212 240 40 65

Fax:

0212 233 30 28

Web:

www.dagi.com.tr

E-Mail Address:

[email protected]

Collection and Processing of Personal Data, and Purposes of Processing

Your Personal Data may vary depending on the service, product or commercial activity provided by our Company; this data is/may be collected verbally, in writing or electronically, automatically or non-automatically, through offices, branches, dealers, call centers, websites, social media channels, mobile applications and similar means.

Within the scope of the Article 5.2 and Article 6.3 of the GDPR; personal data that you have made public can be processed without your explicit consent to fulfill our legal obligations, to establish or perform a contract, to fulfill our legal obligations, to establish, exercise or protect a right, and to protect our legitimate interests without harming your fundamental rights and freedoms. Your personal data can also be processed within the scope of the purposes specified in this Clarification Text, provided that your express consent is obtained within the scope of Article 5.1 and Article 6.2 of the GDPR. You can procure all of our products, especially without being included in our other membership/loyalty program/programs and memberships, especially in the Dagi membership/loyalty program. On the other hand, since Dagi membership /Loyalty program and other loyalty programs and memberships offer special benefits to their members, you expressly consent to the processing of your Personal Data in exceptional cases, as well as to your inclusion/membership in programs in order to take advantage of the program/membership benefits.

Your collected personal data is/will be processed within the scope of the personal data processing conditions and purposes specified in the Articles 5 and 6 of the GDPR and in accordance with other applicable legal regulations. We do this for the following purposes: carrying out the necessary work by our business units to benefit you from the products and services offered by our company, recommending the products and services offered by our company to you by customizing them according to your liking, usage habits and needs, ensuring the legal and commercial security of our company and those who have a business relationship with our company (administrative operations for communication carried out by our company, ensuring the physical security and control of the company's locations, business partner/customer/supplier (officials or employees) evaluation processes, legal compliance process, financial affairs, etc.), determining and implementing our company's commercial and business strategies and ensuring the execution of our company's human resources policies.

To Whom and for What Purpose Can the Processed Personal Data be Transferred at Home and/or Abroad

For carrying out the necessary work by our business units to benefit you from the products and services offered by our company, recommending the products and services offered by our company to you by customizing them according to your liking, usage habits and needs, ensuring the legal and commercial security of our company and those who have a business relationship with our company (administrative operations for communication carried out by our company, ensuring the physical security and control of the company's locations, business partner/customer/supplier (officials or employees) evaluation processes, legal compliance process, financial affairs, etc.), determining and implementing our company's commercial and business strategies and ensuring the execution of our company's human resources policies,

your personal data is/will be transferred to the following persons and companies within the framework of the personal data processing conditions and purposes specified in the Articles 8 and 9 of the GDPR and within the scope of other legal regulations: to the administrative and official authorities that are legally required to be transferred, to the relevant persons and companies in order to fulfill the legal obligations and to the independent audit companies, tax consultants and other external professional consultants, lawyers, insurance companies, partners, due to legal obligations and within the framework of legal limitations, domestic and foreign third parties, our shareholders, business partners, suppliers, legally authorized public institutions and private individuals, from which service is received or will be received.

Your collected personal data is/can be transferred to foreign countries where data controllers in Turkey and in the relevant foreign country undertake an adequate protection in writing and where the permission of the Personal Data Protection Board (“Foreign Country Where the Data Controller Undertakes Sufficient Protection is Available”) to foreign countries declared to have sufficient protection by the Personal Data Protection Board ("Foreign Country with Sufficient Protection") or in the absence of sufficient protection. Accordingly, our company is/will act in accordance with the regulations stipulated in the Article 9 of the GDPR and other legal regulations.

Method And Legal Reason for Collecting Personal Data

Your personal data is obtained for the following purposes and the personal data obtained are stored within legal periods in accordance with the relevant Legislation: to carry out our activities, to fulfill our contractual and legal obligations between you and us by automatic or non-automatic methods and other channels through which our Company communicates with you or may contact you in the future in written/digital applications to our audit and consultancy services, our Company's employees, our website, our phone numbers, social media, SMS channels, and other verbal, written or electronic media.

Rights of Personal Data Owners as listed in the Article 11 of the GDPR

If you, as a personal data owner, submit your requests for your rights to our Company using the methods set out below in this Disclosure Text, our Company will conclude the request free of charge within thirty days at the latest, depending on the nature of the request. However, if a fee is required by the Personal Data Protection Board, the fee will be charged at the tariff determined by our Company. In this context, personal data owners have the following rights pursuant to Article 11 of the GDPR;

to learn whether their Personal Data is processed, to request information about it if it has been processed, to learn the purpose of processing the Personal Data and whether they are used in accordance with its purpose, to know the third parties in the country or abroad to whom their personal data are transferred, to request their correction if their personal data is incomplete or incorrectly processed, to request the deletion or destruction of personal data in case the reasons requiring the processing of personal data disappear, in order to be evaluated within the principles of purpose, duration and legitimacy, in case of correction, deletion or destruction of Personal Data, requesting the notification of these transactions to third parties to whom personal data has been transferred, to object to result if the processed personal data is analyzed exclusively through automated systems, to object to result in case of unfavorable results, to request the compensation of the damage in case of unlawful processing of the Personal Data and therefore incurring damage.

Pursuant to the 1st paragraph of the Article 13 of the GDPR, you may submit your request to our Company to exercise your above-mentioned rights in writing or by other methods determined by the Personal Data Protection Board. Since the Personal Data Protection Board has not determined any methods at this stage, you must submit your application to our Company in writing in accordance with the GDPR. In this context, the channels and procedures through which you will submit your application in writing to our Company within the scope of Article 11 of the GDPR are explained below:

You can submit your request, which includes the necessary information to identify you in order to exercise your above-mentioned rights, and your explanations about your right that you request to exercise from the rights specified in Article 11 of the GDPR, through the following ways: By filling out the form at www.dagi.com.tr, you can personally send a signed copy of the form to Birahane Sk. Koç Plaza No.3/1 34381 Bomonti-Şişli /İstanbul with the documents identifying your identity. You can send it through a notary public or other methods specified in the GDPR, or you can send the relevant form to [email protected] with a secure electronic signature.

In cases where your personal data is processed with explicit consent, if you withdraw your explicit consent, please note that you will be removed from the membership/loyalty program where the said consent-based processing is required and that you will not be able to benefit from the advantages you have benefited from thanks to the said processing as of the relevant date.