Legal notice

ATOLYE ATASEHIR LLC

Personal Data Policy

General Information About the Law on the Protection of Personal Data

The Law on the Protection of Personal Data No. 6698 (hereinafter referred to as “KVKK”) was adopted on March 24, 2016, and published in the Official Gazette dated April 7, 2016, and numbered 29677. Some provisions of the KVKK came into force on the date of publication, while others became effective on October 7, 2016.

Disclosure as Data Controller

Pursuant to the KVKK No. 6698, and in the capacity of Data Controller, your personal data may be recorded, stored, updated, disclosed or transferred to third parties (where permitted by legislation), classified, and processed in the manner set forth in the KVKK, within the scope explained on this page.

How Your Personal Data May Be Processed

In accordance with the KVKK No. 6698, the personal data you share with our company may be processed by means of automatic or non-automatic methods, wholly or partially, as part of a data recording system. Such operations include obtaining, recording, storing, altering, rearranging, and other forms of processing of the data. All such operations are considered as “processing of personal data” under the KVKK.

Purposes and Legal Grounds for Processing Personal Data

The personal data you share with us may be processed for the following purposes:

  • To fulfill our service obligations to our customers in accordance with contractual and technological requirements, and to improve the products and services we offer;

  • To record identity, address, and other necessary details of the data subject as required by the Law on the Regulation of Electronic Commerce No. 6563, the Law on the Protection of Consumers No. 6502, and relevant regulations including the Regulation on Service Providers and Intermediary Service Providers in Electronic Commerce (published in the Official Gazette dated 26.08.2015, No. 29457) and the Regulation on Distance Contracts (published on 27.11.2014, No. 29188), among others;

  • To issue records and documents that are mandatory in banking and electronic payment systems, whether in electronic or paper format; to comply with information retention, reporting, and disclosure obligations required by legal authorities;

  • To provide information to public prosecutors, courts, and other public officials upon request and as required by law in matters concerning public security or legal disputes.

Processing of your personal data will be carried out in accordance with KVKK and related secondary regulations.

Parties to Whom Personal Data May Be Transferred

Your personal data may be shared with the following parties for the purposes listed above:

  • Our service providers, such as IdeaSoft Yazılım San. ve Tic. A.Ş., which provides our e-commerce infrastructure;

  • Suppliers, cargo/shipping companies, and other service providers;

  • Business partners, program affiliates, domestic and international entities involved in our operations or acting as data processors;

  • Other relevant third parties as required.

Methods of Collecting Personal Data

Your personal data may be collected via:

  • Forms on our website and mobile applications that include fields such as name, surname, national ID number, address, phone number, work or personal email address, user preferences, transaction records (IP), cookies, session duration and detail, and location data;

  • Verbal, written, or electronic communication through our sales and marketing staff, branches, suppliers, other sales channels, printed forms, business cards, digital marketing, and call centers;

  • Information shared voluntarily for commercial relations, job applications, or quotation purposes through business cards, CVs, proposals, and similar means, obtained physically, digitally, in person, or remotely, orally or in writing.

Additionally, data obtained indirectly from third-party sources such as websites, blogs, contests, surveys, games, campaigns, micro-sites, or social media channels, including user behavior (e.g., newsletter open or click data), publicly available databases, and social media profiles may also be collected and processed.

Personal Data Obtained Before the Effective Date of KVKK

Personal data obtained lawfully before the effective date of KVKK (April 7, 2016), including membership, electronic marketing consent, and product/service purchases, continue to be processed and stored in accordance with the terms set forth in this document.

Transfer of Personal Data Abroad

Your personal data may be transferred, processed, or stored abroad—provided it remains within the scope of KVKK—using any of the methods listed above. Such transfers will be made to countries accredited by the Personal Data Protection Board as having adequate data protection.

Storage and Protection of Personal Data

Your personal data will be stored confidentially in our company's databases and systems in accordance with Article 12 of the KVKK. They will not be shared with third parties except as required by legal obligations or the conditions outlined in this document. We are responsible for taking all necessary technical and physical measures to prevent unauthorized access, unlawful processing, and data breaches. In the event of an unlawful data breach, the incident will be reported in writing to the Personal Data Protection Authority, as required by law.

Accuracy and Timeliness of Personal Data

Under Article 4 of the KVKK, our company is obligated to keep your personal data accurate and up to date. Therefore, it is the responsibility of our customers to provide accurate and current information or to update their data via our website or mobile application.

Rights of the Personal Data Owner Under KVKK

As per Article 11 of KVKK, which came into effect on October 7, 2016, personal data owners have the following rights:

  • To learn whether their personal data has been processed;

  • To request information if their personal data has been processed;

  • To learn the purpose of processing and whether data is used in accordance with its purpose;

  • To know the third parties to whom personal data is transferred domestically or abroad;

  • To request the correction of incomplete or incorrect data;

  • To request the deletion or destruction of personal data as per Article 7 of KVKK;

  • To request notification of such deletion or correction to third parties to whom the data has been transferred;

  • To object to decisions made solely through automated systems that produce results against them;

  • To claim compensation if they suffer damages due to unlawful processing.

The Data Controller within the scope of KVKK is [Atolye Atasehir / Meb İç ve Dış Ticaret Ltd. Şti], located at:

Atatürk Mah. Meriç Cad. No:30, Botanik Çarşı, Room 28, Ataşehir

The Data Controller Representative to be appointed by our company will be registered with the Data Controllers Registry and published on this website when the legal infrastructure is in place.

For any questions, feedback, or requests, you can contact us at:

Email: info@atolyeatasehir.com.tr