Data Controller 

Dear Customers and Visitors; 

Your personal data can be processed by XCLUSİVE STORE İTHALAT İHRACAT VE TİCARET LİMİTED ŞİRKETİ (Company) as the data controller within the scope as described below pursuant to the Personal Data Protection Act no 6698.

METHOD OF COLLECTING THE PROCESSED PERSONAL DATA, PURPOSES OF PROCESSING AND LEGAL GROUNDS 

Your personal data is being collected directly from you by way of your visits to our website www.terralope.com and your purchases, the information you share during the telephone conversations or e-mail correspondence, the subscription agreement in our website, your participation to the promotions or surveys we have offered and your subscription to the e-bulletin. Among your personal data; your identification details (name, surname, date of birth, sex) in particular, as well as your contact details (e-mail address, address and telephone, IP address), data in relation to the product you have purchased within the Company field of activity, and audio information recorded during your conversations with customer services shall be processed by the Company within the frame of the reasons for compliance with laws as stated in item 2 of article 5 of the Law and for the purposes of drawing up and executing the product sales contract, establishing a right and fulfilling legal liabilities and protecting our legitimate interests, on the condition of not harming your personal rights.

Main purposes of data processing; 

Executing the Goods / Services Sales Processes, After-sales Support Services, Production and Operation Processes,  Executing Finance and Accounting Business, Executing Company / Product / Service Commitment Processes, Executing Customer Relations Management Processes, Executing the Activities related to Customer Satisfaction, Executing Marketing Analysis Efforts, Executing Advertisement / Campaign / Promotion Processes, Providing Information to Authorized People, Institutions and Organizations, Tracking the Demands / Complaints, Executing the Activities in compliance with Legislation, Executing the Communication and Information Security Activities 

Also, date of birth, marital status and shopping habits in relation to all kinds of products, preferences, tastes and likes can be processed by us, provided that necessary measures are taken to protect the privacy of such information, that your basic rights and liberties are kept free from harm and your express consent is obtained. Your personal data is destroyed according to the Company Data Destruction Policy when the purpose of processing pursuant to our legal obligation ceases to be valid. 

If a previously given consent and permit of yours is not available, pursuant to our legal obligation we shall ask for your express consent in relation to your personal data that is not covered by any one of the reasons for legal compliance stated above and mentioned in article 5/2 of the law. In that case, you shall be able to give consent by ticking the consent boxes in the related fields of our website and clicking the save/send button. You shall be asked to give a similar permit for us to send you electronic commercial mails using your identification and contact details.

To Whom and for What Purposes the Processed Personal Data shall be Transferred;

Your personal data may be transferred within the scope of the above mentioned grounds and purposes to our business partners and suppliers from whom we receive services for providing products and services to you, to third persons from whom we receive services or with whom we cooperate, to legally authorized public agencies and private persons within the frame of and limited to the personal data processing conditions stated in articles 8 and 9 of the Law no  6698.

Rights of the data subject as listed in article 11 of the Law no 6698; 

As data subjects, you may refer to the Company at any time pursuant to article 13 of the Law. Accordingly, you have the right to;

-Learn whether your personal data has been processed or not,

-Ask for information as to whether your personal data has been processed,

-Learn the purpose of the processing of your personal data and whether these personal data are used in compliance with the purpose,

-Know about the third parties to whom your personal data has been transferred, whether in the country or overseas,

-Request the correction of any incomplete or inaccurate personal data and request the reporting of any such operations to third parties to whom your personal data has been transferred,

-Request the deletion or destruction of personal data when the reasons for processing cease to be valid, even if such processing has been made in compliance with the provisions of the Law no 6698 and other relevant laws and request the reporting of any such operations to third parties to whom your personal data has been transferred,

-Object to the occurrence of a result against yourself when the data has been analyzed solely through automated systems,

-Claim compensation for the damage arising from the unlawful processing of your personal data. 

Based on your legal rights, when you submit your requests regarding your personal data by using the data subject application form published in the website www.terralope.com (on the basis of the Communiqué on the Methods of Application to the Data Controller) or by way of another written document which includes the compulsory information about you as stated in the application form, or by way of e-mail, registered electronic mail (KEP) address, secure electronic signature, mobile signature or the electronic mail address which had been previously reported by the data subject to the Company and is recorded in the Company, making it possible to confirm your identity, the Company shall respond to your request free of charge, in the shortest time possible and within thirty days at the latest, depending on the nature of the request; if the procedure has a cost in itself, the Company shall charge the price in the tariff as determined by the Personal Data Protection Board.

You can submit all your requests and applications to www.terralope.com website or by mail to the below written company address.

XCLUSİVE STORE İTHALAT İHRACAT VE TİC. LTD. ŞTİ. (Data Controller)

Address: Maslak Mah. Maslak Meydan Sok. Beybi Giz Plaza A Blok No: 1/99 Kat: 26-27 Sarıyer/İstanbul.

Mersis: 0833120932300001

Website: www.terralope.com

Telephone: 05421223267

Data privacy policy 

XCLUSİVE STORE İTHALAT İHRACAT VE TİC. LTD. ŞTİ. 

PERSONAL DATA PROTECTION AND PROCESSING POLICY 

Purpose and Scope of the Policy 

This Policy defines the conditions for processing personal data and puts forward the main principles adapted by XCLUSİVE STORE İTHALAT İHRACAT VE TİC. LTD. ŞTİ. (Company) in the processing of personal data. In that framework, the Policy covers all personal data processing activities of the Company that fall within the Law, the owners of all personal data processed by the Company and all personal data which is processed.

Effectiveness and Changes 

The Policy has been presented to the public by being published in the Company website. In cases of any conflict between the applicable legislation, and particularly the Law, and the arrangements stated in this Policy, the provisions of the legislation shall prevail.

The Company reserves the right to make changes in the Policy in line with legal regulations. The current version of the Policy is accessible through the Company website (www.terralope.com).

Definitions 

Company 

XCLUSİVE STORE İTHALAT İHRACAT VE TİC. LTD. ŞTİ.

Personal Data 

Any information related to an identified or identifiable person.

Sensitive Personal Data 

Personal data related to race, ethnic origin, political opinion, philosophical belief, religion, religious sect or other belief, appearance, membership to associations, foundations or trade-unions, data concerning health, sexual life, criminal convictions and security measures, and biometric and genetic data.

Processing of Personal Data 

Any operation, including collection, recording, storage, protection, alteration, adaptation, disclosure, transfer, retrieval, making available, categorization and preventing the use of,

which is performed on personal data wholly or partially by automated means or non-automated means that must be part of a data filing system.

Data Subject 

It means the Company Stakeholders, Employees, Business Partners, Representatives, Employee Candidates, Visitors, Company Customers, Potential Customers, Third Persons whose personal data is being processed, as well as other persons whose personal data is being processed by the company.

Data Filing System 

The filing system where personal data is structured and processed according to certain criteria.

Data Controller 

The natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data filing system.

Data Processor 

The natural or legal person who processes personal data on behalf of the data controller upon the authorization granted by the same.

Express Consent 

Consent related to a certain subject, given by freewill and based on being informed.

Anonymization

Rendering personal data, previously associated with a person, impossible to be associated with an identified or identifiable natural person, even through being matched with other data.

Law

The Personal Data Protection Law no 6698.

Personal Data Protection Board 

The Personal Data Protection Board.

Destruction

Ceasing to process personal data by deleting, destroying or totally anonymizing it. 

DATA SUBJECTS, DATA PROCESSING PURPOSES AND DATA CATEGORIES IN OUR DATA PROCESSING OPERATIONS

Data Subjects/Related Persons 

The data subjects covered by the policy are all natural persons other than Company employees whose personal data is being processed by the Company. In that framework, data subject categories are generally as follows:

RELATED PERSON CATEGORIES

DESCRIPTION 

1-Company Stakeholder 

Natural persons who are Company Stakeholders.

2-Natural Person Business Partners 

Natural persons with whom the Company is involved in any kind of business relation.

3-Stakeholders, Representatives, Employees of Company Business Partners and Suppliers 

All natural persons, including the employees, stakeholders and representatives of the natural and legal persons (e.g. business partner, supplier) with whom the Company is involved in any kind of business relation.

4-Company Representative

Member of the Company board and other authorized natural persons.

5-Employee/Trainee

Natural persons who provide contracted services in the Company.

6-Employee Candidate 

Natural persons who have submitted a job application to the Company by any means or who have made their curriculum vitae and related information accessible by the Company.

7-Company Customer 

Natural persons who are using or have used the products and services offered by the Company, regardless of whether they have a contractual relation with the Company or not.

8-Potential Customer 

Natural persons who have asked for or been interested in using the Company products and services or who have been assessed as having the potential to have such an interest in line with commercial practice and good faith and who may potentially become a customer.

9-Visitor 

All natural persons who enter Company’s physical premises for various purposes or who visit the websites for any purpose.

10-Third Person 

Natural persons other than the Related Person categories mentioned above and the Company employees.

Related person categories have been defined for purposes of general information. Remaining outside these categories does not exclude the Data subject from being a data subject as defined in the Law.

METHOD AND LEGAL GROUNDS FOR PERSONAL DATA COLLECTION 

As part of the commercial, legal, contractual or other relations established between the Company and the Related Person, within the frame of the purposes detailed below and based on the reasons for legal compliance stated in Article 5/2 et seq. of the Law no 6698 or based on express consent if there are no such reasons; Personal Data can be collected by the Company directly from the related person through electronic or physical means and then processed. Legal grounds of data processing should include at least one of the following;

-It is provided for by the legislation that the Company is subject to,

-On the condition of being directly related to the establishment or performance of a contract,  it is necessary to process the personal data of the parties of a contract for offering the demanded products and services or performing the requirements of the executed contract,

-Data processing is compulsory for the Company to fulfill its legal obligations,

-Personal data has been made public by the data subject him/herself,

-Data processing is necessary for the establishment, exercising or protection of any right pursuant to the Company legislation or internal operations,

-Processing of the data is necessary for the legitimate interests of the data controller, provided that the fundamental rights and liberties of the data subject are not violated,

-Express consent of the data subject is obtained.

PERSONAL DATA CATEGORIES AND PURPOSES OF PROCESSING

Personal Data Categories 

The following categories of personal data are processed by the Company in line with the Company’s legitimate and legal purposes for personal data processing, based on and limited to one or more of the personal data processing conditions stated in article 5 of the Law, in accordance with the general principles stated in the Law, particularly including the personal data processing principles listed in article 4, and with all obligations regulated by the Law and limited to the subjects covered by this Policy, provided that the related persons are duly informed pursuant to article 10 of the Law. A general definition has been given as to the personal data included in these categories as well as the kind of information that the categories include.

PERSONAL DATA CATEGORIZATION 

Identity Details 

Information about an identified or identifiable natural person, such as name-surname, T.R. identification number, place of birth, date of birth, sex, identity card and passport number, taxpayer number, social insurance number, etc.

Contact Details 

Information about an identified or identifiable natural person, such as telephone number, address, e-mail address, fax number, etc.

Operation Security Details

Information about a data subject such as IP address, computer password, internet access records, etc.

Financial Details 

Personal information processed in relation to the information, documents and records showing all kinds of financial results arising from the type of legal relation established between the Company and the Related Person and such data as bank account number, IBAN, credit card details, asset data, income information, etc.

Audio/Visual Information 

Data concerning an identified or identifiable natural person, including photograph and video recordings and audio recordings made by the call center.

Personnel Information 

All kinds of personal data processed for obtaining the basic information upon which personnel rights are established for the natural persons who are involved in an employment relation with the Company based on a service contract.

Educational and Occupational Data 

Information about the business background and educational background of the employees, candidates, customers and potential customers.

Legal Procedure Details 

Data processed for purposes of identifying and keeping track of the legal receivables and rights of the Company, discharging of debts and performing legal obligations.

Customer Transaction Information 

Information such as records in relation to the use of products and services as well as instructions and demands regarding the use of products and services by the customer.

Marketing Data 

Personal data processed for the purposes of customizing and marketing the products and services in line with the usage habits, tastes and needs of the Related Person and the reports and assessments created as a result of this processing.

Sensitive Personal Data 

Data mentioned in article 6 of the Law and, due to their nature, whose processing and protection is governed by more specific requirements (e.g. health data, criminal records, etc).

Purposes of Processing Personal Data 

Personal data and sensitive personal data can be processed by the Company for the following purposes in accordance with the conditions for processing personal data as specified in the Law and the relevant legislation:

CUSTOMERS

When a commercial or legal relation is established by visiting the www.terralope.com website as a CUSTOMER, making subscriptions and purchases, completing product assessment forms and other forms as the CUSTOMER, sharing things in telephone conversations or e-mail correspondence, making telephone conversations with the Customer Services, completing contact forms or by any other means, the identification information (Name, Surname, TR Identity Number, Sex) in particular, as well as contact details (E-mail Address, Address and Telephone Details), data regarding the product purchased within the Company field of activity, audio information recorded during the telephone conversations with customer services and visual data are collected directly from the data subject and processed by the Company within the frame of the reasons for compliance with laws as stated in item 2 of article 5 of the Law for the purposes of drawing up and executing the contract, establishing a right and protecting our legitimate interests.  

Besides this information, personal information related to occupation and date of birth can also be collected for organizing customized campaigns for the customer and making special discounts for subscribers if the person has subscribed via the website; however, express consent is solicited from the data subject in order to process such data.

Consent is also solicited from the data subject for providing various benefits to the related person, making all kinds of special electronic communication for the purposes of advertisement, sales, marketing, survey and similar, and sending other communication messages by using the personal data shared by the Customers who wanted to benefit from and be informed about the advantages of products and services offered by the Company.

In cases where no relation has been established with the related person for selling any products or services, the above listed data may only be processed for the following purposes if an express consent has been obtained.

The company performs data processing operations in relation to the offered products and services and for the following purposes as part of the purchase and sale relation established with the customers who are natural or legal persons;

-Executing the Goods / Services Purchasing, Production and Sales Processes 

-Executing the After-sales Support Services, Production and Operation Processes 

-Executing the Customer Relations Management Processes 

-Executing the Activities aimed at Customer Satisfaction 

-Executing the Communication and Information Security Activities 

-Executing the Operations in line with the Legislation

-Executing the Finance and Accounting Affairs

-Executing the Processes of Loyalty to / Products / Services Loyalty 

-Executing the Marketing Analysis Efforts 

-Executing the Advertisement / Campaign / Promotion Processes 

-Executing the Transactions and Operations as part of Commercial / Contractual Relation, Fulfilling Financial and Legal Obligations 

-Keeping Track of Requests / Complaints 

-Fulfilling Legal Obligations 

-Keeping the Authorized Persons, Institutions and Organizations Informed 

-Executing the Legal Processes 

-Storage and archiving activities 

COMPANY EMPLOYEES 

Without prejudice to the matters listed in article 6/2 of the Law no 6698 and as described in the Law, and to the extent permitted by the law, personal data of all employees working in the COMPANY under a service contract, including but not limited to all information and documents drawn up pursuant to article 75 of the Labor Law no 4857 and kept in the personnel file, are considered and collected as part of personal data for purposes of drawing up and duly executing a service contract, performing the in-house operations, proving the business relation, keeping records of the salary and related information, submitting legal reports to the Treasury, the Ministry of Labor, the Social Insurance Institution and all other institutions, applying the occupational health and safety principles, fulfilling any legal obligations, identifying the working conditions, ensuring security, making private health insurance policies, travel insurance policies, flight and hotel reservations for you and your family in relation to the service given, opening bank accounts for depositing the salary, making the obligatory personal retirement insurance (BES) payments, social insurance premium payments and following up the legal processes in government agencies.

Purposes of processing the data of employees are listed below:

-Executing the Information Security Processes 

-Executing the Employee Satisfaction and Commitment Processes 

-Fulfilling the Service Contract and Legislation-related Liabilities for the Employees 

-Executing the Fringe Benefits Processes for the Employees 

-Executing the Audits / Ethics Activities 

-Executing the Educational Activities

-Executing the Access Authorizations 

-Executing the Operations in line with the Legislation 

-Executing the Finance and Accounting Business 

-Providing the Security of Physical Setting 

-Executing the Appointment Processes 

-Following up and Executing the Legal Affairs

-Planning the Human Resources Processes 

-Executing / Auditing Business Operations 

-Executing Occupational Health / Safety Operations 

-Collecting and Assessing the Suggestions for Improving the Business Processes 

-Executing the Activities for Ensuring Business Continuity 

-Executing the Performance Assessment Processes 

-Informing the Authorized Persons, Institutions and Organizations 

-Executing the Management Operations 

-Submitting the Necessary Legal Notifications to Government Agencies, Benefiting from the Incentives Given by Government Agencies,

-Executing the Human Resources Operations and Personnel Activities in Particular 

-Auditing the Employees and Performing Employer’s Data Processing Activities within the Frame of the Right to Manage 

In case any changes occur in the information given by the employee as part of the business relation, such changes must be notified to the COMPANY so that the above listed operations can be carried out.

Employees may at any time refer to the personnel manager in the Human Resources Department of the COMPANY to have access to their personal data and ask for changing or correcting such data. Employees have the right to know whether their personal data is being processed within the scope of the purposes stated in this notification.

EMPLOYEE CANDIDATES 

Personal data of the employee candidates collected by the COMPANY as the Data Controller by way of either the CV’s submitted or the application forms completed during the job application phase (the data and the consent is obtained by having the employee candidate read the clarification text, which is presented in written form, and sign the consent forms) are processed by the COMPANY’s automated systems or physical settings and in accordance with the written company standards for purposes of establishing business relations with the employee candidates and retained for 2 years which is considered to be a reasonable period. Here the purpose is to reassess the candidates during this period and to keep them in the system for a certain period for the sake of a possible business relation. In case no business relation is established with the candidate in this period, such data shall be destroyed at the end of the 2nd year.

Purposes of processing the data of employee candidates are listed below:

-Executing the Selection and Placement Processes of Employee Candidates / Trainees / Students 

-Executing the Application Processes of Employee Candidates 

-Executing Human Resources Operations, Personnel Procurement and Recruitment Processes,

-Ensuring Business Continuity, Executing Business Operations and Ensuring the Security of Physical Setting 

-Using as evidence in conflicts 

-Executing Managerial Activities 

COMPANY VISITORS 

Personal data consisting of identity information and visual data is processed by way of creating registers of visitors and making video records by security cameras during the COMPANY visits made by natural persons so that the COMPANY can ensure the security of both the visitors and the COMPANY. Such personal data are never disclosed to third persons other than for reasons of being obliged to do so for the execution of contract, fulfilling legal obligations and responding to written requests of public authorities. The necessary legal warnings and notifications have been displayed in the entrances of the workplace and the stores and in the clarification text published in the website.

Purposes of processing the relevant data are listed below:

-Executing the Information Security Processes 

-Creating and Following up Visitor Registers 

-Ensuring the Security of Physical Setting 

-Keeping the Authorized Persons, Institutions and Organizations Informed

-Ensuring the Security of Data Controller’s Operations 

-Providing Internet Access and Ensuring the Access Security 

-Executing the Inspection and Security Activities

BUSINESS PARTNERS AND SUPPLIERS OF THE COMPANY 

As part of the commercial activities performed by the Company, personal data (Identity information, Contact information, Financial data, Signature data) of the merchants and tradesmen, who are either natural or legal persons and with whom a commercial or legal relation exists, is processed. Such processing is done for the purposes of drawing up and executing our contracts, performing the legal obligations and protecting the legitimate interests of the Company as stated in article 5 of the Law, in accordance with the basic principles stipulated by the Law and within the scope of the specified conditions of processing personal data. Personal data is collected directly from the Suppliers and Business Partners and processed by the Company for the above mentioned purposes and in electronic environment.

Purposes of Data processing;

-Executing the Contract Processes 

-Executing the Finance and Accounting Business 

-Performing and Monitoring the Legislative Responsibilities and Legal Processes 

-Executing the In-house Operations 

-Strategy Planning & Management of Business Partners/Suppliers 

-Ensuring the Security of Physical Setting 

-Executing Logistic Activities 

-Managing the Supply Chain Management Processes 

-Protecting the Information that must be Retained pursuant to the Relevant Legislation; Making Copies and Taking Backup to Prevent Loss of Information; Checking the Coherence of Information; Taking the Necessary Technical and Administrative Measures for the Security of our Databases and Your Information.

PRINCIPLES AND REQUISITES OF PROCESSING PERSONAL DATA 

Principles of Processing Personal Data 

Your personal data is processed by the Company in accordance with the principles of personal data processing stated in article 4 of the Law. These principles must be strictly adhered to in each of the personal data processing operations:

Processing personal data in compliance with the laws and good faith 

-Ensuring that the personal data is accurate and updated;

-Ensuring that personal data is relevant, limited and proportionate to the purposes for which it is processed;

-Ensuring that personal data is stored for the period laid down by relevant legislation or as required for the purpose for it is processed.

Requisites of Processing the Personal Data 

Your personal data is processed by the Company if at least one of the requisites for processing personal data stated in article 5 of the Law is involved. The said requisites are described below:

Explicit consent of the data subject. In cases where other requisites for data processing are not involved and in line with the general principles listed under 3.1, the Company may process the personal data of the data subjects if the latter have given consent with their free will, upon being adequately informed about the personal data processing operation, leaving no room for doubt and limited to the said operation only.

If the personal data processing activity has been expressly provided for in the laws, the Company may process the personal data without the explicit consent of the data subject. In that case, the Company shall process the personal data within the frame of the related legal regulation.

When explicit consent of the data subject cannot be obtained due to actual impossibilities and the personal data has yet to be processed, the Company may still process the personal data of the data subject who is not in a position to give consent or whose consent cannot be considered valid if processing the personal data is mandatory for protecting the life or the bodily integrity of the data subject or a third person.

In case the personal data processing activity is directly related to drawing up or executing a contract, such personal data processing activity shall be done if it is necessary to process the personal information of the parties to the contract drawn up and signed between the data subject and the Company.

In cases where it is mandatory to process personal data in order to fulfill the legal responsibility of a data controller, the Company processes personal data for satisfying its legal obligations within the frame of the applicable legislation.

Personal data which has been publicized by the data subject, disclosed to the public by the data subject in any way, and become accessible for everyone as a result of being publicized may be processed by the Company in a manner restricted with the purpose of publicizing, even without the express consent of the data subject.

In case personal data processing must be done to establish, use or protect a right, the Company may process the personal data of data subjects within the frame of such obligation, even without the express consent of the data subject.

If processing of personal data is compulsory for the sake of the legitimate interests of the data controller, provided that the basic rights and liberties of the data subjects are not harmed, the Company may process personal data, keeping a balance between the interests of the Company and the data subject. In that scope, when data is processed on the grounds of legitimate interests, the Company first identifies the legitimate interest to be gained as a result of such processing. The possible effects of the personal data processing on the rights and liberties of the data subject are evaluated and the processing is done if there is no harm to the balance of interests.

CLARIFICATION FOR THE DATA SUBJECTS 

Article 10 of the Law requires that prior to the processing of personal data, or during the processing of personal data at the latest, data subjects must be informed about the processing of personal data. The electronic and physical environments where the company collects personal data have been equipped with the necessary setup and clarification texts have been published where relevant in order to ensure that data subjects are kept informed in every case of personal data processing by the Company as the data controller pursuant to the relevant article.

CONDITIONS FOR PROCESSING THE SENSITIVE PERSONAL DATA 

Sensitive personal data is the kind of data which, when disclosed, may lead to discrimination against the related persons or cause them suffering. Therefore, it must be protected much more strictly than the other types of personal data. Sensitive personal data may be processed upon the express consent of the related person or in limited cases as defined in the Law.

Sensitive personal data has been described in the Law within a restricted scope. These are personal data related to race, ethnic origin, political opinion, philosophical belief, religion, religious sect or other belief, appearance, membership to associations, foundations or trade-unions, data concerning health, sexual life, criminal convictions and security measures, and biometric and genetic data. Sensitive personal data cannot be extended by analogy.

In all data processing operations, the Company tends to keep Sensitive Personal Data away from being recorded and processed by data systems insofar as possible. However, sensitive personal data is processed without the need for an express consent given by the person if, due to the nature of the work done, the law explicitly states that sensitive personal data must be processed. If health information is to be processed by someone other than a health professional, this can only be done by obtaining explicit consent from the related person. The Company exercises necessary efforts to take stricter measures when processing Sensitive Personal Data.

TRANSFERRING PERSONAL DATA 

In line with the additional arrangements listed in articles 8 and 9 of the Law and specified by the Personal Data Protection Board, the Company may transfer personal data to 3rd Persons if conditions exist for such transfer of personal data.

In the presence of at least one of the conditions for data processing which are listed in articles 5 and 6 of the Law and explained under the 3rd heading of this Policy and provided that the basic principles of data processing are adhered to, personal data can be transferred by the Company.

Within the frame of data processing conditions which have been outlined in articles 8 and 9 of the Law, the Company can perform data transfer to the parties that have been categorized in the table below:

CATEGORIZATION OF DATA SHARING PARTIES 

Business Partner  

The parties with whom the Company establishes business partnership when performing its commercial activities and with whom personal data is shared in a limited manner in order to serve the purposes for which the business partnership was established. 

Supplier 

The parties that offer services, in line with the instructions given by the Company and based on the contract executed with the same, to enable the Company to carry out commercial activities and with whom personal data is shared in a limited manner in order to receive services which are outsourced from the supplier. 

Affiliate

The companies that are affiliates of the Company and with which personal data is shared in a limited manner in order to carry out the commercial operations in which the affiliates are involved. 

Legally Authorized Public Agency 

Public institutions and organizations that are legally authorized to receive information and documents from the Company and with whom personal data is shared in a limited manner when the relevant public institutions and organizations request information. 

Legally Authorized Private Agency

Private entities that are legally authorized to receive information and documents from the Company and with whom personal data is shared in a limited manner when the relevant public institutions and organizations request information. 

DESTRUCTION OF PERSONAL DATA 

Without prejudice to the provisions stated in the other laws concerning the deletion, destruction or anonymization of Personal Data, the Company deletes, destroys or anonymizes the Personal Data either ex officio or upon request of the related person in case the reasons for processing cease to exist, even if such personal data has been processed according to the provisions in this Law and in other laws.

The Company retains Personal Data during the period stipulated in the legislation, if provided for in such legislation and in accordance with the period of retention stated in the personal data processing inventory. If a certain period for retaining the personal data is not mentioned in the legislation, Personal Data is processed for a period during which it is necessary to process such personal data in connection with the relevant operation of the Company and pursuant to the practices and commercial customs of the Company; and, when the reasons for processing cease to exist and pursuant to article 7 of the Law, such data is deleted, destroyed or anonymized either ex officio or upon request of the related person in line with the guidelines published by the Personal Data Protection Board.

CONSIDERATIONS FOR PROTECTING THE PERSONAL DATA 

Pursuant to article 12 of the Law, the Company takes the necessary technical and administrative measures for ensuring the appropriate level of security in order to prevent the illegal processing of the Personal Data which is being processed, prevent any unauthorized access to such data and keep the data under protection, and has the necessary technical inspections done either directly or by others.

The Company takes technical and administrative measures depending on technological facilities and application costs to make sure that personal data is processed in legal ways.

Ensuring the Security of Personal Data 

Technical Measures Taken to Ensure that Personal Data is Processed in Legal Ways 

The main technical measures taken by the Company to ensure that Personal Data is processed in legal ways are listed below:

-Personal data processing operations carried out in the Company are inspected regularly.

-The technical measures taken are periodically reported to the committee pursuant to the internal audit mechanism.

-An information processing department equipped with relevant qualified personnel has been established for handling the technical issues.

-New technological developments are followed up and technical measures are taken for the systems especially in the field of cyber security and the measures taken are periodically updated and renewed.

-Access and authorization solutions are implemented within the frame of the legal compliance requirements specified for each department in the Company.

-Restrictions are applied to the authorizations of access and such authorizations are periodically revised. Former employees are subjected to access restrictions and accounts are deleted after a certain period of time.

-The technical measures taken pursuant to the internal operations of the Company are reported to the personnel who have the authorization to access the databases, any risky matters are reassessed to create the necessary technological solutions.

-Virus protection systems, data gap securities and software and hardware with firewalls are installed.

-Qualified personnel is employed for technical subjects.

-All information systems, including the applications where personal data are collected, are regularly tested for external effects to find out any security gaps and any gaps identified at the end of this test are then closed.

Administrative Measures Taken to Ensure that Personal Data is Processed in Legal Ways 

The primary measures taken by the Company to ensure that Personal Data is processed in legal ways are listed below:

-Company employees are given information and training in line with the developments in the legislation and the business practices regarding the personal data protection law and the subject of processing personal data in legal ways.

-All personal data processing activities carried out by the Company are performed in accordance with the personal data inventory and its annexes which have been created after a detailed analyses of all business units.

-The personal data processing activities conducted by the relevant departments of the Company and the responsibilities to be fulfilled to make sure that these activities are in compliance with the personal data processing requirements specified by the PDPB have been drawn up in the form of written policies and procedures by the related companies, each one of the business units have been informed accordingly and warned about the specific points to take into account when performing the activity.

-The inspection and management of the Company departments with regard to personal data security is organized by the information processing department. Awareness is raised to make sure that the legal requirements for each business unit are met, and the necessary administrative measures are implemented by way of company policies, procedures and training to ensure that this aspect is supervised and the practice is continued.

-A notification about personal data and notes on data security are inserted in the service contracts executed between the company and the employees, as well as in the relevant documents, and additional protocols are prepared. Efforts are made to raise the necessary awareness among the employees.

-In consideration of personal data processing mechanisms, specific processes are implemented in every department of the company with respect to legal compliance, access to personal data within the company and authorization.

-The Company either includes personal data privacy clauses in the contracts executed with the business partners and suppliers with whom it has business relations or from whom services are purchased by virtue of commercial operations (these being contracts related to commercial operations that involve processing of personal data) or makes covenants for the protection of personal data.

RIGHTS OF THE RELATED PERSON AND EXERCISING THE RIGHTS 

Rights of the Related Person Pursuant to the Personal Data Protection Law

The Company informs you about your rights pursuant to article 10 of the Law, guides you about the methods of exercising these rights and performs the necessary internal functioning as well as the administrative and technical arrangements. The Company informs the people whose Personal Data is obtained that they have the following rights as stated in article 11 of the Law;

-Learn whether their personal data has been processed or not,

-Ask for information as to whether their personal data has been processed,

-Learn the purpose of the processing of their personal data and whether these personal data are used in compliance with the purpose,

-Know about the third parties to whom their personal data has been transferred, whether in the country or overseas,

-Request the correction of any incomplete or inaccurate personal data, 

-Request the deletion or destruction of personal data within the conditions stated in article 7 of the Law,

-Request the reporting of any such operations performed pursuant to paragraphs (d) and (e) of article 11 of the Law to third parties to whom their personal data has been transferred,

-Object to the occurrence of a result against themselves when the data has been analyzed solely through automated systems,

-Claim compensation for the damage arising from the unlawful processing of their personal data.

You can submit your applications concerning your rights listed above to our Company through the means stated below. Your applications shall be concluded free of charge, in the shortest time possible and within thirty days at the latest, depending on the nature of the request; if the procedure has a cost in itself, you may be charged a price according to the tariff as determined by the Personal Data Protection Board.

When evaluating the application, the Company first determines whether the applicant is the actual right holder. Besides, the Company may ask for detailed or additional information when necessary to have a better understanding of the request.

Related persons can submit to our Company free of charge their requests in relation to their rights mentioned in this policy, together with the information and documents as proof of identity and using the methods written below or any other methods specified by the Personal Data Protection Board.

A written and wet-signed application including the information that must be provided pursuant to the relevant legislation must be submitted to the company address either in person or by way of registered and reply paid letter.

An e-mail including the information which is required by the relevant legislation must be submitted by the data subject to www.terralope.com using the e-mail address that had previously been reported to the Company and registered in the Company systems or using any other methods specified in the legislation. 

The applications of the data subjects are responded by the Company either in writing or through electronic means. In case the application is rejected, the data subject shall be informed about the justifications for such rejection.

EFFECTIVENESS OF THE POLICY 

This Policy as drawn up by the Company has been put into effect on ………………. . This Policy is published in the company website (www.terralope.com) and made accessible for the related persons upon request of the personal data subjects.

XCLUSİVE STORE İTHALAT İHRACAT VE TİC. LTD. ŞTİ. (Data Controller)

Address: Maslak Mah. Maslak Meydan Sok. Beybi Giz Plaza A Blok No: 1/99 Kat: 26-27 Sarıyer/İstanbul. 

Mersis: 0833120932300001

Website: www.terralope.com

Telephone: 05421223267

USE OF COOKIES 

Cookies 

As XCLUSİVE STORE İTHALAT İHRACAT VE TİC. LTD. ŞTİ. (Company), we use cookies, pixels, and local storage technologies for facilitating the use of our website and making such use customized. Here, we would like to help you understand why the said technologies are used and how these are controlled and deleted, if you prefer to do so. 

What are cookies?

Almost all companies that offer products and services to their customers through their websites use cookies in these websites. We also use cookies to help you have a better, faster and safer shopping experience and develop our products and services in line with your needs and demands. Cookies are small text files that are saved in your device (e.g. computer or mobile phone) when you visit a website. Cookies can be saved in your device through your browser during your first visit to a website. When you visit the same website using the same device, your browser checks whether your device has any cookies saved in the name of that website. If yes, the data included in that file is transferred to the currently visited website. This way, the website remembers your previous visit and determines the content to be displayed for you accordingly. 

Controlling and deleting the cookies 

For changing your preferences regarding the use of cookies or for blocking or deleting the cookies, you just need to change the settings in your browser. For enabling you to control the cookies, many browsers offer you the options to accept or reject the cookies, to accept only certain types of cookies or to be alerted by the browser when a website asks to store cookies in your device. It is also possible to delete the cookies that have been previously saved in your device. The procedures related to controlling or deleting the cookies may vary depending on the browser you use.

Category 1- Strictly Necessary Cookies 

These cookies are important for your navigation in the website, ensuring access to the safe parts of the website and setting forth the consents. Without these cookies, it would not be possible to offer the services you have requested, such as the shopping cart or payment page in our website. The cookies in this category are;

_dc_gtm_UA-855910-3

A cookie for the management of codes and applications in the page 

AWSELB

A cooking that enables the execution of visitor requests.

Category 2- ‘Performance’ Cookies

These cookies collect information as to how our visitors use the website. For instance, they let us know the pages most frequented by our visitors and whether they receive any error messages from the web pages. These cookies do not collect information that identifies a visitor but collect information unanimously. The cookies in this category are;

_ga

A cookie related to Google Universal Analytics. This cookie is used for distinguishing unique users by assigning a randomly created number as a client identifier. It is used for calculating the visitor, session and campaign data for the analysis reports of websites.

_gat

A cookie related to Google Universal Analytics – restricts the collection of data in high traffic zones. 

_gid

Performs storage of 24-hours user analytics.

Category 3: Targeting / Advertising Cookies 

These cookies are used for measuring the effectiveness of advertising campaigns that best suit your areas of interest and the number of advertisements. They are generally inserted by advertisement networks when permitted by the website operator. They remember the websites that you have visited and share this information with 3rd party organizations such as advertisers. Most often, for purposes of targeting, these cookies provide links to the websites where other advertisements are displayed. These cookies are not the ones that Mango uses as the first party operator; rather this targeting is done based on the consents previously given by the users through various channels. The cookies in this category are;

datr

A cookie provided by Facebook which is used to make behavioral advertising based on Like button analytics. Data are deleted after 10 days.

fr

Another cookie provided by Facebook which is used to make behavioral advertising based on browser monitoring with ID name.

APISID

Used for targeting by Google based on the websites visited by users.

SSID

A cookie provided by Google which is used for targeting based on the visits to advertisement areas.

lu

A cookie provided by Facebook which is used for helping to login and logout the website.

PREF

Provides personalized advertisement based on Google searches.

SID

A Google cookie used for controlling member login when logging in and out the website.

id

A cookie created to prepare the forms.

HSID

Used for identifying the actual time when the Google user account has visited the website.

criteo

Used for measuring the effects of the content on the user.

igodigitalstdomain

A 3rd party cookie giving online marketing services.

KRTBCOOKIE_323

A cookie by way of which advertisers sell advertising spaces to digital buyers and which enables making advertisements on the website.

bku

A cookie used for visitor measurements and reporting 

demdex

A cookie used for analyzing behavioral movements which makes customer segmentation based on user movements.

kuid

A cookie used for real time profiling of visitors.

Why are cookies used?

Some cookies help the website remember the preferences you have made in your previous visits, offering a much more user-friendly and customized experience in your subsequent visits.