1. Eczacıbaşı Yapı Gereçleri Sanayi ve Ticaret A.Ş. and VitrA Karo Sanayi ve Ticaret Anonim Şirketi (all together hereinafter referred as "VitrA") are committed to protecting and respecting your privacy.
2. This policy sets out:
a. What personal data (“information”) we collect from you when you use our website or services;
b. Security measures taken to protect your personal data;
c. How we collect and use that information and
d. How you can contact us if you wish to exercise any of your rights in the information.
B) INFORMATION WE MAY COLLECT FROM YOU
First of all concerning the data protection, we comply with the Code on the Protection of Personal Data n. 6098. We may collect and process the following information about you:
1. Information that you provide to us when filling in forms on our websites or that you provide when you contact us. This may include your title, first name, surname, business address, business telephone number(s), business email address(es), and in certain circumstances details of payment methods used by your place of employment. This information may be given:
a. when you contact us with queries, complaints or a request for information;
b. when you respond to surveys that we may conduct, and you have agreed to be contacted;
c. when you sign Membership Agreement.
C) WHERE WE STORE YOUR PERSONAL INFORMATION AND SECURITY MEASURES TAKEN
1. Other than as set out in C2) the information that we collect from you will be stored in the territory of Turkey.
2. In order to respond to your complaints or administer requests made by you we may engage third party processors to process the information contained in your correspondence. These processors are sometimes located outside of Turkey. We will take such steps as are required by law to ensure that suitable safeguards are in place when any information is transferred to other countries.
3. Any payment card transactions will be processed securely, the suppliers that we use to process payment card transactions operate in accordance with the PCI DSS industry standard payment card security process to ensure that your online purchases are secure.
4. To ensure the security of your personal data, we take reasonable technical and administrative measures to prevent unauthorized access risks, accidental data loss, deletion or deletion of data. In order to do that we,
- Ensure data security by using software and hardware including virus protection systems and firewalls,
- Record access to personal data,
- Track personal data processing activities on a business unit basis,
- Ensure that the necessary inspections are carried out in order to ensure the enforcement of the provisions of the Law pursuant to Article 12 of the Code,
- Ensure compliance of data processing activities with the Law with internal policies and procedures,
- Make authorizations in accordance with the quality of the data accessed within the company.
- In case of external access to the personal data for reasons such as outsourcing, we obtain commitments to ensure compliance with the Law by the external service provider and
- Take the necessary actions to inform all our employees, especially those authorized to access personal data, regarding their duties and responsibilities under the Law.
5. Please note: where you use a password on any website we provide it is your responsibility to keep that password confidential.
D) USES MADE OF THE INFORMATION
1. We may use information held about you in the following ways:
a. To notify you about changes to our products;
b. To make and receive any payments necessary between us;
c. To carry out our obligations arising from any contracts entered into between you and us;
d. For customer service, running our business and improving our services;
e. To provide you with details of our services, information, newsletters, and details of promotions and offers which we feel may interest you;
g. To share with our suppliers where this is required by our processes;
h. To design, coordinate, develop, execute the company-specific commercial activities, planning and execution of business development activities,
i. To customize products and services according to individuals, setting up and executing activities for profiling, promotion and marketing,
j. To demand and complaint management, and post-sale processes editing and / or execution,
k. To plan, execute and manage the corporate relations and
l. To ensure the legal, technical and commercial-occupational safety of the Company and the related persons who have a business relationship with the Company and carrying out activities for the performance of legal obligations.
m. If you do not want us to use your information for marketing purposes please make sure that you indicate this by using the tick box when you sign up to our website
E) COOKIES AND INTERNET TAGS
2. We may also use Internet tags in combination with cookies on our website, and may develop these tags through a third-party advertising partner. We use this technology to help us analyse the effectiveness of our advertising campaigns. The third-party partner may be able to collect anonymous aggregated data about visitors to other sites, because of these Internet tags and cookies.
1. To ensure that we have an accurate record of dealings between us (and for training purposes) we may, in certain circumstances, record and or monitor telephone calls however you will always be forewarned when this is to happen.
G) DISCLOSURE OF YOUR INFORMATION AND TRANSFER TO THIRD PARTIES
1. From time to time we may disclose your personal information to other companies that are also subsidiaries of Eczacıbaşı Group.
2. We may disclose your personal information to third parties:
a. To process payment card transactions;
b. To respond to your complaints or administer requests made by you;
c. In the event that we sell or buy any business or assets, in which case we may disclose your personal information to the prospective seller or buyer of such business or assets;
d. If we or substantially all of our assets are acquired by a third party, in which case personal information held by it about its customers will be one of the transferred assets; and
e. If we are under a duty to disclose or share your personal information in order to comply with any legal obligation, or to protect the rights, property, or safety of our other customers, or other individuals. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
3. We may transfer information held about you to the third parties with the following terms and conditions:
a. If you have an express consent, or
b. Where one or more of the other data processing conditions specified in the Law are met, - Adequate protection in the country where the data is transferred, or - In case there is not enough protection in the country where the data is transferred, if we undertake adequate protection in writing with the Data Officer in the relevant foreign country and the permission of the Personal Data Protection Board is obtained.
H) YOUR RIGHTS
1. Article 11 of the Code stipulates that data owners have the following rights against the data controller:
- To find out whether Personal Data is processed, to request information about it if it is processed,
- Learning the purpose of processing Personal Data and whether it is used in accordance with its purpose,
- Knowing third parties to whom Personal Data are transferred domestically or abroad,
- Requesting correction if Personal Data is incomplete or incorrectly processed,
- Requesting the deletion or destruction of Personal Data within the framework of the conditions stipulated in the relevant legislation, requesting notification of the transactions made to third parties to whom Personal Data has been transferred,
- Objection to the emergence of a result against the person by analysing the processed data exclusively through automated systems and
- Requesting the compensation of the damage in case the Personal Data is subject to illegal processing.
I) USE OF YOUR RIGHTS
If you submit your requests regarding your rights by filling out the Data Owner Application Form, which you can reach at http://cdn1.vitra.com.tr/UPLOAD/document/EYAP-Veri-Sahibi-Basvuru-Formu.pdf according to the nature of your request, we will conclude your request free of charge within 30 (thirty) days at the latest. However, if the transaction also requires a cost, you will be charged accordingly with the Tariff determined by Data Protection Board.
We will be able to request information from the you in order to determine whether the applicant is the Data Owner, and may ask questions regarding the application to you in order to clarify the issues specified in the application.
For more detailed information, please kindly visit https://cdn1.vitra.com.tr/UPLOAD/document/Eyap_KVK%20Politikasi.pdf and examine our Personal Data Protection Policy.