CHERRY AND BLUE, SHOPPING
Shopping with “CHERRY AND BLUE” You will definitely share your personal information (delivery / billing addresses, telephone numbers, etc.), however, all your personal information will not be shared with other institutions and organisations.
When placing an order, for your convenience, order tracking will be available.
“CHERRY AND BLUE” and Parent company “Chartreuse Mont Tekstil Ticaret Limited Şirketi”
Undertakes to keep personal information confidential and strictly private;
Cherry and blue undertakes to keep personal information strictly private and confidential; “Chartreuse Mont Tekstil Ticaret Limited Şirketi” Considers this to be an obligation of confidentiality and undertakes to take all necessary measures and exercise due diligence to maintain and ensure
confidentiality, to prevent any or all part of the confidential information from entering the public domain or its unauthorised use or disclosure to a third party. “Chartreuse Mont Tekstil Ticaret Limited Şirketi” may provide this information by law in accordance with applicable laws and at the request of administrative, judicial and other governmental authorities provide this information by law.
The right to disclose within the framework of the framework is reserved.
CHERRY AND BLUE CUSTOMER DISCLOSURE TEXT ON THE PROCESSING OF PERSONAL DATA
In accordance with the Law on the Protection of Personal Data No. 6698 (“Law”), [“Chartreuse Mont Tekstil Ticaret Limited Şirketi” ] As the “Company, as the data controller, your personal data may be processed within the framework described below.
Your personal data is processed by our Company in accordance purposes and legal reasons specified in this clarification text and in accordance with the law and good faith for specific, clear and legitimate purposes, in a limited, measured and necessary manner for these purposes.
Method of Collecting Personal Data, Purpose of Processing and Legal Reasoninig: Your personal data is collected electronically within the scope of fulfilling the following purposes (“Purposes”) through the filling out of the online participation form / contact form / application form, call center, text message, e-mail and through the interviews and forms carried out in cases where you communicate with our Company in the physical environment.
Your personal data is collected and processed by our Company for the following purposes and legal reasons based on the personal data processing conditions specified in Article 5 of the Law.
Based on the legal reason that it is necessary to process the personal data of the parties to the contract, provided that it is. directly related to the conclusion or performance of a contract;
* Identity, your contact data for updating customer contact information, Your identity, communication, finance, customer transaction data for opening sales records and performing billing activities,
* Your identity, contact, customer transaction, financial data for the establishment or performance of the sales contract due to our purchase of our Company’s products and services.
Based on the legal reason that it is explicitly stipulated by the laws and is mandatory for the data controller to fulfil its legal obligation Your identity, communication, finance, customer transaction data for issuing invoices for the goods and services you receive within the framework of the Tax Procedure Law,
* Your identity, contact, customer transaction data for the fulfilment of official institution requests,
* Your identity, contact, customer transaction data in order to provide information to the authorised institutions arising from the legislation,
* Your transaction security data to ensure compliance with the retention obligations stipulated in the legislation,
* Your identity, contact, customer transaction, request and complaint data in order to respond to the relevant person applications in accordance with the legislation and to carry out the necessary procedures.
Based on the legal reason that data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject;
* Your identity, contact, customer transaction, financial data for keeping accounting records and tracking financial affairs due to the fact that you are a store customer
* Your identity, communication, customer transaction, request and complaint data for the execution of the relevant business processes and the carrying out of the necessary works by our business units in order to benefit the relevant persons from the products and services offered by our Company, including the sales and marketing activities of products and services,
* Your identity, contact, customer transaction, request and complaint data for the execution of customer relations,
* Your identity, communication, customer transaction, request and complaint, financial data for the execution of the necessary studies by our relevant business units for the realisation of the commercial activities carried out by our Company and the execution of the related business processes,
* Your identity, communication, customer transaction, finance, legal transaction data in order to ensure the legal, technical and commercial business security of our Company and the relevant persons in business relations with our Company,
* Your identity, communication, customer transaction, request and complaint data for the determination and implementation of our Company’s commercial and business strategies,
* Your identity, communication, customer transaction, transaction security, finance, legal transaction, request and complaint data for the follow up and execution of legal affairs,
* Your transaction security data for the execution of information security processes, your identity, communication, customer transaction, request and complaint, finance, legal transaction data for the execution of audit and ethical activities,
* Your identity, communication, customer transaction, finance, request and complaint data for the planning and execution of customer satisfaction and corporate communication activities,
* Your identity, contact data for the performance of sweepstakes, campaigns, competitions, promotions or advertising activities.
Based on the legal reason that data processing is mandatory for the establishment, use or protection of a right;
* Your identity, communication, customer transaction, request and complaint data for the receipt, evaluation and conclusion of your requests and complaints,
* Your identity, communication, customer transaction, request and complaint, financial, legal transaction, transaction security data for the storage of personal data during the general statute of limitations for the purpose of providing evidence in possible disputes that may occur in the future in the presence of your explicit consent,
Processing your identity, communication, customer transaction, marketing, request and complaint data for the purpose of contacting you and performing the marketing processes of our Company’s products and services, customising the products and services offered by our Company, including profiling and analysis activities, according to the likes, usage habits and needs of the relevant persons and recommending and introducing them to the relevant persons, Processing of your identity and contact information for the purpose of sending commercial electronic messages such as advertising, promotion, etc.,
To Whom and For What Purpose the Processed Personal Data Can Be Transferred
Your personal data collected in line with the fulfilment of the above Purposes; to our business partners, suppliers, group companies residing in the country, as expressly stipulated in the laws and legal
Within the scope of the fulfilment of our obligations, personal data may be transferred to legally authorised public institutions and legally authorised private persons within the framework of the conditions and purposes of personal data processing specified in Article 8 of the Law.
Security Measures we Take as Data Controller:
Our Company pays utmost attention and care to the secure storage of personal data and to prevent its unlawful processing and access,
In accordance with the provisions of Article 12 of the Law and the Regulation on the Deletion, Destruction or Anonymization of Personal Data and the decisions of the Board, it takes the necessary technical and administrative measures according to the technological facilities and implementation cost related to the following issues:
* Network security and application security are provided
* Security measures are taken within the scope of information technology systems supply, development and maintenance.
* The security of personal data stored in the cloud is ensured.
* Training and awareness activities are carried out for employees on data security at regular intervals.
* An authorisation matrix has been created for employees.
* Access logs are kept regularly.
* Institutional policies on access, information security, use, storage and destruction have been prepared and started to be implemented.
* Data masking measures are applied when necessary.
* Confidentiality undertakings are made.
* The authorisations of employees who have a change of duty or who have left their jobs in this field are removed.
* Up-to-date anti-virus systems are used.
* Firewalls are uses
* …§ Signed contracts contain data protection provisions.
* Personal data security
* Policies and procedures have Been determined.
* Personal data security problems are reported quickly.
* Personal data security is monitored.
* Necessary security measures are taken regarding the entry and exit of physical environments containing personal data.
* The security of physical environments containing personal data against external risks (fire, flood, etc.) is ensured.
* The security of environments containing personal data is ensured.
* Personal data is backed up and the security of the backed up personal data is also ensured.
* User account management and authorization control system are implemented and their follow-up is also carried out.
* Periodic and/or random audits are carried out and carried out within the institution.
* Log records are kept in such a way that there is no user intervention.
* Existing risks and threats have been identified.
* Protocols and procedures for the security of personal data of special nature have been determined and implemented.
* Intrusion detection and prevention systems are used.
* Penetration test is applied.
* Cyber security measures have been taken and their implementation is constantly monitored.
* Encryption is done.
* Awareness of data processing service providers on data security is ensured.
* Retention and Deletion of Personal Data
Our Company is based on the following principles in its personal data processing activities:
* To be in compliance with the law and the rule of honesty,
* Ensuring that personal data is accurate and, when necessary, up-to-date
* Processing for specific explicit and legitimate purposes
* Being relevant, limited and proportionate to the purpose for which they are processed and to keep it for the period stipulated in the relevant legislation or required for the purpose for which they are processed.
* Our Company stores and uses personal data in accordance with the principles mentioned above, in accordance with the conditions for the processing of personal data in Articles 5 and 6 of the Law mentioned below, and in the event that all of these conditions disappear, it destroys the personal data ex officio or upon the request of the relevant person Our Company retains and destroys personal data only for the period specified in the relevant legislation or required for the purpose for which they are processed. In this context, our Company stores and destroys personal data for the maximum periods specified in the table below:
* Data Category Data Retention
* Period Identity During the general statute of limitations of not more than 10 years from the end of the original processing purpose
* Communications: During the general statute of limitations of not more than 10 years from the end of the original processing purpose
* Legal Action Until the conclusion of the legal action
* Customer Transaction, Claim and Complaint During the general statute of limitations of not more than 10 years from the end of the original processing purpose
* Transaction Security 2 Years
* Finance During the general statute of limitations of not more than 10 years from the end of the original processing purpose
* Marketing During the general statute of limitations of not more than 10 years from the end of the original processing purpose
* The person concerned shall be subject to Article 11 of the Act.
* Rights Enumerated in the Article
* By applying to us, your personal data;
* (a) To learn whether it has been processed or not,
* (b) Requesting information, if it has been processed,
* (c) To learn the purpose of processing and whether it is used in accordance with its purpose,
* (d) To know the 3rd persons to whom it is transferred domestically / abroad,
* (e) Requesting correction if it is incomplete/incorrectly processed,
* (f) Requesting deletion / destruction within the framework of the conditions stipulated in Article 7 of the Law,
* To request that the third parties to whom it is transferred be notified of the transactions carried out in accordance with the subparagraphs (e) and (f) above,
* (h) Object to the occurrence of a result against you due to its analysis exclusively by automated systems,
* (i) If you suffer damage due to unlawful processing, you have the right to demand compensation for the damage.
* Complaints to be made by Data Owners whose Personal Data are processed by “Chartreuse Mont Tekstil Ticaret Limited Şirketi” Company in order to exercise your rights will be answered and concluded by “Chartreuse Mont Tekstil Ticaret Limited Şirketi” as soon as possible and within 60 days at the latest.
* The Data Owner shall submit his/her requests and complaints; “Chartreuse Mont Tekstil Ticaret Limited Şirketi”