Privacy Policy - Blondi Official

PRIVACY POLICY

PERSONAL DATA PROTECTION, PROCESSING AND DISPOSAL POLICY

INTRODUCTION

As AGR INDUSTRIES TEKSTİL LİMİTED ŞİRKETİ ("Blondi" or "Company"), we respect and care about the security of your personal data and the privacy of your private life. We present to you this Personal Data Protection, Processing, and Disposal Policy ("Policy"), which is prepared to inform you about the processing, transfer, storage, and destruction of your personal data that you have shared with us and your rights regarding the use and protection of your personal data in accordance with the Personal Data Protection Law No. 6698 ("KVKK" or "Law").

As explained in this Policy, your personal data may be recorded, archived, updated, transferred, classified, and processed in the ways listed in the KVKK and the relevant legislation.

With this Policy, we have tried to provide you with all information regarding the processing of personal data in a clear and understandable manner. If you have any questions about our use of your personal data after reading the Policy, you can always contact us using the contact information below.

AGR INDUSTRIES TEKSTİL LİMİTED ŞİRKETİ

Address: LEVENT MAHALLESİ LALE SOKAK NO:1 34330 BEŞİKTAŞ / İSTANBUL

Telephone Number: +90 546 422 12 10

E-mail Address: [email protected]

Web Address: www.blondiofficial.com

WHAT IS THE SCOPE OF THIS POLICY?

The scope of this Policy applies to the processing, protection and destruction of all personal data of you, the data subject. This Policy applies to all recording environments where your personal data owned or managed by us are processed and to our activities for the processing of your personal data.

OUR PURPOSES FOR PROCESSING YOUR PERSONAL DATA AND WHAT IS YOUR PERSONAL DATA THAT WE PROCESS

Commercial Communication Processes

If you give commercial communication permission/explicit consent, we process your identity (name-surname) and contact (phone number, e-mail address, address information) for the purposes of general or personalized campaigns, advantages, promotions, advertisements, notifications, marketing activities and commercial communication activities (SMS, e-mail, call, social media, etc.), conducting surveys for customer satisfaction regarding our products and services, campaigns, contests, sweepstakes, invitations, invitations to openings and other events.

Sales Processes

We process your identity (name-surname, tax number if you are a corporate customer), contact (e-mail, mobile phone), payment, customer transaction (offer, order, cargo information), billing information and the institution you work for the purposes of sending your products to you, communicating with you when necessary such as invoice issuance and return processes, and your voice records if you contact us via phone.

Legal Processes and Internal Activities

We process your identity, communication, shopping, billing and transaction security (log records), and your voice records information in order to fulfil our obligations arising from the legislation and to fulfil our other legal obligations to authorized and competent public institutions and organizations.

For the purposes of exercising all kinds of litigation, response and objection rights against official institutions and organizations such as courts, enforcement offices, arbitral tribunals in case of disputes arising, conducting negotiation and agreement processes regarding disputes, providing you with the necessary information if you request information from us, and internal audit, internal control and reporting, testing, We process your identity (name-surname), contact (telephone number, e-mail address, address), shopping, invoice, transaction security information (website membership, website purchases, log records regarding permission/explicit consent/contract approval within the scope of commercial communication) and legal transaction information (correspondence and file information regarding dispute processes) within the scope of development and improvement studies.

We process your identity, contact, shopping and order information and transaction security information in order to prevent the use of our website and other Blondi systems in violation of membership agreements, legislation and morality, to detect suspicious transactions and illegal uses, to block and unblock transactions.

TO WHOM AND FOR WHAT PURPOSE DO WE TRANSFER YOUR PERSONAL DATA?

We transfer your personal data to third parties only for the purposes specified in this Policy and in accordance with Articles 8 and 9 of the Personal Data Protection Law No. 6698 ("KVKK").
In order for you to benefit from the services we provide in accordance with KVKK, your personal data shared with us may be transferred to our business partners, natural persons or legal entities, and authorized institutions and organizations. The legal grounds for such transfers are as follows: explicit consent, performance of a contract, compliance with legal obligations, protection of vital interests, establishment or exercise of legal claims, and legitimate interests pursued by the data controller.
In this context, the third parties to whom your personal data are transferred and the purposes of transfer are as follows:
With auditors during routine and special audits
With our legal advisors for the follow-up of receivables, execution of legal processes, and the protection of our company's interests
With public institutions and organizations authorized to request data
With the security company that automatically shares the camera recordings taken to ensure the security of the physical space
With the building security team, where visitor lists are regularly shared to ensure the physical security of the space and to monitor entry and exit
With our service providers, agents, and domestic and international business partners for the execution of transactions within the scope of the Blondi website
With our service provider supplier for the purpose of sending commercial electronic messages
With our suppliers and business partners that we collaborate with for website visitor and customer satisfaction processes
If applicable, your personal data may also be transferred to countries outside the European Economic Area (EEA) or other jurisdictions. In such cases, we ensure that the transfer complies with the applicable data protection laws, including the implementation of adequate safeguards such as standard contractual clauses or other mechanisms required by law to ensure the security of your personal data during transfer.

We take all reasonable steps to ensure that third parties to whom we transfer your personal data have implemented appropriate technical and organizational measures to protect your personal data and ensure its confidentiality.

STORAGE MEDIA FOR YOUR PERSONAL DATA

Categorization of Your Personal Data

In accordance with the law, we process your personal data in the categories of identity, contact information, website visitor and customer transactions, finance, audio and visual records, and transaction security. For company employees, we also process your personal data in the categories of professional experience, education, and other personal data.

Website Visitors and Cookies

On our website, your internet movements within the site are recorded using technical means (e.g., cookies) in order to fulfill the obligations in the relevant legislation or to ensure that your visits to the site are carried out in accordance with your visit purposes, to show you customized content, and to engage in online advertising activities. In this context, campaigns are organized on the website we own and the websites of our business partners, and personal data may be processed in these areas. We take the necessary technical and administrative measures regarding the protection and processing of personal data in relation to these activities and inform you with detailed information texts on the relevant website.

Basic Principles on Processing and Destruction

We process your personal data for specific, explicit, and legitimate purposes in accordance with the regulations in KVKK, in compliance with the law and good faith, and ensuring that they are accurate and updated when necessary. Your processed personal data is handled in accordance with the principles of being connected, limited, and proportionate to the purpose for which they are processed and are retained for the period stipulated in the relevant legislation or for the purpose for which they are processed.

Recording Media

Your personal data is securely stored in compliance with the law in the following environments:

Electronic Media

Non-Electronic Media

Servers (server, backup, e-mail, database, web page, file sharing, etc.)

Paper

Software (Office software, portal, etc.)

Written, printed, visual media

Information security devices

Printed satellite materials

Personal computers (desktop, laptop)

Mobile devices (phones, tablets, etc.)

Removable memories (USB, memory card, etc.)

Printer, scanner, copier

Camera recordings (photos, videos, etc.)

EXPLANATIONS ON STORAGE AND DESTRUCTION

Legal Grounds for Retention

Your personal data processed within the scope of our activities are retained for the periods stipulated in the applicable legislation. In this context, your personal data may be retained based on the following legal grounds:

•To ensure the continuation of contractual relationships,

•To carry out commercial operations,

•To fulfill legal obligations of Blondi arising from applicable laws and regulations, including but not limited to:

•Turkish Commercial Code (Law No. 6102),

•Turkish Code of Obligations (Law No. 6098),

•Law No. 6698 on the Protection of Personal Data,

•Law on the Regulation of Electronic Commerce (Law No. 6563),

•Banking Law (Law No. 5411),

•Social Security and General Health Insurance Law (Law No. 5510),

•Occupational Health and Safety Law (Law No. 6331),

•Labor Law (Law No. 4857),

•Consumer Protection Law (Law No. 6502),

•Law on the Protection of Competition (Law No. 4054),

•Income Tax Law (Law No. 193),

and related secondary legislation.

Purposes Requiring Retention

We retain your personal data for the following purposes:

•Conducting and supervising commercial activities,

•Executing human resources processes,

•Carrying out procurement, sales and marketing operations and communication activities,

•Providing after-sales support for goods/services,

•Ensuring corporate and operational security,

•Performing financial and statistical analysis,

•Fulfilling obligations under contracts and protocols,

•Complying with legal regulations and obligations,

•Communicating with business partners and clients,

•Preparing legal reports,

•Managing customer and service processes,

•Executing risk management and access control procedures,

•Organizing events such as fairs and corporate activities,

•Managing advertising, campaigns and promotions,

•Conducting recruitment, placement, performance evaluation and career development activities,

•Ensuring business continuity,

•Carrying out data archiving and retention processes,

•Providing proof and documentation in potential legal disputes.

Reasons for Destruction

Personal data are deleted, destroyed, or anonymized in the following cases, indicating the end of lawful processing:

•The legislative provisions forming the basis for processing are amended or repealed,

•The contract is not concluded, is invalid, terminated or revoked,

•The purpose for processing personal data no longer exists,

•The processing becomes contrary to the law or principles of good faith,

•The data subject withdraws their explicit consent, in cases where processing is based solely on consent,

•The data controller accepts the application of the data subject concerning data processing based on their rights under Article 11(1)(e) and (f) of the KVKK,

•If the data controller rejects or fails to respond to the request for deletion or destruction of personal data within the legal period, and the data subject files a complaint that is accepted by the Personal Data Protection Board,

•The legal retention period expires, and there is no further valid reason to retain the data,

•The legal processing conditions listed under Articles 5 and 6 of the KVKK cease to exist.

In such cases, your personal data are deleted, destroyed, or anonymized either automatically (ex officio) or upon your request, in accordance with the timelines specified in this Policy.

HOW DO WE DESTROY YOUR PERSONAL DATA?

At the end of the period stipulated in the relevant legislation or upon the expiration of the retention period required for the purpose for which they are processed, your personal data are destroyed by us either ex officio or upon your request, using the techniques outlined below and in compliance with the provisions of the applicable legislation.

Deletion of Your Personal Data

Data Recording Environment

Description

Personal Data on Servers

Deletion is carried out by the system administrator by revoking the access rights of users for data whose retention period has expired.

Personal Data in Electronic Media

Personal data whose retention period has expired is rendered inaccessible and non-reusable for all users except the database administrator.

Personal Data in Physical Media

Personal data stored in physical media and whose retention period has expired is made inaccessible and non-reusable for all employees except the document archive manager. A blackout process (scratching/painting/erasing) is applied to ensure illegibility.

Personal Data on Portable Media

Flash-based storage media containing expired data are encrypted and stored in secure environments, with access granted only to the system administrator.

Destruction of Your Personal Data

Data Recording Environment

Description

Personal Data in Physical Media

Expired personal data in paper format is irreversibly destroyed using paper shredding machines.

Personal Data in Optical/Magnetic Media

Optical and magnetic media are physically destroyed (e.g. melted, incinerated, pulverized) once the retention period has expired.

Anonymization of Your Personal Data

We anonymize personal data that is suitable for statistical or analytical use. Anonymization ensures that personal data cannot be associated with an identified or identifiable natural person, even by using appropriate techniques specific to the recording environment and the field of activity, including scenarios where data is matched with other datasets or reversed by us or third parties.

STORAGE AND DESTRUCTION PERIODS

Your personal data are processed in accordance with the principles of being relevant, limited, and proportionate to the purposes for which they are processed and are retained for the periods stipulated in the relevant legislation or as long as necessary for the purposes of processing.

Within the scope of our activities:

-Data-specific retention periods based on the data inventory for all personal data, depending on the business process,

-And process-based retention periods are specified in this Policy.

These retention periods are updated when necessary. Upon the expiration of the retention periods, the relevant data is deleted, destroyed, or anonymized within six (6) months, which is defined as the periodic destruction interval. In this context, periodic destruction is performed every year in June and December.

Retention and Destruction Periods by Process

Process

Retention Period

Destruction Period

Human Resources Processes (Employees)

10 years – from the termination date of the employment relationship (within the scope of Law No. 6331).