At www.hoxs.com, we collect your personal information (delivery/invoice) that you used while shopping. addresses, telephone numbers, etc.) with other institutions and organizations will definitely not share it.
Some information for your convenience when ordering. In line with your approval, it is stored in your membership account. This The information only allows you to track your order faster and more securely. will be used to ensure access.
Hox's is committed to keeping personal information strictly private and confidential; make it a secret to consider it as an obligation to keep and to ensure confidentiality and maintaining, making all or any part of confidential information available to the public entry or unauthorized use or to a third party. to take all necessary precautions and exercise due care to prevent disclosure promises to show. Hox's in accordance with applicable law. and this information upon the request of administrative, judicial and other official authorities. The right to disclose within the framework of the law is reserved.
HOX'S CUSTOMER INFORMATION TEXT ON THE PROCESSING OF PERSONAL DATA
In accordance with the Personal Data Protection Law No. 6698 (“Law”), KRGL As Tekstil Sanayi ve Ticaret Limited Şirketi, we are the data controller. As such, your personal data will be processed within the framework explained below. can be processed. Your personal data is subject to this information by our Company. In accordance with the processing purposes and legal reasons specified in the text and for specific, clear and legitimate purposes in accordance with the law and good faith It is processed in a limited, measured and necessary manner for the purpose.
Method of Collection of Personal Data, Purpose and Legal Reason of Processing
Your personal data is used for the purposes listed below (“Purposes”) Online participation in electronic environment within the scope of the introduction of filling out form/contact form/application form, call center, mobile our applications, via text message, e-mail and in physical environment Interviews held when you contact our company and collected through forms.
Your personal data for the following Purposes and legal reasons: Personal data specified by our company in Article 5 of the Law It is collected and processed based on processing conditions.
Being directly related to the establishment or execution of a contract provided that the processing of personal data of the parties to the contract Based on the legal reason why it is necessary;
• Identity, contact information to update customer contact information. your data,
• Opening sales records and invoicing activities identity, communication, finance, customer transaction your data,
• Sales due to your purchase of our company's products and services identity, communication, customer transaction, your financial data.
It is clearly foreseen by law and the legal liability of the data controller is Based on the legal reason that it is mandatory to fulfill;
• In return for the goods and services you receive within the framework of the Tax Procedure Law identity, communication, finance, customer transaction for invoicing your data,
• Identity, communication, your customer transaction data,
• Identity to provide information to authorized institutions based on legislation, your contact, customer transaction data,
• Ensuring compliance with the storage obligations stipulated in the legislation for your transaction security data,
• Responding to relevant person applications in accordance with the legislation and identity, contact, customer information to carry out the necessary transactions Your transaction, request and complaint data.
Provided that it does not harm the fundamental rights and freedoms of the data subject, Data processing is mandatory for the legitimate interests of the controller Based on legal reason;
• Keeping accounting records since you are a store customer and identity, communication, customer transaction, finance for tracking financial affairs your data,
• Including sales and marketing activities of our products and services to the relevant persons from the products and services offered by our Company. Our business units carry out the necessary work to benefit identity, communication, your customer transaction, request and complaint data,
• Identity, communication, customer relations to carry out customer relations Your transaction, request and complaint data,
• Commercial activities carried out by our company required by our relevant business units to carry out for carrying out studies and carrying out related business processes Your identity, contact, customer transactions, requests and complaints, financial data,
• Our Company and related parties who have a business relationship with our Company identity to ensure the legal, technical and commercial-occupational security of individuals, Your communication, customer transaction, financial and legal transaction data,
• Determination and implementation of our company's commercial and business strategies Your identity, contact, customer transaction, request and complaint data,
• Identity, communication, customer information for follow-up and execution of legal affairs transaction, transaction security, finance, legal process, request and complaint your data,
• Process security for the execution of information security processes your data, for the performance of audit and ethics activities identity, communication, customer transaction, request and complaint, finance, legal process your data,
• Planning customer satisfaction and corporate communication activities identity, communication, customer transaction, finance, request and complaint for its execution. your data,
• Raffle, campaign, competition, promotion or advertising activities Your identity and contact data for this purpose.
Data processing for the establishment, exercise or protection of a right Based on the legal reason that it is mandatory;
• Receiving, evaluating and evaluating your requests and complaints identity, communication, customer transactions, requests and complaints for finalization. your data,
• It serves as evidence in possible disputes that may arise in the future. Storing personal data during the general statute of limitations for the purpose of for identity, communication, customer transactions, requests and complaints, finance, legal your transaction, transaction security data.
If you have express consent, identity, communication, customer transaction, marketing, request and complaint Your data will be communicated with you and our Company's products and services will be realization of marketing processes of services, profiling and products and services offered by our Company, including analysis activities the tastes, usage habits and habits of the people concerned about the services. customized according to their needs and recommended to relevant people and processing for the purpose of promotion,
Your identity and contact information for advertising, promotions, etc. commercial processing for the purpose of sending electronic messages,
To whom and for what purpose the processed personal data can be transferred
Collected in line with the fulfillment of the above-mentioned Purposes your personal data; To our business partners resident in the country, to our suppliers, group companies, as expressly provided for in the law and legally authorized within the scope of fulfilling our legal obligations to public institutions and legally authorized private persons in Article 8 of the Law. within the framework of the specified personal data processing conditions and purposes can be transferred.
Security Measures We Take as Data Controller
Our company complies with the law by keeping personal data securely. maximum protection against illegal processing and access. shows care and attention, and in accordance with Article 12 of the Law and Personal About Deleting, Destroying or Anonymizing Data In accordance with the provisions of the Regulation and the decisions of the Board, the following according to technological possibilities and implementation costs regarding the issues takes the necessary technical and administrative measures:
• Network security and application security are ensured.
• Information technology systems supply, development and maintenance Security measures are taken within the scope of
• The security of personal data stored in the cloud is ensured.
• Regular training and education on data security for employees Awareness activities are carried out.
• An authority matrix has been created for employees.
• Access logs are kept regularly.
• Access, information security, use, storage and destruction issues Corporate policies have been prepared and implemented.
• Data masking measures are applied when necessary.
• Confidentiality commitments are made.
• Employees who have changed duties or left their jobs in this area their powers are removed.
• Up-to-date anti-virus systems are used.
• Firewalls are used.
• Signed contracts contain data security provisions.
• Personal data security policies and procedures have been determined.
• Personal data security issues are reported quickly.
• Personal data security is monitored.
• Necessary information regarding entry and exit to physical environments containing personal data security measures are taken.
• Physical environments containing personal data are exposed to external risks (fire, flood, etc.) is ensured.
• The security of environments containing personal data is ensured.
• Personal data is backed up and the backed up personal data security is also provided.
• User account management and authorization control system is implemented. These are also monitored.
• Periodic and/or random audits are carried out within the institution and is being made.
• Log records are kept without user intervention.
• Current risks and threats have been identified.
• Protocol and protocols for the security of special personal data Procedures are determined and implemented.
• Intrusion detection and prevention systems are used.
• Penetration testing is applied.
• Cyber security measures have been taken and their implementation is constantly monitored. is done.
• Encryption is done.
• Data processing service providers are responsible for data security. awareness is provided.
Storage and Deletion of Personal Data
Our company bases its personal data processing activities on the following principles: receives:
• Complying with the law and the rule of honesty,
• Ensuring that personal data is accurate and updated when necessary,
• Processing for specific, clear and legitimate purposes,
• Be relevant, limited and proportionate to the purpose for which they are processed, and
• As stipulated in the relevant legislation or necessary for the purpose for which they are processed storage for a period of time.
Our company processes personal data in compliance with the above-mentioned principles. as stated in the 5th and 6th articles of the Law below. Personal data based on the processing conditions of personal data stores and uses, and all of the conditions in question are eliminated. In case of removal, personal data may be collected ex officio or at the request of the relevant person. destroys it.
Our company processes personal data only if it is obliged to comply with the relevant data. the period specified in the legislation or necessary for the purpose for which they are processed It preserves and destroys as much as In this context, our Company, personal retains data for the maximum periods specified in the table below. and destroys:
Data Category Data Retention Period
Identity Maximum 10 years from the end of the original processing purpose during the general statute of limitations
Contact Maximum 10 days from the end of the original processing purpose during the general limitation period of one year
Legal Process Until the legal process is concluded
Customer Transaction, Request and Complaint After the end of the main processing purpose During the general limitation period of maximum 10 years from
Transaction Security 2 Years
Finance Maximum 10 years from the end of the main processing purpose during the general statute of limitations
Marketing Up to 10 days after the primary processing purpose ends during the general limitation period of one year
Rights of the Relevant Person Enumerated in Article 11 of the Law
By contacting us, your personal data;
a) Learning whether it has been processed or not,
b) Requesting information if it has been processed,
c) Learning the purpose of processing and whether it is used in accordance with its purpose,
d) Knowing the third parties to whom it is transferred domestically/abroad,
e) Requesting correction if it has been processed incompletely/incorrectly,
f) Deletion within the framework of the conditions stipulated in Article 7 of the Law / do not want to be destroyed,
g) Paragraphs (e) and (f) above to third parties to whom it is transferred Requesting notification of transactions made pursuant to
h) It is against you because it is analyzed exclusively by automatic systems. objecting to the emergence of a result,
i) In case you suffer damage due to processing contrary to the law You have the right to demand compensation for the damage.
In order to exercise your rights, Hox's Companies Complaints made by Data Owners processed by Hox's By their company as soon as possible and within 30 days at the latest It will be answered and concluded within. Data Owner, request and their complaints; Hox's Holding Inc. Company Hox's KVK Committee Personally or notarized, provided that the identity check is carried out by by power of attorney, notary channel and secure electronically, provided that a power of attorney is presented. with registered e-mail addresses, provided that a signature is used It can be sent to kvkk@hoxs.com.