**1. Data Controller**
In accordance with the Law on Protection of Personal Data No. 6698 (**KVKK**), your personal data is processed within the scope described below by Trendbox Innovative Solutions Teknoloji Tic. A.Ş. (**Trendbox or Company**), located at Fatih Sultan Mehmet Mah. Balkan Cad. Meydan İstanbul AVM Blok No: 62A Ümraniye / Istanbul, as the data controller.
In this document:
- Explicit Consent: Refers to the consent given for a specific matter, based on information and free will, in a manner that leaves no room for doubt and is limited to the relevant transaction only.
- Data Subject: Refers to the natural person whose personal data is processed.
- Personal Data: Refers to any information relating to an identified or identifiable natural person.
- Processing of Personal Data: Refers to any operation performed on personal data, such as obtaining, recording, storing, preserving, modifying, reorganizing, disclosing, transferring, taking over, making available, classifying, or preventing the use of personal data, by automatic or non-automatic means, provided that it is part of a data recording system.
- Data Controller: Refers to the natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system.
Personal data refers to any information relating to an identified or identifiable natural person. Therefore, the regulations on personal data mentioned in this document will apply if the relevant information belongs to a natural person.
Your personal data is processed in accordance with the fundamental principles outlined in KVKK as follows:
- Being processed in accordance with the law and honesty principles,
- Being accurate and, where necessary, up-to-date,
- Being processed for specific, explicit, and legitimate purposes,
- Being relevant, limited, and proportionate to the purposes for which they are processed,
- Being retained for the period prescribed by the relevant legislation or as required by the purpose for which they are processed.
This Potential Customer Clarification Text is prepared by the Company to inform you on the following matters:
- To specify what types of personal data the Company collects,
- To specify how this personal data is used,
- To explain with whom the Company may share your personal data,
- To explain what your rights are over your personal data processed by the Company and how you can exercise these rights, and
- To explain how you can contact us regarding any requests you may have.
**2. Types of Data and Data Categories Processed**
The Company obtains data from Data Subjects in the categories of identity (name-surname), communication (phone number, city of residence), and customer transactions (the channel through which the form was filled), and processes this data within the scope of KVKK for the purposes stated below.
**3. Methods of Collecting Personal Data**
Trendbox collects personal data directly from the Data Subject through forms filled out on the website, by phone, and other communication channels, or through Trendbox’s business partners, either verbally, in writing, or electronically. This data is obtained and processed in accordance with the personal data processing conditions stated in KVKK and in alignment with the purposes listed below.
**4. Purposes of Processing Personal Data and Legal Grounds**
The personal data within the identity, communication, and customer transaction categories mentioned above are processed within the scope of communication activities, business activities and audits, product/service sales processes, storage and archiving activities, marketing analysis activities, contract processes, the tracking of requests/complaints, and marketing processes for products/services. Your personal data is processed under the legal grounds of the necessity of processing personal data for the establishment or execution of a contract and our legitimate interest in processing data, provided that it does not harm your fundamental rights and freedoms.
We obtain your explicit consent for transferring any of your personal data abroad.
**5. Transfer of Personal Data**
Our Company processes your personal data in accordance with the principles of “need to know” and “need to use,” ensuring necessary data minimization and taking necessary technical and administrative security measures. Due to the nature of partnership processes, the requirements of goods and services procurement processes, the management of supply chain management processes, and the necessity of continuous data flow with different stakeholders for the operation of digital infrastructures, we are required to transfer the personal data we process to third parties for specific purposes.
Your personal data may be transferred domestically or abroad to our shareholders, business partners, private partners and their shareholders, and service providers who manage our IT infrastructure, quality control, complaint management, and risk analysis in order to carry out business activities, ensure business continuity, manage information security processes, and fulfill other purposes outlined in this clarification text, as well as to legally authorized public institutions and private individuals or organizations, and in specific cases to third parties determined by the data controller’s legitimate interest.
**6. Data Subject’s Rights**
Under the legislation on the protection of personal data, you have the right to:
- Learn whether your personal data is being processed,
- Request information if your personal data has been processed,
- Learn the purpose of processing your personal data and whether it is being used appropriately,
- Know the third parties to whom your personal data is transferred domestically or abroad,
- Request correction if your personal data is incomplete or incorrectly processed or if it changes,
- Request the deletion or destruction of your personal data in accordance with the conditions prescribed by the Personal Data Protection Law,
- Request that third parties to whom your personal data has been transferred be notified of the correction or deletion or destruction of your personal data,
- Object to a result that arises against you through the exclusive analysis of your processed data by automated systems,
- Request compensation if you suffer damage due to the unlawful processing of your personal data.
As a Data Subject, to indicate your requests and exercise your rights over your personal data, you may physically submit a written request to [●] address or send an email to [●] using the email address previously provided to us and registered in our systems. Necessary changes, updates, deletions, and other relevant requests will be processed.
In the application to be made by you to exercise the rights you have as a Data Subject, and in the request you wish to exercise, the application must:
– Be clear and understandable,
– Be related to you or, if you are acting on behalf of someone else, you must be specifically authorized and provide evidence of your authority,
– Fulfill the minimum application conditions specified in the Communiqué on the Procedures and Principles of Application to the Data Controller.
In accordance with Article 13, paragraph 1 of the KVKK, you can submit your request to exercise the rights mentioned above by providing the following information:
- Applicant’s full name,
- If the applicant is a Turkish citizen, the Turkish Identity Number; if not, nationality, passport number, or if any, identification number,
- Applicant’s residence or workplace address for notification purposes,
- Applicant’s notification email address, telephone or fax number,
- Subject of the request,
- Information and documents related to the subject of the request,
- Application methods, and
- If the application is in writing, signature.
If you submit your requests to us using the specified methods, the Company will resolve the request as soon as possible, and no later than thirty days, free of charge. However, if the transaction requires an additional cost, a fee will be charged according to the tariff set by the Personal Data Protection Board.
