PERSONAL DATA PROTECTION AND PRIVACY POLICY
SOM KATI YAKIT DAĞITIM İTHALALAT İHRACAT SANAYİ VE TİCARET ANONİM ŞİRKETİ ("Data Controller"), residing in Sarıkuysan Ak İş Mrk. No:4/2 Altunizade Üsküdar, İstanbul, with e-mail address bilgi@somkomur.com, KEP (Registered Electronic Mail) address somkatiyakit@hs02.kep.tr, Uskudar Tax Office / tax no. 7730749781, and MERSIS (Central Registration System) no. 0773074978100001, provides the essential information on the protection of transferred personal data below. The Data Controller presents the following explanations to the attention of our customers and third parties using our website and/or mobile applications in order to fulfil the clarification obligation arising from Article 10 of the Personal Data Protection Law No. 6698 ("PDPL"). The Data Controller reserves the right to update this Clarification on the Protection of Personal Data at any time within the framework of amendments that may be introduced in the legislation in force.
Pursuant to the Law No. 6698 on the Protection of Personal Data ("PDPL"), any information that serves to make the identity of a real person specific or identifiable is within the scope of personal data. This text was issued in order to inform you about the purposes of processing your personal data held by the data controller, legal reasons, methods of collection, to whom and for what purposes they can be transferred, and the rights granted to you within the scope of the PDPL, both dependent on and independent of these.
1) What is the legal ground for the Data Controller to collect personal data?
There are regulations in various laws on the use of personal data of our customers. The principles of protection of personal data are primarily set out in the PDPL. Furthermore, the Law No. 6563 on the Regulation of Electronic Commerce also contains provisions on the protection of personal data. The Turkish Penal Code No. 5237 also provides for penal sanctions in some cases for the protection of personal data.
Moreover, it is necessary to collect and use data in order to fulfil our obligations arising from the Law No. 6502 on Consumer Protection and the Regulation on Distance Contracts.
2) What methods does the Data Controller use to collect personal data?
The data provided by our customers who perform transactions on the website or mobile applications are processed by the Data Controller in accordance with the consent of our customers and the provisions of the legislation.
The website belonging to the Data Controller is a site that uses cookies. A cookie is a file consisting mostly of letters and numbers, which is stored in the internet browser or hard drive of the device being used, allowing the device in question to be detected.
In order to provide better service to website visitors and within the framework of its legal obligation, it will collect, process, share with third parties and securely store your browsing information, provided that it is not used outside the purposes and scope specified in the clarification texts and policies in this Policy and PDPL section.
Website cookies store information collected through log files, empty gif files and/or third party sources to generate a summary of your preferences. The website may monitor your browsing information and/or your usage history on the site in order to make special promotions for you, to offer promotions and marketing offers, to improve the content of the website or mobile application for you and/or to determine your preferences.
The website may match information collected from you on the site by different methods or at different times, such as information collected online and offline, and may use this information in combination with information from other sources, such as third parties.
3) How are the website cookies used?
The website belonging to the Data Controller is a site that uses cookies. A cookie is a file consisting mostly of letters and numbers, which is stored in the internet browser or hard drive of the device being used, allowing the device in question to be detected.
Website cookies store information collected through log files, empty gif files and/or third party sources to generate a summary of your preferences.
We use two types of cookies across our sites: session cookies and persistent cookies. Session cookies are temporary cookies and are only valid until you close your browser. Persistent cookies remain on your hard drive until you delete them or until they expire (how long they remain on your device will depend on their "lifetime").
The website uses cookies to remember your preferences and to personalise your use of the website/mobile application. This use includes cookies that save your password and keep your website/mobile application session open continuously, thus saving you the trouble of entering your password more than once each time you visit, and cookies that remember and recognise you on subsequent visits to the website/mobile application.
It uses it to determine how you use the website/mobile application, including measuring the way you use the website/mobile application, such as from where you connect to the website, what content you view on the website/mobile application and the duration of your visit.
The website may also use cookies to activate "advertising technology" in order to provide you with advertisements that it thinks may be of interest to you when you visit search engines, websites, mobile applications and/or websites where the website advertises. The advertising technology uses information about your previous visits to the website/mobile application and the websites/mobile applications advertised by the website in order to provide you with customised advertisements. A unique third-party cookie may be placed on your browser so that the website can recognise you when displaying these advertisements. The Data Controller also uses Google Analytics, a web analytics service provided by Google, Inc. Google Analytics uses cookies to analyse how users use the website, mobile application and/or mobile site with statistical information/reports. For more information on the use of Google Analytics (including opt-out options), please visit http://www.google.com/intl/tr/policies/privacy/#infocollect The SDK (Software Development Kit) of the relevant application is substituted for cookies in the mobile application.
You can use the following methods to allow and reject cookies:
|
|
: |
You can allow or block cookies from the "cookies" tab by clicking the "lock sign" in the address section of your browser. |
|
|
|
|
|
Internet Explorer |
: |
You can manage cookies as "allow" or "do not allow" by clicking the security tab in the "Tools" section at the top right of your browser. |
|
Mozilla Firefox |
: |
In the right top corner of your browser, click the "open menu" tab. You can manage cookies by clicking on the "Options" image and using the "Privacy and Security" button. |
|
Opera |
: |
You can manage cookies in the "cookies" section of your browser by clicking "Advanced" in the "Preferences" section. |
|
Safari |
: |
Cookies can be managed by clicking to the "Safari" tab in your phone's "Settings" section and then to the "Privacy and Security" section. |
For information about all cookies and cookie management in addition to the above options: you can visit https://www.allaboutcookies.org, https://www.youronlinechoices.eu/ or use the "Privacy Badger" app (https://www.eff.org/tr/privacybadger). If you do not allow persistent cookies or session cookies, you may continue to use the website, mobile application and mobile site, but you may not be able to access all functions of the website, mobile application and mobile site or your access may be limited.
Information regarding the cookies in the Data Controller is given in the tables below:
|
|
Cookie Name |
Cookie Purpose |
Cookie Type |
Cookie Duration |
|
|
_ga |
Analytics device information - for use by applications in the Google Tag Manager system |
Persistent Cookie |
2 Years |
|
|
_gid |
For user identification |
Persistent |
1 day |
|
Data Controller |
bs_cookie_settings |
The permissions of our personal data policies are stored in this cookie. |
Non Persistent Cookie |
1 month |
|
Data Controller |
PHPSESSID |
It stores the session user information required to open the site. |
Non Persistent Cookie |
During the Session |
4) For what purposes does the Data Controller use personal data?
Where and to the extent permitted by law, the Data Controller will be able to record, store, update, disclose to third parties, transfer, classify, and process your personal information.
Your personal data is used for the following purposes:
- to record the address and other necessary information for contact,
- to organize all records and documents that shall serve as the transaction's basis in an electronic (internet/mobile, etc.) or paper medium,
- to provide information to public officials on matters related to public security upon request and as required by legislation,
- to evaluate customer complaints and suggestions regarding our services,
- to share information about dealership applications and products,
- to fulfill our legal obligations and to exercise our rights arising from applicable legislation,
5) How does the Data Controller protect your personal data?
Personal data shared with the Data Controller is under the supervision and control of the Data Controller. The Data Controller assumes the responsibility as the data controller to establish the required organization and to take and adapt technical measures in order to protect the confidentiality and integrity of the information in accordance with the provisions of the relevant legislation in force. We conduct penetration tests at regular intervals in accordance with international and national technical standards on data confidentiality, and we would like to inform you that our data processing policies are always updated as aware of our obligation in this regard.
6) Does the Data Controller share your personal data?
The sharing of personal data of our customers with third parties is realized within the framework of the consent of the customers and as a rule, personal data is not transferred to third parties without the consent of our customers.
Furthermore, personal data is shared with courts and other public institutions due to and limited to our legal obligations. In addition, personal data is transferred to contracted third parties in order to provide the services we undertake and to perform quality control on those services.
To prevent rights violations during data transfer to third parties, the necessary technical and legal measures are taken. Nonetheless, the Data Controller is not liable for any breaches that occur as a result of the third party receiving personal data's data protection policies and in the risk area under the third party's responsibility.
Your personal data may be shared with the shareholders of the Data Controller, directly/indirectly with our domestic/foreign affiliates, with program partner institutions and organizations that we cooperate with in order to conduct our activities, with domestic/foreign persons and institutions that we receive services for cloud storage of data, and with various agencies and other domestic/foreign third parties and relevant business partners in Türkiye and abroad within the scope of various marketing activities in order to provide you with better service and ensure customer satisfaction.
7) What are your rights under the Law on the Protection of Personal Data?
We would like to kindly inform you that in accordance with the LPPD, you have rights;
- to learn whether or not your personal data is being processed,
- to request information if it has been processed,
- to learn the purpose of the processing and whether they are used for their intended purpose,
- to know the third parties to whom your personal data is transferred,
- to request correction of your data if incomplete / incorrectly processed,
- to request deletion/destruction within the framework of the conditions stipulated in Article 7 of the LPPD,
- to request that third parties to whom your data has been transferred be notified of the transactions described in paragraphs (d) and (e),
- to object to the emergence of a result to the detriment of you by the analysis exclusively through automated systems,
- and to request compensation for the damage in case you suffer damage due to processing in violation of the LPPD.
Click here for the application form.
8) How can I get informed about legislative changes related to personal data?
Your rights under the LPPD are the obligations of the Data Controller. We would like to inform you that we process your personal data to the extent required by the legislation and that we will update this information on our page in accordance with the amendments if any, and that you can always easily follow the updates made on this page.
9) How can I ensure that the data is kept up to date and accurate?
Pursuant to Article 4 of the LPPD, the Data Controller has the obligation to keep your personal data accurate and up-to-date. Accordingly, in order for the Data Controller to fulfill its legal obligations, our customers must provide accurate and up-to-date information to the Data Controller. Please contact us through the following contact details in case of any change in your data and update your data.
10) Do you want to ask a question to the Data Controller about your personal data?
For any questions and comments regarding your personal data, you can contact us at any time at kvkk@somkatiyakit.com.
