Personal Data Protection Law (KVKK)

Article 10 titled "Information Obligation of the Data Controller" of the Personal Data Protection Law No. 6698 (" Law ") published in the Official Gazette No. 29677 dated April 7, 2016, which aims to protect the fundamental rights and freedoms of individuals, especially the privacy of private life, in the processing of personal data. In accordance with the article and the Communiqué on the Procedures and Principles to be Followed in the Fulfillment of the Notification Obligation published in the Official Gazette dated 10 March 2018 and numbered 30356, this Information Text and the personal data processed by "" (hereinafter referred to collectively as " Misole ") and listed below. As the Data Controller, we aim to inform you about your data.

Misole takes all technical and administrative measures to ensure the appropriate level of security in order to prevent unlawful processing, access and preservation of your personal data.

  1. PERSONS DATA PROCESSED

Personal data refers to any information regarding an identified or identifiable person. Your processed personal data and the categories of data are stated below.

Identity Information: Name, surname, TR ID number, place and date of birth, marital status, gender, nationality, passport number, photo.

Contact Information: Telephone/fax number, e-mail address, address information.

Subscription and Device Information: Personal data that can identify the subscriber such as subscriber identification information / contact information / marketing information, customer numbers, service numbers according to the service and product received, subscription channel, segment information, e-invoice information, profession, device identification information, used brand and model information of the device, device features, device change dates information.

Payment, Bank and Risk Information: Personal security information regarding payment instruments issued by organizations such as password, security question, certificate, encryption key and PIN, card number, expiration date, CVV2/CVC2 code used in placing the payment order or verifying the user identity, Bank information such as payment information, branch code, account number.

Visual/Functional Recording Information: Recording of voice and/or video calls made in call centers, offices and dealers, personal data obtained when you contact us.

  1. PURPOSES OF PROCESSING PERSONAL DATA

Your personal data; It may be processed for the following purposes in accordance with the processing conditions specified in Articles 5 and 6 of the Law and secondary regulations:

  • Establishment, provision and continuity of our company's services, making infrastructure / serviceability inquiries,
  • Carrying out Finance and Accounting Affairs, Carrying out Communication Activities; Execution of Commitment Processes for Company / Product / Services; Conducting Activities in Compliance with Legislation; Follow-up and Execution of Legal Affairs; Carrying out Business Continuity Ensuring Activities; Conduct and Control of Business Activities; Execution of Goods / Service Sales Processes; Execution of Goods/Service After-Sales Support Services; Execution of Customer Relationship Management Processes; Carrying out Activities for Customer Satisfaction; Execution of Advertising, Campaign and Promotion Processes; Carrying out Storage and Archive Activities; Execution of Contract and Membership Processes; Tracking of Requests / Complaints; Planning and Execution of Commercial and/or Business Strategies; Carrying out the necessary work by business units to benefit from the products and services offered and carrying out the relevant business processes; Providing Information to Authorized Persons, Institutions and Organizations
  • Membership establishment and other transactions carried out during the membership period, termination of membership, invoicing/charging/refund/collection transactions,
  • Providing customer services, meeting customer complaints/requests, fulfilling all contractual conditions in this regard,
  • In addition to your Membership Agreement, keeping your ID sample and other information that must be kept in accordance with the relevant legislation, checking the accuracy of your ID information and documents you declare,
  • Management, measurement, control and analysis of network traffic and carrying out network improvement/optimization studies,
  • Developing products, services and business in conventional and digital channels within the scope of network and technological advances/improvements for better service delivery,
  • Proactively/reactively detecting malfunctions that may occur during service delivery, solving the problem by finding the root cause and trying to prevent its recurrence,
  • Conducting survey/analysis studies focused on measuring customer satisfaction, researching customer trends and improving service quality,
  • Providing reward/raffle/competition/gift/thank you/celebration/reminder applications focused on ensuring customer satisfaction,
  • Preparing, presenting, promoting, tracking, reporting campaigns and offers regarding products and services according to the use of our customers and providing information about the campaign content,
  • Informing our customers about new products/services and other innovations, informing and customer recovery activities, creating sales opportunities,
  • Sharing information/documents requested by regulatory and supervisory institutions and official authorities and carrying out audit activities by fulfilling the legal obligations in the relevant legislation,
  • Establishing brand collaborations touching different sectors within the scope of increasing product and service diversity and ensuring that customers benefit from various opportunities,
  • Ensuring contractual requirements and financial reconciliation regarding the products and services offered with our business partners or other third parties,
  • Legal follow-up and execution of legal processes
  • Providing Guidance Services
  1. TRANSFER OF PERSONAL DATA

Your personal data may be transferred to the following third parties within the scope of the Laws and other legislation and for the purposes explained, within the scope of the provisions of the Law regarding the transfer of personal data domestically and internationally:

  • All other group companies listed on the Misole website,
  • Companies that we have authorized and that operate on behalf of our Company, our representatives, our dealers,
  • Regulatory and supervisory authorities, competent authorities that will determine your location in case of an emergency call, public institutions or organizations that are expressly authorized to request your personal data under the laws to which they are subject,
  • Third parties from whom we receive consultancy, including business partnerships, supplier and contractor companies, payment and e-money institutions, banks, financial institutions, institutions and organizations and auditors,
  • Lawyers, auditors, consultants and service providers,
  • Your attorneys, guardians and representatives authorized by you,
  • Banks and financial institutions, law offices, municipalities, business partners and suppliers that have your TR ID number,
  1. METHODS AND LEGAL REASONS FOR COLLECTION OF PERSONAL DATA

Your personal data; Although it varies depending on the nature of the service, product and activity, it can be obtained and processed through companies operating on behalf of our company that we have authorized, our representatives, dealers, our website, our call center and mobile applications.

Your personal data may be collected from you, third parties and legal authorities via internet, telephone, e-mail, voice response and text message during the establishment of your legal relationship with our Company and throughout the continuation of that relationship; It is collected from physical, written, oral and electronic channels, fully/partially, automatically or non-automatically, for the purpose stated above and for the purpose of providing services within the framework stipulated in the provisions of Articles 5, 6 and 8 of the Law written below. Your personal data is processed based on the following legal reasons:

  • Having your explicit consent,
  • It is clearly stipulated in other legislation to which our Company is subject, especially the Electronic Communications Law No. 5809,
  • To comply with national and international principles and principles regarding the recognition of customers, to comply with the information storage, reporting and information obligations stipulated by the legislation and official authorities,
  • Provided that it is directly related to the establishment or performance of a contract, it is necessary to process personal data of the parties to the contract, to provide the requested products and services and to fulfill the requirements of the contracts you have concluded,
  • It is mandatory to fulfill the legal obligation,
  • It has been made public by the person concerned,
  • Data processing is mandatory for the establishment, exercise or protection of a right,
  • It is necessary to process data for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the person concerned.
  • In case of actual impossibility, you are unable to express your consent or data processing is necessary to protect the life or physical integrity of the person or someone else whose consent is not legally valid,

Your special personal data is processed based on the following legal compliance reasons:

  • Having your explicit consent,
  • Special categories of personal data other than health, without your explicit consent in cases stipulated by law,
  • Special personal data regarding health can only be collected by persons under the obligation of confidentiality or authorized institutions and organizations for the purpose of protecting public health, preventive medicine, medical diagnosis, execution of treatment and care services, planning and management of health services and their financing, without seeking the express consent of the relevant person.
  1. IF YOU WANT TO CONTACT US FOR YOUR RIGHTS AND REQUESTS

In accordance with Article 11 of the Law, which regulates the rights of the person concerned, you can submit your requests with a petition prepared in accordance with the conditions specified in the Communiqué on the Procedures and Principles of Application to the Data Controller (Communiqué), in order to determine whether the application belongs to you or not, according to its nature and application method, by Misole and thus to protect your rights:

  • You can deliver it directly in person to the addresses given below regarding the relevant channel, or you can have it delivered by mail or through a notary public,
  • You can forward it to our addresses below, using texts that can be sent and stored with a registered e-mail (KEP) address, secure electronic signature or mobile signature.

Applications to be made within this scope will be accepted following the identity verification by us, and your requests will be finalized as soon as possible and within 30 days at the latest, depending on the nature of the request. If the application is answered in writing, no fee will be charged for up to 10 pages, and a processing fee of 1 Turkish Lira may be charged for each page over 10 pages. If the response to the application is given on a recording medium such as a CD or flash memory, a fee equal to the cost of the recording medium may be requested.

OUR APPLICATION CHANNELS AND ADDRESSES

Direct Application:

Notary/Mail Channel:

CAP:

Mail: info@misole.com.tr

misole

Direct Application:

Notary/Mail Channel:

CAP:

Email:

STORAGE AND DISPOSAL

Our company has created a Storage and Destruction Policy for storing and deleting personal data. Storage and destruction of your personal data are carried out within the scope of this policy. Accordingly, if a period of time is specified for the storage of data in the KVKK or relevant laws and other relevant legislation, the data in question must be stored for at least this period.

Considering the possibility that a possible court request or a request from an administrative authority authorized by law regarding the relevant data may be received by us late or that a dispute may occur in which we may be a party, the storage period of the data is determined by adding a period of 6 months to 1 year to the periods stipulated in the legislation for the storage of your data and the determined At the end of the period, the data in question is deleted, destroyed or anonymized.

If there is no period specified in the legislation for the retention period of the data we process, your data will be deleted, destroyed or anonymized without your request, after the 10-year statute of limitations period has passed from the end of our legal relationship, taking into account possible disputes as a requirement of the relationship between us.

If all the processing conditions for personal data have been eliminated or the storage period declared by us or determined within the scope of the legislation has expired, your data will be deleted, destroyed or anonymized ex officio on the first periodic destruction date or within 6 months at the latest. If you request the deletion of your data for a valid reason, your data will be deleted within 30 days at the latest, to the extent legally possible. If you request that your data, whose retention period is determined in the legislation, be deleted or destroyed before the stipulated periods, your request will not be fulfilled.

YOUR RIGHTS

Regarding your personal data within the scope of KVKK and relevant legislation;

  • Learning whether your personal data is being processed or not,
  • Requesting information if your personal data has been processed,
  • Learning the purpose of processing personal data and whether they are used for their intended purpose,
  • Knowing the third parties to whom your personal data is transferred,
  • To request correction of your personal data if it is incomplete or incorrectly processed,
  • Requesting the deletion or destruction of your personal data within the framework of the conditions stipulated in the KVKK legislation,
  • When you request the correction of incomplete or inaccurate data and the deletion or destruction of your personal data, request that this situation be notified to the third parties to whom we have transferred your personal data,
  • Objecting to the emergence of a result against oneself by analyzing the processed data exclusively through automatic systems, and
  • Requesting compensation for this damage if you suffer damage due to unlawful processing of personal data.

You have the rights.

APPLICATION

If you wish to submit your applications and requests regarding your personal data, you can use the Relevant Person Application Form ;

  • By applying to our Company in person with a valid identity document,
  • By sending it to our registered e-mail address @.kep.tr using a registered e-mail (KEP) address and secure electronic signature or mobile signature, or
  • By sending it to info@misole.com.tr from your e-mail address previously notified to our company and registered in our system.

You can forward it to Misole .

In accordance with the Communiqué on the Procedures and Principles of Application to the Data Controller, in these applications of the relevant persons, name and surname, signature if the application is in writing, TR ID number (passport number if the applicant is a foreigner), residence or workplace address subject to notification, e-mail address subject to notification, if any. It is mandatory to include address, telephone number and fax number and information regarding the subject of the request.

The requested matter must be stated clearly and understandably in the application that the data owner will make to exercise the above-mentioned rights and that includes explanations regarding the right he/she requests to use. Information and documents regarding the application must be attached to the application.

Although the subject of the request must be related to the applicant personally, if acting on behalf of someone else, the applicant must be specifically authorized in this matter and this authority must be documented (special power of attorney). In addition, the application must include identity and address information and documents verifying identity must be attached to the application.

Requests made by unauthorized third parties on behalf of someone else will not be taken into consideration.

Your claims regarding your personal data will be evaluated and responded to within 30 days at the latest from the date they are received by our Company. If your application is evaluated negatively, the reasoned rejection reasons will be sent to you by e-mail or postal mail to the address you specified in your application, and if possible, through the method in which the request was made.