Privacy and KVK Policy

GSS PAZARLAMA VE DIŞ TİCARET A.Ş. INFORMATION TEXT ON THE PROTECTION OF PERSONAL DATA

As GSS Pazarlama ve Dış Ticaret Anonim Şirketi (“Aqua di Polo”), the security of your personal data is important to us and we take care to protect it. As the data controller, Aqua di Polo adopts the principles stipulated by the KVK Law in order to comply with the Personal Data Protection Law No. 6698 ("KVK Law"), processing, deleting, destroying, anonymizing, transferring personal data and informing the relevant person. and fulfills its obligations regarding ensuring data security. In this context, the Privacy and Personal Data Protection Policy is made available to natural persons whose personal data is processed ("Relevant Person").

  1. Scope and Purpose of the Privacy and Personal Data Protection Policy

This Privacy and Personal Data Protection Policy;

a.Methods and legal reasons for collecting personal data,
b.Which person groups' personal data are processed (Data Subject Person Group Categorization),
c.What categories of personal data are processed regarding these groups of people (Data Categories) and sample data types,
d. In which business processes and for what purposes these personal data are used,
e. Technical and administrative measures taken to ensure the security of personal data,
f.To whom and for what purpose personal data may be transferred,
g. The retention periods for personal data,
h.Profile and Segmentation
i.What are the rights of Relevant Persons regarding their personal data and how they can exercise these rights,
j.How Relevant Persons can change their positive or negative preferences regarding receiving electronic commercial messages,
k. Sharing personal data with official authorities
Cookie Usage and Management
explains.

Personal Data Collection Methods and Legal Reasons

Aqua di Polo personal data can be processed through the Websites, mobile applications of the Websites, social media accounts, cookies, call center, notifications from administrative and judicial authorities and other communication channels in audio, electronic or written form, in accordance with the personal data processing conditions specified in the KVK Law and collects it in accordance with the legal reasons specified in this Privacy/Personal Data Protection Policy.

Data Subject Group Categorization

Aqua di Polo categorizes the groups of data subjects whose personal data are processed in personal data processing processes and activities related to these processes as follows. In addition, personal data of other groups of individuals (consultant, educator, blogger) may also be processed in accordance with the personal data processing conditions specified in Articles 5 and 6 of the KVK Law and in line with the legal reasons specified in this Privacy/Personal Data Protection Policy.

Data Categories and Sample Data Types

1

a) Member Customer

  • Identity Information: Name, surname, date of birth, gender, T.R. identification number
  • Location Information: City and district of residence (delivery address of purchases made through Aqua di Polo.com)
  • Contact Information: mobile phone, e-mail address, address, postal code, landline phone
  • Financial Information: Tax office, invoice information
  • Customer/Member Information: Membership information, membership ID number
  • Customer/Member Transaction Information: Product/s purchased, shopping amount, shopping date, call center call records, commercial communication permission, campaigns/competitions used, coupons used, order-related information
  • Risk Management Information: IP address
  • Transaction Security Information: Password, password information
  • Marketing Information: Cookie records, targeting information, reviews showing habits and likes
  • Audio Data: Call center call recordings
  • Legal Transaction and Compliance Information:Starting and ending time of the service provided, type of service used, amount of data transferred, commercial electronic message permission given by the Relevant Person electronically, membership agreement approved, corporate membership agreement, Aqua Other legal texts and agreements that enable you to benefit from the services offered by di Polo
  • Marketing Information:Marketing SMS, e-mail messages or calls made by the call center sent based on the commercial electronic message permission given by the relevant person
  • Request/Complaint Management/Reputation Management Information: Complaints and/or requests submitted by the relevant person through the website, mobile application, social media accounts or call center regarding the product or service purchased, and evaluation or management of these requests. Records regarding the transactions made during the

b) Guest Customer (users who shop on the site without being a member)

  • Identity Information: Name, surname, date of birth, gender, T.R. identification number
  • Location Information: City and district of residence (delivery address of purchases made through Aqua di Polo.com)
  • Contact Information: mobile phone, e-mail address, address, postal code, landline phone
  • Financial Information: Tax office, invoice information
  • Guest Customer Transaction Information: Product/s purchased, shopping amount, shopping date, call center call records, commercial communication permission, campaigns used, order-related information
  • Risk Management Information: IP address
  • Transaction Security Information: Password, password information
  • Marketing Information: Cookie records, targeting information, reviews showing habits and likes
  • Audio Data: Call center call recordings
  • Legal Transaction and Compliance Information: The start and end time of the service provided, the type of service used, the amount of data transferred, the commercial electronic message permission given by the Relevant Person electronically, other legal documents that enable the use of the services offered by Aqua di Polo. texts and contracts
  • Marketing Information: Marketing SMS, e-mail messages or calls made by the call center sent based on the commercial electronic message permission given by the relevant person.
  • Request/Complaint Management/Reputation Management Information: Complaints and/or requests submitted by the relevant person through the website, mobile application, social media accounts or call center regarding the product or service purchased, and evaluation or management of these requests. Records regarding the transactions made during the

2

Online Visitor

  • Transaction Security Information: Password, mobile phone, password information
  • Legal Action Information/Risk Management Information: IP address
  • Legal Transaction and Compliance Information:The start and end time of the service provided, the type of service used, the amount of data transferred.

3

Personal Data of the Person to whom the Purchased Product will be Delivered

  • Identity Information: Name, surname, date of birth, gender, T.R. identification number
  • Location Information: City and district of residence (delivery address of purchases made through Aqua di Polo.com)
  • Contact Information: mobile phone, e-mail address, address, postal code, landline phone
  • Financial Information: Tax office, invoice information

 

In Which Business Processes and For What Purposes are Personal Data Used?

1

a) Member Customer Personal Data

  • The execution of membership transactions,
  • “Aqua di Polo.com” e-commerce platform (“platform”) operated by Aqua di Polo; Improving the services offered through, developing new services and providing information about them,
  • For the purpose of fulfilling the Membership Agreement established with the Member Customer, for Member Customers who have commercial electronic message approval; Analyzing the Member Customer's preferences, tastes and needs and providing special promotions, opportunities and benefits to the Member Customer,
  • Promoting and marketing applications, goods/products and services in line with the Member Customer's preferences and liking by performing remarketing, targeting, profiling and analysis in line with the Member Customer's explicit consent,
  • Resolving Member Customer problems and complaints,
  • Improving the Member Customer experience on both the platform and mobile application,
  • Follow-up of accounting and purchasing transactions,
  • Legal processes and compliance with legislation,
  • Answering information requests from administrative and judicial authorities,
  • Ensuring information and transaction security and preventing malicious use,
  • Making necessary arrangements to ensure that the processed data is up-to-date and accurate

b) Guest Customer (users who shop on the site without being a member) Personal Data

  • Being able to shop from the platforms as a "guest",
  • Improving the services offered through the platforms, developing new services and providing information about them,
  • For Guest Customers who have commercial electronic message approval; Analyzing preferences, tastes and needs and providing special promotions, opportunities and benefits to Guest Customers,
  • Promoting and marketing applications, goods, products and services in line with the Guest Customer's preferences and liking by performing remarketing, targeting, profiling and analysis in line with the Guest Customer's express consent,
  • Resolving Guest Customer problems and complaints,
  • Improving the Guest Customer experience on both the platform and mobile application,
  • Follow-up of accounting and purchasing transactions,
  • Legal processes and compliance with legislation,
  • Answering information requests from administrative and judicial authorities,
  • Ensuring information and transaction security and preventing malicious use,
  • Making the necessary arrangements to ensure that the processed data is up-to-date and accurate,
  • Fulfillment of legal obligations

2

Online Visitor Personal Data

  • Processing of online visitor data within the scope of Law No. 5651,
  • Legal processes and compliance with legislation,
  • Answering information requests from administrative and judicial authorities,
  • Ensuring information and transaction security and preventing malicious use,
  • Fulfillment of legal obligations

3

Personal Data of the Person to whom the Purchased Product will be Delivered

  • Execution of product delivery processes,
  • Follow-up of accounting and purchasing transactions,
  • Legal processes and compliance with legislation,
  • Answering information requests from administrative and judicial authorities,
  • Ensuring information and transaction security and preventing malicious use,
  • Making the necessary arrangements to ensure that the processed data is up-to-date and accurate,
  • Fulfillment of legal obligations

 

Technical and Administrative Measures Taken to Ensure the Security of Personal Data

  1. Aqua di Polo undertakes to take all necessary technical and administrative measures and to exercise due care to ensure the confidentiality, integrity and security of your personal data.
    Aqua di Polo takes the necessary measures to prevent unauthorized access to personal data, misuse, unlawful processing, disclosure, alteration or destruction of personal data. Aqua di Polo uses generally accepted security technology standards such as firewalls and Secure Socket Layer (SSL) encryption when processing personal data. In addition, when sending your personal data to Aqua di Polo through the website, mobile application and mobile site, this data is transferred using SSL.
  • Regarding preventing unlawful access to personal data processed by Aqua di Polo, preventing unlawful processing of these data and ensuring the protection of personal data;
  • All areas on the website or mobile application where personal data is collected are protected by SSL.
  • Creates and implements access authorization and control matrices for its employees to prevent unlawful processing of personal data collected from the website or mobile application,
  • To ensure that personal data is not accessed unlawfully; performs periodic penetration tests, tests the system's resistance to unauthorized access,
  • It uses the Pseudonymization method for all secondary data processing other than the primary processing purpose. In order to ensure that pseudonymous data makes it impossible to identify the relevant person, it uses encryption methods in the systems where this data is located and applies a stricter access authorization and control policy to this data,
  • It ensures that personal data in paper form is kept in locked cabinets and can only be accessed by authorized persons.
  • Personal data processed through cookies belonging to third parties from whom services are received are deleted from third party systems if the membership is terminated.

Although Aqua di Polo takes the necessary information security measures, in the event that personal data is damaged or obtained by unauthorized third parties as a result of attacks on the platforms operated by Aqua di Polo or the Aqua di Polo system, Aqua di Polo will immediately notify you and the Personal Data Protection Board of this situation. Notifies and takes necessary precautions.

To Whom and For What Purposes Personal Data Can Be Transferred

Aqua di Polo transfers personal data to third parties only for the purposes specified in this Privacy and Personal Data Protection Policy and in accordance with Articles 8 and 9 of the KVK Law. Member Customer/Guest Customer data processed in this context is shared with companies that receive cloud data storage services and cloud call center services.

In this context, the Member Customer/Guest Customer data processed and the information of the person to whom the purchased product will be delivered are shared with the cargo company and these data can also be accessed by the call center when necessary. The information of the person on whose behalf the invoice will be issued is shared with the cargo company in order to send the invoice to the relevant person.

Member Customer/Guest Customer's mobile phone number and/or e-mail address; Based on the commercial electronic message approval, it is shared with the commercial electronic message service provider in order to be able to promote, advertise, and offer benefits and opportunities in line with shopping preferences, tastes and habits.

Website or mobile application usage preferences and browsing history are shared with our domestic business partners who receive cookie services, in order to segment and communicate with Member Customers/Guest Customers in line with their likes and preferences. Personal data transfers carried out in this context are carried out through the secure environment and channels provided by the relevant third party. Depending on the content and scope of the service received from third parties; In all cases where there is no need to transfer the personal data of the Member Customer/Guest Customer, the transfer is made using Pseudonymous data (pseudonymous data).

Personal data subject to domestic transfer mentioned above, in addition to technical measures to ensure their security; Considering that the other party of the legal relationship is the data controller or data processor, it is also legally protected thanks to the provisions compatible with the KVK Law included in our contracts.

Retention Periods of Personal Data

Aqua di Polo preserves the personal data it processes in accordance with the KVK Law for the periods stipulated in the relevant legislation or required by the purpose of processing. In our Personal Data Storage and Destruction Policy, these periods are approximately as follows:

Call Center voice recordings

3 years

Law No. 6563 and relevant secondary legislation

Membership and order records

10 years

Law No. 6098

All records regarding accounting and financial transactions

10 years

Law No. 6102, Law No. 213

Cookies

At most 540 days

 

Commercial electronic communication approval records

1 year from the date of withdrawal of consent

Law No. 6563 and relevant secondary legislation

Traffic information about online visitors

2 years

Law No. 5651

Information and/or CVs received for job applications

1 year

 

Personal data regarding Member Customers/Guest Customers

10 years after the legal relationship ends; 3 years in accordance with Law No. 6563 and relevant secondary legislation

Law No. 6563, Law No. 6102, Law No. 6098, Law No. 213, Law No. 6502

Personal data collected for usability testing research purposes

2 weeks

 

 
You can review our Cookie Policy regarding the retention periods of personal data we obtain through cookies.

Profile and Segmentation

Using the personal data processed by Aqua di Polo Member Customer/Guest Customer;

  • a. Regarding the Member Customer/Guest Customer who has given their consent to receive commercial electronic messages, it carries out profiling and segmentation in order to prepare content more suitable for the Member Customer/Guest Customer's tastes and preferences, and to provide advertisements, promotions and discounts.
  • b. Profiling and segmentation is also carried out in terms of Member Customers/Guest Customers who have not given commercial electronic message approval;
    a. Making product improvements (determining the best-selling or unsold product categories),
    b. Modeling is done by analyzing shopping preferences and organizing campaigns for customer groups that have the potential to buy a certain product and uploading them to the system,
    c. Studies such as taking actions to increase sales potential are being carried out.

Within the scope of profiling and segmentation studies, Member Customer/Guest Customer's personal data, especially their name and surname, mobile phone, e-mail or address information, are not used directly; instead, transactions are carried out with the Member Customer/Guest Customer IDs assigned to them. Member Customer/Guest Personal data of the Customer/Member is protected through the use of Customer ID or, in other words, pseudonymous data. Member Customer/Guest Customer IDs are accessible only to relevant persons or departments within Aqua di Polo. These IDs assigned to the Member Customer/Guest Customer are kept encrypted within the system by Aqua di Polo and access to this section is only granted to limited people.

What are the Rights of Relevant Persons on their Personal Data and How Can They Use These Rights?

The rights that the Relevant Person has on personal data processed by Aqua di Polo in accordance with Article 11 of the KVK Law are listed below:

  • Learning whether personal data is processed or not,
  • Requesting information if personal data has been processed,
  • Learning the purpose of processing personal data and whether they are used for their intended purpose,
  • Knowing the third parties to whom personal data is transferred at home or abroad,
  • Requesting correction of personal data if they are incomplete or incorrectly processed,
  • Requesting the deletion or destruction of personal data within the framework of the conditions stipulated in Article 7 of the KVK Law,
  • Requesting that the transactions carried out in accordance with paragraphs (d) and (e) be notified to third parties to whom personal data is transferred,
  • Objecting to the emergence of a result that is unfavorable to the individual by analyzing the processed data exclusively through automatic systems,
  • Request compensation for damages in case of damage due to unlawful processing of personal data.

In order to exercise your rights over your personal data; You can access your account from the "My Account" section on the Aqua di Polo website, mobile application and mobile site and make necessary changes, updates and/or deletions. In addition, you can make your application and exercise your rights using the methods specified in the "Application Form" prepared in accordance with Article 13 of the KVK Law, available on the website or mobile application of the electronic commerce platforms operated by Aqua di Polo.

How Relevant Persons Can Change Their Positive or Negative Preferences About Receiving Electronic Commercial Messages

You can change or update your positive or negative preferences regarding receiving commercial electronic messages, which you have given while subscribing to the website or mobile application of the electronic commerce platforms operated by Aqua di Polo or at a later time, at any time by accessing the "My Account" section.

Termination of membership does not mean withdrawing your consent to receive commercial electronic messages. For this reason, please also make sure that you have completed all the procedures regarding withdrawing your consent.

Regarding cookie management, you can follow the steps specified in our Cookie Policy.

Sharing Personal Data with Official Authorities

Aqua di Polo may share your personal data and traffic information such as your navigation information regarding your visit or membership to electronic commerce platforms and mobile applications operated by Aqua di Polo; We may legally request this information in order for Aqua di Polo to fulfill its obligations under the law (in cases where Aqua di Polo has a legal or administrative obligation to notify or provide information, such as, but not limited to, fighting against crime, threats to state and public security, etc.). may be shared with public institutions and organizations authorized to do so.

Cookie Usage and Management

You can review our Cookie Policy for detailed information about the cookies used by Aqua di Polo, cookie types, purposes, storage periods and cookie management.

Conditions for Deletion, Destruction and Anonymization of Personal Data

Aqua di Polo stores the personal data it processes through its website, mobile application or mobile site for the periods stipulated by the relevant laws and/or the periods required by the purpose of processing, in accordance with Articles 7, 17 of the KVK Law and Article 138 of the Turkish Penal Code. If these periods expire, it will delete, destroy or anonymize it in accordance with the provisions of the Regulation on Deletion, Destruction or Anonymization of Personal Data.

Deletion of personal data by Aqua di Polo refers to the process of making personal data inaccessible and unusable for the relevant users in any way. For this purpose, Aqua di Polo creates and implements an access authorization and control matrix at the user level. It takes the necessary measures to perform deletion in the database.

Destruction of personal data by Aqua di Polo refers to the process of making personal data inaccessible, irretrievable and unusable by anyone.

Anonymization of personal data by Aqua di Polo means that personal data cannot be associated with an identified or identifiable natural person in any way, even if it is matched with other data.

Aqua di Polo explains in detail the methods for deletion, destruction and anonymization and the technical and administrative measures taken within the scope of the Personal Data Storage and Destruction Policy prepared in accordance with the Regulation on Deletion, Destruction or Anonymization of Personal Data. In this Policy, the time interval for the periodic destruction stipulated by the Regulation is determined as 6 months.

Changes to the Privacy/Personal Data Protection Policy

Aqua di Polo may make changes to this Privacy/Personal Data Protection Policy at any time. These changes take effect immediately upon the publication of the new amended Privacy/Personal Data Protection Policy. Necessary information will be provided to our members so that you can be informed about the changes in this Privacy/Personal Data Protection Policy.

In order to exercise your above-mentioned rights, your request includes the necessary information that identifies you and your explanations about the right you request to use; By filling out the form at the contact address, you can bring it personally to the address "Haskaya Koru Konakları, Çamlıca, Hanımseti Sokak No:6, 34692 Üsküdar/İstanbul" or send it through a notary public, or send a signed copy of the form to merhaba@aquadipolo.com by registered e-mail with a secure electronic signature. You can forward it from your address.

Aqua di Polo may update and change the provisions of this Information Text at any time by publishing it in other places. Updates and changes made by Aqua di Polo will be valid from the date of publication.

    GSS Pazarlama ve Dış Ticaret A.Ş.

    Müşteri Memnuniyet Merkezi yetkililerimiz hafta içi 09:00-18:30 saatleri arasında 0(850) 255 04 77 numaralı çağrı merkezimiz üzerinden Üyelik, Ödeme, Sipariş, Teslimat, Fatura, İade İşlemleri ve tüm sorularınız için size yardımcı olmaktan mutluluk duyacaktır.

    Adres:

    Kısıklı Mah. Hamal Sok. No:4
    Haskaya Koru Konakları B- Konağı 34692 - Üsküdar/ İSTANBUL