KVKK Policy


GÜLCE NİLAY BİNGÖL - BONDERLAND: PROCESSING OF PERSONAL DATA

Gülce Nilay BİNGÖL - Bonderland (“BONDERLAND”) takes utmost care to protect privacy and confidentiality and ensure continuous compliance with the Personal Data Protection Law. In order to comply with the Personal Data Protection Law No. 6698 (“KVKK”), it adopts the basic principles stipulated by the KVKK and fulfills its obligations regarding ensuring data security.

Technical and Administrative Measures Taken to Ensure the Security of Personal Data BONDERLAND undertakes to take all necessary technical and administrative measures and to show due care to ensure the security of your personal data. BONDERLAND takes the necessary measures to prevent unauthorized access to personal data, misuse, unlawful processing, disclosure, alteration or destruction of personal data. BONDERLAND uses generally accepted security technology standards such as firewalls and encryption when processing personal data. Regarding preventing unlawful access to personal data processed by BONDERLAND, preventing unlawful processing of these data and ensuring the preservation of personal data: The website where personal data is collected protects all areas with 256 bit SSL, It implements access authorizations and limitations for its employees, It ensures that personal data in paper form is It ensures that it is kept in locked cabinets and accessed only by authorized persons. Personal data processed through cookies belonging to third parties from whom services are received are deleted from third party systems if the membership is terminated.

Scope of Personal Data Processing Policy

This Personal Data Processing Policy provides information to relevant persons regarding the following issues;

  • Methods and legal reasons for collecting personal data,
  • Which person groups' personal data are processed, Personal data categories being processed,
  • In which business processes and for what purposes this personal data is used,
  • Technical and administrative measures taken to ensure the security of personal data, To whom personal data can be transferred and for what purpose,
  • Personal data retention periods, legal rights of the Relevant Persons,
  • How Relevant Persons can change their preferences regarding receiving electronic commercial messages,


 Personal Data Collection Methods and Legal Reasons

BONDERLAND collects personal data through the membership forms, purchase forms and event participation forms on the bonderland.co website, in accordance with the personal data processing conditions stipulated in the KVKK and in line with the legal reasons specified in this Personal Data Processing Policy.

Data Categories Customers

  • Identity Information: Name, surname, Date of Birth,
  • Contact Information: E-mail address, Phone Number
  • Financial Information: Invoice information
  • Risk Management Information: IP address, Time Zone, operating system,
  • Transaction Security Information: Password, country information, city information
  • Marketing Information: Cookie records, targeting information, reviews showing habits and tastes
  • Legal Transaction and Compliance Information: Start and end time of the service provided, type of service used, amount of data transferred, commercial electronic message permission given by the Relevant Person electronically.
  • Marketing Information: E-mails sent based on the commercial electronic message permission given by the relevant person.


 Website Visitors

  • Location Information: Country, city
  • Risk Management Information: IP address, session information
  • Marketing Information: Cookie records, targeting information, reviews showing habits and tastes
  • Marketing Information: E-mail messages for marketing purposes sent based on the commercial electronic message permission given by the relevant person.
  • Demand/Complaint Management: Records regarding the transactions made during the evaluation or management process of the complaints and/or requests submitted by the relevant person regarding the product or service he/she has purchased.


 In Which Business Processes and For What Purposes are Personal Data Used?

Customer Personal Data

  • Carrying out membership transactions,
  • Improving the services offered through the bonderland.co website, developing new services and providing information about them,
  • Analyzing the preferences, tastes and needs of customers who have commercial electronic message approval and providing special promotions, opportunities and benefits to customers, for the purpose of fulfilling distance contracts established with users,
  • Promoting and marketing products and services in line with customers' preferences and tastes by performing remarketing, targeting, profiling and analysis in line with the explicit consent of the users,
  • Resolving user problems and complaints,
  • Improving the user experience on the website,
  • Follow-up of accounting and purchasing transactions,
  • Legal processes and compliance with legislation,
  • Answering information requests from administrative and judicial authorities,
  • Ensuring information and transaction security and preventing malicious use,
  • Making necessary arrangements to ensure that the processed data is up-to-date and accurate

 Website Visitors
  • Improving the services offered through the website, developing new services and providing information about them,
  • Commercial electronic message approval for existing visitors; Analyzing their preferences, tastes and needs and providing special promotions, opportunities and benefits to visitors,
  • Promoting and marketing applications, goods/products and services in line with visitors' preferences and tastes by performing remarketing, targeting, profiling and analysis in line with the express consent of the visitors,
  • Resolving visitor problems and complaints,
  • Legal processes and compliance with legislation,
  • Answering information requests from administrative and judicial authorities,
  • Ensuring information and transaction security and preventing malicious use,
  • Making the necessary arrangements to ensure that the processed data is up-to-date and accurate,
  • Fulfillment of legal obligations

 Technical and Administrative Measures Taken to Ensure the Security of Personal Data

BONDERLAND undertakes to take all necessary technical and administrative measures and show due care to ensure the security of your personal data.

BONDERLAND takes the necessary measures to prevent unauthorized access to personal data, misuse, unlawful processing, disclosure, alteration or destruction of personal data.

BONDERLAND uses generally accepted security technology standards such as firewalls and encryption when processing personal data.

Regarding preventing unlawful access to the personal data it processes, preventing unlawful processing of these data, and ensuring the preservation of personal data, BONDERLAND:
  • All areas of the website where personal data is collected are protected by SSL.
  • Implements access authorizations and restrictions for its employees,
  • It ensures that personal data in paper form is kept in locked cabinets and can only be accessed by authorized persons.
  • Personal data processed through cookies belonging to third parties from whom services are received are deleted from third party systems if the membership is terminated.

 Although BONDERLAND takes the necessary information security measures, in the event that personal data is damaged or obtained by unauthorized third parties as a result of attacks on the platforms operated by BONDERLAND or the BONDERLAND system, BONDERLAND immediately notifies the relevant persons and the Personal Data Protection Board and takes the necessary measures. .

Transfer of Personal Data

BONDERLAND transfers personal data to third parties only for the purposes specified in this Personal Data Processing Policy and in accordance with Articles 8 and 9 of the KVKK. Website usage preferences and navigation history, execution of the distance sales contract, membership form and other forms. The collected personal data is shared with our domestic/international business partners who receive cookie services, for the purpose of profiling and communicating with the relevant people in line with their likes and preferences. Personal data transfers carried out in this context are carried out through the secure environment and channels provided by the relevant third party. Depending on the content and scope of the service received from third parties, in all cases where there is no need to transfer personal data, masked personal data is transferred.

Shopify

Electronic commerce infrastructure service is provided for the BONDERLAND website. Shopify servers are located in the United States. You can access the Privacy Policies here .

an invoice

Services are received to fulfill our accounting obligations such as e-invoice and e-delivery note. Birfakura servers are hosted domestically. You can access the Privacy Policies here .

Google Ads

It is an online marketing tool that allows us to display our ads in Google's search results or on partner sites. Google Ads servers are hosted in the United States. Your personal data is not transferred directly but is shared using masking methods. You can access the Privacy Policies here .

Google Analytics

Site performance and analysis technology services are provided for our electronic commerce site. Google Analytics servers are hosted in the United States. Your personal data is not transferred directly but is shared using masking methods. You can access the Privacy Policies here .

Personal data subject to domestic and international transfer as mentioned above, in addition to technical measures to ensure their security; It is also legally protected thanks to the KVKK-compliant provisions included in our contracts, taking into account whether the other party of the legal relationship is the data controller or data processor.

When sharing personal information as stated above and transferring personal information to countries other than Turkey, it is ensured that the data is transferred in accordance with this policy and as permitted by the applicable law regarding data protection.

Personal Data Storage Periods

BONDERLAND retains the personal data it processes in accordance with KVKK for the periods stipulated in the relevant legislation or required by the purpose of processing. In our Personal Data Storage and Destruction Policy, these periods are approximately as follows:

Membership records: 10 years

All records regarding accounting and financial transactions: 10 years

Cookies: Maximum 3 years

Traffic information about online visitors: 2 years

Resumes: 1 year

Personal data regarding Customer Companies: 10 years after the legal relationship ends

Personal data regarding suppliers: 10 years after the legal relationship ends

Relevant Person Rights

The rights that the Relevant Person has on personal data processed by BONDERLAND in accordance with Article 11 of the KVKK are listed below:

  • Learning whether personal data is processed or not,
  • Requesting information if personal data has been processed,
  • Learning the purpose of processing personal data and whether they are used for their intended purpose,
  • Knowing the third parties to whom personal data is transferred at home or abroad,
  • Requesting correction of personal data if it is incomplete or incorrectly processed,
  • Requesting the deletion or destruction of personal data within the framework of the conditions stipulated in Article 7 of the KVKK,
  • Transactions made in accordance with clauses (d) and (e),
  • Requesting notification to third parties to whom personal data has been transferred,
  • Objecting to the emergence of a result that is unfavorable to the individual by analyzing the processed data exclusively through automatic systems,
  • Request compensation for damages in case of damage due to unlawful processing of personal data.

 In order to exercise your rights over your personal data; You can apply and exercise your rights using the methods specified in the “Application Form” on the bonderland.co website.

Conditions for Destruction of Personal Data

BONDERLAND stores the personal data it processes through its website and Platform for the periods stipulated by the relevant laws and/or the periods required by the purpose of processing, in accordance with Articles 7, 17 of the KVKK and Article 138 of the Turkish Penal Code. If these periods expire, it will delete, destroy or anonymize it in accordance with the provisions of the Regulation on Deletion, Destruction or Anonymization of Personal Data.

Deletion of personal data by BONDERLAND refers to the process of making personal data inaccessible and unusable for the relevant users in any way. For this purpose, BONDERLAND implements access authorizations and restrictions at the user level. It takes the necessary measures to perform deletion in databases.

Anonymization of personal data by BONDERLAND means that personal data cannot be associated with an identified or identifiable natural person, even if they are matched with other data.

BONDERLAND explains in detail the methods for deletion, destruction and anonymization and the technical and administrative measures taken within the scope of the Personal Data Storage and Destruction Policy prepared in accordance with the Regulation on Deletion, Destruction or Anonymization of Personal Data.

Changes to the Privacy/Personal Data Protection Policy

BONDERLAND may make changes to this Personal Data Processing Policy at any time. These changes become effective immediately upon the publication of the new modified version of the Personal Data Processing Policy. Necessary information will be provided to the relevant persons so that you can be informed of the changes in this Personal Data Processing Policy.