PRIVACY POLICY
Last updated: [01/01/2025]
ARZEN Iç ve Dıs Tic. LTD. Sti. is committed to protecting your personal information (such as delivery/billing addresses, phone numbers, etc.) shared during your shopping experience. We guarantee that your data will never be shared with any third parties or institutions.
To make your shopping experience more convenient, certain information is stored in your membership account with your consent. This information is used solely to ensure faster and more secure order processing.
ARZEN undertakes to keep personal information strictly private and confidential, considering it a duty of confidentiality. We are committed to taking all necessary measures to prevent unauthorized access, disclosure, or use of your personal data and ensuring its continued protection. However, MAAJ and/or ARZEN reserves the right to disclose your information in compliance with applicable laws and upon request from administrative, judicial, or other official authorities.
MAAJ/ARZEN CUSTOMER DATA PROTECTION NOTICE
In accordance with the Personal Data Protection Law No. 6698 (the "Law"), ARZEN (the "Company"), as the data controller, may process your personal data as outlined below. Your personal data will be processed in accordance with the purposes and legal grounds mentioned in this notice, in a manner that is lawful, fair, and transparent.
Methods of Collecting Personal Data, Purpose of Processing, and Legal Grounds
Your personal data may be collected through various channels, including online forms, contact forms, applications, call centers, mobile applications, SMS, email, or during physical interactions with our Company.
Your personal data is processed for the following purposes ("Purposes") based on the legal grounds specified in Article 5 of the Law:
For establishing or fulfilling a contract:
To update customer contact information (identity and contact data),
To open sales records and issue invoices (identity, contact, finance, and transaction data),
To execute sales agreements related to products or services purchased (identity, contact, transaction, and financial data).
For compliance with legal obligations:
To issue invoices for goods and services under the Tax Procedure Law (identity, contact, finance, and transaction data),
To respond to official requests from authorities (identity, contact, and transaction data),
To comply with mandatory record-keeping obligations (security data),
To respond to customer inquiries in accordance with legal requirements (identity, contact, transaction, request, and complaint data).
For the legitimate interests of the data controller:
To maintain accounting records and track financial operations (identity, contact, transaction, and finance data),
To carry out sales and marketing activities (identity, contact, transaction, request, and complaint data),
To manage customer relationships (identity, contact, transaction, request, and complaint data),
To conduct commercial operations and manage business processes (identity, contact, transaction, request, complaint, and finance data),
To ensure legal, technical, and business security (identity, contact, transaction, finance, and legal data),
To determine and implement corporate strategies (identity, contact, transaction, request, and complaint data).
For the establishment, exercise, or protection of legal rights:
To handle requests, complaints, and disputes (identity, contact, transaction, request, and complaint data),
To retain personal data as evidence for potential future disputes within the statutory limitation period (identity, contact, transaction, request, complaint, finance, legal, and security data).
With your explicit consent:
To carry out marketing activities tailored to your preferences (identity, contact, transaction, and marketing data),
To send commercial communications, such as advertisements and promotions (identity and contact data).
Sharing of Personal Data
Your personal data may be shared with domestic business partners, suppliers, group companies, legally authorized public institutions, and private individuals in accordance with Article 8 of the Law, to fulfill the above-mentioned purposes.
Security Measures for Personal Data
Our Company takes maximum precautions to store personal data securely and prevent unauthorized access. In compliance with Article 12 of the Law and relevant regulations, we implement the following measures:
Ensuring network and application security,
Implementing security measures during IT procurement, development, and maintenance processes,
Securing cloud-stored personal data,
Providing periodic training and awareness programs for employees on data security,
Establishing an authorization matrix for employees,
Keeping access logs regularly,
Developing and enforcing corporate policies on data access, security, retention, and disposal,
Applying data masking techniques when necessary,
Using confidentiality agreements,
Revoking access rights for employees who change roles or leave the company,
Using up-to-date antivirus systems and firewalls,
Including data security clauses in contracts with third parties,
Monitoring personal data security incidents,
Securing physical environments containing personal data from external risks,
Implementing encryption and backup processes,
Conducting penetration tests,
Following cyber security protocols.
Data Retention and Deletion
Our Company retains personal data as long as it is necessary for the purposes outlined above. Once the purpose is fulfilled or upon request from the data subject, personal data will be deleted, destroyed, or anonymized in accordance with relevant regulations.
Rights of Data Subjects
As a data subject, you have the right to:
(a) Learn whether your personal data is processed, (b) Request information if your personal data has been processed, (c) Learn the purpose of processing and whether it is used in accordance with that purpose, (d) Know the third parties to whom personal data is transferred, (e) Request correction of inaccurate or incomplete personal data, (f) Request deletion or destruction of personal data under certain conditions, (g) Request notification of corrections or deletions to third parties to whom data has been transferred, (h) Object to processing that has negative consequences for you through automated systems, (i) Seek compensation for damages resulting from unlawful processing of personal data.
To exercise your rights, you can submit your requests by contacting us via contact@maajatelier.com or through other communication channels specified by ARZEN. We will respond to your inquiries within 30 days.