Privacy Policy Regarding the Protection of Personal Data

As Stemist Box, we obtain the data of our relevant parties within the boundaries and rules of the Law No. 6698 on the Protection of Personal Data for the purpose of providing our services to you.

Especially considering the security of your personal data and in order to protect the privacy of private life and fundamental rights and freedoms, we would like to inform you in accordance with the Law No. 6698 on the Protection of Personal Data.

As Stemist Box, we show maximum effort and sensitivity regarding the security of your personal data. As the data controller in accordance with the legislation, all kinds of personal data obtained within the scope of our business relationship will be processed in accordance with the Personal Data Protection Law, as detailed below and within the limits prescribed by the legislation.

Our Principles for Processing Personal Data

• We aim to process data in accordance with the law and honesty.
• We strive to ensure accuracy and currency.
• We process data for specific, clear, and legitimate purposes.
• We process data that are relevant, limited, and proportionate to the purposes for which they are processed.
• We adhere to the principle of keeping data for the duration prescribed by the relevant legislation or as long as necessary for the purposes for which they were processed.

What Data Do We Collect? What is the Purpose of Data Collection?

• Personal data refers to any information that can identify you personally or indirectly and can be used to determine your identity. We may collect your personal data through your use of Stemist Box products and services or through interactions with Stemist Box representatives.
• The categories of personal data we collect from you depend on the nature of your interaction with us or the Stemist Box services you use. These may include:
• Identity and Contact Data: We may collect your personal and/or business contact information, including your name, surname, postal address, phone number, fax number, email or KEP address.
• Customer Transaction Data: We may collect your transaction data related to our services, such as call center records, invoices, promissory notes, check information, order information, and request and complaint information.
• Financial Data: We may collect your financial data, including bank account numbers and other relevant billing information, for processing payments, preventing fraud, and facilitating refunds to your bank account.
• Physical Space Security Data: We may collect data such as entry and exit records, camera recordings, when you visit our location.
• Transaction Security Data: If you connect to the Stemist Box network, we may collect data such as IP address information and website access logs under the Law No. 5651.
• Marketing Data: We may collect your marketing data, including purchase history information, information obtained through surveys and campaign activities, and data collected through cookies on the website (see cookie policy).
• Visual and Audio Recordings: We may collect your visual and audio recordings during your visits to our location for customer satisfaction and quality standards purposes.
• Social Media Data: If you interact with Stemist Box social media accounts through your social networks, we may process publicly available social media data.
• Legal Processes and Legal Transaction Data: We may process data related to legal processes and legal transactions that arise between us in order to fulfill our obligations arising from legislation and to fulfill other legal obligations towards authorized and competent public institutions and organizations, if any.
• Other Unique Identification Information: Examples of other unique identification information we collect include the information you provide when interacting with our service centers, customer support channels, or through personal interactions via telephone or mail. These additional details you provide enable us to facilitate the delivery of Stemist Box services and respond to your inquiries.
• In accordance with Articles 5 and 6 of the Personal Data Protection Law, we collect your data within the scope of our business relationship, complying with applicable legal regulations, ensuring the continuity of our business processes, providing you with products and services, protecting and exercising your commercial rights, fulfilling our contractual obligations, and carrying out operations related to our products and services, including the following purposes:
• For Customer Support and Satisfaction: We process your data to provide comprehensive customer support, ensure a seamless customer experience, and improve Stemist Box products and services.
• For Communication and Administrative Purposes: We communicate with you to provide information about Stemist Box products and services, respond to your questions or requests, and facilitate communication related to product/service transactions, support processes, and legally required communications.
• For Transaction Support: We process your data for the completion of purchases related to our products or services, payment processing, order fulfillment, and providing technical support and assistance during the process.
• For Security Purposes: We process your data to ensure the integrity and security of our websites, products, and services, prevent security threats, fraudulent activities, or other malicious actions that may endanger your information. We also implement additional security measures such as Closed-Circuit Television (CCTV) for the protection of our locations.
• For Business Operations: We process your data for the provision of services, conducting research and analytics, corporate reporting and management, quality assurance practices (such as the analysis or recording of calls to our customer support services), and other routine business activities.
• For Research and Innovation Purposes: We process your data for the improvement and development of new products and services by utilizing research and development tools and combining data analysis activities.
• For Corporate Communication and Marketing Purposes: We process your data to enhance Stemist Box services, conduct research and development tailored to your needs, and deliver products and services to you.
• For Compliance with Legal Requirements: We process your data to ensure the proper provision of our services and products, protect ourselves and our customers, and resolve any customer disputes in compliance with applicable laws, regulations, court orders, and requests from government and law enforcement authorities.
• In addition to the above purposes, we process your personal data for the implementation of information security processes, the conduct of financial and accounting operations, and the security of data controller operations.

Data Collection Method and Legal Basis

• Your personal data is collected through direct interactions with our company's service points, communication channels (telephone, email, fax, social media, call center, website, surveys), automated technologies or interactions (refer to the cookie policy), third parties or publicly available sources (from various third parties assisting in the provision of services and services), official institutions, our applications, and business partners providing support services, as well as closed-circuit recording systems.
• In addition, as the data controller in our commercial activities, your personal data is processed in accordance with the obligations under the Turkish Commercial Code No. 6102, Turkish Code of Obligations No. 6098, Law on Regulation of Electronic Commerce No. 6563, Regulation on Commercial Communication and Commercial Electronic Messages No. 30998, Occupational Health and Safety and Tax Legislation. These laws include both our commercial and financial obligations and occupational health and safety provisions in commercial transactions.
• All data you provide to us may be processed for the purposes of ensuring the quality and accurate provision of services within the scope of the contract, measuring and improving service quality, providing information about services, delivering announcements and notifications, customer satisfaction studies, fulfilling our legal obligations and legitimate interests as the data controller, establishing and performing contracts, establishing, exercising, and protecting rights, and as long as the purpose of data processing is valid.

Possible Recipients and Purposes of Processed Personal Data

• We keep your personal data confidential and do not sell, rent, or exchange your personal data with others. Without your permission, we do not use or share your personal data in ways that are unrelated to the individuals identified in the points where you provide the data or disclosed in a dominant contract.
• Collected personal data is limited and proportionate to the purposes specified in the Information Notice and may be transferred in accordance with the Law and related legislation and limited to the reasons requiring transfer as a result of these reasons:
• We retain service providers or business partners to manage or support certain elements of our commercial activities on our behalf.
• These service providers may ensure the fulfillment of Stemist Box operational processes, management services, customer support, product delivery on our behalf, marketing activities, security, logistics, legal services, IT services, email service providers, data hosting, live support, debt collection, and the management or support of Stemist Box websites.
• Our service providers and business partners are contractually obligated to protect the personal data they receive from us and are prohibited from using the personal data for any purpose other than that specified by Stemist Box.
• We may also share your personal data in good faith when we believe we have an obligation to do so, including responding to fully authorized information requests from law enforcement agencies, regulators, courts, and other official authorities, meeting national security or other security agency requirements, complying with all laws, regulations, court orders, or orders, investigating and preventing security threats, fraud or other criminal or malicious activities, enforcing/protecting Stemist Box rights and properties, or protecting the rights or personal safety of Stemist Box employees and third parties present on or using Stemist Box premises to the extent permitted by applicable laws and in accordance with the requirements of applicable laws.
• We assure that your personal data will not be processed by our company for purposes other than those specified in this information document.

Children's Data Privacy

• Stemist Box does not collect data from children without the prior consent of their parents or legal guardians, except as permitted by applicable laws (as specified by local laws).

Instances Where We May Process Your Personal Data Without Your Explicit Consent as Required by Law

• Explicit consent is one of the conditions for personal data processing under Article 5 of the Law, but it is not the sole factor that makes data processing activity lawful.
   
• Conditions other than explicit consent are provided for data processing activities under the Law. Accordingly, without the necessity of explicit consent, personal data may be processed in the scope of our business relationship if one of the following conditions exists:
   
• a) Explicitly provided for by the laws,
  b) It is necessary for the protection of the life or physical integrity of the data subject or someone else who is unable to express consent due to physical impossibility or to whom legal validity is not granted to their consent,
  c) It is necessary for the conclusion or performance of a contract, provided that it is directly related to the parties of the contract and the processing of personal data belonging to the parties of the contract,
  d) It is necessary for the data controller to fulfill its legal obligations,
  e) It has been made public by the data subject himself/herself,
  f) It is necessary for the establishment, exercise, or protection of a right,
  g) It is necessary for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject.

How Do We Protect?

• Stemist Box takes all necessary technical and administrative measures to ensure the security of all personal data collected. Within this framework, we implement physical, technical, organizational, and managerial measures against unauthorized access, misuse, disclosure, or alteration in accordance with the requirements of the Personal Data Security Guide published by the Personal Data Protection Authority, ISO/IEC 27001 Information Security, ISO/IEC 27017 Cloud Services Information Security, ISO/IEC 27701 Privacy Information Management standards, and the General Data Protection Regulation (GDPR) of the European Union.
   

What Are Your Rights Regarding Personal Data?

With regard to your personal data, you have the right to:




- Learn whether your personal data is being processed,

- Request information if your personal data has been processed,

- Learn the purpose of the processing of your personal data and whether it is used in accordance with its purpose,

- Be informed about third parties to whom your personal data is transferred, whether domestically or internationally,

- Request the correction of your incomplete or inaccurate personal data,

- Request the deletion or destruction of your personal data within the framework of the conditions stipulated in the Personal Data Protection Law,

- Request notification of the correction, deletion, or destruction of your personal data to third parties to whom we have transferred your data, when you request the correction of incomplete or inaccurate data, or the deletion or destruction of your personal data,

- Object to any result against you arising from the analysis of processed data exclusively through automated systems, and

• You have the right to request the remedy of any damages in case your personal data is processed unlawfully.




How Can You Exercise Your Rights Regarding Personal Data?




According to Article 13, paragraph 1 of the Personal Data Protection Law, you can submit your request regarding the exercise of your rights through the methods and information provided below, in accordance with the "Communiqué on Application Procedures and Principles to the Data Controller" published on March 10, 2018, with the number 30356.


Required information in the application:
 

1. Name, Surname of the applicant.

2. If the applicant is a citizen of the Republic of Turkey, the TR Identity Number; if not, the Passport Number along with the Nationality, or if available, the Identity Number.

3. Residential or business address of the applicant for notification purposes.

4. Email address, phone number, or fax number of the applicant for notification purposes.

5. Subject of the request.

6. Information and documents related to the subject of the request.


Application Methods:


1. The applicant can send a notification to the Stemist Box headquarters through a notary public, but the phrase "Information Request in accordance with the Personal Data Protection Law" must be added to the envelope.

2. Using the "Secure Electronic Signature" defined in the Law No. 5070 on Electronic Signature, the applicant can personally submit the application to our company's Registered Electronic Mail address, indicating "Information Request in accordance with the Personal Data Protection Law" in the subject line.




How Long Does It Take to Respond to Your Requests Regarding the Processing of Your Personal Data?

• Your requests regarding your personal data rights will be evaluated, and a response will be provided within 30 (thirty) days at the latest from the date of your application. If your application is rejected, the reasons for rejection will be sent to the address you provided via email or postal mail.



Changes to Our Privacy Notice

• If we make any changes to our Privacy Notice, we will publish the revised notice along with the updated revision date here. If there are significant changes that substantially affect our privacy practices, we may notify you through email or by posting a notification on our corporate website and/or social media accounts before the changes take effect.