Data Protection and Processing Policy

1. INTRODUCTION, PURPOSE AND SCOPE

1.1. Introduction
As Sivriler Furniture ("the Company"), we attach great importance to the security and confidentiality of your personal data in light of the provisions of relevant legislation and universal principles regarding the protection of personal data, primarily the Personal Data Protection Law No. 6698 ("KVKK"). This Policy has been prepared to explain the principles, methods, and procedures regarding the personal data processing activities carried out by our Company in its capacity as data controller.

1.2. Purpose
The purpose of this Policy is to explain how personal data processed by our Company is;

collected, processed, stored, transferred, and deleted in accordance with KVKK and relevant legislation,

within the framework of accuracy and currency principles,

for specific, explicit, and legitimate purposes,

in a manner that is relevant, limited, and proportionate to the purposes for which they are processed,

retained for the period prescribed by relevant legislation or necessary for the purpose,
and to inform the data subjects (data owners) on these matters and to determine the process regarding their rights.

1.3. Scope
This Policy covers all natural persons who have various relationships with our Company and whose personal data is processed. The relevant person groups within this scope are as follows:

Customers and Potential Customers: Natural persons who visit our website (sivrilermobilya.com.tr), become members, place orders, or use our communication channels.

Employees and Job Applicants: Natural persons employed by our Company or applying for a job.

Business Partners and Suppliers: Authorized representatives, employees, and shareholders of institutions providing services or supplies to our Company.

Visitors: Natural persons who physically come to our Company facilities (office, store, warehouse).

Other Third Parties: Natural persons who do not fall into the above categories but whose personal data is processed as a result of interaction with our Company (e.g., persons referred).

2. METHODS OF COLLECTING PERSONAL DATA, LEGAL BASIS AND PROCESSING PURPOSES

2.1. Methods of Collecting Personal Data
Your personal data may be collected by automatic or non-automatic means through the following methods:

Online Channels: Through our website, mobile application, email, online chat, our social media accounts, and cookies.

Physical Channels: Through our stores, fairs, events, contracts, application forms, business cards, and telephone calls.

Third Parties: From our business partners, suppliers, social media platforms, and public records (in cases authorized by law).

2.2. Legal Basis for Personal Data Processing
Our Company processes your personal data based on the legal grounds specified in Articles 5 and 6 of KVKK as follows:

Your Explicit Consent: Obtaining your explicit consent on specific matters (e.g., marketing communication, cookies).

Establishment or Performance of a Contract: Establishment of order and sales contracts, product delivery, invoicing, provision of warranty service.

Fulfilling Our Legal Obligations: Legal obligations in areas such as tax, commercial, and consumer legislation.

Our Legitimate Interests: Product/service development, customer satisfaction analysis, protecting our rights in legal disputes (provided that it does not harm your fundamental rights and freedoms).

Establishment, Exercise, or Protection of a Right: For example, protecting our right in courts in case of a dispute.

2.3. Processed Personal Data Categories and Purposes
The table below summarizes which data categories are processed for which purposes according to relevant person groups:

Special Category Personal Data: Data such as race, ethnic origin, health, sexual life, criminal conviction, etc., are processed only in the limited cases specified in Article 6 of KVKK (e.g., processing health data for occupational health purposes for employees) and under maximum security measures.

3. TRANSFER OF PERSONAL DATA

Your personal data may be shared with a limited number of third parties and institutions, within the framework of the conditions stipulated in Articles 8 and 9 of KVKK and by taking necessary security measures, in order to realize the purposes stated above.

3.1. Recipient Groups for Domestic Transfer:

Service Providers: Contracted cargo companies, payment institutions (banks, POS operators), IT infrastructure and cloud storage providers, call center, marketing/consultancy firms.

Professional Service Providers: Legal and tax consultants, audit firms.

Public Institutions: Legally authorized public institutions and organizations (taxes, courts, regulatory bodies).

3.2. Transfer Abroad:
Your personal data may be stored in the overseas centers of companies providing server or cloud storage services. Such transfers are carried out only if the relevant foreign country has "adequate protection" or if Standard Contractual Clauses approved by the KVKK Board are signed between our Company and the data processor.

4. PERSONAL DATA SECURITY

Our Company takes all necessary technical and administrative measures to protect your personal data from unlawful access, alteration, disclosure, or destruction. These measures are determined based on risk analysis and are updated periodically.

4.1. Technical Measures (Examples):

Firewalls, intrusion detection/prevention systems.

Authorization and access controls (username/password, role-based access).

Data encryption (in transit and at rest).

Penetration tests and vulnerability scans.

Regular backup systems.

4.2. Administrative Measures (Examples):

Employee training on KVKK and privacy.

Creation of data processing inventory and policies.

Adding confidentiality and security provisions to contracts with data processors.

Physical archive access controls.

Establishment of the Personal Data Protection Committee.

4.3. Data Breach Situation:
If a situation that violates the security of your personal data is detected, a notification will be made to the Personal Data Protection Board as soon as possible (within 72 hours) as required by law, and the situation will be notified to the relevant persons by the most appropriate method.

5. RIGHTS OF PERSONAL DATA SUBJECTS (KVKK ARTICLE 11)

In accordance with Article 11 of KVKK, every natural person whose personal data is processed can exercise the following rights by applying to our Company:

Learn whether their personal data is processed,

Request information if it has been processed,

Learn the purpose of processing and whether it is used in accordance with its purpose,

Know the third parties to whom it is transferred domestically/abroad,

Request correction if it is incomplete or inaccurately processed,

Request deletion or destruction within the framework of the conditions stipulated by the Law ("Right to be Forgotten"),

Request notification of the operations carried out pursuant to sub-paragraphs (5) and (6) to third parties to whom personal data has been transferred,

Object to the occurrence of a result against the person by analyzing the processed data exclusively through automated systems,

Request compensation for the damage arising from the unlawful processing of personal data.

6. EXERCISE OF RIGHTS AND COMMUNICATION

6.1. Application Method:
To exercise your rights stated above;

A. Online Form: By filling out the "KVKK Application Form" found at sivrilermobilya.com.tr/gizlilik,

B. Written Application: By sending your application with documents explaining your identity information, via registered mail to the address Mehmet Akif Street No:61-87-89-93 ŞİRİNYER/İZMİR with the heading "Sivriler Furniture - Personal Data Protection Committee",

C. Registered Electronic Mail (KEP): By submitting your signed application to our company's KEP address (sivrilermobilya@hs01.kep.tr).

6.2. Information Required in the Application:
Your application must include; your name, surname, your signature if you are submitting your application in writing, your Turkish ID number if any, your residential or business address for notification, your email address for notification if any, your phone number, and the subject of your request.

6.3. Response Process:
Your application will be concluded free of charge within thirty (30) days at the latest, depending on its nature. If the process requires an additional cost, the fee specified in the tariff determined by the Personal Data Protection Board may be requested. In case of rejection or if the response is deemed insufficient, your right to file a complaint with the Personal Data Protection Board in accordance with Article 14 of KVKK is reserved.

7. DATA RETENTION AND DESTRUCTION POLICY

Our Company retains personal data for the periods prescribed by relevant legislation or as long as required by the purpose of data processing. When these periods expire or the processing purpose ceases to exist, personal data is deleted, destroyed, or anonymized. Deletion, destruction, and anonymization processes are carried out within the framework of our "Personal Data Retention and Destruction Policy".

8. FINAL PROVISIONS

This Policy enters into force by being published on the Company's website.

The Company reserves the right to update this Policy at any time in order to adapt to evolving technology, legislative changes, and business processes. The current Policy is always published on our website.

In case of any discrepancy between the provisions of this Policy and other contracts and disclosure texts applied in the business processes conducted on the Company's website, mobile application, and stores, the provisions of the texts specifically prepared for the relevant processing shall primarily apply.

Data Controller: Sivriler Furniture
Address: Mehmet Akif Street No:61-87-89-93 ŞİRİNYER/İZMİR
Web: www.sivrilermobilya.com
Email: info@sivrilermobilya.com
Phone: 0850 304 18 95