Parties: This privacy policy concerns personal data collection between
a person who provides their personal data “the customer” to Ges Tekstil Sanayi ve Ticaret;
Ges Tekstil Sanayi ve Ticaret “the company.”
Data Collection: The customer expressly accepts the collection and process of their personal data in accordance with this privacy policy, whenever they log in or create a customer account on the Website or in a Boutique, place an order on the Website, in a Boutique, by telephone or other communication channels, return an order, send a complaint, ask a question or send comments, provide personal data to the company on the website or by any other means, interact with via the company’s social networks.
Agreed Purposes: Personal data can be processed for the management and improvement of customer relations, requests, complaints, product inquiries, payment transactions, and customer satisfaction; issuance of an invoice, fulfilment of orders, delivery operations, provide refunds, discounts, and incentives, improvement general operational processes, market the products and services, website development and improvement, website traffic measurement, comply with any legal obligations or governance requirements, and prevent, detect, and investigate actual or suspected fraud, abuse, illegal use, unauthorized or illegal activities and access and other misuse.
Personal data shall be collected and processed in line with the general principles set out in the Turkish Data Protection Law (Law No. 6698) Article 4 and they are generally obliged to comply with the provisions of the Turkish Data Protection Law (Law No. 6698).
Lawful Basis for Collection: The lawful bases of data collection and process are: explicit consent of the customer—based on the Turkish Data Protection Law (Law No. 6698) Article 5(1)—meaning freely given, specific, and informed consent; the necessity for the establishment or performance of a contract between the customer and the company, in reference to the Turkish Data Protection Law (Law No. 6698) Article 5(2)(c).
Description of Data: The following personal data can be collected and processed: name, surname, date of birth, age range, gender, e-mail, phone number, contact address, billing address, clothing size/fit information, purchase/return/exchange information, and payment information. No special categories personal data (defined in the Turkish Data Protection Law [Law No. 6698] Article 6) will be shared between the customer and the company.
Access to Data: Only the staff members of company shall have access to the customer’s personal data.
Transfer of Personal Data to Third Parties: The company shall not transfer the customer’s personal data to third parties unless the explicit consent of and prior approval from the customer or additional legal grounds laid down in the Turkish Data Protection Law (Law No. 6698) Article 8. The sole exception to this rule is the possible data sharing between the company and Ticimax—an e-commerce specialty agency that provides supportive services for the company—solely due to the technical needs of the website of the company. Data collected by company shall be stored in Türkiye.
Data Safety: In line with the Turkish Data Protection Law (Law No. 6698) Article 12, the company takes reasonable technical and organizational precautionary measures, limits access to data, securely stores data to prevent unlawful processing and access to data as well as ensures the protection of data.
Data Subject Rights: The customer has the right to exercise the following rights: object to or restrict data processing; learn whether data is processed or not; request information about the following: the process of personal data, the purpose of personal data processing and whether personal data is used in line with the data processing purposes, personal data transfer in Türkiye or abroad; rectification of incomplete or inaccurate personal data; erasure or destruction of personal data; claim compensation for the damages stemming from unlawful processing of personal data; and other rights referred in the Turkish Data Protection Law (Law No. 6698) Article 11. In order to exercise these rights, the company shall be contacted by contact details provided on the website.
Data Storage Period: In line with the Turkish Data Protection Authority’s policies on data storage and destruction and the Turkish Code of Obligations (Law No. 6098), the company can store data until the termination of the company, but no longer than is necessary to carry out the agreed purposes and maximum ten (10) years.
Personal Data Breaches and Reporting Procedures: The company shall contact the customer as soon as possible in the case of a data breach. The company must also take actions to mitigate the risk of loss and comply with any notification or other requirements imposed by applicable law or reasonably requested in order to meet its regulatory obligations.
Governing Law and Venue: This policy is governed by, will be construed and enforced in accordance with the laws of Türkiye. In the event of a lawsuit involving this policy, the jurisdiction is proper only in Istanbul courts.