Privacy Policy

Dear Customers, Members, Business Partners/Suppliers, Personnel Candidates and Visitors; ; we, as Bressa attach great importance to the protection of your personal data. In this context, we would like to inform you about your personal data and processing processes as “data controller” in accordance with the Law on the Protection of Personal Data No. 6698 (“KVKK”).  

This Policy aims to ensure the sustainability of the Company’s “principle of conducting the company’s activities in transparency”. In this context, the basic principles adopted in terms of the compliance of the Company’s data processing activities with the regulations contained in the Personal Data Protection Law No. 6698 (“KVK Law”) are determined and the practices performed by the Company are explained.

The Policy is intended for natural persons whose personal data is processed by the Company in automated or non-automated ways, provided that they are part of any data recording system.

The policy has been published by the Company on its website and presented to the public. In case of conflict between the current legislation, especially the Law, and the regulations contained in this Policy, the provisions of the legislation shall be applied.

The Company reserves the right to make changes to the Policy in parallel with legal regulations.  

RETURN OPTION

For returns, our customer should contact Bressa. Our company will inform our customer which cargo to give the product to.

In return transactions, shipping and customs fees belong to the customer. You can contact Bressa for information.

WHICH PERSONAL DATA WE PROCESS?

Depending on the exchange of goods/services between you and Bressa, the conclusion of a membership agreement, your visits to our workplaces, your application for a job or otherwise entering into a legal or commercial relationship, the following personal data may be processed.

1. Identity Information:  It is data on Name-Surname, Republic of Turkey ID No Gender, Date of Birth, IP address.
2. Contact Information:  It is data on the address, phone number, e-mail address.
3. Audio and Visual Information:  BRESSA is the data related to the images of the people in the camera recordings made for security purposes in their physical environments and the voices of the people recorded in the call center calls.
4. Purchased Product and Payment Information: These are data on products purchased as part of purchases from the BRESSA website or stores.
5. Shopping Habits: BRESSA is the data on the results of the results of the person’s tastes, likes and preferences through the navigation on the websites obtained through cookies..
6. Training Data: These are the data such as diplomas, transcripts, certificates that are included in the form filled out by personnel candidates within the scope of job applications or the resume document they have prepared and showing their educational background.
7. Professional Experience: These are the data contained in the form filled out by the personnel candidates within the scope of their job applications or in the resume document they have prepared and showing their experience in working life and professional titles.
8. Personal Data of a Special Nature:These are the data consisting of the health statement and the criminal record shared by the personnel candidates within the scope of their job applications.

İLGİLİ KİŞİ KATEGORİLERİ		AÇIKLAMA
1	Customer	It refers to natural or legal persons who use the services provided by BRESSA.
2	Potential Customer	It refers to real or legal persons who have shown interest in using the services offered by BRESSA, who have expressed their will to use the services through the website or other channels that have the potential to turn into a customer, and who have requested an offer.
3	Visitor	It refers to all the workplaces belonging to the company and real people who visit the website..
4	Third Parties	It refers to the categories of Related Persons listed above, as well as real persons, with the exception of BRESSA employees.
5	Business partners/Suppliers and their employees	It refers to the parties and employees of these parties with whom BRESSA has established a business partnership for purposes such as conducting business activities or, in this context, providing goods or services to the Company in accordance with BRESSA’s instructions and on a contractual basis.
6	Candidate of Personnel	Refers to people who have applied for a job at BRESSA.

WHEREBY AND ON WHAT LEGAL GROUNDS DO WE COLLECT YOUR PERSONAL DATA?

In the Physical Environment; ; 

Your personal data is collected directly from you within the scope of purchases you make from BRESSA’s stores, forms you fill out at stores and events, store visits, contracts you sign, CVs you share within the scope of your job application or job application forms you fill out.  

In The Electronic Environment; 

The purchases you make on our BRESSA website, the BRESSA Club Card membership forms you fill, the requests and complaints you share on our website, on the phone or via e-mail, are collected directly from you in the electronic environment through our call center and your posts on our social media accounts.  

Your personal data collected from both environments are recorded in the BRESSA database and can be processed in automatic and non-automatic ways.

Within the scope of the commercial and/or contractual relationship between you and BRESSA (product or service exchange, membership agreement, workplace visits), within the framework of the purposes stated below and in accordance with Article 5 of the Law No. 6698; Your data can be processed within the scope of our legitimate interests, provided that the establishment and performance of the contract, the establishment of a right, the fulfillment of legal obligations and the protection of your rights and not causing harm. During your visits to our workplaces, your identity information and your image are recorded with a security camera for security reasons and are processed limited to this operation.

If you do not purchase goods or services from BRESSA and there is no legal or commercial relationship between us, we can process your personal data mentioned above, pursuant to the 1st paragraph of Article 5 of the Law, based on your EXPRESS CONSENT. Your explicit consent will be obtained in exchange for your signature with printed forms in our stores or by sending the PASSWORD generated for you to the BRESSA staff if you find the appropriate lighting text sent to you by SMS, as well as by checking the permission / check boxes in the membership and shopping areas on the website and pressing the “send” key. You can revoke permissions at any time.

PURPOSES OF PROCESSING YOUR PERSONAL DATA

Your Personal Data is processed within the scope of the following purposes: 

1. For Customers and Members; 

• Conducting the Processes of Purchasing Goods / Services
• Execution of Goods/Services Sales Processes
• Execution of Customer Relationship Management Processes
• Conducting Activities Aimed at Customer Satisfaction
• Ensuring the Safety of Physical Space  
• To carry out transactions and activities within the scope of commercial / contractual relationship and to fulfill financial and legal obligations  

• Follow-up of Requests / Complaints
• Fulfillment of legal obligations
• Establishment, execution of the membership agreement and benefiting from the membership benefits of the customers
• Execution of legal processes
• Promotional and marketing activities

2. For Potential Customers;

Your identity and contact information obtained directly from you through your visits to our website and stores, the forms you fill out, your e-bulletin subscription, your shares on our Social Media Accounts, your requests and complaints to our call center are processed based on your express consent within the framework of the aim of being aware of the products and services of our company and to offer you some special products, in accordance with the marketing purpose. If there is a request or complaint that you have submitted to BRESSA, in this case, your identity and contact information is processed for a limited period of time in accordance with Article 5/2 of the Law in order to manage this request and complaint.

3. For Suppliers/Business Partners;

Within the scope of the commercial relationship between you and our company, the personal data of your company officials and employees can be processed within the scope of the following purposes, as specified in Article 5 of the Law within the scope of the establishment and performance of our contracts, the fulfillment of legal obligations and the legitimate interests of our company, in accordance with the basic principles stipulated in the Law and within the personal data processing conditions.

• Fulfillment of legal obligations  
• Execution of contract processes
• Conducting Financial And Accounting Affairs
• Execution and follow-up of legal processes
• Execution of Internal Operations of the Company
• Strategy planning & business partners /supplier management
• Ensuring the safety of physical space
• Execution of Logistics Activities  
• Management of Supply Chain Management Processes
• Storage of your information that should be stored in accordance with the relevant legislation; copying, backup to prevent information losses; ensuring control over the consistency of your information; taking the necessary technical and administrative measures to ensure the security of our databases and your information

4. For Visitors;

Within the scope of your visits to our company, our website and other workplaces, in order to ensure the safety of our company and you, as well as to fulfill our legal obligations and depending on our legitimate interests, your identity and visual data with security cameras and visitor logs in physical environments, your identity and communication data obtained within the scope of internet access offered to you during your visit to our workplace are processed for the following purposes.

• Conducting Audit and Security Activities
• Security of movable property and resources  
• Execution of Information Security Processes
• Creation and Tracking of Visitor Records
• Ensuring the Safety of Physical Space
• Providing Information to Authorized Persons, Institutions and Organizations
• Ensuring the Security of Data Operations
• Ensuring Internet Access and Access Security

5.   For Employee Candidates;

DERİMOD, by using your personal data obtained by the personnel candidates either through our website (www.bressaonline.com) or through the CVs you share or the application forms you fill in within the scope of your job applications to our company headquarters or stores, carries out data processing activities within the scope of our company’s legitimate interests, for the purpose of personnel procurement and management of human resources processes specified in Article 5 of the Law, and to establish business contracts, establish a right and use it as evidence in legal disputes, within the scope of the following purposes. In case of receiving a medical statement and sanction data from the personnel candidate, explicit consent is also requested.  

• Conducting Employee Candidate/Trainee/Student Selection and Placement Processes
• Execution of Application Processes of Employee Candidates
• Conducting human resources operations and especially personnel recruitment processes, 

THE PARTIES TO WHICH YOUR PERSONAL DATA IS TRANSFERRED AND THE PURPOSES OF THE TRANSFER

BRESSA will be able to transfer your personal data to the following groups of domestic buyers in accordance with the Law and other legislation for the purposes set out in this Policy:

• To our suppliers and business partners that we work with to provide or deliver the services offered to you (such as companies that receive web infrastructure services, cargo companies, audit companies)
• Our business partners, supplier companies and banks, financial institutions that cooperate and/or receive services for the provision, promotion of services and similar purposes,  
• To the advertising agencies where we receive services for the management of our website and social media accounts,
• To lawyers, auditors, consultants and service providers,
• To your deputies, guardians and representatives authorized by you,
• To the institutions or organizations authorized to request your personal data, such as regulatory and supervisory authorities, as well as court and enforcement directorates, and to the persons designated by them,
• To our group company BAHTIYAR ISIN (BRESSA)

COMMERCIAL ELECTRONIC COMMUNICATION

BRESSA may also contact these people by processing identification and communication data in order to send electronic commercial messages (SMS, E-MAIL, etc.) for commercial purposes such as advertising, campaign announcements, promotion by using the contact data to the data subjects concerned. BRESSA receives electronic communication permission from the relevant persons for this activity and carries out the mentioned activity within the scope of this permission.  

THE RIGHTS OF RELATED PERSONS STATED IN ARTICLE 11 OF THE LAW

• Find out if your Personal Data has been processed,
• Request information about your Personal Data if it has been processed,
• Find out the purpose of processing personal data and whether they are used for their intended purpose,
• Know the third parties to whom your Personal Data is transferred at home or abroad,
• Request correction of your Personal Data in case of incomplete or incorrectly processed,
• Request the deletion or destruction of your Personal Data within the framework of the conditions stipulated in the KVKK legislation1,¹,
• Request notification of the transactions made within the scope of Articles 5 and 6 to the third parties to whom your Personal Data has been transferred,
• Object to the emergence of a conclusion against you by analyzing the processed data exclusively through automated systems,
• Requesting the removal of the damage if you suffer from unlawful processing of Personal Data

ENSURING THE SECURITY AND CONFIDENTIALITY OF PERSONAL DATA

The company of personal data by the unlawful disclosure, access, transfer, or security to avoid the shortcomings that can occur in other ways, within the facilities, all necessary measures are taken according to the nature of the data to be protected.

In this context, the Company takes all necessary (i) administrative and (ii) technical measures, (iii) establishes an audit system taken by the company, and (iv) acts in accordance with the measures stipulated in the KVK Law in case of unlawful disclosure of personal data.

DESTRUCTION OF PERSONAL DATA

Despite the fact that it has been processed in accordance with the law in accordance with Article 7 of the Law, if the reasons that require it to be processed disappear, it deletes, destroys or anonymizes the personal data ex officio or upon the request of the Relevant Person in accordance with the Data Protection and Disposal Policy, legislation and the guide published by the Authority, which it has prepared specifically for this job.

BRESSA has prepared an EXTERMINATION POLICY in which the procedures for the Destruction of personal data are determined and published it in-house. All destruction processes are carried out in accordance with this policy. At the same time, the destruction times for each process and type of personal data are clearly defined in the BRESSA personal data inventory. The periodic data destruction process, which is carried out every 6 months, is based on the storage periods determined in the inventory.  

CONSIDERATIONS RELATED TO THE PROTECTION OF PERSONAL DATA

According to Article 12 of the KVK Law, BRESSA takes the necessary technical and administrative measures to ensure the level of security in order to prevent the unlawful processing of the personal data it processes, illegal access to the data and to ensure the preservation of the data, and within this scope, it makes or has the necessary inspections made.

BRESSA takes technical and administrative measures according to technological facilities and application cost in order to ensure the legal processing of personal data.

TECHNICAL MEASURES

The main technical measures taken by BRESSA to ensure the legal processing of personal data are listed below:

• The personal data processing activities carried out within BRESSA are controlled by the established technical systems.
• The technical measures taken are periodically reported to the relevant person in accordance with the internal audit mechanism.
• Technical departments have been established and knowledgeable personnel are employed in this regard.
• New technological developments are being followed up and technical measures are being taken on the systems, especially in the field of cybersecurity, and the measures taken are updated and renewed periodically.
• Access and authorization technical solutions are put into operation within the framework of the legal compliance requirements determined for each department within the framework of BRESSA.
• Access powers are limited and powers are reviewed regularly. Access restrictions are imposed on former employees, and accounts are closed.
• The technical measures taken in accordance with the internal functioning of BRESSA are reported to the relevant users, the risky issues are re-evaluated and the necessary technological solution is produced.
• Software and hardware including virus protection systems, data vulnerability security and firewalls are being installed
• Technical staff are employed.
• All information systems, including applications where personal data is collected, are regularly subjected to external impact testing to detect vulnerabilities, and according to the results of this test, the vulnerabilities found are closed.

ADMINISTRATIVE MEASURES

Administrative measures taken by BRESSA for the lawful processing of personal data:

• BRESSA employees are informed and trained about the law on the protection of personal data and the processing of personal data in accordance with the law.
• All personal data processing activities carried out by BRESSA are carried out in accordance with the personal data inventory and attachments created by analyzing all business units in detail.
• Personal data processing activities carried out by the relevant departments within BRESSA and the obligations to be fulfilled in order to ensure that these activities comply with the personal data processing conditions sought by the KVKK have been linked to written policies and procedures, and each business unit has been informed about this issue and the issues to be considered specific to the activity it carries out have been determined by BRESSA.
• The audit and management of the departments within BRESSA related to personal data security is organized by the Information Security Committees. Awareness is raised to ensure the legal requirements established on the basis of the business unit, and the necessary administrative measures are implemented through internal policies, procedures and trainings to ensure the supervision of these issues and the continuity of implementation.
• Service contracts and related documents between BRESSA and İTS employees are recorded, including information and data security regarding personal data, and additional protocols are made. Efforts have been made to create the necessary awareness for employees on this issue.
• Legal compliance, access to personal data and authorization processes are implemented within the company by taking into account the personal data processing processes for each department within BRESSA.

You can submit your request regarding the exercise of your rights under the PDPL mentioned above to BRESSA by filling out the application form on the website of BRESSA, together with the documents that will determine your identity (i) to  BRESSA’s postal address with your signature or by registered mail or (ii) a copy with secure electronic signature via the address info@bressaonline.com

In case the data owners submit their requests regarding their personal data to our Company in writing, the Company, in its capacity as data controller, carries out the necessary processes to ensure that the request is finalized as soon as possible and within thirty (30) days at the latest, depending on the nature of the request.

Within the scope of ensuring data security, the Company may request information in order to determine whether the applicant is the owner of the personal data subject to the application. Our Company may also ask questions about the application of the Relevant Person in order to ensure that the application is completed in accordance with the request.

In cases where the application of the person concerned is likely to interfere with the rights and freedoms of other people, requires disproportionate efforts, and the information is public information, the request may be rejected by BRESSA with the explanation of the reason.

DEFINITIONS

Company	BAHTIYAR ISIN (BRESSA)
Personal Data	It is any kind of information related to a specific or identifiable natural person.
Processing of Personal Data	It is any operation performed on the data, such as obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making available, classifying or prohibiting usage of the Personal Data in whole or in part by automatic or non-automatic means provided that it is a part of any data recording system.
Personal Data Owner/Contact Person	It refers to Company Stakeholders, Company Business Partners, Company Officials, Employee Candidates, Visitors, Company and Group Company Customers, Potential Customers, Third Parties and people whose personal data is processed by the company.
Data Recording System	It refers to the registration system in which personal data is processed by configuring it according to certain criteria.
Data Officer	It is the real or legal person who determines the purposes and methods of processing personal data, is responsible for the establishment and management of the data registration system.
Data Processors	It is a real and legal person who processes personal data on their/his behalf on the basis of the authority granted by the data controller.
Explicit Consent	It is a consent to a particular subject, based on being informed and disclosed of free will.
Anonymization	It is the fact that the data that was previously associated with a person cannot be associated with an authentic or identifiable real person in any way, even by matching it with other data.
Destruction	It is the business of deleting, destroying or anonymizing personal data to eliminate it.
Law	It refers to the Law on the Protection of Personal Data No. 6698.
KVK Board	It is the Personal Data Protection Board..

SECURITY OF INFORMATION

BRESSA attaches great importance to the security of its customers’ information and works with the most advanced technology tools to ensure this. In order to ensure the security of our site, all kinds of physical, electronic and administrative measures have been taken in safe environments. All information is stored and backed up on secure servers.

The information received through our site is transferred using a technology called SSL (Secure Socket Layer), which provides secure information transfer. On the pages on our site where you transfer your financial information, you can see a lock or key picture on the right (depending on the browser you use) in the address line of your browser, and the first letters of the address in this address line change from ‘http’ to ‘https’. If you see them, you can be sure that you are on the secure servers of our site.

SITE-VISITOR COMMUNICATION SECURITY

The communication between the site and the visitor on the order pages of DERİMOD’s website takes place in 128-bit SSL standard. The communication standard in question is a quality that is used safely even on sites with a large number of transactions. It means whether this communication format is available on the page where the credit card information will be provided, and the expression written in the address bar when the page is accessed is in the format (https://..), instead of (http://..) When you access pages of this nature, there is also a lock mark in the lower right corner of the browser.

SITE-BANK COMMUNICATION SECURITY

The security related to the transfer of credit card information from the site to the bank is realized with the maximum security offered by the Bank. In addition to the numerous components of the security in question, the CVV2/CVC2 code is also used on our website as a precaution against exchanging stolen cards or card information.

ON-SITE DATA SECURITY

No person, institution or organization can access your information except the bank that allocates you and your credit card for transactions that you will make in a secure environment. The credit card transaction page transmits the card information directly to the bank’s POS system and informs the customer of the transaction result. Credit card information is not transferred by e-mail or similar methods. It is not possible to access the credit card information transferred as a result of the online transaction even by us.

CONTACT INFORMATIONS

BAHTIYAR ISIN (BRESSA)

Mersis No: 3567674685732122

WEB :  www.bressaonline.com

E-Mail: info@bressaonline.com

Address : Gökalp Mah. Şehit Komiser Günaydın Sk. No: 39/B Zeytinburnu/İSTANBUL – TURKEY