Hazer Baba Personal Data and Privacy Policy
Personal Data Processing and Protection Policy
Protection of personal data is an important issue for Hazer Baba Gıda San.İç ve Dış Tic.Ltd. Şti. (“Hazer Baba”). Hazer Baba adopts the principles stipulated by the KVK Law in order to comply with the Law on the Protection of Personal Data No. 6698 (“KVK Law”), and fulfills its obligations by processing, deleting, destroying, anonymizing, transferring, informing the person concerned and ensuring data security. The Privacy and Personal Data Protection Policy regulated in this context is made available to natural persons whose personal data are processed (“Relevant Person”).
Scope and Purpose of Privacy and Personal Data Protection Policy
This Privacy and Personal Data Protection Policy explains the Hazer Baba’s;
Personal data collection methods and legal reasons,
Which groups of people are processing the personal data,
Which category of personal data is processed in relation to these groups of people (Data Categories) and sample data types,
In which business processes and for what purposes this personal data is used,
Technical and administrative measures taken to ensure the security of personal data,
To whom and for what purpose personal data can be transferred,
Personal data retention periods,
What are the rights of the Relevant Persons on their personal data and how they can use these rights,
How Relevant Persons can change their positive or negative preferences in receiving electronic commercial messages, sharing of personal data with official authorities.
II. Methods and Legal Reasons of Collecting Personal Data
Hazer Baba can collects personal data in audio, electronic or written form through www.hazerbaba.com website, mobile website, mobile applications, social media accounts, cookies, call center, sales dealers, notifications from administrative and judicial authorities and other communication channels in accordance with the personal data processing conditions specified in the Law and in accordance with the legal reasons specified in this Privacy/Personal Data Protection Policy.
Categorization of the Data Subject Group
Hazer Baba categorizes the data subject groups whose personal data are processed in the personal data processing processes and activities related to these processes as follows. However, in accordance with the personal data processing conditions specified in Articles 5 and 6 of the KVK Law and in line with the legal reasons specified in this Privacy/Personal Data Protection Policy, personal data of other individual groups (consultant, educator, blogger) may also be processed.
Customer/Member
Online Visitor
Partner Data, partner officer and partner employee
Supplier data, supplier employee or supplier representative agency data, agency employee data
Data Categories and Example Data Types
1. Customer,
Identity Information: Name, surname, date of birth, gender, TR identity number
Location Information: The region he chose, the city he lived in
Contact Information: Mobile phone, e-mail address, region
Financial Information: TR Identity No, Tax Identity No
Customer Information: Photo
Customer Transaction Information: IP address, navigation information, call center call records, commercial communication permission, used campaigns, purchase information
Risk Management Information: IP address
Marketing Information: Marketing on social media channels through cookie records, targeting information, reviews showing habits and likes
Audio Data: Call center call recordings
Legal Action and Compliance Information: The start and end time of the service provided, the type of service used, the amount of data transferred, the commercial electronic message permission given by the Relevant Person in the electronic environment, the membership agreement approved, the distance sales agreement and Other legal texts and contracts that enable to benefit from the services offered by Hazer Baba.
Direct Marketing Information: SMS, e-mail for marketing purposes sent based on the commercial electronic message permission given by the person concerned.
Request/Complaint Management/Reputation Management Information: Records of the complaints and/or requests submitted by the person concerned via the website, mobile application, social media accounts or call center regarding the product or service purchased, and the transactions performed during the evaluation or management of these requests.
2. Online Visitor
Legal Transaction Information/Risk Management Information: IP address
Legal Transaction Information: The start and end time of the service provided, the type of service used, the amount of data transferred.
3. Partner Data, partner officer and partner employee
Identity Information: TR identity number, name-surname
Contact Information: e-mail address, telephone, address, mobile phone
Financial Information: Account number, tax office, tax identification number, tax plate, IBAN
Legal Transaction and Compliance Information: Signature circular, activity certificate,
Special Qualified Personal Data/Legal Transaction Information: Signature,
Visual Information: Photo
4. Supplier Data, Supplier Employee and Supplier Official
Identity Information: TR identity number, name and surname
Contact Information: e-mail address, telephone, address, mobile phone
Financial Information: Account No, tax office, tax identification number, tax plate, IBAN
Legal Transaction and Compliance Information: Signature circular, activity certificate,
Special Qualified Personal Data/Legal Transaction Information: Signature, health report
Personal Information: SGK login information
Visual Information: Photo
5. Agency Data, Agency Employee Data
Identity Information: TR identity number, name-surname
Contact Information: e-mail address, telephone, address, mobile phone
Financial Information: Account number, tax office, tax identification number, tax plate, IBAN
Legal Transaction and Compliance Information: Signature circular, activity certificate,
Special Qualified Personal Data/Legal Transaction Information: Signature,
Visual Information: Photo
In Which Business Processes and For What Purposes Personal Data Are Used
Personal data is used
to process the Online visitor data of the e-commerce platforms operated by Hazer Baba (www.hazer baba.com) in accordance with the relevant legislation,
Making the necessary arrangements to ensure that the processed data is up-to-date and accurate, and to carry out activities related to all these processes. .,
Execution of membership transactions,
Improving the services offered on the platforms, developing new services and informing about it,
For the purpose of the execution of the Membership Agreement established with the customer, commercial electronic message approval for existing customers; Analyzing the preferences, tastes and needs of the Customer/Member and providing special promotions, opportunities and benefits to the Customer,
Within the scope of the contractual relationship, for customers with commercial electronic message approval; Direct marketing, digital marketing, remarketing, targeting, profiling and analysis, promoting and marketing applications, events and services in line with the preference and liking of the Customer/Member,
Resolving customer problems and complaints,
Communicating with the Customer based on the commercial electronic message permission, improving the Customer/Member experience on both the platform and the mobile application,
Creating customer/member satisfaction, loyalty and commitment,
Follow-up of accounting and purchasing transactions,
Legal processes and compliance with legislation,
Answering information requests from administrative and judicial authorities,
Ensuring information and transaction security and preventing malicious use.
Technical and Administrative Measures Taken to Ensure the Security of Personal Data
Hazer Baba undertakes to take all necessary technical and administrative measures and to show due diligence in order to ensure the confidentiality, integrity and security of your personal data.
Hazer Baba takes the necessary measures to prevent unauthorized access, misuse, unlawful processing, disclosure, alteration or destruction of personal data. Hazer Baba implements generally accepted standards of technology security including firewalls and Secure Socket Layer (SSL) encryption when storing sensitive Personal Data. In addition, when sending your personal data to Hazer Baba via the website, mobile application and mobile site, this data is transferred using SSL.
Regarding the prevention of unlawful access to the personal data that Hazer Baba processes, the prevention of unlawful processing of this data and the protection of personal data:
All areas on the website or mobile application from which personal data are obtained are protected with SSL,
Creates and implements access authorization and control matrices for its employees so that personal data collected from the website or mobile application is not processed unlawfully,
In order to ensure that personal data is not accessed unlawfully; periodically performs penetration tests, tests the system’s resistance to unauthorized access,
For all secondary data processing other than the primary processing purpose, it uses the Pseudonymization (aliased data) method. It uses encryption methods in the systems where this data is located in order to ensure that the pseudonymous data makes it impossible to identify the person concerned, and applies a stricter access authorization and control policy to this data,
It ensures that personal data in the paper environment is kept in locked cabinets and only accessed by authorized persons.
Personal data processed through cookies belonging to third parties from which service is received, are deleted from the systems of third parties if the membership is terminated.
In the event that personal data is damaged or in the hands of unauthorized third parties as a result of attacks on the platforms operated by Hazer Baba or the Hazer Baba system, despite Hazer Baba taking the necessary information security measures,
Hazer Baba immediately informs you and the Personal Data Protection Board of this situation and takes the necessary measures.
To Whom Personal Data Can Be Transferred And For What Purpose
Hazer Baba transfers personal data to third parties only for the purposes specified in this Privacy and Personal Data Protection Policy and in accordance with Articles 8 and 9 of the KVK Law. In this context, the Customer/Member data processed and the person information on whose behalf the purchased product will be delivered are shared with the event organizer, agency, Facebook, public institutions and organizations, and group companies, and this data can also be accessed by the call center when necessary.
Customer data is also shared with the commercial electronic message service provider in order to provide promotions, advertisements, benefits and opportunities in line with the shopping preferences, tastes and habits of the customer in line with the commercial electronic message approval of the customer.
Website or mobile application usage preferences and browsing history are shared with third parties from whom cookies are served, in order to communicate with the Customer/Member in line with their tastes and preferences. In this context, personal data transfers are carried out through secure media and channels provided by the relevant third party. Depending on the content and scope of the service received from third parties; In all cases where there is no need to transfer the personal data of the Customer/Member, the transfer is made using Pseudonymous data (pseudonymous data).
In addition to the technical measures to ensure their security, the personal data subject to domestic and international transfer we mentioned above; Considering that the other party of the legal relationship is a data controller or a data processor, it is also legally protected thanks to the provisions in line with the KVK Law included in our contracts.
Personal Data Retention Periods
Hazer Baba preserves the personal data he processes in accordance with the KVK Law for the periods stipulated in the relevant legislation or required by the purpose of processing. In our Personal Data Retention and Disposal Policy, these periods are approximately as follows:
| Call Center audio recordings | 3 years | Law on regulation of electronic commerce and related secondary legislation | |
| Membership and purchase records | 10 years | Turkish Code of obligations | |
| All Records Regarding Accounting and Financial Transactions | 10 years | Turkish Commercial Code and Tax Procedure Law | |
| Cookies | Up to 540 days | ||
| Commercial electronic message confirmation | 1 year from the date of withdrawal of consent | Law on regulation of electronic commerce and related secondary legislation | |
| Traffic information about online visitors | 2 years | Law No. 5651 on the Regulation of Publications Made on the Internet and Fight Against Crimes Committed Through These Publications | |
| Personal data regarding customers | 10 years after the legal relationship ends; 3 years in accordance with the 6563 Law and related secondary legislation | Turkish Code of Obligations, Law on regulation of electronic commerce and related secondary legislation | |
| Personal data regarding suppliers | 10 years after the legal relationship ends | Turkish Commercial Code, Tax Procedure Law | |
You can review our Cookie Policy for the retention periods of the personal data we obtain through cookies.
Profilling
By using the personal data of the Customer/Member processed by Hazer Baba;
a. It makes profiling in order to prepare content more suitable for the likes and preferences of the Customer/Member, and to make advertisements, promotions and discounts regarding the Customer/Member who gives consent for receiving commercial electronic messages.
b. Profiling is also done for the Customer/Member who has not given commercial electronic message approval;
1. Product improvement (determination of the most sold or unsold product categories),
2. Organizing campaigns for customer groups that have the potential to buy a certain product by making models by analyzing shopping preferences and uploading them to the system,
Efforts are being made to take actions to increase the sales potential.
Within the scope of profiling studies, the personal data of the Customer/Member, especially name and surname, mobile phone, e-mail or address information, are not used directly, instead, transactions are made with the Customer/Member IDs assigned to them. The personal data of the Customer/Member is protected by the use of the Customer ID or in other words pseudonymous data. Customer/Member IDs are only accessible to relevant persons or departments within Hazer Baba. These IDs assigned to the Customer/Member are kept in the system by Hazer Baba and access to this section is again only given to limited people.
What are the Rights of the Related Persons on their Personal Data and How They Can Use These Rights
The rights of the Related Person on the personal data processed by Hazer Baba in accordance with article 11 of the KVK Law are listed below:
Learning whether personal data is processed or not,
If personal data has been processed, requesting information about it,
Learning the purpose of processing personal data and whether they are used in accordance with its purpose,
Knowing the third parties to whom personal data is transferred at home or abroad,
Requesting correction of personal data in case of incomplete or incorrect processing,
Requesting the deletion or destruction of personal data within the framework of the conditions stipulated in Article 7 of the KVK Law,
Requesting notification of the transactions made pursuant to subparagraphs (d) and (e) to third parties to whom personal data has been transferred,
Objecting to the emergence of a result against the person himself by analyzing the processed data exclusively through automated systems,
To request the compensation of the damage in case of loss due to unlawful processing of personal data.
In order to exercise your rights over your personal data; You can access your account from the ‘’Profile’’ section of the Hazer Baba website, mobile application and mobile site and make the necessary changes, updates and / or deletions. info@hazerbaba.comFIX!!!!You can apply through our customer service channel and exercise your rights. In addition, you can apply through other methods specified in the Application Form on the www.hazerbaba.com page.
How Relevant Persons Can Change Their Positive or Negative Preferences for Receiving Electronic Commercial Messages
You can change or update your positive or negative preferences for receiving commercial electronic messages, which you have given when you become a member of the website or mobile application of the electronic commerce platforms operated by Hazer Baba, at any time by accessing the ‘’Profile’’ section.
Termination of membership does not mean withdrawing your consent to receive commercial electronic messages. For this reason, be sure to complete all the procedures to revoke your consent.
In terms of cookie management, you can follow the steps specified in our Cookie Policy.
Personal Data Sharing with Official Authorities
Hazer Baba will be able to share your personal data regarding your visit or membership to electronic commerce platforms and mobile applications operated by Hazer Baba, and your traffic information, such as your navigation information, with public institutions and organizations that are legally authorized to request this information in order for Hazer Baba to fulfill its obligations under the law.
Cookie Usage and Management
You can review our Cookie Policy for detailed information about the cookies used by Hazer Baba, types of cookies, their purposes, storage periods and cookie management.
Terms of Deletion, Destruction and Anonymization of Personal Data
Hazer Baba retains the personal data it processes through its website, mobile application or mobile site for the periods stipulated by the relevant laws and/or for the periods required by the purpose of processing, pursuant to articles 7, 17 of the KVK Law and article 138 of the Turkish Penal Code. In the event that these periods expire, it will delete, destroy or anonymize Personal Data in accordance with the provisions of the Regulation on the Deletion, Destruction or Anonymization of Personal Data.
Deletion of personal data by Hazer Baba means the process of making personal data inaccessible and unusable for the relevant users in any way. For this, Hazer Baba creates and implements a user-level access authorization and control matrix. It takes the necessary measures to perform the deletion in the database.
Destruction of personal data by Hazer Baba means the process of making personal data inaccessible, unrecoverable and unusable by anyone in any way.
Anonymization of personal data by Hazer Baba means that personal data cannot be associated with an identified or identifiable natural person in any way, even if it is matched with other data.
Hazer Baba explains in detail the methods of deletion, destruction and anonymization and the technical and administrative measures he has taken within the scope of the Personal Data Storage and Disposal Policy prepared in accordance with the Regulation on the Deletion, Destruction or Anonymization of Personal Data. In this Policy, the period of time for the periodic destruction stipulated by the Regulation is determined as 6 months.
Changes to the Privacy/Personal Data Protection Policy
Hazer Baba can always make changes in this Privacy/Personal Data Protection Policy. These changes will become effective immediately upon the publication of the amended new Privacy/Personal Data Protection Policy. To make you aware of the changes/ amendments made herein this Policy of Privacy/ Protection of Personal Data and Communication Permission, necessary notification will be made to you/ our members.