These Privacy and Personal Data Protection Principles (hereinafter referred to as the “Principles”) determine the principles adopted by Demsa İç ve Dış Ticaret A.Ş. (hereinafter referred to as the “Company”) regarding the protection of personal data and aim to inform all relevant parties within the scope of Law No. 6698 on the Protection of Personal Data (hereinafter referred to as the “Law No. 6698 / KVKK”).
As the Data Controller, the Company processes your personal data within the framework of the following principles:
Your personal data are processed in accordance with the legal regulations and the general principle of good faith and trust. In particular, while pursuing our data processing purposes, we take into account your interests and reasonable expectations, avoid misuse of rights, and act transparently in data processing activities.
In line with this principle, which emphasizes the importance of the accuracy and updating of personal data, periodic controls and updates are carried out considering your legitimate interests, and necessary measures are taken accordingly. Systems for verifying and correcting personal data are established within the Company. The accuracy of data sources is also checked, and requests arising from inaccurate data are taken into account. This principle aligns with your right to request correction of personal data as per Article 11 of KVKK.
Your personal data are processed based on clear, specific, and legitimate purposes. We ensure that data processing activities are clearly understandable to the relevant persons, specifying the purposes and legal grounds in Article 3 of these Principles.
Your personal data are processed in a limited, relevant, and proportionate manner to the purposes envisaged. Processing of data unrelated or unnecessary for the purpose is avoided. No new personal data are collected or processed for purposes that do not currently exist or are only considered later.
Your personal data are retained only for the period stipulated by applicable law or necessary for the processing purpose. The Company implements and applies relevant administrative and technical measures. First, it is determined whether there is a legally prescribed retention period. If so, the period is followed; if not, data are kept only as long as necessary. Upon expiration or when reasons for processing cease, data access by irrelevant departments is prevented by deletion as regulated by KVKK. In the absence of legal grounds for longer retention, personal data are deleted or anonymized.
Your personal and sensitive personal data may be processed under the conditions specified below, within the scope of KVKK.
The main rule is that personal data cannot be processed without explicit consent, except where laws explicitly allow data processing.
If it is impossible for the data subject to give consent or if the consent is invalid, and processing is necessary to protect life or physical integrity of the data subject or another person, data may be processed.
Personal data may be processed if necessary for the establishment or performance of a contract to which the data subject is a party.
Data may be processed to fulfill legal obligations arising from legislation, contracts, or similar liabilities.
If you have disclosed your personal data publicly, these data may be processed in connection with the purpose and proportionate to the disclosure.
Data may be processed if necessary to establish, exercise, or protect a legal or commercial right of the Company.
If data processing is necessary for the legitimate interests of the Company, your data may be processed, considering and balancing your fundamental rights and freedoms.
While explicit consent is the primary legal basis for processing, if one of the above conditions exists, consent may not be required to avoid misuse of rights. Otherwise, personal data are processed based on your explicit consent.
Sensitive personal data are processed based on your explicit consent pursuant to Article 6 of KVKK. However, except for health and sexual life data, sensitive data may be processed when legally required. Health and sexual life data may be processed without consent by authorized persons or institutions under confidentiality obligations for public health protection, preventive medicine, diagnosis, treatment, planning, and financing of health services.
Your personal and sensitive personal data may be transferred domestically to our business partners, public institutions, or abroad in accordance with Articles 8 and 9 of KVKK. Where required, explicit consent is obtained prior to transfer.
The Company takes all reasonable administrative and technical measures to ensure the security of personal data, prevent unlawful processing, unauthorized access, accidental loss, intentional destruction, or damage. Access to personal data is limited to authorized persons with necessary technical and physical measures. Authorization systems are designed to prevent excessive access. The Company conducts audits to ensure compliance with KVKK.
Measures include, but are not limited to:
As a data subject, you may exercise your rights under Article 11 of KVKK. If you are an EU citizen, you may also exercise your GDPR rights, such as withdrawing consent, accessing your data, correction, deletion, restriction of processing, data portability, objection to processing, and others. You can submit your requests by filling out the Personal Data Protection Application Form on our website or by applying through the methods below, fulfilling the minimum requirements stipulated by the Communiqué on Application Procedures to Data Controllers. The Company will respond free of charge within 30 days, depending on the request's nature. Fees may apply according to Personal Data Protection Board tariffs. In case of rejection, insufficient response, or no response within the legal period, you may notify us and apply to the competent data protection authority within 30 days of notification or 60 days of your proper application.
| Application Method | Contact Address |
|---|---|
| Electronic communication via KEP | demsa@hs03.kep.tr |
| Email registered in our system or secure electronic/mobile signature | kvkk@demsagroup.com |
| Written application personally or via notary | Kısıklı Cad. No:41 Altunizade 34662 İstanbul/Türkiye |
In case of any conflict or discrepancy between the Turkish and English texts, the Turkish text shall prevail. This document is for informational purposes only.