BEEBIRD TECHNOLOGY INC.


Personal Data Protection and Processing Policy


  1. ENTRANCE

Beebird Technology Inc. With this Policy prepared for and other written policies within BEEBIRD; It is aimed to process and protect the personal data of our customers, potential customers, employees, prospective employees, visitors, employees of the institutions we cooperate with and third parties in accordance with the law.


In this policy text, the following basic principles adopted by BEEBIRD for the processing of personal data will be explained:



Processing of personal data within the scope of consent,

Processing of personal data in accordance with the law and the rules of honesty,

Keeping personal data accurate and updated when necessary,

Processing personal data for specific, clear and legitimate purposes,

Limited and measured processing of personal data in connection with the purpose for which they are processed,

Keeping personal data for the period stipulated in the relevant legislation or necessary for the purpose for which they are processed,

Enlightening and informing personal data owners,

Creating the necessary infrastructure for personal data owners to exercise their rights,

Taking necessary measures to protect personal data,

Acting in accordance with the relevant legislation and the regulations of the Personal Data Protection Board in determining and implementing the processing purposes of personal data and transferring them to third parties,

Special regulation of the processing and protection of special personal data


  1. SCOPE OF THE POLICY

This policy; It relates to all personal data of our customers, employees, prospective employees, visitors, employees of the institutions we cooperate with and third parties processed automatically or non-automatically, provided that it is part of any data recording system, and was put into effect by BEEBIRD in October 2023.



2.1. FOR BEEBIRD CUSTOMERS


Personal information of BEEBIRD customers; It is collected directly from customers through sources such as website visits, memberships and purchases, purchases made in stores, shares in telephone or e-mail correspondence, and workplace visits. If the Customer purchases goods or services from BEEBIRD or otherwise enters into a commercial or legal relationship with BEEBIRD; including identity data (name, surname, TR ID number/passport number); contact data (e-mail address, address and telephone information, IP address), data regarding the products purchased from stores within the scope of BEEBIRD's field of activity, shopping time information, information about the campaigns and discounts used, visuals taken through security cameras in the stores for security purposes. and audio data, store visit records are processed by BEEBIRD within the framework of Article 5, Paragraph 2 of the Law, within the scope of the establishment/performance of the contract, fulfillment of legal obligations and legitimate interests.


In addition, shopping habits, preferences, tastes and likes regarding all kinds of products, including gender, date of birth, marital status and clothes, body data, location data, bank account information, occupation data, education data, financial data, digital data collected as a result of website use. trace data, operating system version information of the mobile device used, to take necessary measures to protect their privacy; In order to benefit from the products and services offered by BEEBIRD without any problems, to improve our product and service diversity and to provide service with the principle of "the best service, the best product", personal product habits are analyzed through automatic systems regarding the products purchased/interested in. For the purpose of preparing and presenting various reports, analyzes and studies in order to benefit from customer services, consumer rights and other opportunities, provided that they do not harm fundamental rights and freedoms, and again by group companies, business partners, suppliers, service providers, real and/or legal entity shareholders. It is processed and stored by BEEBIRD as the Data Controller, based on the explicit consent of the customer, for use in


If the customer does not have prior consent and permission; Consent is requested in accordance with the legal obligation for personal data that is stated above and does not fall within one of the reasons for legality in Article 5/2 of the law. In this case, if the customer has an application in our store, he/she can give permission in digital environment with the same legal nature and value along with written and signed permission. If it is deemed appropriate after evaluating the electronic communication permission text and BEEBIRD Personal Data Processing Policy presented to the customer in digital environment (SMS), by ticking the relevant permission boxes and pressing the send button, the password generated only for the relevant customer and sent to the mobile phone will be given to the store clerk. /approval process will be completed. Apart from this, the customer can also reach BEEBIRD from the website www.karaca.com.tr and carry out the necessary permission/approval procedures. This permission/approval can be withdrawn or canceled by the customer at any time. For all requests and wishes regarding these matters, you can contact BEEBIRD by calling 444 2495 or e-mail address “info@beebird.io”.


Personal data of customers is never shared outside the framework set by the Law. Personal data received directly from customers through our stores, websites and mobile applications and provided by our company through various channels in accordance with the law, provided that adequate and effective measures are taken in accordance with the security and confidentiality principles determined in the legislation; It can be shared with public institutions or organizations authorized to request this data in accordance with legal obligation, institutions and business partners at home and abroad with whom we have agreements due to our activities.


  1. ISSUES RELATED TO THE PROTECTION OF PERSONAL DATA

BEEBIRD takes the necessary administrative and technical measures in accordance with Article 12 of the Personal Data Protection Law.


As BEEBIRD, we carry out the technical and administrative measures deemed necessary to preserve your personal data that we process within the framework of our company activities in accordance with KVKK and relevant legislation, within the framework of the necessary technological infrastructure, and accordingly take precautions against data breach, unauthorized access, data loss, unauthorized modification of data and other threats. We carry out the necessary inspections.


In this context, we identify current risks and threats, train our employees and carry out awareness activities, and determine policies and procedures regarding personal data security; ensures personal data minimization, creates necessary confidentiality agreements with data processors; In order to ensure cyber security, we use firewalls and up-to-date anti-virus programs, configure our existing software and hardware, perform software updates and audits; We ensure the security of physical and electronic environments containing personal data, and take the necessary measures to prevent your data security from being violated by unauthorized persons through key management, access logs, user account management, infiltration control and encryption methods.


  1. PROTECTION OF SPECIAL PERSONAL DATA

Special importance has been attached to special personal data, which are limited in the Personal Data Protection Law, due to the risk of causing victimization or discrimination if processed unlawfully. These data; Data regarding race, ethnic origin, political thought, philosophical belief, religion, sect or other beliefs, appearance and clothing, association, foundation or union membership, health, sexual life, criminal conviction and security measures, as well as biometric and genetic data.


BEEBIRD acts with care in protecting special personal data, which are determined as special by the Personal Data Protection Law and processed in accordance with the law. In accordance with the decision taken by the Board, confidentiality agreements were signed with the relevant users who processed sensitive data and training was provided to the employees. However, technical measures have been taken to protect the data. Administrative and technical measures prescribed by the law are being implemented.



  1. ISSUES RELATED TO THE PROCESSING OF PERSONAL DATA

BEEBIRD, in accordance with Article 20 of the Constitution and Article 4 of the Personal Data Protection Law, complies with the law and the rules of honesty regarding the processing of personal data; accurate and up to date when necessary; Pursuing specific, clear and legitimate purposes; engages in personal data processing in a limited and measured manner in connection with the purpose. BEEBIRD retains personal data for the period stipulated by law or required for the purpose of processing personal data.


BEEBIRD informs data owners in accordance with Article 10 of the Personal Data Protection Law and processes these personal data based on the criteria specified below by requesting consent from data owners in cases where consent is required.


   

  1. CLARIFICATION AND INFORMATION OF THE PERSONAL DATA OWNER

BEEBIRD informs personal data owners during the acquisition of personal data in accordance with Article 10 of the Personal Data Protection Law. In this context, BEEBIRD provides information about the identity of its representative, if any, the purpose for which personal data will be processed, to whom and for what purpose the processed personal data can be transferred, the method and legal reason for collecting personal data, and the rights of the relevant person, according to the nature of the data owner and the data processing process. Information texts have been published in all stores and websites, and the necessary information processes have been completed for employees and visitors.



  1. TRANSFER OF PERSONAL DATA

By taking the necessary security measures in line with the legal personal data processing purpose, BEEBIRD may transfer the personal data and sensitive personal data of the relevant person to third parties, albeit rarely, for business needs. By BEEBIRD; Personal data can be transferred to foreign countries that have been declared to have adequate protection by the Personal Data Protection Board, or, in the absence of adequate protection, to foreign countries where the data controllers in Turkey and the relevant foreign country undertake to provide adequate protection in writing and the permission of the Personal Data Protection Board is obtained.


The basis for transfer is primarily the express consent of the person concerned, and if there is no explicit consent, the measures determined by the institution are taken into account in cases deemed to be grounds for compliance with the law in accordance with Article 5, Paragraph 2 and Article 6, Paragraph 2 of the Law.



  1. STORAGE PERIOD OF PERSONAL DATA

BEEBIRD stores personal data for the period specified in the relevant laws and regulations, if required.


If a period of time is not regulated in the legislation regarding how long personal data should be stored, personal data is stored for a period of time that requires it to be kept in accordance with BEEBIRD practices and industry practices, depending on the activity carried out by BEEBIRD while processing that data, and then deleted in accordance with the relevant policy established by BEEBIRD in accordance with the nature of the data. are destroyed or made anonymous.


The purpose of processing personal data has expired; If the storage periods determined by the relevant legislation and BEEBIRD have expired; Personal data can only be stored to serve as evidence in possible legal disputes or to assert the relevant right based on personal data or to establish a defense. In establishing the periods here, the limitation periods for asserting the mentioned right and the retention periods are determined based on the examples in the requests previously made by BEEBIRD on the same issues, even though the limitation periods have passed. In this case, the stored personal data is not accessed for any other purpose and the relevant personal data is accessed only when it needs to be used in the relevant legal dispute.




  1. DESTRUCTION (DELETION, DESTRUCTION AND ANONYMIZATION) CONDITIONS OF PERSONAL DATA

In accordance with Article 138 of the Turkish Penal Code, Article 7 of the Personal Data Protection Law and the "Regulation on Deletion, Destruction and Anonymization of Personal Data" issued by the Personal Data Protection Authority, the reasons requiring processing even though it has been processed in accordance with the provisions of the relevant law. In case of disappearance, personal data will be deleted, destroyed or anonymized, based on BEEBIRD's own decision or upon the request of the relevant person.




  1. RIGHTS OF RELATED PERSONS AND THE USE OF THESE RIGHTS

In accordance with Article 10 of the Personal Data Protection Law, BEEBIRD notifies individuals of the rights of the relevant person and guides relevant individuals on how to exercise these rights. In addition, BEEBIRD carries out the necessary channels, internal operation, administrative and technical regulations in accordance with Article 13 of the KVK Law, in order to evaluate the rights of the relevant person and provide the necessary information to the relevant persons.


12.1 Rights of the Relevant Person

 

The relevant person has the following rights:


Learning whether personal data is processed or not,

Requesting information if personal data has been processed,

Learning the purpose of processing personal data and whether they are used for their intended purpose,

Knowing the third parties to whom personal data is transferred at home or abroad,

Requesting correction of personal data in case personal data has been processed incompletely or incorrectly and requesting that the action taken in this context be notified to third parties to whom personal data has been transferred,

Requesting the deletion or destruction of personal data in case the reasons requiring processing no longer exist, even though it has been processed in accordance with the Personal Data Protection Law and other relevant legal provisions, and requesting that the action taken in this context be notified to third parties to whom personal data has been transferred,

Objecting to a result that is unfavorable to the person by analyzing the processed data exclusively through automatic systems,

Request compensation for damages in case of damage due to unlawful processing of personal data.


12.2 Situations Where the Relevant Person Cannot Assert His Rights


Since the following situations are excluded from the scope of the KVK Law in accordance with Article 28 of the KVK Law, the relevant persons cannot assert their rights listed in the 1st paragraph of Article 12 in these matters:



Processing of personal data for purposes such as research, planning and statistics by anonymizing them with official statistics.

Processing of personal data for artistic, historical, literary or scientific purposes or within the scope of freedom of expression, provided that it does not violate national defence, national security, public security, public order, economic security, privacy of private life or personal rights or constitute a crime.

Processing of personal data within the scope of preventive, protective and intelligence activities carried out by public institutions and organizations authorized by law to ensure national defence, national security, public safety, public order or economic security.

Processing of personal data by judicial authorities or enforcement authorities regarding investigation, prosecution, trial or enforcement proceedings.


In accordance with the 2nd paragraph of Article 28 of the Personal Data Protection Law, in the cases listed below, the relevant persons cannot assert their other rights listed in the 1st paragraph of Article 12, except for the right to demand compensation for the damage:



Processing of personal data is necessary for the prevention of crime or criminal investigation.

Processing of personal data made public by the data subject.

Processing of personal data is necessary for the execution of auditing or regulatory duties and disciplinary investigation or prosecution by public institutions and organizations and professional organizations that are public institutions, based on the authority granted by the law.

Personal data processing is necessary to protect the economic and financial interests of the State regarding budget, tax and financial matters.


12.3 Personal Data Owner's Exercise of His Rights


Relevant persons may submit their requests regarding their rights specified in this policy by filling out and signing the application form with information and documents that will identify them and by the methods specified below or other methods determined by the Personal Data Protection Board, or by submitting an application containing the necessary elements included in the Application Procedures Communiqué prepared by the Board. They will be able to forward it to BEEBIRD free of charge.


After filling out the application form at https://beebird.io/ or by sending a wet signed copy of another written document containing the information specified in this form and required to be notified in accordance with the legislation, in person or by registered letter, to Dudullu OSB, 34775, Ümraniye, Istanbul. forwarding to the address,


After completing the form at https://beebird.io/ or signing another written document or e-mail content containing the information specified in this form and required to be notified in accordance with the legislation with your secure electronic signature within the scope of the Electronic Signature Law No. 5070, you can send the secure electronic signature form to info@ Sending it to beebird.io or to the same mail address via your registered e-mail address if registered in the systems.


If the personal data owner submits his request to BEEBIRD in accordance with the procedure, BEEBIRD will finalize the relevant request free of charge within thirty days at the latest, depending on the nature of the request.