Privacy and Security Policy | Patiswiss

PRIVACY AND SECURITY POLICY

Patisfood Grup Gıda Sanayi ve Ticaret A.Ş. (“Company”) operates under the Patiswiss brand. Privacy Policy, www.patiswiss.com.tr It clearly explains the methods by which personal data of all users who visit the website, create a membership, place an order, participate in campaigns, subscribe to our newsletters or contact customer services are collected, how it is processed, for how long it is stored and under what conditions it is shared with third parties.

While processing your data, we act in accordance with the Personal Data Protection Law No. 6698 (KVKK), the Electronic Commerce Law, the Turkish Commercial Code, the Code of Obligations, the Consumer Law, the Tax Procedure Law and all relevant legislation.

1. Personal Data Collected

Our company collects various categories of personal data to provide you with services. This data may be obtained through various means, including our website, mobile devices, customer service, social media, or third-party partners.

Your identity information consists of basic data that identifies you, such as your first name, last name, and date of birth. This information is necessary to ensure that your orders are delivered to the correct person and that billing transactions are carried out legally.

Your contact information includes your phone number, email address, and shipping and billing addresses. This information is used to contact you about your order, ensure delivery, notify you of your order status, and allow customer service to contact you when necessary.

Your membership and account information includes your username, password, preference settings, and past activity on the Site. This information allows us to create a unique account for you, provide secure login, and provide a user experience customized to your preferences.

Your order and transaction information includes the items in your shopping cart, your order history, your return and exchange requests, payment preferences, and your transaction numbers. This data is used to process and track your orders, and to provide after-sales service.

Your payment information consists of data such as the payment method, transaction number, and amount. Your credit card number and other sensitive financial information are not stored by our Company; they are processed solely by banks and payment institutions in secure systems.

Your device and usage data includes information such as your IP address, browser information, session duration, which pages you visit on the site, which products you browse, and your usage habits. This information is used for both security purposes and to improve the site's performance and user experience.

Your customer communication records include your call center conversations, email correspondence, and complaints or requests. These records are kept to improve service quality and serve as evidence in the event of any disputes.

Finally, your marketing data consists of your newsletter subscription, participation in campaigns, your consent status for commercial electronic messages and your preferred communication methods.This data is only processed with your explicit consent and is used to send you special campaigns and offers.

Patiswiss processes the personal data of individuals under the age of 18 only with the consent of their parents or legal guardians. Children are advised to exercise parental supervision when using our website. Personal data belonging to children obtained without parental consent will be deleted immediately upon discovery.

2. Cookie Policy

2.1. What is a Cookie?

Cookies are small text files saved on your device by the websites you visit. Cookies allow the Site to recognize you when you return, remember your preferences, maintain your shopping cart, and offer you personalized content.

2.2. Purposes of Use of Cookies

At Patiswiss, we use cookies for various purposes. Essential cookies are essential for the Site's operation; they enable you to log in, maintain your shopping cart, and perform security checks. Preference cookies make your visit easier by remembering your settings, such as your language and location preferences. Analytical cookies help us understand how many people visit the Site, which products are viewed most, which pages are of most interest, and users' browsing habits.

Marketing cookies are used to provide us with personalized advertisements and campaign recommendations based on your interests.

2.3. Third Party Cookies

Your use of the Site may be analyzed through third-party tools such as Google Analytics, Meta Pixel, and similar tools. These tools may operate from servers located abroad. In such cases, your data will be transferred abroad, and necessary security measures will be taken in accordance with Article 9 of the Personal Data Protection Law, and your explicit consent will be obtained when necessary.

2.4. Storage Period and Management of Cookies

Session cookies are deleted when you close your browser. Persistent cookies are stored on your device for six months to two years. The retention periods for third-party cookies may vary depending on the provider's own policies. Your explicit consent is required for non-essential cookies to be stored on your device. You can change your preferences, delete, or block cookies through the Cookie Management Panel on the Site or through your browser settings.

You can control or delete cookies at any time through your browser. For example, Google Chrome users can access the "Settings" &> Privacy and Security &From the “Cookies” menu, Safari users can go to “Preferences &> Privacy” menu, Microsoft Edge users can access “Settings &You can manage cookies through the steps of "Cookies and Site Permissions." However, disabling cookies may cause some features of the Site to not function properly.

3. Purposes of Data Processing

Your personal data is processed for many different purposes. Primarily, it's processed to complete your membership process, manage your account information, and enable you to log in securely.Preparing your orders, carrying out payment and invoicing transactions, delivering the products to you and carrying out post-sale return or exchange processes also require the processing of your personal data.

The purposes for which we process your data include providing customer support, receiving and resolving complaints, maintaining Site security, and preventing fraud. We also use your usage data to measure Site performance, improve your user experience, and provide you with better service. Marketing activities and campaigns are only conducted with your explicit consent. In addition, we process your personal data to fulfill our legal obligations and defend our rights in the event of any disputes.

4. Explicit Consent and Approval

At Patiswiss, we process your personal data solely based on your explicit consent, excluding the legal grounds stipulated in the Personal Data Protection Law. Your explicit consent is necessary for situations such as informing you about campaigns and promotions, conducting marketing activities, sharing data with third parties for advertising purposes, and transferring data abroad. You can withdraw your explicit consent at any time and easily revoke any consents you previously provided. If you withdraw your consent, the relevant activities will be stopped, but this will not affect the lawfulness of any previously performed processing.

5. Sharing and Transfer of Data

At Patiswiss, we do not sell your data to third parties under any circumstances and do not use it for purposes other than its intended purpose. However, to provide services and fulfill legal obligations, your data may be shared with certain individuals and organizations. We share your data with courier companies to deliver your orders, with banks and payment institutions to process payments, and with IT and hosting service providers to ensure the secure operation of our systems.

Your personal data may be shared with call center service providers to receive and resolve your customer requests, and with public institutions and authorities if legally required. Additionally, your data may be shared with our marketing partners for advertising and promotional purposes only with your explicit consent. When data transfer abroad is necessary, the necessary security measures are taken pursuant to Article 9 of the Personal Data Protection Law, and the transfer will only be carried out in accordance with the law.

6. International Data Transfers

Our company has business partners and affiliates operating abroad (e.g., in Germany and the USA). Your personal data is transferred abroad only if necessary and with security measures in place in accordance with Article 9 of the Personal Data Protection Law. Data protection commitments are obtained from all parties to whom data is transferred, and standard contracts approved by the Personal Data Protection Board are used whenever possible.

7. Data Retention Period

Your collected data is stored for as long as necessary for the purposes for which it is processed and for the periods stipulated in relevant legislation. Order and invoice records are retained for ten years, as the Tax Procedure Law and the Turkish Commercial Code require such records. Customer requests and complaints are retained for at least three years.

Membership information is retained for as long as your account remains active; if you close your account, it is retained only for the period required by legal obligations. Records of consent and rejection of commercial electronic messages are retained for as long as your consent remains valid and for one year thereafter. Log data for site security and usage statistics is retained for six months to two years. Cookies, depending on their type, remain on your device for six months to two years. All expired data is securely deleted, destroyed, or anonymized.

8. Data Security

Our company implements the highest security standards to protect your personal data from unauthorized access, loss, alteration, or misuse. Technical, administrative, and organizational measures are taken to this end.

Technical measures include SSL/TLS encryption, firewalls, intrusion detection and prevention systems, regular backups, and penetration testing of our systems. As part of our administrative measures, our employees receive regular data protection training, sign confidentiality agreements, and adhere to established policies and procedures. As part of our organizational measures, access rights are restricted to those responsible for their duties, duties are segregated to reduce the risk of error and abuse, and regular internal audits are conducted.

In case of any data breach, the source of the problem is first identified, the damage is prevented from escalating, the relevant persons are informed as soon as possible, and the Personal Data Protection Authority is notified within the legal period.

In the event of a data breach, such as the unauthorized access, disclosure, or unlawful processing of your personal data, our Company takes action as quickly as possible. First, the impact of the breach is contained, and then the Personal Data Protection Authority and the affected individuals are notified within 72 hours. Data subjects will also be notified via email or other communication channels if deemed necessary.

9. Your Rights (KVKK Art. 11)

As a data subject, you have extensive rights under Article 11 of the Personal Data Protection Law. You can learn whether your personal data is being processed and, if so, request detailed information. You have the right to learn the purposes for which your data is being processed, whether it is being used appropriately, and to whom it is being transferred.

If your data is incomplete or processed incorrectly, you may request correction. If there is no longer a need to process your data, you may request deletion. You may also request that third parties to whom your data has been transferred be notified of any corrections or deletions.

If your personal data is analyzed solely by automated systems and a decision is made against you, you have the right to object. Furthermore, if you suffer harm due to the unlawful processing of your personal data, you may request compensation for that harm.

10. Application Procedure

You can apply to our Company to exercise your rights.You can submit your applications using our registered electronic mail (KEP) address with a secure electronic signature, using an e-signature or mobile signature, by written request to the email address we provide, by mail or courier, or in person by verifying your identity. Your applications will be reviewed and you will be notified within thirty days.

Applications are processed free of charge; however, if the process incurs additional costs, a fee may be charged at the rate determined by the Personal Data Protection Board. If the response to your application is deemed inadequate or is not provided within the timeframe, you may file a complaint with the Personal Data Protection Board within thirty days of receiving the response, or in any case, within sixty days of the application date.

11. Policy Changes

This Privacy Policy may be updated from time to time. Updates may be made due to legal obligations, technological developments, changes to our services, or innovations in our corporate structure. The updated policy is effective from the moment it is published on the Site.

In case of significant changes that concern our users, announcements will be made via e-mail, SMS, on-site notifications or messages sent to your membership account to inform you in accordance with our principle of transparency.

As the Privacy Policy may be updated from time to time, users are advised to regularly check for the most current version. Always read the most current version of the Policy. www.patiswiss.com.tr You can reach us at the address.

12. Communication

The data controller is Patisfood Grup Gıda Sanayi ve Ticaret A.Ş. We are responsible for the protection of your personal data in all activities carried out under the Patiswiss brand.

You can contact us at the address 'Malıköy Anadolu OSB, 12. Cd. No:12, 06909 Sincan, Ankara/Türkiye',0850 308 20 04' from the phone number, 'clientservice@patisfoodgroup.com' from your email address and 'patiswiss@hs01.kep.trYou can contact us via the 'KEP' address. You can reach us through these channels for any requests, questions, or applications.