KVK Policy

IMPORTANT INFORMATIONS

KVK Policy
KVK Policy Form
Cookie Policy
Membership Agreement
Distance Sales Contract
Warranty and Return Conditions
Clarification Text

KURTSAN GROUP COMPANIES’ POLICY FOR PROTECTION AND PROCESSING OF PERSONAL DATA

This KVK Policy contains explanations on the following topics:

PURPOSE AND SCOPE

DEFINITIONS

PROCESSING OF PERSONAL DATA

3.1. Categories of Personal Data and Purposes of Processing

3.2. Personal Data Collection Method

3.3. Informing Relevant Person

3.4. General Principles Regarding the Processing of Personal Data

3.5. Conditions for Processing Personal Data

3.6. Processing of Sensitive Personal Data

3.7. Transfer of Personal Data

3.8. Processing of Data by the Group Companies

3.9. Storage and Destruction of Personal Data

PROTECTION OF PERSONAL DATA

THE RIGHTS OF RELEVANT PERSONS REGARDING PERSONAL DATA AND THE USE OF RIGHTS

5.1. Rights of the Relevant Persons

5.2. Use of Rights by the Relevant Persons

5.3. Evaluation and Response of Relevant Person’s Requests

THE RELATIONSHIP OF THE KVK POLICY WITH OTHER POLICIES

ENFORCEMENT OF KVK POLICY AND AMENDMENTS TO THE POLICY

PURPOSE AND SCOPE

The protection and privacy of personal data has been adopted as a corporate culture for KURTSAN GROUP COMPANIES (These include Kurtsan İlaçları Anonim Şirketi, Kurtsan Medikal Sanayi ve Ticaret Anonim Şirketi and Otacı Bitkisel Ürünler Sanayi ve Ticaret Anonim Şirketi. They shall be briefly referred to as “KURTSAN” or “Company” within the scope of the policy). Within the scope of its activities, the Company exerts utmost care and effort to process and protect the personal data of real persons in accordance with the applicable legal norms and universal legal principles. The Company is the data controller of the personal data you provide to us, including in relation to this website, and processes and protects personal data under this Policy.

This KVK Policy is related to the personal data of persons other than our employees, which our company, as the Data Controller, processes fully or partially automatically or non-automatically, provided that it is a part of any data recording system. The KVK Policy indicates how the principles and procedures set forth by the relevant legislation are implemented in the Company’s KVK processes.

Those imlemented in the protection and legal processing of personal data shall the relevant legislation, secondary regulations and universal legal principles in force in this field. In case of conflict between our KVK Policy and the relevant regulations in force, the applicable regulations shall be valid.

We may change this Policy from time to time, so please check them when you use our services to make sure that you are aware of our updated Policy.

DEFINITIONS

ABBREVIATION DEFINITION

‘’Explicit Consent’’ It is the consent that is related to a specific subject, based on information and given with free will.

“Obligation to Inform” During the acquisition of personal data, it is an obligation of the Company, in which the Data Controller or the persons authorized by the Data Controller are required to provide information within the scope of Article 10 of the KVK Law and the Communiqué on Principles and Procedures to be Followed In Fulfillment of the Obligation to Inform.

“Relevant Person”, “Data Subject” These are natural persons whose personal data are processed by the Company or authorized persons/institutions on behalf of the Company.

“Destruction” Erasure, destruction or anonymization of personal data.

“Personal Data” It is all kinds of information related to an identified or identifiable natural person.

“Anonymization of the Persona Data” Anonymization is the process of rendering personal data impossible to link with an identified or identifiable natural person, even though matching them with other data.

“Processing of Personal Data” Any operation performed on data such as obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making available, classifying and preventing the use of personal data by fully or partially automatic or non-automatic means provided that it is a part of any data recording system.

“Erasure of Personal Data” It is the process of making personal data inaccessible and unusable for the relevant users in any way.

“Destruction of Personal Data” It is the process of making personal data inaccessible, unrecoverable and unusable by anyone in any way.

“Board” Personal Data Protection Board

“Authority” Personal Data Protection Authority

“Law”, “KVK Law” Law No. 6698 on the Protection of Personal Data

“KVK Policy” It is the Personal Data Protection and Processing Policy adopted by the Company.

“Sensitive Personal Data” These are the data related to the race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, costume and clothing, membership to associations, foundations or unions, health, sexual life, criminal convictions and security measures, and biometric and genetic data.

“Profiling” Use of automated tools to process personal data to decipher certain things about people, such as analyzing or predicting their performance, reliability, economic situation, personal preferences, interests, behavior, location or movements in their operations.

“Company” KURTSAN GROUP COMPANIES

“Kurtsan Group Companies” These include Kurtsan İlaçları Anonim Şirketi, Kurtsan Medikal Sanayi ve Ticaret Anonim Şirketi and Otacı Bitkisel Ürünler Sanayi ve Ticaret Anonim Şirketi.

“VERBİS”, “Registry” It is the Data Controllers Registry Information System operated by the Personal Data Protection Authority.

“Data Processor” It is a natural or legal person who processes personal data on behalf of the data controller based on the given authority.

“Data Controller” It is the natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system.

PROCESSING OF PERSONAL DATA

3.1. Categories of Personal Data and Purposes of Processing

The Company shall process personal data in accordance with the general principles set forth in the Law, in particular the principles set forth in Article 4 of the Law on the processing of personal data in line with the personal data processing purposes (ANNEX-1) specified in the Data Controllers Information System (VERBIS) and based on and limited to at least one of the personal data processing conditions specified in Articles 5 and 6 of the Law. The company shall inform the relevant persons about the categories and purposes of data processing in the clarification texts in accordance with Article 10 of the Law and secondary legislation.

3.2. Personal Data Collection Method

The Company shall collect personal data electronically or in writing, in physical and electronic environment, in accordance with the personal data processing conditions specified in the KVK Law and this KVK Policy.

The company shall adopt the principle of acting in accordance with the law while obtaining personal data. Due to company activities, data shall be collected from third parties through data protection/transfer agreements and only as much as the activity requires, and at this point, measures shall be taken to ensure data security.

3.3. Informing Relevant Person

In accordance with Article 10 of the KVK Law and the provisions of the Communiqué on Principles and Procedures to be Followed In Fulfillment of the Obligation to Inform, the Company shall inform the relevant persons about the data controller of the personal data, the methods of collection, the legal reason for the processing, the purposes for processing, the purposes for which and to whom the personal data is transferred, and the rights of the relevant persons within the scope of the processing of their personal data.

3.4. General Principles Regarding the Processing of Personal Data

The Company shall comply with the “General Principles”, which are mandatory to be complied with while performing the personal data processing activities as stipulated in Article 4 of the KVK Law.

3.4.1. Processing in Compliance with Law and Good Faith

The company shall manage personal data processing activities in accordance with legal norms and universal legal principles and good faith, inform the relevant persons as necessary to ensure the transparency of the processes, and take into account the interests and reasonable expectations of the relevant persons in these processes. In this context, the data processing activity shall prevent the emergence of results that the relevant person does not expect and is not required to expect.

3.4.2. Ensuring Personal Data Is Accurate and Up-to-Date When Necessary

Personal data, as a rule, shall be processed upon the declaration of the relevant persons and as declared. The company shall not be obligated to investigate the accuracy of the data declared by the relevant persons and shall not make such a request in accordance with the law and working principles. The data shall be deemed accurate as declared. The Company shall take reasonable care and be attentive to keep personal data within its legal entity accurate, up-to-date and free of false information. It shall ensure the establishment of the necessary administrative and technical mechanism for updating the personal data in the relevant database, in case the changes in the processed personal data are communicated to the Company by the relevant person.

3.4.3. Processing for Specific, Clear and Legitimate Purposes

The Company shall sets forth its legitimate and lawful data processing purposes in a specific and clear manner before starting personal data processing activities, and process personal data as much as necessary and in connection with the Company’s products and services.

3.4.4. Being Relevant, Limited and Proportionate to the Purposes of Processing

Personal data shall be processed in a limited and proportionate manner in connection with the purposes determined by the Company and informed to the relevant person. The company shall pay attention to the fact that the processing is proportionate to achieve its purpose, taking into account the establishment of a reasonable balance between data processing and the intended purpose.

3.4.5. Storage for the Period Required for the Purpose of Processing or Stipulated in the Relevant Legislation

The Company shall retain personal data for the period required by the legislation or the purpose of processing. On the other hand, it shall erase, destruct or anonymise personal data when the period stipulated by the legislation expires or when all the purposes of processing are eliminated. As the Data Controller, the Company has determined the storage periods, destruction periods and technical and administrative measures to be implemented in the preservation in the Personal Data Storage and Destruction Policy, and declared these periods in VERBIS separately for each personal data category. The Company is aware that it is obligated to ensure that personal data are kept in accordance with these principles.

These principles shall be applied regardless of whether the Company processes personal data based on explicit consent or in accordance with other data processing conditions. At this point, the Company shall process personal data in accordance with the data processing conditions and general principles, and perform its obligation to inform the relevant persons.

3.5. Conditions for Processing Personal Data

The company shall process the personal data with the explicit consent of the relevant person or in accordance with these terms or conditions in case of existence of one or more of the other data processing conditions. In case the processed personal data is sensitive personal data, the conditions specified in the “Processing of Sensitive Personal Data” heading of this Policy shall be applied.

3.5.1. Presence of the Relevant Person’s Explicit Consent

In case the data subject has an explicit consent on a particular subject, which is based on information and given with free will, this data processing condition shall be applicable. The explicit consent obtained from the relevant person shall be preserved in a demonstrable manner by the Company for the required period of time within the scope of the KVK legislation. In the presence of the following personal data processing conditions, personal data may be processed without the need for the explicit consent of the relevant person.

3.5.2. Explicit Stipulation in the Law

If there is an express provision in the relevant law regarding the processing of that personal data, this data processing condition shall be applicable.

3.5.3. Failure to Obtain the Explicit Consent of the Relevant Person Due to Actual Impossibility

In the event that the processing of personal data is necessary for the protection of the life or physical integrity of the person or another person, who is unable to express his or her consent due to actual impossibility or whose consent has not been given legal validity, the data of the data subject shall be processed based on this data processing condition.

3.5.4. Its Direct Relation to the Conclusion or Performance of a Contract

Provided that it is directly related to the conclusion or performance of a contract to which the relevant person is a party, if the processing of personal data is necessary, the processing shall take place on the basis of this data processing condition.

3.5.5. Mandatory Processing by the Data Controller to Fulfill the Legal Obligation

If the processing of personal data is mandatory for the company to fulfill its legal obligations, the processing shall be based on this data processing condition.

3.5.6. If the Personal Data is publicized by the Relevant Person

Personal data publicized by the relevant person shall only processed for the purpose of making it public.

3.5.7. Mandatory Data Processing for the Establishment, Use or Protection of a Right

If data processing is mandatory for the establishment, use or protection of a right, the personal data of the relevant person shall be processed based on this data processing condition.

3.5.8. Mandatory Data Processing for the Legitimate Interests of the Data Controller

Provided that it does not harm the fundamental rights and freedoms of the relevant person, if data processing is mandatory for the legitimate interests of the Company, the processing shall be based on this data processing condition.

3.6. Processing of Sensitive Personal Data

The Company shall process sensitive personal data in accordance with the Policy on the Processing of Sensitive Personal Data and in the presence of one of the following data processing conditions, by complying with the additional measures announced by the Personal Data Protection Board and taking all necessary administrative and technical measures:

3.6.1. Presence of explicit consent of the relevant person.

3.6.2. In cases where the processing of sensitive personal data other than health and sexual life is stipulated by law.

3.6.3. Processing of data on health and sexual life by persons under confidentiality obligation for the purposes of protection of public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and their financing.

3.7. Transfer of Personal Data

3.7.1. Domestic Data Transfer

The Company shall transfer personal data, including sensitive personal data, as stipulated by the regulations in Article 8 of the KVK Law, to third parties (third party real and legal persons, authorized public institutions and organizations), based on appropriate personal data processing purposes and taking the necessary administrative and technical measures. The Company’s Transfer Recipient Groups are specified in VERBIS.

The Company shall act in accordance with the law in its data transfer activities. It shall only transfer data to third parties to which personal data is transferred to the extent required by the service. Transfer Recipients, who are data processors, shall instruct their groups accordingly regarding data security through data transfer contracts.

3.7 2. Transfer of Data Abroad

The Company shall be able to transfer personal data abroad only in the manner stipulated by the regulations in Article 9 of the KVK Law and by taking the necessary administrative and technical measures. This transfer shall be possible if one of the following conditions is met:

3.7.2.1. Foreign countries declared by the Authority to have adequate protection or

3.7.2.2. In the absence of adequate protection, without seeking the explicit consent of the relevant person, provided that the data controllers in Turkey and in the relevant foreign country undertake an adequate protection in writing and have the permission of the Board.

3.7.2.3. If one of the two conditions in question is not fulfilled, personal data can only be transferred abroad with the explicit consent of the relevant person.

If one of the aforementioned conditions exists, the Company may transfer personal data to IT, archive companies or cloud service companies in order to ensure the necessary infrastructure and services for corporate electronic communication channels and data security, and to platforms and applications of foreign origin for the purpose of service provision through instant messaging or online communication channels, which are widely and unavoidably used today. In addition, the Company may transfer personal data to our foreign suppliers in order to supply goods and services from foreign suppliers and to carry out its commercial activities.

3.8. Processing of Data by the Group Companies

In order to provide the services offered to you, to fulfill our mandatory or legal obligations, to carry out the Company’s activities in accordance with the Group’s goals and strategies and principles, and to protect its rights, interests and reputation, and only if necessary for the stated purposes, your personal data shall be transferred and/or made available to Group Companies by Kurtsan. We shall always ensure data protection and information security in data transfer to Group companies in accordance with the applicable data protection legislation.

3.9. Storage and Destruction of Personal Data

As the Data Controller, the Company has determined the storage periods, destruction periods and technical and administrative measures to be implemented in the preservation in the Personal Data Storage and Destruction Policy, and declared these periods in VERBIS separately for each personal data category. The Company is aware that it is obligated to ensure that personal data are kept in accordance with these principles.

In accordance with the KVK Law, personal data are kept for the period required by the relevant legislation or for the purpose for which they are processed. These are determined periods and after this period, the relevant personal data are erased, destructed or anonymised so that they can be used for analytical purposes at the end of the destruction periods stipulated in the relevant Policy in accordance with the Regulation on the Erasure, Destruction or Anonymisation of Personal Data. You can request more information via the contact details provided in this KVK Policy.

PROTECTION OF PERSONAL DATA

The Company shall take technical and administrative measures according to technological possibilities and implementation costs in order to ensure that personal data is processed in accordance with the law. The technical and administrative measures taken for the protection of personal data shall be implemented with care and additional measures in terms of sensitive personal data, and the necessary audits shall be periodically performed at the highest level within the Company, and these security measures shall be stated in VERBIS.

The Company shall take all appropriate security measures to ensure that personal data is processed only for the purposes specified in VERBIS (ANNEX-1) and to reduce risks such as malicious use, unauthorized access, transfer, destruction or alteration of personal data. These security measures shall also include other measures taken in matters such as transferring personal data to countries that do not provide adequate data protection.

Personal data are confidential and the Company shall respect this confidentiality. Only the persons authorized within the Company shall be able to access personal data. In this framework, it shall be ensured that the software complies with the standards, that the third parties are carefully selected and that the KVK Policy is complied with within the Company.

In the event that personal data is damaged or accessed by unauthorized third parties as a result of attacks on the platforms operated by the Company or the Company’s system, despite the fact that Company has taken the necessary data security measures, The company shall take immediate action to remedy the violation in question and shall minimize the harm to the relevant person. The company shall immediately notify the relevant persons and the Board of this situation and shall take necessary measures.

THE RIGHTS OF RELEVANT PERSONS REGARDING PERSONAL DATA AND THE USE OF RIGHTS

5.1. Rights of the Relevant Persons

According to the Constitution of the Republic of Turkey, everyone has the right to demand the protection of their personal data. In this context, the rights of the relevant person regarding their personal data are listed below in Article 11 of the KVK Law:

Learning whether their personal data have been processed,

Requesting information if their personal data have been processed,

Learning the purpose of processing personal data and whether they have been used in accordance with the relevant purpose,

Learning the domestic or foreign third parties to whom their personal data are transferred,

Requesting correction in case of incomplete or incorrect processing of personal data,

Requesting the erasure or destruction of personal data within the framework of the conditions stipulated in Article 7 of the KVK Law,

Requesting notification of this erasure, destruction or correction to third parties to whom personal data have been transferred,

Objecting to any unfavorable results obtained against the data subject upon analyzing the processed data exclusively through automated systems,

Requesting the compensation of the damage in case of loss due to the processing of personal data in violation of the KVK Law.

5.2. Use of Rights by the Relevant Persons

Within the scope of the above-mentioned rights, the relevant person may submit their requests in writing to the Company’s registered electronic mail (KEP) address, using secure electronic signature, mobile signature or the electronic mail address previously notified to the Company by the relevant person and registered in the Company’s system. The relevant person can use the “Data Subject Request Form” on the Company’s website for making requests. The request shall contain:

Name, surname, and if the request is in writing, signature,

T.R. identity number for citizens of the Republic of Turkey, and nationality, passport number or, if any, identity number for foreigners,

The place of residence or workplace address for notification,

If any, the e-mail address, telephone and fax number for notification,

The subject of the request.

In addition, it is obligatory to attach information and documents regarding the subject to the request. Requests shall be taken into consideration only if they are in Turkish. In order for third parties to make a request on behalf of the relevant persons, a specific power of attorney issued by the relevant person through a notary public on behalf of the requester must be present.

5.3. Evaluation and Response of Relevant Person’s Requests

In the event that the relevant persons submit their requests regarding their rights listed above to the Company, in any case, in accordance with the request procedures stipulated in the Communiqué on the Principles and Procedures for the Request to Data Controller, as specified in this KVK Policy, the Company shall conclude this request free of charge as soon as possible, depending on its nature, and within 30 (thirty) days from the request date at the latest. However, if the procedure requires an additional cost, the Company shall be able to receive the fee specified in the tariff determined by the Board.

In written requests, the date on which the document is notified to the data controller or its representative shall be the request date. For requests made via other methods, the date on which the request reaches the data controller shall be the request date.

THE RELATIONSHIP OF THE KVK POLICY WITH OTHER POLICIES

The Company shall specify the request principles it has determined for the protection of personal data in its policies, and shall publish the said policies in public media to the extent that it is relevant. All company policies prepared on this subject shall constitute a whole and their regulations shall complement each other. In this way, the Company aims to provide transparency and accountability by informing the relevant persons about personal data processing activities.

ENFORCEMENT OF KVK POLICY AND AMENDMENTS TO THE POLICY

This KVK Policy shall be published on the Company’s website and enter into force as of the date of its publication. The Company shall always be able to make amendments in this KVK Policy. These amendments shall take effect on the day the new amended KVK Policy is published.

CONTACT US

If you have any questions about this KVK Policy or our approach to the processing and protection of your personal data, or if you want to exercise any of the rights set forth in this KVK Policy, you can get information by using any of the following ways:

KURTSAN GROUP COMPANIES

KURTSAN İLAÇLARI A.Ş.

Address: İSTOÇ OTOMARKET A-2 BLOK BURAK PLAZA KAT.7 BAĞCILAR İSTANBUL

Telephone: 0212 481 30 50

E-mail: www.kurtsanilaclari.com

KEP Address: [email protected]

KURTSAN MEDİKAL SAN.TİC.A.Ş.

Address: İSTOÇ OTOMARKET A-2 BLOK BURAK PLAZA KAT.7 BAĞCILAR İSTANBUL

Telephone: 0212 481 30 50

E-mail: www.kurtsanmedikal.com

KEP Address: [email protected]

OTACI İLAÇ KOZMETİK BESİN TİCARET A.Ş.

Address: İSTOÇ OTOMARKET A-2 BLOK BURAK PLAZA KAT.7 BAĞCILAR İSTANBUL

Telephone: 0212 481 30 50

E-mail: www.otaci.com

KEP Address: [email protected]

ANNEX-1

Data Category Data Processing Purposes

Identity

Execution of Emergency Management Processes
Execution of Information Security Processes
Execution of Audit / Ethics Activities
Carrying out Training Activities
Execution of Access Authorizations
Execution of Activities in Compliance with the Legislation
Execution of Finance and Accounting Affairs
Execution of Company / Product / Services Loyalty Processes
Follow-up and Execution of Legal Affairs
Carrying out Internal Audit / Investigation / Intelligence Activities
Execution of Communication Activities
Execution / Supervision of Business Activities
Execution of Occupational Health / Safety Activities
Execution of Business Continuity Activities
Execution of Logistics Activities
Execution of Goods / Services Procurement Processes
Execution of Goods / Services After Sales Support Services
Execution of Goods / Services Sales Processes
Execution of Goods / Services Production and Operation Processes
Execution of Customer Relationship Management Processes
Execution of Activities for Customer Satisfaction
Organization and Event Management
Execution of Advertising / Campaign / Promotion Processes
Execution of Risk Management Processes
Execution of Storage and Archive Activities
Execution of Contract Processes
Execution of Strategic Planning Activities
Follow-up of Requests / Complaints
Ensuring the Security of Movable Property and Resources
Execution of Supply Chain Management Processes
Execution of Marketing Processes of Products / Services
Ensuring the Security of Data Controller Operations
Execution of Investment Processes
Providing Information to Authorized Persons, Institutions and Organizations
Execution of Management Activities

Communication

Execution of Emergency Management Processes
Execution of Information Security Processes
Execution of Audit / Ethics Activities
Carrying out Training Activities
Execution of Activities in Compliance with the Legislation
Execution of Finance and Accounting Affairs
Execution of Company / Product / Services Loyalty Processes
Follow-up and Execution of Legal Affairs
Carrying out Internal Audit / Investigation / Intelligence Activities
Execution of Communication Activities
Execution / Supervision of Business Activities
Execution of Occupational Health / Safety Activities
Execution of Business Continuity Activities
Execution of Logistics Activities
Execution of Goods / Services Procurement Processes
Execution of Goods / Services After Sales Support Services
Execution of Goods / Services Sales Processes
Execution of Goods / Services Production and Operation Processes
Execution of Customer Relationship Management Processes
Execution of Activities for Customer Satisfaction
Organization and Event Management
Execution of Advertising / Campaign / Promotion Processes
Execution of Risk Management Processes
Execution of Storage and Archive Activities
Execution of Contract Processes
Execution of Strategic Planning Activities
Follow-up of Requests / Complaints
Ensuring the Security of Movable Property and Resources
Execution of Supply Chain Management Processes
Execution of Marketing Processes of Products / Services
Ensuring the Security of Data Controller Operations
Execution of Investment Processes
Providing Information to Authorized Persons, Institutions and Organizations
Execution of Management Activities

Legal Affairs

Execution of Audit / Ethics Activities
Execution of Activities in Compliance with the Legislation
Execution of Finance and Accounting Affairs
Follow-up and Execution of Legal Affairs
Execution of Storage and Archive Activities
Providing Information to Authorized Persons, Institutions and Organizations

Customer Affairs

Execution of Audit / Ethics Activities
Execution of Activities in Compliance with the Legislation
Execution of Finance and Accounting Affairs
Execution of Communication Activities
Execution / Supervision of Business Activities
Execution of Business Continuity Activities
Execution of Logistics Activities
Execution of Goods / Services Procurement Processes
Execution of Goods / Services After Sales Support Services
Execution of Goods / Services Sales Processes
Execution of Storage and Archive Activities
Execution of Contract Processes
Execution of Supply Chain Management Processes
Providing Information to Authorized Persons, Institutions and Organizations

Physical Space Security

Execution of Information Security Processes
Execution of Audit / Ethics Activities
Execution of Activities in Compliance with the Legislation
Execution / Supervision of Business Activities
Execution of Business Continuity Activities
Execution of Goods / Services Production and Operation Processes
Execution of Risk Management Processes
Execution of Storage and Archive Activities
Ensuring the Security of Movable Property and Resources
Ensuring the Security of Data Controller Operations
Execution of Management Activities

Risk Management

Execution of Emergency Management Processes
Execution of Audit / Ethics Activities
Execution of Activities in Compliance with the Legislation
Carrying out Internal Audit / Investigation / Intelligence Activities
Execution / Supervision of Business Activities
Execution of Risk Management Processes
Execution of Storage and Archive Activities
Ensuring the Security of Data Controller Operations
Providing Information to Authorized Persons, Institutions and Organizations
Execution of Management Activities

Finance

Execution of Audit / Ethics Activities
Execution of Activities in Compliance with the Legislation
Execution of Finance and Accounting Affairs
Execution of Communication Activities
Execution / Supervision of Business Activities
Execution of Business Continuity Activities
Execution of Goods / Services Procurement Processes
Execution of Goods / Services Sales Processes
Execution of Storage and Archive Activities
Execution of Contract Processes
Execution of Wage Policy
Providing Information to Authorized Persons, Institutions and Organizations

Professional Experience

Execution of Audit / Ethics Activities
Carrying out Training Activities
Execution of Activities in Compliance with the Legislation
Execution of Finance and Accounting Affairs
Execution of Company / Product / Services Loyalty Processes
Carrying out Internal Audit / Investigation / Intelligence Activities
Execution of Communication Activities
Execution / Supervision of Business Activities
Execution of Business Continuity Activities
Execution of Logistics Activities
Execution of Goods / Services Procurement Processes
Execution of Goods / Services After Sales Support Services
Execution of Goods / Services Sales Processes
Execution of Goods / Services Production and Operation Processes
Execution of Customer Relationship Management Processes
Execution of Advertising / Campaign / Promotion Processes
Execution of Risk Management Processes
Execution of Storage and Archive Activities
Execution of Contract Processes
Follow-up of Requests / Complaints
Ensuring the Security of Movable Property and Resources
Execution of Supply Chain Management Processes
Execution of Marketing Processes of Products / Services
Ensuring the Security of Data Controller Operations
Providing Information to Authorized Persons, Institutions and Organizations

Visual and Audio Recordings

Execution of Information Security Processes
Execution of Audit / Ethics Activities
Execution of Activities in Compliance with the Legislation
Execution of Communication Activities
Execution / Supervision of Business Activities
Execution of Business Continuity Activities
Execution of Goods / Services Procurement Processes
Execution of Goods / Services Production and Operation Processes
Execution of Advertising / Campaign / Promotion Processes
Execution of Risk Management Processes
Execution of Storage and Archive Activities
Execution of Contract Processes
Ensuring the Security of Movable Property and Resources
Execution of Marketing Processes of Products / Services
Ensuring the Security of Data Controller Operations
Providing Information to Authorized Persons, Institutions and Organizations

Date of Update: 15.03.2022

Cookie Policy

As it is the case in many websites, Otacı Bitkisel Ürünler Sanayi ve Ticaret A.Ş. (hereinafter referred to as “Otacı”) uses cookies to enable visitors to experience the website better.

This Cookie Policy has been prepared to inform website visitors about the definition of cookie, types of cookies, cookies used by Otacı and how cookie preferences can be managed. If the cookie usage warning on the website is turned off or the use of the website is continued, cookies shall be deemed to be approved.

If you do not approve the use of cookies, we request from you not to continue to the website or to change your cookie preferences in your browser. We would like to remind you that if cookies are not allowed, some features of the website may lose their functionality.

WHAT IS A COOKIE?

Cookies are small text files stored on your computer or mobile device when you visit a website. Data such as your IP address, session information, pages you access, etc. are stored in these files. Cookies do not contain data such as name and surname or address. Thanks to cookies, your website preferences can be remembered, your session can be kept open, or you can be offered content that you are interested in.

For detailed information about cookies, you can visit www.aboutcookies.org and www.allaboutcookies.org.

TYPES OF COOKIES

Cookies are divided into different types according to criteria such as their storage time on mobile devices and by whom they are placed. The basic distinction within the scope of these criteria is as follows:

Session Cookies /Persistent Cookies: Session cookies are temporary cookies and are deleted from the device after closing the browser. The main function of these cookies is to ensure the proper functioning of the website. Persistent cookies, on the other hand, remain on the device until they are deleted by the visitor or expire after closing the browser. Persistent cookies allow websites to remember what you prefer when you come back. For example, if you choose to read the website in German on your first visit, it will automatically appear in German the next time you visit the website. The fact that you don’t always have to choose a language preference will make the website more convenient, more efficient, and user-friendly for you.

First Party / Third Party Cookies: First party cookies are cookies placed on the device by the visited website operator. Third party cookies, on the other hand, are cookies placed on the device and controlled by people other than the operator of the visited website.

WHICH COOKIES DO WE USE?

Otacı uses different types of cookies.

Strictly Necessary Cookies: These are technical cookies that enable the website to function correctly and allow you to use its features. They are in the session cookie category. If these cookies are blocked, it will result in the inability to use the website features. Our visitors’ consent is not required for the use of strictly necessary cookies.

Analytical Cookies: Otacı uses analytical cookies to improve your website experience. Analytical cookies allow us to understand how our visitors use the website (e.g. which pages they visit, duration of visit, etc.). In this way, Otacı can improve the content it offers or modify the design of the website. Google Analytics, one of the web analysis tools, is used for analytical purposes. Detailed information on web tracking can be found in the Google Privacy Policy. Click here to stay out of the scope of Google Analytics.

Functionality Cookies: They allow your language preferences, region selection, etc. to be remembered when you visit the website again.

Targeting/Advertising Cookies: Otacı uses different first party and third party cookies for targeting and advertising purposes on its website. You can block these cookies by changing the settings of your browser. These cookies can be used to find out what interests you may have in general, such as the websites you visit and the products you buy. They can also help us understand information about you, such as your age, marital status, and how many children you may have. These data allow us to send you advertisements for products and services that better suit what you like or need. They also allow us to limit the number of times you see the same advertisement.

Social Media Plugins: Various social media plugins are integrated into Otacı’s website and mobile application. When one of the integrated social media buttons is clicked, some of your information is shared with social media providers. If you are simultaneously logged in the social media account or social media cookies are saved in your browser, the social media provider can recognize your visit on our website or mobile application and show these activities on your social media profile.

Even if you do not have an account on a social network (e.g. Facebook), do not log in to the provider of the plugin or do not click on the plugin, social media providers may record information such as URL information or IP address of a visited website.

In order to prevent social networks from associating your visit to the Otacı website with your user accounts, you must log out of your user account before visiting our website.

For more information on the social media plugins integrated in Otacı’s website and mobile application, we recommend that you read the privacy policy of the relevant social media platform.

Facebook: https://tr-tr.facebook.com/privacy/explanation

Twitter: https://twitter.com/en/privacy#update

Google/Youtube: https://policies.google.com/privacy?hl=tr&gl=ZZ

Pinterest: https://policy.pinterest.com/tr/privacy-policy

Instagram: https://help.instagram.com/155833707900388

Linkedin: https://www.linkedin.com/legal/privacy-policy?_l=tr_TR

Detailed information on the types of cookies used on our website and how these cookies are used are given below.

__cfduid .otaci.com This cookie is used by cdn services such as CloudFare to identify individual clients behind a shared IP address and apply security settings for each client. It does not correspond to any user ID in the web application and does not store any personally identifiable information. 29 days 23 hours 59 minutes Necessary

sib_cuid .otaci.com no explanation 5 months 28 days 15 hours 59 minutes Other

_ga .otaci.com This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and to track site usage for the site’s analytical report. Cookies store information anonymously and assign a randomly generated number to identify unique visitors. 1 year 11 months 28 days 23 hours 59 minutes Analytical

gid .otaci.com This cookie is installed by Google Analytics. The cookie is used to store information about how visitors use a website and it helps to generate an analysis report of how the website is doing. Data collected, including the number of visitors, where they came from, and visited pages anonymously. 23 hours 59 minutes Analytical

_gat .otaci.com These cookies are installed by Google Universal Analytics to limit the data collection on high traffic sites, to lower the request rate. Efficiency

_fbp .otaci.com This cookie is set by Facebook to advertise when they are on Facebook or a digital platform supported by Facebook advertising after visiting this website. 2 months 28 days 23 hours 59 minutes Advertisement

fr .facebook.com The cookie is set by Facebook to show users relevant ads and to measure and improve ads. The cookie also monitors the user’s behavior on the web on sites with the Facebook pixel or Facebook social plugin. 2 months 28 days 23 hours 59 minutes Advertisement

__cfduid .sibautomation.com The cookie is used by cdn services such as CloudFare to identify individual clients behind a shared IP address and apply security settings for each client. It does not correspond to any user ID in the web application and does not store any personally identifiable information. 29 days 23 hours 59 minutes Necessary

HOW CAN YOU CHANGE YOUR COOKIE PREFERENCES?

You can customize or block cookies completely by changing the settings of the browser you use. You can set your browser to reject all cookies or to indicate when a cookie will be sent to your computer. However, this may prevent our sites or services from functioning properly. You can also set your browser to delete cookies whenever you finish browsing. Detailed information on the steps to be followed for different browsers can be accessed via the links below:

Browser Name Link

Google Chrome

https://support.google.com/chrome/answer/95647?co=GENIE.Platform%3DDesktop&hl=tr

Internet Explorer

https://support.microsoft.com/tr-tr/help/17442/windows-internet-explorer-delete-manage-cookies

Mozilla Firefox

https://support.mozilla.org/tr/kb/cerezleri-silme-web-sitelerinin-bilgilerini-kaldirma

Yandex

https://yandex.com.tr/support/browser-classic/personal-data-protection/cookies.xml

Safari

https://www.apple.com/legal/privacy/tr/

You can review the help or support page of the relevant browser to manage cookie preferences in other browsers.

YOUR RIGHTS REGARDING YOUR PERSONAL DATA

By applying to Otacı as the data subject, you shall have the right to:

Learn whether your personal data have been processed,

Request information if your personal data have been processed,

Learn the purpose of processing your personal data and whether they have been used in accordance with the relevant purpose,

Learn the domestic or foreign third parties who received your personal data,

Request correction in case of incomplete or incorrect processing of your personal data, and to request the notification of the third parties who received your personal data accordingly,

Request the deletion or destruction of your personal data in the event that the reasons requiring their processing are no longer valid, despite the fact that they have been processed in accordance with the provisions of the Law no. 6698 and other relevant laws, and to request the notification of the third parties who received your personal data accordingly

Object to any unfavorable results obtained against you upon analyzing the processed data exclusively through automated systems,

Request compensation in case of damages due to the unlawful processing of your personal data.

In case you submit your requests regarding your rights listed above to Otacı in accordance with the application procedures stipulated in the Communiqué on Principles and Procedures for Request to Data Controller, Otacı shall conclude your request free of charge as soon as possible and within 30 (thirty) days at the latest, depending on its nature. However, if the procedure requires an additional cost, Otacı may charge the fee specified in the tariff determined by the Personal Data Protection Board.

In order to exercise your above-mentioned rights, you can fill in the application form on our website and send a signed copy of your request, which contains the necessary information identifying your identity and your explanations regarding your right that you request to exercise from the rights specified in Article 11 of the KVK Law, to our address, deliver it in person or through a notary public or send the relevant form to our KEP address with a secure electronic signature.

Our company’s contact information are as follows:

Otacı Bitkisel Ürünler Sanayi ve Ticaret A.Ş.

Address: Otacı Bitkisel Ürünler San. Tic. A.Ş. A2 Blok Burak Plaza K:7 Bağcılar/İstanbul

Telephone: 0212 480 3050

KEP Address: [email protected]

E-mail Address: [email protected]

Date of Update: 01.11.2020

Membership Agreement

I have read and understood the entire clarification text of the Law on the Protection of Personal Data No. 6698 announced by Otacı Bitkisel Ürünler Sanayi ve Ticaret A.Ş. and I have been informed about OTACI’s processing of my Personal Data within the framework of the above-mentioned purposes.

In this context, as illuminated and informed in a way that leaves no room for hesitation, I hereby give my explicit consent for the processing of my Personal Data by your Company in accordance with the Law on the Protection of Personal Data No. 6698 via all kinds of channels in the light of information stated in the Clarification Text, and for sharing them with the persons specified in the Clarification Text in case of legal or actual requirements related to the service and/or business relationship, for the realization of purposes such as keeping necessary information in accordance with the law, planning and implementing OTACI’s human resources policies in the best way possible, offering products/services to its customers, customizing the offered products and services according to the demands, needs, usage habits and wishes of the customers, provision of products and/or services from suppliers or manufacturers and/or establishment and performance of contracted or non-contractual commercial relations in this regard, identification and control of the parties signing the relevant documents, recording identity, address, tax number and other information in order to determine the owner and addressee of all kinds of applications, works and transactions to be made within the scope of them, and issuing information and documents that will be the basis for works and transactions to be carried out on paper or electronically.

Regarding Membership

All you have to do to become a member of our store is to go to our Membership Procedures page and fill in the relevant sections. It is very important for you to fill in your member information correctly and completely due to potential communication and transportation problems. Please fill in carefully and completely in order for the products and services to arrive quickly and safely. Becoming a member is a very simple and a quick process. Being a member does not mean that you are under any obligation. However, before making a purchase, carefully read the Sales Agreement. You have the right to terminate your membership whenever you wish.

Cancellation of Membership

The member shall have the right to terminate the membership at any time. After you end your membership, your relationship with our website shall be terminated. In order to terminate your membership, you must submit your request via our contact information page after logging in as a member.

Membership Cannot Be Canceled In The Following Situations

1- If 60 days have not passed since the member’s last order.

2- If a membership cancellation request is made with a different e-mail address.

3- If the member cannot be reached via their registered information.

Membership Will Be Canceled By Us In The Following Situations

1 – If the member is sending unethical messages or posting unethical comments.

2 – If the member has attempted fraud.

3 – If the member has attempted to harm the system or the Otacı brand.

Member Security

Every precaution has been taken in our store for the security of the member. In addition to these measures, you are also responsible for the security of your member information. Do not share the information you use to log in to our store with anyone, and do not log into the system from computers from whose security you are not sure of.

Different Address

For each member, there is an address section where he/she can enter a different address, apart from his/her registered address, while terminating the order. You can use the address section when sending gifts to your friends, as well as during periods when you are at different addresses. For example: during the periods when you will be in different branches of the company you work for, or when you stay at your summer house, or if you want your invoice to reach you and your order to a friend.

Product Reviews

Every member who has purchased a product can write a comment. The more you share your knowledge and experience with other users, the more enjoyable and conscious shopping will be. Since customer reviews will be impartial and based on experience, a more conscious shopping environment will emerge. Points to consider when writing a product review: Pay attention to write respectful comments to other users and the manufacturer of the product, within the framework of general ethical rules. Comments are reviewed, and comments that are not deemed appropriate are deleted from the system.

Distance Sales Contract

All users shall be deemed to have accepted that they have read and approved the sales contract as soon as they complete their membership process.

Sales Contract

It is the Virtual Sales Contract concluded between Otacı Bitkisel Ürünler Sanayi ve Ticaret A.Ş. and the Customer.

Article – 1

The subject of this contract covers the rights and obligations of the parties regarding the sale and delivery of the product, which has been sold by the seller to the buyer and whose qualities and sales price are stated below, in accordance with the provisions of the Regulation on the Implementation Principles and Procedures of Distance Contracts of the Law No. 4077 on the Protection of Consumers.

Article – 2

SELLER INFORMATION

Otacı Bitkisel Ürünler Sanayi ve Ticaret A.Ş.

Article – 3

BUYER INFORMATION

All members: All buyers who are members of the Otacı Bitkisel Ürünler Sanayi ve Ticaret A.Ş. company’s e-commerce store https://www.otaci.com/ and shop (hereinafter referred to as buyer or customer).

Article – 4

SUBJECT OF THE CONTRACT AND PRODUCT INFORMATION:

The Type, Quantity, Brand/Model, Color, Quantity, Sale Price and Payment Method of the Good/Product or Service are as stated on the site, and these promises may change without notifying the buyer.

Article – 5

GENERAL PROVISIONS

5.1 – The BUYER declares that he/she has read all the preliminary information about the basic characteristics, sales price and payment method and delivery of the product subject to the contract specified in Article 4 and has given the necessary confirmation in electronic environment.

5.2 – The product subject to the contract shall be delivered to the buyer or the person or organization at the address indicated within the period specified in the preliminary information, depending on the distance of the buyer’s place of residence for each product, provided that the legal 30-day period is not exceeded.

5.3 – If the product subject to the contract is to be delivered to a person or organization other than the buyer, the SELLER cannot be held responsible if the person or organization to be delivered does not accept the delivery.

5.4- The SELLER shall be responsible for the delivery of the product subject to the contract in an intact and complete manner and in accordance with the qualifications specified in the order and together with the warranty documents and user manuals, if any.

5.5- It is mandatory for the delivery of the product subject to the contract that this contract has been approved electronically and that the sale price has been paid in the form of payment preferred by the buyer. If, for any reason, the product price is not paid or canceled in the bank records, the SELLER shall be deemed to be free from the obligation to deliver the product.

5.6 – In case the relevant bank or financial institution fails to pay the product price to the SELLER, due to the unfair or illegal use of the credit card of the buyer after the delivery of the product by unauthorized persons, not due to the fault of the buyer, the BUYER shall be obligated to return the product, which was delivered to him/her or the person or institution specified in the sales contract, to the SELLER within 3 working days. In such a case, the shipping costs shall be borne by the buyer.

5.7 – If the SELLER cannot deliver the product subject to the contract in due time due to force majeure or extraordinary circumstances such as weather conditions, which prevent transportation, and interruption of transportation, it shall be obligated to notify the buyer of the situation. In this case, the buyer may use one of the rights to cancel the order, replace the product subject to the contract with its equivalent, if any, and/or postpone the delivery time until the obstacle is removed. In the event that the buyer cancels the order, the SELLER shall make necessary actions before the bank in an attempt to cancel the buyer’s credit card receipt and return the relevant amount to the buyer’s account within 7 days, and the transaction shall be notified to the BUYER via e-mail. In such a case, the SELLER cannot be held responsible for delays caused by the relevant bank.

5.8 – In case the products delivered to the BUYER and/or to the person and/or institutions that the BUYER requested to be delivered are defective or broken, the relevant product(s) shall be sent to the SELLER within 7 days starting from the date of receipt by the BUYER for the necessary repair or replacement within the warranty conditions, and the shipping costs shall be borne by the SELLER. In such a case, if the 7-day period expires, the BUYER shall be obligated to take the received product to the relevant service.

Article – 6

CONDITIONS FOR RETURNING THE PRODUCTS

If the product you purchased on our site is found to be faulty, you must contact us from the online support section on our webpage within 7 days as of the delivery date at the latest. Following this notification, the faulty product that you will send to us via the cargo company shall be replaced with a new one. If the fault of the ordered product is caused by the use of the customer or the product is used within 7 days, the product cannot be returned or replaced with a new one. The practices stipulated in the Law on the Protection of the Consumer No. 4077 shall be taken as the basis for the product return and replacement conditions.

Article – 7

AUTHORIZED COURT:

In the implementation of this contract, the Consumer Arbitration Committees and the CONSUMER COURTS in the place of residence of the BUYER or SELLER shall be authorized up to the value declared by the Ministry of Industry and Trade.

In case the order is approved electronically, the BUYER shall be deemed to have accepted all the provisions of this contract.

Warranty and Return Conditions

Warranty conditions
All products are under the warranty of the manufacturers unless otherwise stated. In order for the warranty conditions to be valid, you should definitely check the product during the cargo delivery. Keep a record of any damage you notice and to do not take the item. Changes made on the product, deformation of the product or deterioration of the original design of the product are not covered by the warranty.

Product Return Policy
If the product you purchased on our site is found to be faulty, you must contact us from the online support section on our page within 7 days from the delivery date at the latest.
Following this information, the faulty product that you will send to us with the cargo company will be replaced with a new one. Return and exchange of the product will not be done if the ordered product defect occurred due to customer use or if the product was used within 7 days. As the product return and replacement conditions, the practices in accordance with the Law on the Protection of the Consumer No. 4077 are essential.

Clarification Text

OTACI BİTKİSEL ÜRÜNLER SANAYİ VE TİCARET A.Ş.

CLARIFICATION TEXT FOR THE PROCESSING OF PERSONAL DATA

IDENTITY OF THE DATA CONTROLLER

In accordance with the Law on the Protection of Personal Data No. 6698 (“KVK Law”), your personal data may be processed within the scope described below by Otacı Bitkisel Ürünler Sanayi ve Ticaret A.Ş. (“Company”), which has the title of “Data Controller”.

PURPOSE AND LEGAL BASIS FOR PROCESSING YOUR PERSONAL DATA

Your personal data in the categories of identity, communication, customer procedures, finance, transactional security, visual and audio recording information are processed in accordance with the KVK Law and secondary regulations within the framework of the following purposes and legal reasons:

Based on the legal reason “explicitly stipulated in the laws” regulated in article 5/2 (a) of the KVK Law, your personal data shall be processed for the purposes of fulfilling the obligations arising from the legislation to which our Company is subject, primarily the Turkish Commercial Code and the Tax Procedure Law, and establishing its rights, and issuing legal declarations and notifications.

Based on the legal reason of “establishment, use or protection of a right” regulated in article 5/2 (e) of the KVK Law, your personal data shall be processed for the purposes of providing proof in possible disputes, obtaining legal advice and technical support.

Based on the legal reason for the “establishment or performance of the contract” regulated in article 5/2 (c) of the KVK Law, your personal data shall be processed for the purposes of performing payment and collection transactions in accordance with the distance sales contract you are a party to, performance of the contract, fulfillment and continuation of the obligations, executing the goods/service sales processes, and carrying out financial and accounting activities.

Based on the legal reason of the “fulfillment of the legal obligation by the data controller” regulated in article 5/2 (ç) of the KVK Law, your personal data may be processed for the purposes of issuing legal declarations and notifications, complying with the retention periods stipulated in the legislation to which the Company is subject, fulfilling other obligations stipulated in the relevant legislation, fulfilling the requests of courts and public institutions and organizations requesting information, and other legal obligations.

Based on the legal reason of “legitimate interest of the data controller” regulated in article 5/2 (f) of the KVK Law, your personal data may be processed for the purposes of ensuring customer satisfaction and conducting quality standards processes, performing internal operational activities, carrying out internal audit investigation activities, ensuring commercial security, data backup and storage in order to securely store your personal data.

METHOD OF COLLECTING YOUR PERSONAL DATA

Your personal data are collected by our Company in electronic form via the forms available on the website.

TRANSFER OF YOUR PERSONAL DATA

Your collected personal data can be transferred within the framework of the personal data processing conditions regulated in the 8th and 9th articles of the KVK Law.

Based on the legal reason for the “establishment and performance of the contract” regulated in article 5/2 (c) of the KVK Law, your personal data may be transferred to the relevant bank for the necessary payment and collection transactions, to the company from which the service is received for the relevant transactions if the payment and collection transactions are carried out with a credit card / debit card, and to the cargo companies for the delivery of the products you have purchased.

Based on the data processing condition of our Company relevant to the “mandatory data processing in order to fulfill the legal obligation”, which is regulated in Article 5/2 (ç) of the KVK Law, your personal data may be transferred to courts and public institutions and organizations that request information, when necessary.

Based on the data processing condition for the “establishment, use or protection of a right” regulated in article 5/2 (e) of the KVK Law, your personal data may be transferred to law offices and other consultants for the purposes of providing proof in possible disputes, obtaining legal consultancy and technical support, implementing the contract, and auditing whether the parties comply with their obligations.

Based on the legal ground of “legitimate interest of the data controller” regulated in article 5/2 (f) of the KVK Law, your personal data may be transferred to group companies for the purposes of carrying out finance and accounting works and performing management activities.

Based on the “explicit consent” data processing condition in Article 9/1 of the KVK Law, your personal data may be transferred to data storage and/or cloud service supplier companies (Hetzner) whose servers are located abroad for the purposes of carrying out storage and archiving processes, and using cloud and e-mail services.

STORAGE OF YOUR PERSONAL DATA

Based on one of the data processing conditions specified in Article 5 of the KVK Law and in accordance with the general principles specified in Article 4 of the KVK Law, your personal data are stored for the period stipulated in the relevant legislation or required for the purpose, taking into account the periods specified in the Storage and Disposal Policy, which is regulated in accordance with Article 7 of the KVK Law, and are destroyed within the destruction period.

YOUR RIGHTS REGARDING YOUR PERSONAL DATA

As a data subject, you have the right to:

Learn whether your personal data have been processed,

Request information if your personal data have been processed,

Learn the purpose of processing your personal data and whether they have been used in accordance with the relevant purpose,

Learn the domestic or foreign third parties who received your personal data,

Request correction in case of incomplete or incorrect processing of your personal data, and to request the notification of the third parties who received your personal data accordingly,

Object to any unfavorable results obtained against you upon analyzing the processed data exclusively through automated systems,

Request compensation in case of damages due to the unlawful processing of your personal data.

APPLICATION TO THE DATA CONTROLLER

In case you submit your requests regarding your rights as a data subject to the Company in writing pursuant to paragraph 1 of Article 13 of the KVK Law or through the methods set forth in the Communiqué on the Principles and Procedures for the Request to Data Controller (https://www.resmigazete.gov.tr/eskiler/2018/03/20180310-6.htm), our company shall conclude the request free of charge as soon as possible and within thirty days at the latest, depending on the nature of the request. However, if the procedure requires a separate cost, the fee in the tariff determined by the Personal Data Protection Authority shall be charged by the Company.

Our company’s contact information are as follows:

Address: Otacı Bitkisel Ürünler San. Tic. A.Ş. A2 Blok Burak Plaza K:7 Bağcılar/İstanbul

Telephone: 0212 480 3050

KEP Address: [email protected]

E-mail address: [email protected]

Date of Update: 01.02.2021

Clarification Text

OTACI BİTKİSEL ÜRÜNLER SANAYİ VE TİCARET A.Ş.

CLARIFICATION TEXT FOR THE PROCESSING OF PERSONAL DATA

IDENTITY OF THE DATA CONTROLLER

PURPOSE AND LEGAL BASIS FOR PROCESSING YOUR PERSONAL DATA

METHOD OF COLLECTING YOUR PERSONAL DATA

Your personal data are collected by our Company in electronic form via the forms available on the website.

TRANSFER OF YOUR PERSONAL DATA

Your collected personal data can be transferred within the framework of the personal data processing conditions regulated in the 8th and 9th articles of the KVK Law.

STORAGE OF YOUR PERSONAL DATA

YOUR RIGHTS REGARDING YOUR PERSONAL DATA

As a data subject, you have the right to:

Learn whether your personal data have been processed,

Request information if your personal data have been processed,

Learn the purpose of processing your personal data and whether they have been used in accordance with the relevant purpose,

Learn the domestic or foreign third parties who received your personal data,

Request correction in case of incomplete or incorrect processing of your personal data, and to request the notification of the third parties who received your personal data accordingly,

Object to any unfavorable results obtained against you upon analyzing the processed data exclusively through automated systems,

Request compensation in case of damages due to the unlawful processing of your personal data.

APPLICATION TO THE DATA CONTROLLER

Our company’s contact information are as follows:

Address: Otacı Bitkisel Ürünler San. Tic. A.Ş. A2 Blok Burak Plaza K:7 Bağcılar/İstanbul

Telephone: 0212 480 3050

KEP Address: [email protected]

E-mail address: [email protected]

Date of Update: 01.02.2021

FAST ACCESS

Home Page
Help
Our Story
Manifest
Best Sellers
Favorites
TR

MEMBER

New User
Member Login
My Cart

CONTACT

Support: 0 212 481 30 50 Support: 0 539 593 93 16
Email: [email protected]
Address: Otacı Bitkisel Ürünler San. Tic. A.Ş. A2 Blok Burak Plaza K:7 Bağcılar/İstanbul

PLANTS

ACTIVES

CATEGORY

COLLECTION

NEED

HAIR TYPE

CATEGORY

COLLECTION

NEED

SKIN TYPE

Most Wanted

Popular Categories

Otacı LAB No: 1 Moisturizing and Regenerative Shampoo

Otal Soap

Rose Cure Nourishing Serum for Eyebrow & Eyelash

Rose Cure 100% Natural Rose Water Refreshing Face Spray