MORAFILLI PERSONAL DATA PROTECTION POLICY

1. Purpose of the Policy

This Personal Data Protection Policy (“Policy”) has been prepared to ensure that personal data processed within the scope of the Morafilli membership program is collected, processed, stored, transferred, and protected in compliance with the Turkish Personal Data Protection Law No. 6698 (“KVKK”) and applicable secondary legislation.

2. Categories of Personal Data, Purposes, and Legal Grounds

Within the scope of the Morafilli membership program, the following categories of personal data may be collected:

Identity Data
Name, surname, date of birth, gender

Contact Data
Mobile phone number, email address, postal address

Transaction and Purchase Data
Purchase location, date and time, transaction amount, product details, campaign participation, discount amounts

Marketing and Digital Interaction Data
Application usage data (including browsing activity, clickstream data, and location data)

Purposes of Processing

Your personal data may be processed for the following purposes:
  • Execution and management of membership processes,
  • Provision of discounts, campaigns, and loyalty programs,
  • Sending commercial electronic communications (subject to your explicit consent),
  • Conducting statistical analysis and improving customer experience,
  • Managing customer service operations,
  • Fulfillment of legal and regulatory obligations.

Legal Grounds

Personal data is processed pursuant to Articles 5 and 6 of the KVKK, based on one or more of the following legal grounds:
  • Explicit consent of the data subject,
  • Necessity for the performance of a contract,
  • Compliance with legal obligations,
  • Legitimate interests of the data controller, provided that such interests do not override fundamental rights and freedoms.

3. Retention Period of Personal Data

Personal data shall be retained for as long as necessary to fulfill the purposes set out in this Policy and in accordance with the retention periods stipulated under applicable legislation.

In accordance with Law No. 6563 on the Regulation of Electronic Commerce, records related to electronic communication consent, message content, and transmission logs shall be retained for five (5) years from the date the consent is withdrawn or expires.

Upon the expiry of the retention period, personal data shall be deleted, destroyed, or anonymized in accordance with Morafilli’s data retention and destruction policies.

4. Transfer of Personal Data

Your personal data may be transferred:
  • To domestic third-party service providers (including call centers, IT infrastructure providers, and SMS/email service providers), subject to your explicit consent where required,
  • To authorized public institutions and organizations (such as regulatory authorities and courts) where required by applicable law.

Your personal data is not transferred abroad. In the event that cross-border data transfer becomes necessary, your explicit consent will be obtained in accordance with applicable legal requirements.

5. Rights of the Data Subject

Pursuant to Article 11 of the KVKK, you have the following rights:
  • To learn whether your personal data is processed,
  • To request information regarding the processing,
  • To learn the purpose of processing and whether data is used in accordance with such purpose,
  • To know the third parties to whom personal data is transferred domestically or abroad,
  • To request correction of incomplete or inaccurate data,
  • To request deletion or destruction of personal data,
  • To request notification of the above actions to third parties to whom data has been transferred,
  • To object to the occurrence of a result against you through the exclusive analysis of processed data via automated systems,
  • To claim compensation for damages arising from unlawful processing of personal data.

You may submit your requests regarding these rights by sending an email to [email protected] or by completing the application form available at www.morafilli.com/kvkk.

6. Measures for Data Security

Morafilli adopts appropriate technical and administrative measures to ensure the security of personal data, including:
  • SSL (Secure Socket Layer) encryption,
  • Firewall systems,
  • Access control and authorization mechanisms,
  • Software and system measures to prevent unauthorized access,
  • Confidentiality undertakings and data protection training for employees.

In the event of a personal data breach, Morafilli shall notify the Personal Data Protection Authority and the relevant data subjects in accordance with applicable legal requirements.

7. Amendments to the Policy

 

Morafilli reserves the right to amend this Policy at any time. The updated version shall be published on www.morafilli.com/kvkk and shall become effective as of the date of publication. Members will be informed of any material changes where required.

 

cultureSettings.RegionId: 0 cultureSettings.LanguageCode: EN