Approved by the Board of Directors.
Effective Date: 06/09/2023
Table of Contents
JK Mağazacılık Tekstil Sanayi ve Ticaret Anonim Şirketi 1
PERSONAL DATA PROTECTION AND PROCESSING POLICY 1
ABBREVIATIONS AND CONCEPTS... 1
2. ISSUES RELATED TO THE PROTECTION OF PERSONAL DATA 4
3. ISSUES RELATED TO THE PROCESSING OF PERSONAL DATA 8
5. CATEGORIZATION OF THE OWNERS OF THE PERSONAL DATA PROCESSED BY THE DATA CONTROLLER. 22
7. PROCESSING OF PERSONAL DATA BASED ON AND LIMITED TO THE PROCESSING CONDITIONS IN THE LAW 28
8. CONDITIONS FOR DELETION, DESTRUCTION AND ANONYMIZATION OF PERSONAL DATA 32
9. RIGHTS OF PERSONAL DATA SUBJECTS; METHODOLOGY FOR EXERCISING AND EVALUATING THESE RIGHTS 33
KVKK/Law
Law No. 6698 on the Protection of Personal Data published in the Official Gazette dated April 7, 2016 and numbered 29677
GDPR
EU (European Union) General Data Protection Regulation
Constitution
Constitution of the Republic of Turkey dated November 7, 1982 and numbered 2709 published in the Official Gazette dated November 9, 1982 and numbered 17863
Data Processor
A person who processes personal data outside the organization of the data controller and in accordance with the authorization and instruction received from the data controller, except for the person or unit responsible for the technical storage, protection and backup of the data.
Data Owner/Related Person
Real persons whose personal data are processed, such as employees, customers, business partners, shareholders, shareholders, officials, potential customers, candidate employees, interns, interns, visitors, suppliers, employees of the institutions with which JK Mağazacılık Tekstil Sanayi ve Ticaret Anonim Şirketi and / or JK Mağazacılık Tekstil Sanayi ve Ticaret Anonim Şirketi is affiliated, employees, third parties and other persons, including but not limited to those listed here.
Data Controller
The natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system. For the purposes of this Policy, JK Mağazacılık Tekstil Sanayi ve Ticaret Anonim Şirketi will hereinafter be referred to as the Data Controller.
Explicit Consent
Informed and freely given consent to a particular subject matter.
Destruction
Deletion, destruction or anonymization of personal data.
Storage/Recording Medium
Any medium containing personal data that is fully or partially automated or processed by non-automatic means, provided that it is part of any data recording system.
Personal Data
Any information relating to an identified or identifiable natural person.
Sensitive Personal Data (Sensitive Data)
Data on race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, appearance and dress, membership to associations, foundations or trade unions, health, sexual life, criminal convictions and security measures, and biometric and genetic data.
Processing of Personal Data
Any operation performed on personal data such as obtaining, recording, storing, preserving, modifying, reorganizing, disclosing, transferring, taking over, making available, classifying or preventing the use of personal data by fully or partially automatic means or by non-automatic means provided that it is part of any data recording system.
Anonymization of Personal Data
Making personal data impossible to be associated with an identified or identifiable natural person under any circumstances, even by matching with other data.
Deletion of Personal Data
Deletion of personal data; making personal data inaccessible and non-reusable in any way for the relevant users.
Destruction of Personal Data
The process of making personal data inaccessible, irretrievable and non-reusable by anyone in any way.
Periodic Destruction
The process of deletion, destruction or anonymization to be carried out ex officio at recurring intervals in the event that all of the conditions for processing personal data specified in the Law are eliminated.
Regulation
Regulation on Deletion, Destruction or Anonymization of Personal Data published in the Official Gazette dated October 28, 2017 and numbered 30224 and entered into force as of January 1, 2018.
PDP Board / Board
Personal Data Protection Board
KVK Authority
Personal Data Protection Authority
Politics
Data Controller Personal Data Protection and Processing Policy
Turkish Penal Code
Turkish Criminal Code dated September 26, 2004 and numbered 5237; published in the Official Gazette dated October 12, 2004 and numbered 25611.
Obligation to Inform
The data controller shall inform the relevant persons about the identity of the Data Controller, the purpose for which personal data will be processed, to whom and for what purpose the processed personal data can be transferred, the method and legal reason for collecting personal data, and the rights of the data subject listed in Article 11 of the Kvkk.
Data Controllers Registry Information System (VERBIS)
It is a data registry system established by the Presidency under the supervision of the Board, where data controllers register and declare information about their data processing activities.
As the Data Controller, we are aware of our responsibility for the protection of personal data, which is regulated as a constitutional right, and to be legally secured, and we attach importance to the safe use of your personal data.
The purpose of this policy is to regulate the methods and principles to be followed by JK Mağazacılık Tekstil Sanayi ve Ticaret Anonim Şirketi to ensure that it processes and protects personal data in accordance with the Law on the Protection of Personal Data (KVKK) published in the Official Gazette dated April 7, 2016 and numbered 29677.
In this way, it is aimed to ensure full compliance with the legislation in the processing and protection of personal data carried out by the Data Controller and to protect all rights of personal data owners arising from the legislation on personal data.
This policy applies to the activities carried out by JK Mağazacılık Tekstil Sanayi ve Ticaret Anonim Şirketi for the processing and protection of all personal data.
This policy covers natural persons whose personal data are processed by the Data Controller by automatic or non-automatic means, provided that they are part of any data recording system. This Policy does not apply to legal entities and legal entity data in any way.
Groups of Persons Whose Data are Processed under the Policy
Supplier Officer
Parent / Guardian / Representative
Shareholder/Partner
Employee
Product or Service Recipient
Supplier Employee
Potential Product or Service Buyer
Visitor
Employee Candidate
Intern
Public Official
Website Visitors
Party to Lawsuit, Enforcement Case
Doctor
Occupational Health and Safety Specialist
Workplace Physician
Employee Relative
The entire scope of application of this Policy will cover all of the personal data owners in the above-mentioned categories of the relevant group of persons; some of its provisions may only be directed to certain groups of relevant persons.
This policy is implemented by the Data Controller in the activities carried out for the processing and protection of all personal data, together with the relevant detailed data procedures.
Within the scope of this Policy, the relevant legal regulations and data security principles in force in the national legislation on the processing and protection of personal data will primarily apply. In case of any incompatibility between the legislation in force and the Policy, the Data Controller agrees that the legislation in force shall apply.
In accordance with Article 12 of the KVK Law, the Data Controller takes the necessary technical and administrative measures to ensure the appropriate level of security in order to prevent unlawful processing of the personal data it processes, to prevent unlawful access to the data and to ensure the preservation of the data, and to carry out or have the necessary audits carried out within this scope.
Subject to the confidentiality of personal data, the Data Controller takes technical and administrative measures according to the technological possibilities and the cost of implementation in order to ensure the appropriate level of security in order to ensure that personal data is processed in accordance with the law, to prevent unlawful access to this data, to prevent its loss and destruction, to ensure its storage and preservation in secure environments.
The main technical measures taken by the Data Controller, subject to personal data confidentiality, to ensure that personal data is processed in accordance with the law, to prevent unlawful access to this data, to prevent loss and destruction, to ensure the appropriate level of security in order to ensure storage and preservation in secure environments are listed below:
Technical Measures
Network security and application security are ensured
Closed system network is used for personal data transfers through the network
Key management is in place
Security measures are taken within the scope of procurement, development and maintenance of information technology systems
Security of personal data stored in the cloud is ensured
Access logs are kept regularly
Corporate policies on access, information security, use, storage and disposal have been prepared and implemented
Up-to-date anti-virus systems are used
Firewalls are used
Personal data is backed up and the security of the backed up personal data is also ensured
User account management and authorization control system is implemented and monitored
Log records are kept without user intervention
Intrusion detection and prevention systems are used
Cyber security measures have been taken and their implementation is constantly monitored
Encryption is performed
Sensitive personal data transferred in portable memory, CD, DVD media are transferred by encrypting the data
Data masking measures are applied when necessary
The main administrative measures taken by the Data Controller, subject to personal data confidentiality, to ensure that personal data is processed in accordance with the law, to prevent unlawful access to this data, to prevent its loss and destruction, to ensure the appropriate level of security in order to ensure its storage and preservation in secure environments are listed below:
Administrative Measures
Disciplinary arrangements are in place for employees that include data security provisions
Training and awareness activities on data security for employees are carried out at regular intervals
Authorization matrix has been created for employees
Confidentiality commitments are made
Employees who change their position or leave their job are de-authorized in this area
The signed contracts contain data security provisions
Extra security measures are taken for personal data transferred via paper and the relevant document is sent in confidential document format
Personal data security policies and procedures have been determined
Personal data security issues are quickly reported
Personal data security is monitored
Necessary security measures are taken for entering and exiting physical environments containing personal data
Physical environments containing personal data are secured against external risks (fire, flood, etc.)
Security of environments containing personal data is ensured
Personal data is minimized as much as possible
Internal periodic and/or random audits are conducted and commissioned
Existing risks and threats have been identified
Protocols and procedures for the security of sensitive personal data have been determined and implemented
Awareness of data processing service providers on data security is ensured
In accordance with Article 12 of the KVK Law, the Data Controller conducts or has the necessary audits carried out within its own organization. The results of the measure audit carried out within the scope of the audit activities required to fulfill the obligations of the legal regulations that constitute the personal data protection planning are reported to the relevant department within the scope of the internal functioning of the Data Controller and necessary activities are carried out to improve the measures taken.
The Data Controller has the obligation to protect the personal data it processes against unauthorized access, illegal processing, disclosure, loss and alteration. In the event that personal data processed in accordance with Article 12 of the KVK Law is obtained and used by unauthorized others through unlawful means, it carries out the system that ensures that this situation is notified to the relevant personal data owner and the KVK Board as soon as possible.
The Data Controller carries out the necessary channels, internal functioning, administrative and technical arrangements in accordance with Article 13 of the KVK Law in order to evaluate the rights of personal data owners and to provide the necessary information to personal data owners.
If personal data subjects submit their requests regarding their rights listed below in writing to us, the Data Controller, the application is finalized free of charge as soon as possible and within thirty days at the latest, depending on the nature of the request. However, if the transaction requires an additional cost, the fee in the tariff determined by the PDP Board will be charged to the applicant data owner.
Personal data subjects;
The PDP Law attaches special importance to certain sensitive personal data due to the risk of causing victimization or discrimination in case of unlawful processing.
These data are; race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, appearance and dress, association, foundation or union membership, health, sexual life, criminal conviction and security measures, and biometric and genetic data.
The Data Controller acts sensitively in the protection of special quality personal data determined as “special quality” by the KVK Law and processed in accordance with the law. In this context, the technical and administrative measures taken by the Data Controller for the protection of personal data are carefully implemented in terms of sensitive personal data and necessary audits are provided within the Data Controller and a Policy on Processing and Protection of Sensitive Personal Data is also established.
The Data Controller ensures that the necessary trainings are organized for the business units in order to raise awareness to prevent unlawful processing of personal data, unlawful access to data and to ensure the protection of data.
Necessary systems are established in order to raise the awareness of the current employees of the business units of the Data Controller and the employees who are newly included in the business unit on the protection of personal data, and if necessary, professional persons are employed on the subject.
The results of the trainings carried out to increase the awareness of the business units of the Data Controller on the protection and processing of personal data are reported to the Data Controller. In this direction, the Data Controller evaluates the participation in the relevant trainings, seminars and information sessions and conducts or has the necessary audits carried out. The trainings provided by us as the Data Controller are updated and renewed in parallel with the updating of the relevant legislation.
The Data Controller, in accordance with Article 20 of the Constitution and Article 4 of the KVK Law, in the processing of personal data; in accordance with the law and honesty rules; accurate and up-to-date when necessary; pursuing specific, clear and legitimate purposes; personal data processing activities in a purpose-related, limited and measured manner.
The Data Controller retains personal data for the period stipulated by law or required by the purpose of personal data processing.
Pursuant to Article 20 of the Constitution and Article 5 of the KVK Law, the Data Controller processes personal data based on one or more of the conditions in Article 5 of the KVK Law regarding the processing of personal data.
In accordance with Article 20 of the Constitution and Article 10 of the PDP Law, the Data Controller informs the personal data subjects and provides the necessary information in case the personal data subjects request information.
In accordance with Article 6 of the KVK Law, the Data Controller acts in accordance with the regulations stipulated for the processing of special categories of personal data.
In accordance with Articles 8 and 9 of the KVK Law, the Data Controller acts in accordance with the regulations stipulated in the law and set forth by the KVK Board regarding the transfer of personal data.
The Data Controller acts in accordance with the principles introduced by legal regulations and the general rule of trust and honesty in the processing of personal data. In this context, the Data Controller takes into account the proportionality requirements in the processing of personal data and does not use personal data for purposes other than its purpose.
Data Controller; It ensures that the personal data it processes is accurate and up-to-date, taking into account the fundamental rights of personal data owners and their legitimate interests. It takes necessary measures in this direction.
The Data Controller clearly and precisely determines the legitimate and lawful purpose of personal data processing. The Data Controller processes personal data in connection with and to the extent necessary for the services it provides. The purpose for which personal data will be processed by the Data Controller is determined before the personal data processing activity begins.
The Data Controller processes personal data in a manner suitable for the realization of the specified purposes and avoids the processing of personal data that is not related to the realization of the purpose or is not needed.
The Data Controller retains personal data only for the period specified in the relevant legislation or for the period required for the purpose for which they are processed. In this context, the Data Controller first determines whether a period of time is stipulated for the storage of personal data in the relevant legislation, if a period of time is determined, it acts in accordance with this period, and if a period of time is not determined, it keeps personal data for the period required for the purpose for which they are processed. Personal data are deleted, destroyed or anonymized by the Data Controller in the event that the period expires or the reasons requiring processing are eliminated. Personal data is not stored by the Data Controller with the possibility of future use.
Protection of personal data is a constitutional right. Fundamental rights and freedoms may be restricted without prejudice to their essence only for the reasons specified in the relevant articles of the Constitution and only by law. Pursuant to the third paragraph of Article 20 of the Constitution, personal data may only be processed in cases stipulated by law or with the explicit consent of the person. In this direction and in accordance with the Constitution, the Data Controller processes personal data only in cases stipulated by law or with the explicit consent of the person.
In accordance with Article 10 of the Data Controller and KVK Law, it enlightens personal data owners during the acquisition of personal data. In this context, it enlightens the identity of the Data Controller and its representative, if any, for what purpose the personal data will be processed, to whom and for what purpose the processed personal data can be transferred, the method and legal reason for collecting personal data and the rights of the personal data owner.
Article 20 of the Constitution stipulates that everyone has the right to be informed about personal data concerning him/her. In this direction, “requesting information” is also listed among the rights of the personal data owner in Article 11 of the KVK Law. In this context, the Data Controller provides the necessary information in case the personal data owner requests information in accordance with Article 20 of the Constitution and Article 11 of the KVK Law.
While fulfilling the disclosure obligation, the Data Controller acts in accordance with the Law No. 6698, the Communiqué on the Procedures and Principles to be followed in the Fulfillment of the Disclosure Obligation, the Board decisions published on the website of the Authority and the Guide to the Fulfillment of the Disclosure Obligation prepared by the Authority.
In the processing of personal data determined as “special quality” by the KVK Law, the Data Controller acts in strict compliance with the regulations stipulated in the KVK Law.
In Article 6 of the KVK Law, some personal data that have the risk of causing victimization or discrimination when processed unlawfully are determined as “special quality”. These data are; race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, appearance and dress, association, foundation or union membership, health, sexual life, criminal conviction and security measures, and biometric and genetic data.
In accordance with the PDP Law, special categories of personal data are processed by the Data Controller in the following cases, provided that adequate measures to be determined by the PDP Board are taken:
or
Sensitive personal data other than the health and sexual life of the personal data owner, in cases stipulated by law,
Sensitive personal data relating to the health and sexual life of the personal data owner are processed only by persons or authorized institutions and organizations under the obligation of confidentiality for the purposes of protecting public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing.
A separate policy for the processing of special categories of personal data is established by the Data Controller.
The Data Controller may transfer the personal data and sensitive personal data of the personal data owner to third parties by taking the necessary security measures in line with the lawful personal data processing purposes. In this respect, the Data Controller acts in accordance with the regulations stipulated in Article 8 of the KVK Law.
In line with the legitimate and lawful personal data processing purposes, the Data Controller may transfer personal data to third parties based on and limited to one or more of the personal data processing conditions specified in Article 5 of the Law listed below:
The Data Controller may transfer the personal data of the personal data owner to third parties in the following cases in line with the legitimate and lawful personal data processing purposes by taking due care, taking the necessary security measures and adequate measures stipulated by the PDP Board.
or
Personal data of special nature other than the health and sexual life of the personal data owner (race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, appearance and dress, membership of associations, foundations or trade unions, criminal convictions and security measures, and biometric and genetic data), in cases stipulated by law,
Personal data of special nature related to the health and sexual life of the personal data owner are transferred only to persons or authorized institutions and organizations under the obligation of confidentiality for the protection of public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing.
The Data Controller may transfer the personal data and sensitive personal data of the personal data owner to third parties abroad by taking the necessary security measures in line with the lawful personal data processing purposes.
As a result of the widespread use of company applications that provide information services today, communication via instant message or online communication channels is established through platforms and applications originating abroad. Therefore, it is possible to transfer data abroad through these platforms.
Personal data are transferred by the Data Controller to foreign countries declared to have adequate protection by the PDP Board or, in the absence of adequate protection, to foreign countries where the data controllers in Turkey and the relevant foreign country undertake adequate protection in writing and where the PDP Board has permission (“Foreign Country Where the Data Controller Undertakes Adequate Protection”). In this respect, the Data Controller acts in accordance with the regulations stipulated in Article 9 of the KVK Law.
In line with the legitimate and lawful personal data processing purposes, the Data Controller may transfer personal data to Foreign Countries with Adequate Protection or to Foreign Countries where there is a Data Controller Committed to Adequate Protection in the presence of one of the following cases if the personal data owner has explicit consent or if the personal data owner does not have explicit consent:
By taking due care, taking the necessary security measures and taking adequate measures stipulated by the KVK Board; In line with legitimate and lawful personal data processing purposes, the Data Controller may transfer the personal data owner's special quality data to Foreign Countries with Adequate Protection or to Foreign Countries where there is a Data Controller Committed to Adequate Protection in the following cases.
or
Personal data of special nature other than the health and sexual life of the personal data owner (race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, appearance and dress, association, foundation or union membership, criminal conviction and security measures, and biometric and genetic data), in cases stipulated by law,
Sensitive personal data relating to the health and sexual life of the personal data owner can only be transferred within the scope of processing by persons or authorized institutions and organizations under the obligation of confidentiality for the protection of public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing.
In accordance with Article 10 of the KVK Law, the Data Controller informs the personal data owner of which personal data owner groups' personal data it processes, the purposes of processing the personal data of the personal data owner and the retention periods within the scope of the disclosure obligation.
The following categories of personal data are processed by the Data Controller by informing the relevant persons in accordance with Article 10 of the KVK Law, in line with the legitimate and lawful personal data processing purposes of the Data Controller, based on one or more of the personal data processing conditions specified in Article 5 of the KVK Law and limited to the subjects within the scope of this Policy by complying with the general principles specified in the KVK Law, especially the principles specified in Article 4 regarding the processing of personal data, and all obligations regulated in the KVK Law.
Personal Data Categorization
Description
Identity Information
Data that clearly belongs to an identified or identifiable natural person; processed partially or completely automatically or non-automatically as part of a data recording system; containing information about the identity of the person; (documents such as driver's license, identity card and passport containing information such as name-surname, Turkish ID number, nationality information, mother's name-father's name, place of birth, date of birth, gender, and information such as tax number, Social Security number, signature information, vehicle license plate, etc.)
Contact Information
Information that clearly belongs to an identified or identifiable natural person; processed partially or completely automatically or non-automatically as part of the data recording system; (information such as telephone number, address, e-mail address, fax number, IP address)
Knowledge of Professional Experience
Data that clearly belongs to an identified or identifiable natural person; processed partially or completely automatically or non-automatically as part of the data recording system; data containing information about the identity of the person; (Data processed according to the type of legal relationship established by the Data Controller with the Personal Data Owner; data such as diploma information, courses attended, vocational training information, certificates, candidate application forms, reference interview information, job interview information, transcript information. )
Personal Information
Any personal data that clearly belongs to an identified or identifiable natural person; processed partially or completely automatically or non-automatically as part of the data recording system; (all kinds of personal data processed for obtaining information that will be the basis for the formation of the personal rights of natural persons who are in a working relationship with the Data Controller)
Financial Information
Data that clearly belongs to an identified or identifiable natural person; processed partially or completely automatically or non-automatically as part of the data recording system; (Personal data processed regarding information, documents and records showing all kinds of financial results created according to the type of legal relationship established by the Data Controller with the personal data owner and data such as bank account number, IBAN number, credit card information, financial profile, asset data, income information)
Audio/Visual Information
Data that clearly belongs to an identified or identifiable natural person; (photographs and camera recordings (except for recordings within the scope of Physical Space Security Information), voice recordings and data contained in documents that are copies of documents containing personal data)
Location Data
Information that clearly belongs to an identified or identifiable natural person; processed partially or completely automatically or non-automatically as part of the data recording system; (information that determines the location of the personal data owner within the framework of the operations carried out by the business units, during the use of products and services or while using the vehicles of the employees; GPS location, travel data, etc.).
Customer Transaction Information
Information that clearly belongs to an identified or identifiable natural person; processed partially or completely automatically or non-automatically as part of the data recording system; (Information such as call center records, invoice, promissory note check information, order information, request information, request information, offer, service number obtained and produced about the relevant person as a result of the commercial activities of the Data Controller and the operations carried out by the business units).
Physical Location Security Information
Personal data that clearly belongs to an identified or identifiable natural person; processed partially or completely automatically or non-automatically as part of the data recording system; (personal data related to records and documents taken at the entrance to the physical space, during the stay in the physical space; camera records, records taken at the security point, etc.)
Health Information
It is clear that it belongs to an identified or identifiable natural person; processed partially or completely automatically or non-automatically as part of the data recording system; (within the framework of the operations carried out by the business units of the Data Controller; health data such as Health Report, Disability tax exemption documents, insurance documents, military service status certificate of the Personal Data Owner and / or family members obtained in order to carry out the business processes of real persons in relation to the products and services offered or in a working relationship with the Data Controller or to protect the legal and other interests of the Data Controller and the Personal Data Owner)
Legal Procedure and Compliance Knowledge
Data that clearly belongs to an identified or identifiable natural person; processed partially or completely automatically or non-automatically as part of the data recording system; (Data processed within the scope of the Data Controller's legal processes, determination of receivables and rights, follow-up and fulfillment of debts and legal obligations, information in correspondence with judicial authorities, incoming and outgoing documents, information such as case files. )
Criminal Conviction and Security Measures Information
Clearly belonging to an identified or identifiable natural person; processed partially or completely automatically or non-automatically as part of the data recording system; (Data such as the judicial record of the Personal Data Owner obtained within the framework of the operations carried out by the business units of the Data Controller or in order to carry out the business processes of natural persons in a working relationship with the Data Controller or to protect the legal and other interests of the Data Controller and the Personal Data Owner)
Risk Management Information
Data that clearly belongs to an identified or identifiable natural person; processed partially or completely automatically or non-automatically as part of the data recording system; (Data processed for the management of all kinds of commercial, technical, administrative risks created according to the type of legal relationship established by the Data Controller with the Personal Data Owner).
Transaction Security Information
It is clear that it belongs to an identified or identifiable natural person; processed partially or completely automatically or non-automatically as part of the data recording system; (Personal data such as IP Address information, Website login and exit information, password and password information processed regarding the technical, administrative, legal and commercial security of both the Personal Data Owner and the Data Controller while carrying out the activities of the Data Controller)
Marketing Knowledge
Clearly belonging to an identified or identifiable natural person; processed partially or completely automatically or non-automatically as part of the data recording system; (shopping history information, surveys, cookie records, data obtained and produced about the person concerned as a result of the commercial activities of the Data Controller and the operations carried out by the business units, surveys, cookie records, data obtained through campaign work)
Vehicle Information
Data such as (Vehicle License Plate), which clearly belongs to an identified or identifiable natural person; processed partially or completely automatically or non-automatically as part of the data recording system.
Employee Family Member and Relative Information
Kimliği belirli veya belirlenebilir bir gerçek kişiye ait olduğu açık olan; kısmen veya tamamen otomatik şekilde veya veri kayıt sisteminin bir parçası olarak otomatik olmayan şekilde işlenen (Çalışan 1. Derece Akraba Bilgisi, Çalışan 1. Derece Akraba Bilgisi, Çalışan Aile Bireyleri Kimlik ve Adres Bilgileri, Çalışan 1. Data such asEmployee 1st Degree Relative Information, Employee Family Members Identity and Address Information, Employee 1st Degree Relative Information, Employee Family Members Identity and Address Information, Employee 1st Degree Relative Information, Employee Family Members Identity and Address Information, Employee 1st Degree Relative Information, Employee Family Members Identity and Address Information).
The Data Controller processes personal data limited to the purposes and conditions within the personal data processing conditions specified in paragraph 2 of Article 5 and paragraph 3 of Article 6 of the KVK Law. These purposes and conditions;
In this context, the Data Controller processes your personal data for the following purposes:
Processing Purposes
Execution of Goods / Service Procurement Processes
Execution of Activities in Compliance with the Legislation
Implementation of Social Responsibility and Civil Society Activities
Providing Information to Authorized Persons, Institutions and Organizations
Execution of Risk Management Processes
Execution of Management Activities
Execution / Supervision of Business Activities
Execution of Finance and Accounting Affairs
Execution of Communication Activities
Execution of Contract Processes
Execution of Goods / Services After Sales Support Services
Execution of Goods / Service Sales Processes
Conducting Audit / Ethics Activities
Execution of Information Security Processes
Fulfillment of Obligations Arising from Employment Contract and Legislation for Employees
Execution of Logistics Activities
Execution of Business Continuity Ensuring Activities
Follow-up and Execution of Legal Affairs
Receiving and Evaluating Suggestions for Improvement of Business Processes
Organization and Event Management
Execution of Goods / Services Production and Operation Processes
Execution of Customer Relationship Management Processes
Execution of Marketing Processes of Products / Services
Execution of Employee Satisfaction and Loyalty Processes
Creating and Tracking Visitor Records
Ensuring the Security of Movable Property and Resources
Ensuring Physical Space Security
Execution of Supply Chain Management Processes
Tracking Requests / Complaints
Execution of Emergency Management Processes
Execution of Access Authorizations
Execution of Assignment Processes
Execution of Occupational Health / Safety Activities
Ensuring the Security of Data Controller Operations
Execution of Company / Product / Service Loyalty Processes
Conducting Marketing Analysis Studies
Conducting Internal Audit / Investigation / Intelligence Activities
Execution of Strategic Planning Activities
Execution of Performance Evaluation Processes
Execution of Wage Policy
Execution of Fringe Benefits and Benefits Processes for Employees
Conducting Training Activities
Execution of Employee Candidate Application Processes
Execution of Employee Candidate / Intern / Student Selection and Placement Processes
Planning Human Resources Processes
Execution of Termination Procedures
Execution of Personnel Attendance Control System
Execution of Human Resources Processes
Execution of Activities for Customer Satisfaction
Execution of Advertising / Campaign / Promotion Processes
In the event that the processing activity carried out for the aforementioned purposes does not meet any of the conditions stipulated under the PDP Law, your explicit consent is obtained by the Data Controller regarding the relevant processing process.
If stipulated in the relevant laws and regulations, the Data Controller retains personal data for the period specified in these regulations. The retention periods determined by the Data Controller are stated below:
Data Category
Storage Time
Identity
10 years from the termination of the legal relationship
10 years from the end of the purpose of data processing
10 Years from the end of the activity
15 Years from the termination of the employment relationship
1 Year
Contact
10 years from the termination of the legal relationship
10 years from the end of the purpose of data processing
10 Years from the end of the activity
10 Years from the end of the processing purpose
15 Years from the termination of the employment contract
1 Year
Professional Experience
10 years from the termination of the legal relationship
10 years from the end of the purpose of data processing
10 Years from the end of the activity
15 years from the termination of the employment contract
1 Year
Personnel
10 years from the end of the purpose of data processing
15 years from the termination of the employment contract
10 years from the termination of the legal relationship
1 Year
Finance
10 years from the termination of the legal relationship
15 years from the termination of the employment contract
10 Years from the end of the activity
10 years from the end of the purpose of data processing
10 Years from the termination of the legal relationship
Audio and Visual Recordings
15 years from the termination of the employment contract
10 Years from the end of the activity
10 years from the end of the purpose of data processing
Location
10 years from the termination of the legal relationship
10 years from the end of the purpose of data processing
5 years from the end of the processing purpose
15 years from the termination of the employment contract
Customer Transaction
10 years from the termination of the legal relationship
15 years from the termination of the employment contract
10 years from the end of the purpose of data processing
10 Years from the end of the activity
Physical Space Security
45 Days
5 years from the end of the processing purpose
15 years from the termination of the employment contract
13 Days
1 Month
Vehicle Information
1 Year
Health Information
10 years from the end of the purpose of data processing
10 Years from the end of the activity
15 Years from the termination of the employment relationship
1 Year
Legal Action
15 years from the termination of the employment contract
10 years from the termination of the legal relationship
Criminal Conviction and Security Measures
10 years from the termination of the legal relationship
10 years from the end of the purpose of data processing
15 years from the termination of the employment contract
1 Year
Risk Management
15 years from the termination of the employment contract
10 years from the termination of the legal relationship
10 years from the end of the purpose of data processing
10 Years from the end of the activity
Process Security
10 years from the end of the purpose of data processing
2 Years
Marketing
10 years from the end of the purpose of data processing
Working Family Member and Relative Information
15 years from the termination of the employment contract
In this context, personal data are stored for the minimum retention periods stipulated under the Laws and required for the purpose for which they are processed:
If a period of time is not regulated in the legislation regarding how long personal data should be kept, Personal Data is processed for the period required to be processed in accordance with the practices and customs of the commercial life of the Data Controller, depending on the activity carried out by the Data Controller while processing that data, and then deleted, destroyed or anonymized. You can find detailed information on this subject in the Policy on Deletion, Destruction or Anonymization of Personal Data of the Data Controller.
If the purpose of processing personal data has ended and the retention periods determined by the relevant legislation and the Data Controller have come to an end; personal data can only be stored for the purpose of constituting evidence in possible legal disputes or to assert the relevant right related to personal data or to establish a defense. In the establishment of the periods here, the retention periods are determined based on the statute of limitations for the assertion of the aforementioned right and the examples in the requests previously addressed to the Data Controller on the same issues despite the expiration of the statute of limitations. In this case, the stored personal data is not accessed for any other purpose and access to the relevant personal data is provided only when it is required to be used in the relevant legal dispute. Here, personal data are deleted, destroyed or anonymized after the aforementioned period expires.
All units and employees of the Data Controller actively support the responsible units in taking technical and administrative measures to ensure data security in all environments where personal data is processed in order to prevent unlawful processing of personal data, to prevent unlawful access to personal data and to ensure that personal data is stored in accordance with the law by properly implementing the technical and administrative measures taken by the responsible units within the scope of the Policy, training and raising awareness of the unit employees, monitoring and continuous supervision.
Personal data belonging to data subjects are securely stored by the Data Controller in the environments listed in the table below in accordance with the relevant legislation, especially the provisions of the KVKK:
Storage Environments
Locked Archive Cabinet
Software Program - Domestic
Computer
Domestic Email Server
The table below details the categories of personal data subjects mentioned above and the types of personal data processed by the persons within these categories.
Personal Data Owner Category and Description
Category of Processed Personal Data of the Data Subject
Supplier Officer
(Real persons authorized to represent the Data Controller who are bound to the Data Controller by a supply contract)
Identity
Contact
Finance
Legal Action
Risk Management
Physical Space Security
Customer Transaction
Health Information
Parent / Guardian / Representative
(Person(s) authorized to act on behalf of the natural or legal person who has a legal relationship with the Data Controller)
Identity
Contact
Professional Experience
Finance
Risk Management
Legal Action
Shareholder/Partner
(Real persons who are shareholders of the Data Controller)
Identity
Contact
Professional Experience
Finance
Physical Space Security
Audio and Visual Recordings
Legal Action
Risk Management
Process Security
Location
Employee
(Real persons who have an employment contract with the Data Controller)
Identity
Contact
Personnel
Professional Experience
Audio and Visual Recordings
Location
Finance
Physical Space Security
Legal Action
Criminal Conviction and Security Measures
Health Information
Risk Management
Process Security
Marketing
Working Family Member and Relative Information
Product or Service Recipient
(Natural persons whose personal data are obtained through the business relations of the Data Controller within the scope of the operations carried out by the business units of the Data Controller, regardless of whether they have any contractual relationship with the Data Controller)
Identity
Contact
Finance
Customer Transaction
Physical Space Security
Legal Action
Marketing
Supplier Employee
(Natural persons who are bound to the Data Controller by a supply contract and have an employment contract with the Data Controller)
Identity
Contact
Physical Space Security
Personnel
Professional Experience
Health Information
Finance
Location
Process Security
Marketing
Potential Product or Service Buyer
(Natural persons whose personal data are obtained through the business relations of the Data Controller within the scope of the operations carried out by the business units of the Data Controller as a basis for the future legal relationship with the Data Controller)
Identity
Contact
Physical Space Security
Customer Transaction
Marketing
Location
Process Security
Health Information
Visitor
(Real persons who have entered the physical premises owned by the Data Controller for various purposes or who visit our websites)
Identity
Contact
Physical Space Security
Vehicle Information
Process Security
Health Information
Employee Candidate
(Natural persons who have applied for a job to the Data Controller by any means or who have opened their CV and related information to the examination of the Data Controller)
Physical Space Security
Identity
Contact
Personnel
Professional Experience
Criminal Conviction and Security Measures
Audio and Visual Recordings
Health Information
Intern
(Real persons who are in an internship relationship with the Data Controller)
Identity
Personnel
Finance
Contact
Professional Experience
Health Information
Public Official
(Other groups of people)
Identity
Contact
Website Visitors
(Other groups of people)
Process Security
Marketing
Party to Lawsuit, Enforcement Case
(Other groups of people)
Identity
Contact
Doctor
(Other groups of people)
Identity
Professional Experience
Occupational Health and Safety Specialist
(Other groups of people)
Identity
Contact
Professional Experience
Workplace Physician
(Other groups of people)
Identity
Professional Experience
Employee Relative
(Other groups of people)
Identity
Professional Experience
In accordance with Article 10 of the KVK Law, the Data Controller informs the personal data owner about the groups of persons to whom personal data are transferred.
The Data Controller may transfer the personal data of the data owners managed by the Policy in accordance with Articles 8 and 9 of the KVK Law to domestic and foreign recipient groups within the scope of the transfer reasons based on the data category listed below:
Data Category
Reason for Transfer
Buyer Group
Domestic
Abroad
Domestic
Abroad
Identity
Legal Obligation
Operational Operations
Information
Court Order
Contract
Administration Request
Monitoring the Legal Affairs and Transactions of the Data Controller
Transmission to Data Processors
Operational Transactions
Legal Obligation
Contract
Commercial Purpose
Authorized Public Institutions and Organizations
Natural Persons or Private Law Legal Entities
Suppliers
Legal Counselor
Financial Advisor - Accounting
Shareholders
Natural Persons or Private Law Legal Entities
Authorized Public Institutions and Organizations
Customer
Suppliers
Business Partners
Contact
Legal Obligation
Operational Operations
Information
Court Order
Contract
Administration Request
Monitoring the Legal Affairs and Transactions of the Data Controller
Operational Transactions
Legal Obligation
Contract
Commercial Purpose
Authorized Public Institutions and Organizations
Natural Persons or Private Law Legal Entities
Suppliers
Financial Advisor - Accounting
Shareholders
Natural Persons or Private Law Legal Entities
Authorized Public Institutions and Organizations
Customer
Suppliers
Business Partners
Professional Experience
Legal Obligation
Operational Operations
Administration Request
Monitoring the Legal Affairs and Transactions of the Data Controller
Court Order
Operational Operations
Authorized Public Institutions and Organizations
Natural Persons or Private Law Legal Entities
Suppliers
Natural Persons or Private Law Legal Entities
Personnel
Information
Court Order
Legal Obligation
Administration Request
Monitoring the Legal Affairs and Transactions of the Data Controller
Operational Operations
Authorized Public Institutions and Organizations
Suppliers
Suppliers
Finance
Contract
Legal Obligation
Administration Request
Monitoring the Legal Affairs and Transactions of the Data Controller
Legal Obligation
Natural Persons or Private Law Legal Entities
Authorized Public Institutions and Organizations
Financial Advisor - Accounting
Suppliers
Shareholders
Natural Persons or Private Law Legal Entities
Suppliers
Authorized Public Institutions and Organizations
Audio and Visual Recordings
Legal Obligation
Transmission to Data Processors
Monitoring the Legal Affairs and Transactions of the Data Controller
Administration Request
Operational Operations
Court Order
Legal Obligation
Authorized Public Institutions and Organizations
Legal Counselor
Suppliers
Natural Persons or Private Law Legal Entities
Natural Persons or Private Law Legal Entities
Suppliers
Authorized Public Institutions and Organizations
Location
Administration Request
Court Order
Legal Obligation
Authorized Public Institutions and Organizations
Authorized Public Institutions and Organizations
Customer Transaction
Administration Request
Court Order
Legal Obligation
Authorized Public Institutions and Organizations
Natural Persons or Private Law Legal Entities
Suppliers
Natural Persons or Private Law Legal Entities
Customer
Suppliers
Physical Space Security
Administration Request
Court Order
Legal Obligation
Suppliers
Authorized Public Institutions and Organizations
Suppliers
Vehicle Information
Administration Request
Court Order
Legal Obligation
Suppliers
Authorized Public Institutions and Organizations
Suppliers
Health Information
Administration Request
Monitoring the Legal Affairs and Transactions of the Data Controller
Legal Obligation
Operational Operations
Legal Obligation
Authorized Public Institutions and Organizations
Suppliers
Suppliers
Legal Action
Administration Request
Court Order
Legal Obligation
Authorized Public Institutions and Organizations
Suppliers
Suppliers
Criminal Conviction and Security Measures
Administration Request
Operational Operations
Monitoring the Legal Affairs and Transactions of the Data Controller
Court Order
Legal Obligation
Authorized Public Institutions and Organizations
Suppliers
Suppliers
Risk Management
Administration Request
Court Order
Legal Obligation
Authorized Public Institutions and Organizations
Suppliers
Natural Persons or Private Law Legal Entities
Suppliers
Process Security
Administration Request
Court Order
Legal Obligation
Suppliers
Authorized Public Institutions and Organizations
Suppliers
Marketing
Administration Request
Court Order
Legal Obligation
Suppliers
Authorized Public Institutions and Organizations
Working Family Member and Relative Information
Administration Request
Monitoring the Legal Affairs and Transactions of the Data Controller
Legal Obligation
Operational Operations
Legal Obligation
Authorized Public Institutions and Organizations
Suppliers
The definition and scope of the recipient groups to which the above-mentioned transfer is made are specified in the table below.
Persons to whom data can be transferred
Definition of Persons to Whom Data Can Be Transferred
Authorized Public Institutions and Organizations
Public institutions and organizations authorized to receive information and documents from the Data Controller in accordance with the provisions of the relevant legislation (All ministries, judicial, administrative institutions and organizations under the Presidency, especially the Ministry of Justice, the Constitutional Court, the Court of Cassation, the Council of State, the Regional Courts of Appeal, Local Courts and other courts of the Republic of Turkey, all departments and grades of the TBMM departments and institutions, other administrative and financial accident institutions, Governorships, District Governorships, Security Directorates, Consulates of the relevant country, Consulates of the relevant country, Population and Citizenship Courts, all departments and degrees of the departments and institutions of the Turkish Grand National Assembly, other administrative and financial accident institutions, Governorships, District Governorships, Security Directorates, Consulates of the relevant country, Population and Citizenship Affairs Directorates, Tax Offices, all central and provincial organizations and units of the Ministry of Finance, Customs Directorates and Chief Directorates, SSI, General Directorate of Free Zones of the Undersecretariat of Foreign Trade, Free Zones, All Public Banks and all other authorized public institutions and organizations)
Natural Persons or Private Law Legal Entities
Private law persons or real persons authorized to receive information and documents from the Data Controller in accordance with the provisions of the relevant legislation
Suppliers
Defines the parties that provide services to the Data Controller on a contractual basis in accordance with the orders and instructions of the Data Controller while carrying out the commercial activities of the Data Controller
Shareholders
Real persons who are shareholders of the Data Controller
Business Partners
Real or private legal entities with whom the Data Controller carries out its commercial activities
The Data Controller informs the personal data owner about the personal data it processes in accordance with Article 10 of the KVK Law.
The explicit consent of the personal data owner is only one of the legal grounds that make it possible to process personal data in accordance with the law. Apart from explicit consent, personal data may also be processed in the presence of one of the other conditions listed below. The basis of the personal data processing activity may be only one of the following conditions, or more than one of these conditions may be the basis of the same personal data processing activity. In the event that the processed data is personal data of special nature; the conditions specified below under the heading 7.1.2. under this section are applied.
Although the legal grounds for the processing of personal data by the Data Controller vary, all personal data processing activities are carried out in accordance with the general principles specified in Article 4 of the KVK Law.
One of the conditions for processing personal data is the explicit consent of the owner. The explicit consent of the personal data owner must be related to a specific subject, based on information and free will.
For personal data processing activities (secondary processing) other than the purpose of processing for the reasons for obtaining personal data (primary processing), at least one of the conditions in 7.1.1.1.2 - 7.1.1.8 of this title is sought; If one of these conditions is not present, these personal data processing activities are carried out by the Data Controller based on the explicit consent of the personal data owner for these processing activities.
For the processing of personal data based on the explicit consent of the personal data owner, the explicit consent of the personal data owners is obtained through the relevant methods.
The personal data of the data subject may be processed in accordance with the law if it is clearly stipulated in the law.
The personal data of the data subject may be processed if it is mandatory to process the personal data of the person who is unable to disclose his/her consent due to actual impossibility or whose consent cannot be recognized as valid, in order to protect the life or physical integrity of himself/herself or another person.
Provided that it is directly related to the establishment or performance of a contract, it is possible to process personal data if it is necessary to process personal data belonging to the parties to the contract.
The personal data of the data subject may be processed if the processing is mandatory for the Data Controller to fulfill its legal obligations as a data controller.
In the event that the data owner has made his/her personal data public by himself/herself, the relevant personal data may be processed.
Personal data of the personal data owner may be processed if data processing is mandatory for the establishment, exercise or protection of a right.
Provided that it does not harm the fundamental rights and freedoms of the personal data owner, data data may be processed if it is mandatory for the legitimate interests of the Data Controller.
Special categories of personal data are processed by the Data Controller in the following cases if there is no explicit consent of the personal data owner, provided that adequate measures to be determined by the PDP Board are taken:
The personal data processing activities carried out by the Data Controller at the entrances of the building facility and within the facility are carried out in accordance with the Constitution, the PDP Law and other relevant legislation.
In order to ensure security, the Data Controller carries out personal data processing activities for the monitoring of guest entrances and exits with security cameras in the Data Controller's buildings and facilities.
Personal data processing activity is carried out by the Data Controller through the use of security cameras and recording guest entrances and exits.
Cameras are divided into two as indoor and outdoor cameras. Indoor cameras are positioned at angles that do not directly capture employees or visitors, except for sinks, rooms, changing rooms, locker rooms and room interiors. The location of the cameras has been carefully chosen to ensure that the monitoring activity is kept to a minimum and limited to the monitoring purpose
In this section, explanations will be made regarding the camera surveillance system of the Data Controller and information will be provided on how personal data, confidentiality and fundamental rights of the person are protected.
Within the scope of security camera surveillance activity, the Data Controller aims to protect the interests of the Data Controller and other persons to ensure their security.
The Data Controller acts in accordance with the regulations in the KVK Law in carrying out camera surveillance activities for security purposes. In order to ensure security in its buildings and facilities, the Data Controller carries out security camera monitoring activities for the purposes stipulated in the relevant legislation in force and in accordance with the personal data processing conditions listed in the KVK Law.
The personal data owner is informed by the Data Controller in accordance with Article 10 of the KVK Law. The Data Controller notifies with more than one method regarding the camera surveillance activity of the clarification made regarding general issues. Thus, it is aimed to prevent damage to the fundamental rights and freedoms of the personal data owner and to ensure transparency and enlightenment of the personal data owner.
For the camera surveillance activity by the Data Controller; this Policy is published on the Data Controller's website (online policy regulation) and a notification letter regarding the monitoring is posted at the entrances of the areas where the monitoring is carried out (on-site disclosure).
In accordance with Article 4 of the KVK Law, the Data Controller processes personal data in a limited and measured manner in connection with the purpose for which they are processed.
The purpose of video camera surveillance by the Data Controller is limited to the purposes listed in this Policy. In this direction, the monitoring areas, number and time of monitoring of security cameras are sufficient to achieve the security purpose and are limited to this purpose. Areas that may result in interference with a person's privacy in a way that exceeds security purposes (e.g. restrooms) are not subject to monitoring.
Necessary technical and administrative measures are taken by the Data Controller to ensure the security of personal data obtained as a result of camera surveillance activity in accordance with Article 12 of the KVK Law.
Detailed information on the Data Controller's retention period for personal data obtained through camera surveillance is provided in Article 4.3 of this Policy titled Retention Periods of Personal Data.
If it is understood that the video recordings obtained from the security camera constitute evidence in a criminal investigation before the deletion period, if it constitutes evidence in a criminal investigation, it is kept until it is submitted to the judicial authority.
Video recordings obtained from security cameras are kept for 10 years if it is understood that they constitute evidence in a legal dispute before the deletion period.
Only a limited number of Data Controller employees have access to the records recorded and stored in digital media with live camera images. A limited number of persons who have access to the records declare that they will protect the confidentiality of the data they access with the confidentiality undertaking.
As regulated in Article 138 of the Turkish Penal Code and Article 7 of the KVK Law, although it has been processed in accordance with the provisions of the relevant law as regulated in Article 138 of the Turkish Penal Code and Article 7 of the KVK Law, personal data shall be deleted, destroyed or anonymized upon the Data Controller's own decision or upon the request of the personal data owner if the reasons requiring its processing disappear.
Within this framework
As a result, the Data Controller deletes, destroys or anonymizes the Personal Data collected.
In terms of Deletion, Destruction or Anonymization of Personal Data, the Data Controller creates a separate policy in detail within the scope of the Regulation on Deletion, Destruction or Anonymization of Personal Data.
Personal data subjects have the following rights
Pursuant to Article 28 of the KVK Law, personal data owners cannot assert the rights of personal data owners listed in 9.1.1. in these matters, since the following cases are excluded from the scope of the KVK Law:
Pursuant to Article 28/2 of the KVK Law; In the cases listed below, personal data owners cannot assert their other rights listed in 9.1.1, except for the right to demand compensation for the damage:
Personal Data Owners may submit their requests regarding their rights listed under Title 9.1.1. of this section to the Data Controller free of charge by filling out and signing the Application Form with the information and documents that will identify their identity and by the methods specified below or by other methods determined by the Personal Data Protection Board:
In order for third parties to make an application request on behalf of personal data owners, there must be a special power of attorney issued by the data owner through a notary public on behalf of the person who will make the application.
Pursuant to Article 14 of the KVK Law, the personal data owner may file a complaint to the KVK Board within thirty days from the date of learning the response of the Data Controller and in any case within sixty days from the date of application in case the application is rejected, the response is found insufficient or the application is not responded in due time.
In the event that the personal data owner submits his/her request to the Data Controller in accordance with the procedure in section 9.1.3. of this section, the Data Controller will finalize the relevant request free of charge within thirty days at the latest, depending on the nature of the request. However, if a fee is stipulated by the PDP Board, the fee in the tariff determined by the PDP Board will be charged by the Data Controller from the applicant.
The Data Controller may request information from the relevant person in order to determine whether the applicant is the personal data owner. The Data Controller may ask questions to the personal data subject about his/her application in order to clarify the matters contained in the personal data subject's application.
The Data Controller may reject the application of the applicant in the following cases by explaining the reason:
The Data Controller may also establish sub-policies for internal use regarding the protection and processing of personal data related to the principles set forth in this Policy, as well as other policies for certain groups of persons, especially employees.
The principles of the Data Controller's sub-policies for internal use are reflected in publicly available policies to the extent relevant, and it is aimed to inform those concerned within this framework and to ensure transparency and accountability regarding the personal data processing activities carried out by the Data Controller.
Thank you for reviewing our KVKK Policy.
JK Mağazacılık Tekstil Sanayi ve Ticaret Anonim Şirketi
Yedi Eylül Mh. Celal Umur Cd. No: 6/E Torbalı/İZMİR
+90 850 277 70 70
www.jimmykey.com
