Baga Skin Solutions Personal Data Policy

General information about the Personal Data Law

The Law on the Protection of Personal Data (hereinafter referred to as “GDPR”) No. 6698 was adopted on March 24, 2016, and was published in the Official Gazette No. 29677 dated April 7, 2016. Some parts of the GDPR came into effect on the date of publication, while others came into effect on October 7, 2016.

Information as the data controller

In accordance with Law No. 6698 and as the Data Controller, your personal data will be recorded, stored, updated, disclosed to third parties where allowed by law / transferred, classified, and processed in the ways mentioned in GDPR within the framework described on this page.

How your personal data can be processed

In accordance with Law No. 6698, your personal data that you share with our Company can be fully or partially, automatically, or obtained, recorded, stored, changed, re-organized, in short, can be processed by us in any way performed on data, as long as it is part of any data recording system. All operations carried out on data within the scope of GDPR are accepted as "processing of personal data".

The purposes and legal reasons for processing your personal data

The personal data you share,

To fulfill the requirements of the services we provide to our customers, to do according to the requirements of the contract and technology, to improve our products and services;

Law No. 6563 on Regulation of Electronic Commerce, Law No. 6502 on Consumer Protection and the Regulation on Service Providers and Intermediary Service Providers in Electronic Commerce published in the Official Gazette No. 29457 dated 26.08.2015 based on these regulations, the Distance Contracts Regulation published in the Official Gazette No. 29188 dated 27.11.2014 and other relevant legislation, to register identity, address and other necessary information to determine the transaction owner's information;

To arrange all records and documents that will be based on the transaction in paper or electronic contract in the field of Banking and Electronic Payment, which is mandatory, to comply with information storage, reporting, informing obligations envisaged by legislation and other authorities;

In matters related to public security and legal disputes, to provide information to the prosecutors, courts, and relevant public officials upon request and in accordance with the legislation;

Will be processed in accordance with Law No. 6698 and related secondary regulations. Information about third parties or organizations to which your personal data can be transferred The persons / organizations to which your personal data you share with our Company can be transferred for the purposes mentioned above; primarily IdeaSoft Software Ind. and Com. Inc. providing our company's e-commerce infrastructure, suppliers, cargo companies and other related persons and organizations, organizations we work with and/or receive services as Data Processor, domestic / foreign organizations and other 3rd parties.

How your personal data is collected

Your personal data,

Through forms on our Company's website and mobile applications with information such as name, surname, ID number, address, phone, work or private e-mail address; preferences on pages accessed using username and password, IP records of transactions, cookie data collected by the browser, data including browsing duration and details, location data;

Verbally, written or electronically through our sales and marketing department employees, our branches, our suppliers, other sales channels, paper forms, business cards, digital marketing and call center channels;

To establish a commercial relationship with our Company, to apply for a job, to bid, in physical or virtual environment, face to face or remotely, verbally or in writing or electronically from people who share their personal data through ways such as business card, resume (cv), bidding;

Also, data obtained indirectly from different channels, data obtained from websites, blogs, contests, surveys, games, campaign and similar purpose (micro) websites and social media, e-newsletter reading or click movements, data offered by public databases, open profile and data from social media platforms; can be processed and collected.

Your personal data obtained before the GDPR came into force

Your personal data, which were obtained legally before the effective date of GDPR on April 7, 2016, through membership, electronic message permission, product/service purchase, and other ways, are also processed and stored in accordance with the terms and conditions regulated in this document.

Transferring your personal data abroad

Your personal data collected by any of the methods mentioned above, whether processed in Turkey or processed and stored abroad, will also be transferred to service providers located abroad (countries accredited by the Personal Data Protection Board and where sufficient protection is provided for the protection of personal data) within the scope of GDPR and in accordance with the purposes of the contract.

Storage and protection of personal data

Your personal data will be stored confidentially in the database and systems located in our Company in accordance with Article 12 of GDPR; they will not be shared with third parties in any way except for legal obligations and regulations specified in this document. Our company is obliged to take software measures such as access management, encryption, and security of physical hosting environments to ensure that the data is stored securely, to prevent unlawful processing and access to personal data, and to ensure the protection of personal data, and to ensure the protection of personal data in this context.

If the legal reason disappears as a result of the transactions made in accordance with the legislation, the personal data will be deleted, destroyed or anonymized by our Company either ex officio or upon your request.

Your rights as per article 11 of GDPR

By applying to our Company (data controller); you have the right to

• learn whether your personal data is processed or not,
• request information if your personal data is processed,
• learn the purpose of processing your personal data and whether they are used in accordance with the purpose,
• know the third parties to whom your personal data are transferred domestically or abroad,
• request correction if your personal data is processed incompletely or incorrectly,
• request your personal data to be deleted or destroyed within the framework of the conditions stipulated in the relevant legislation,
• request notification of the transactions made to third parties to whom your personal data has been transferred, in case of correction, deletion, or destruction,
• object to the emergence of a result against you because it is analyzed exclusively by automatic systems,
• demand compensation for the damage in case you suffer damage due to unlawful processing.
• If you submit your requests regarding your rights to our company in the ways regulated by GDPR and other relevant laws, our company will conclude the request free of charge as soon as possible and within thirty days at the latest according to the nature of the request. However, if the transaction requires a separate cost, the fee in the tariff determined by the Personal Data Protection Board may be charged.

In addition, it is possible for you to withdraw your consent at any time by the same method you gave your consent.

Content and scope of the document

Our Company reserves the right to change the content of this document at any time. Changes made in the current policy will be effective from the moment they are published on our site or notified by any method. The current policy is dated 20.07.2023.

All information and documents included in this document belong to Baga Skin Solutions and cannot be used, published, reproduced, or processed without the written permission of Baga Skin Solutions.