Privacy and Security
PERSONAL DATA PRIVACY AND SECURITY POLICY
Dear Customers, Members, Business Partners/Suppliers, Job Applicants, Employees, and Visitors; As Labor Organic Cosmetics Inc. (“Labor Organic” or “Company”), we place great importance on the protection of your personal data. In this context, we would like to inform you about your personal data and processing processes as a “data controller” in accordance with the Personal Data Protection Law No. 6698 (“KVKK”).
This Policy aims to ensure the sustainability of the Company’s principle of “conducting company activities with transparency.” In this context, the fundamental principles adopted in terms of compliance with the regulations in the Personal Data Protection Law No. 6698 (“KVK Law”) regarding the Company’s data processing activities are determined and the practices carried out by the Company are explained.
The Policy is directed towards natural persons whose personal data is processed by the Company through automated or non-automated means, provided that it is part of any data recording system.
The Policy has been published on the Company’s website and presented to the public. In the event of a conflict between the regulations in this Policy and the applicable legislation, particularly the Law, the provisions of the legislation shall apply.
The Company reserves the right to make changes to the Policy in parallel with legal regulations.
DEFINITIONS
Company Labor Organic Cosmetics Inc.
Personal Data Any kind of information relating to an identified or identifiable natural person.
Processing of Personal Data Any operation performed on personal data, whether or not by automated means, such as obtaining, recording, storing, preserving, altering, rearranging, disclosing, transferring, taking over, making available, classifying, or preventing the use of personal data, provided that the data is part of a data recording system.
Personal Data Owner/Relevant Person Refers to Company Stakeholders, Company Business Partners, Company Officials, Employee Candidates, Employees, Visitors, Company Customers, Potential Customers, Third Parties, and individuals whose personal data is processed by the company.
Data Recording System Refers to the recording system in which personal data is processed by being structured according to specific criteria.
Data Controller Refers to the natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system.
Data Processor Refers to the natural or legal person who processes personal data on behalf of the data controller based on the authority given by the data controller.
Explicit Consent Consent that is based on information and expressed with free will regarding a specific subject.
Anonymization The process of making data, which was previously associated with a person, unidentifiable with a specific or identifiable natural person, even when matched with other data.
Destruction The process of deleting, destroying, or anonymizing personal data.
Law Refers to the Personal Data Protection Law No. 6698.
KVK Board Refers to the Personal Data Protection Board.
WHICH PERSONAL DATA DO WE PROCESS.
Depending on your visit to Labor Organic’s website, your Labor Organic Club Card membership, your phone or email communications, your e-newsletter subscription, your phone conversations/shares with Customer Service, your purchase of products/services from Labor Organic through contact or appointment forms you filled out, your visits to our workplaces, your job applications, or any other legal or commercial relationship you enter into, the following personal data may be processed.
Identity Information: Name-Surname, National ID Number, Place of Birth, Date of Birth, Signature.
Contact Information: Address, phone number, email address.
Visual and Audio Information: Data related to individuals appearing in camera recordings made for security purposes in Labor Organic’s physical environments, and data related to individuals’ voices recorded during call center conversations.
Customer Transaction Data: This includes records of the use of products and services purchased from Labor Organic's websites or stores, as well as information such as customer number, contract numbers, transaction date, and account number, along with instructions and requests necessary for the customer's use of the products and services.
Special Category Personal Data: This category includes (i) health data obtained from personnel within the scope of healthcare services, personnel records, and occupational safety, or health declarations obtained from personnel candidates; and (ii) criminal record data related to convictions of personnel and personnel candidates.
Personnel Information: This category includes types of data such as identity and contact information, as well as professional, educational, and financial information that are legally required to be created within the personnel file as part of the employment contract with the personnel.
Educational Data: This includes data such as diplomas, transcripts, and certificates that show the educational background of personnel and candidates, which are included in the forms filled out or resumes prepared during job applications or requested during the hiring process.
Professional Experience: This includes data that show the work experiences and professional titles of personnel candidates, which are included in the forms filled out or resumes prepared during job applications.
Transaction Security Data: This includes data such as IP addresses, access logs, service start and end times, types of services utilized, and the amount of data transferred.
RELATED PERSON CATEGORIES
This refers to real or legal persons who benefit from the services provided by Labor Organic.
Potential Customer: This refers to real or legal persons who show interest in using the services provided by Labor Organic, demonstrate the intention to benefit from the services through the website or other channels, and request a quote, indicating their potential to become customers.
This refers to real persons who visit all workplaces and the website of the company.
Third Parties: This refers to real persons other than those included in the above-mentioned Related Person categories and Labor Organic employees.
Business Partners/Suppliers and Their Employees: This refers to parties with whom Labor Organic establishes business partnerships or who provide goods or services to the Company in accordance with Labor Organic's instructions and on a contractual basis for purposes such as conducting commercial activities, as well as the employees of these parties.
Employee Candidate: This refers to persons who apply for a job at Labor Organic.
This refers to real persons who perform services under an employment contract at Labor Organic.
This refers to the shareholders and partners of the company.
HOW AND FOR WHAT LEGAL REASONS WE COLLECT YOUR PERSONAL DATA
In Physical Environment;
Your personal data is collected directly from you through your purchases from Labor Organic's stores, forms you fill out in stores such as skin and hair analysis forms, forms developed for our "Refer a Friend" application, store visits, contracts you sign, CVs you share as part of your job application, or job application forms you fill out.
In Electronic Environment;
Your personal data is collected directly from you through your purchases from Labor Organic's website, Labor Organic Club Card membership forms you fill out, requests and complaints you share via the website, phone, or email, our call center, your posts on our social media accounts, and images reflected on security cameras.
Personal data collected from both environments is recorded in the Labor Organic database and can be processed through automated and non-automated means.
Within the scope of the commercial and/or contractual relationship between you and Labor Organic (product or service purchase, membership contract, workplace visits), your personal data can be processed for the purposes specified below and in accordance with Article 5 of Law No. 6698; for the establishment and execution of the contract, the establishment of a right, fulfilling legal obligations, and within the scope of our legitimate interests, provided that your rights are protected and not harmed. During your visits to our workplaces, your image is recorded by security cameras for security reasons and processed limited to this operation.
If you do not purchase goods or services from Labor Organic, and there is no legal or commercial relationship established between us, we may process your personal data mentioned above based on your EXPLICIT CONSENT in accordance with Article 5, Paragraph 1 of the Law. Your explicit consent can be obtained by communicating the PASSWORD generated for you to Labor Organic personnel if you find the information text sent to you via SMS or Email appropriate. Additionally, your consent will be considered obtained if you check the permission/approval boxes located in the membership and shopping areas of the website and click the “submit” button. You can withdraw your consent at any time.
PURPOSES OF PROCESSING YOUR PERSONAL DATA
Your Personal Data is processed for the purposes outlined below:
For Customers and Members;
Execution of Goods/Services Procurement Processes
Execution of Goods/Services Sales Processes
Managing Customer Relationship Management Processes
Conducting Customer Satisfaction Activities
Ensuring Physical Space Security
Post-Sales Support Services Management
Conducting Financial and Accounting Affairs
Managing Processes Related to Company/Product/Service Loyalty
Conduct Transactions and Activities Under Commercial/Contractual Relationships, Fulfill Financial and Legal Obligations
Tracking Requests / Complaints
Fulfillment of Legal Obligations
Providing Information to Authorized Persons, Institutions, and Organizations
Formation and Execution of Membership Agreement and Customer Membership
Utilization of Advantages
Execution of Legal Proceedings
Marketing and Promotional Activities
Commercial Electronic Message Transmission
Conducting Marketing Analysis Studies
Managing Advertisement / Campaign / Promotion Processes
Information Security, Storage, and Archiving Activities
For Potential Customers;
Your identity and contact information, which are directly obtained from you through your visits to our website and stores, the forms you fill out, your e-newsletter subscription, your posts on our Social Media Accounts, and the requests and complaints you convey to our call center, are processed based on your explicit consent for marketing purposes within the scope of sending you advertisements, campaigns, and other commercial communications related to our products and services, and offering you some special products. If there is a request or complaint that you have conveyed to Labor Organic, then in this case, your identity and contact information are processed for a limited period in accordance with Article 5/2 of the Law, in order to manage this request and complaint.
For Suppliers/Business Partners;
Within the scope of the commercial relationship between our company and you, the personal data of your company officials and employees can be processed for the purposes listed below, in accordance with the main principles stipulated in the Law and the personal data processing conditions, as specified in Article 5 of the Law: Establishment and execution of our contracts, fulfillment of legal obligations, and within the scope of our company's legitimate interests.
Fulfillment of Legal Obligations
Managing Contract Processes
Conducting Financial and Accounting Affairs
Legal Process Management and Monitoring
Conducting Internal Company Operations
Strategic Planning & Business Partners/Supplier Management
Ensuring Physical Space Security
Conducting Logistics Operations
Managing Supply Chain Management Processes
The preservation of your information as required by relevant legislation; copying and backing up to prevent data loss; ensuring the consistency of your information; taking necessary technical and administrative measures for the security of our databases and your information.
For Visitors;
In order to ensure the safety of our company and visitors, as well as to fulfill our legal obligations and legitimate interests, visual data from security cameras in physical environments and transaction security data obtained during your use of internet access provided during your visit to our workplace are processed for the following purposes.
Conducting Auditing and Security Activities
Managing Information Security Processes
Creating and Tracking Visitor Records
Ensuring Physical Space Security
Providing Information to Authorized Persons, Institutions, and Organizations
Ensuring the Security of Data Controller Operations
Providing Internet Access and Ensuring Access Security
For Job Applicants;
Labor Organic processes personal data shared through CVs or application forms submitted via our website www.labororganic.com or directly to our company headquarters or stores, in accordance with Article 5 of the Law. This processing is carried out for the purposes of personnel recruitment and management of human resources processes, establishing employment contracts, asserting a right, and using them as evidence in legal disputes, within the scope of our company's legitimate interests and for the purposes listed below.
Conducting Candidate/Intern/Student Selection and Placement Processes
Managing Job Application Processes for Candidates
Managing Human Resources Operations and Especially Recruitment Processes
Conducting Activities to Ensure Business Continuity
Ensuring Physical Space Security
For Employees;
Labor Organic processes personal data of employees for reasons stemming from relevant legislation, to create personnel files, to enter into service contracts with you, and within the scope of Labor Organic's management rights and legitimate interests, for the purposes listed below.
Managing Information Security Processes
Fulfilling Employment Contracts and Legal Obligations for Employees
Managing Employee Benefits and Perks Processes
Conducting Auditing/Ethical Activities
Conducting Training Activities
Managing Access Permissions
Ensuring Compliance with Legislation in Conducting Activities
Conducting Financial and Accounting Affairs
Ensuring Physical Space Security
Managing Assignment Processes
Monitoring and Conducting Legal Affairs
Planning Human Resources Processes
Conducting/Monitoring Business Activities
Conducting Occupational Health and Safety Activities
Conducting Activities to Ensure Business Continuity
Providing Information to Authorized Persons, Institutions, and Organizations
Conducting Management Activities
Making Necessary Legal Notifications to Official Institutions, Benefiting from Incentives Before Official Institutions, Making Notifications to Relevant Authorities within the Scope of Audits by Official Institutions
Managing Human Resources Operations and Especially Personnel Affairs
PARTIES TO WHOM YOUR PERSONAL DATA IS TRANSFERRED AND PURPOSES OF TRANSFER
Labor Organic may transfer your personal data to the following domestic recipient groups for the purposes listed in this Policy and within the scope of the Law and other relevant legislation:
Our suppliers and business partners (such as companies providing web infrastructure services, cargo companies, auditing firms) that we work with to provide or deliver the services offered to you,
Our business partners and suppliers with whom we cooperate and/or receive services for the purposes of providing and promoting services, and similar purposes, including banks, financial institutions, IT service companies, companies providing SMS and email sending services, survey companies
Lawyers, auditors, consultants, and service providers,
Your authorized proxies, guardians, and representatives,
Regulatory and supervisory institutions and organizations authorized to request your personal data, such as courts and enforcement offices, and the persons they designate,
The Labor Organic Group of Companies to which our company belongs.
COMMERCIAL ELECTRONIC COMMUNICATION
Labor Organic may process identity and contact data and communicate with data subjects to send commercial electronic communications (such as SMS, EMAIL, etc.) for advertising, campaign announcements, promotions, and similar commercial purposes using their contact information. Labor Organic obtains electronic communication consent from the relevant persons for this activity and conducts the activity within the scope of this consent.
RIGHTS OF DATA SUBJECTS LISTED IN ARTICLE 11 OF THE LAW
To learn whether your Personal Data is being processed,
To request information if your Personal Data has been processed,
To learn the purpose of processing your Personal Data and whether it is being used in accordance with its purpose,
Knowing the third parties to whom your Personal Data is transferred, whether domestically or abroad,
Requesting the correction of your Personal Data if it has been processed incompletely or inaccurately,
Requesting the deletion or destruction of your Personal Data within the framework of the conditions stipulated in the KVKK legislation,
Requesting that the actions carried out within the scope of Articles 5 and 6 be notified to the third parties to whom your Personal Data has been transferred,
Objecting to any result that arises against you through the analysis of the processed data exclusively by automatic systems,
Having the right to demand the compensation of damages if you suffer harm due to the unlawful processing of Personal Data.
ENSURING THE SECURITY AND CONFIDENTIALITY OF PERSONAL DATA
The Company takes all necessary measures, within the bounds of possibility, according to the nature of the data to be protected, to prevent the unlawful disclosure, access, transfer, or other security deficiencies of personal data.
In this context, the Company takes all necessary (i) administrative and (ii) technical measures, (iii) establishes an audit system within the company, and (iv) acts in accordance with the measures stipulated in the KVKK Law in case of unlawful disclosure of personal data.
DESTRUCTION OF PERSONAL DATA
Pursuant to Article 7 of the Law, although it has been processed in accordance with the law, if the reasons requiring its processing disappear, the Company deletes, destroys, or anonymizes personal data ex officio or upon the request of the Relevant Person, in accordance with the Data Protection and Destruction Policy, legislation, and the guide published by the Authority, which it has specially prepared for this purpose.
Labor Organic has prepared and published a DESTRUCTION POLICY within the company that determines the procedures for the destruction of personal data. All destruction processes are carried out in accordance with this policy. At the same time, Labor Organic has clearly determined the destruction periods for each process and type of personal data in the personal data inventory. The retention periods determined in the inventory are taken as a basis in the periodic data destruction process carried out every 6 months.
MATTERS RELATING TO THE PROTECTION OF PERSONAL DATA
Labor Organic, in accordance with Article 12 of the KVKK Law, takes the necessary technical and administrative measures to ensure the appropriate level of security to prevent the unlawful processing of personal data, unlawful access to data, and to ensure the protection of data, and within this scope, conducts or has conducted the necessary audits.
Labor Organic takes technical and administrative measures according to technological capabilities and implementation costs to ensure the lawful processing of personal data.
TECHNICAL MEASURES
The main technical measures taken by Labor Organic to ensure the lawful processing of personal data are listed below:
The personal data processing activities carried out within Labor Organic are monitored by established technical systems.
The technical measures taken are periodically reported to the relevant party as part of the internal audit mechanism.
Departments have been established for technical matters, and knowledgeable personnel are employed in this regard.
New technological developments are followed, and technical measures are taken on systems, especially in the field of cybersecurity. The measures taken are periodically updated and renewed.
Technical solutions for access and authorization are implemented within the framework of the legal compliance requirements specified for each department within Labor Organic.
Access rights are restricted and regularly reviewed. Access restrictions are applied to former employees, and accounts are closed.
The technical measures taken within the scope of Labor Organic's internal operations are reported to the relevant users, and necessary technological solutions are produced by re-evaluating the issues that pose a risk.
Software and hardware including virus protection systems, data vulnerability securities, and firewalls are installed.
Expert personnel are employed for technical matters.
All information systems, including applications where personal data is collected, are regularly subjected to external impact tests to identify security vulnerabilities, and the identified vulnerabilities are closed based on the results of these tests.
ADMINISTRATIVE MEASURES
Administrative measures taken by Labor Organic to ensure the lawful processing of personal data:
Labor Organic employees are informed and trained on personal data protection law and the lawful processing of personal data.
All personal data processing activities carried out by Labor Organic are conducted in accordance with the personal data inventory and its annexes, which have been created by thoroughly analyzing all business units.
Personal data processing activities carried out by relevant departments within Labor Organic are bound by written policies and procedures to ensure compliance with the personal data processing conditions required by KVKK. Each business unit has been informed about this issue and the specific points to be considered in their particular activities have been identified.
The audit and management of personal data security within the departments of Labor Organic are organized by the Information Security Committees. Awareness is raised to meet the legal requirements determined on a business unit basis, and necessary administrative measures are implemented through internal policies, procedures, and training to ensure the continuity of these practices.
Service contracts and related documents between Labor Organic and employees include records containing information on personal data and data security, and additional protocols are made. Efforts have been made to create the necessary awareness among employees on this issue.
Legal compliance, access to personal data, and authorization processes are implemented within the company, taking into account the personal data processing processes specific to each department within Labor Organic.
To exercise your rights under KVKK as mentioned above, you can submit your request to Labor Organic by filling out the relevant person application form available on www.labororganic.com or by sending a similar written document with a wet signature to (i) Labor Organic's postal address below via registered mail with return receipt requested, or (ii) by using the email address registered in our systems to send an email to kvkk@labororganic.com, or (iii) through other application methods specified in the relevant legislation.
When individuals submit their requests regarding their personal data to our Company in writing, the Company, as the data controller, conducts the necessary processes to ensure that the request is concluded as soon as possible and within thirty (30) days at the latest, in accordance with Article 13 of the KVKK, depending on the nature of the request.
To ensure data security, the Company may request information to verify whether the applicant is the owner of the personal data subject to the application. Our Company may also ask questions to the Applicant to ensure that the application is concluded in accordance with the request.
In cases where the applicant's request may potentially obstruct the rights and freedoms of other individuals, require disproportionate effort, or if the information is publicly available, Labor Organic may reject the request by providing justification.
ENFORCEMENT OF THE POLICY
This Policy, issued by Labor Organic, came into effect in 2020. This Policy is published on Labor Organic's website (www.labororganic.com) and is made available to relevant individuals upon request.
LABOR ORGANIC COSMETICS INC. (DATA CONTROLLER)
ADDRESS: Karaciğan Mah. Şair Senihi Sk. Enntepe Mall Office C Block Floor 7 No 3/708 42050 Karatay/KONYA/Turkey
PHONE: 0850 335 0 373
TAX OFFICE/NO: Selçuk VD 815 106 7679
WEB: www.labororganic.com
Dear Customers, Members, Business Partners/Suppliers, Job Applicants, Employees, and Visitors; As Labor Organic Cosmetics Inc. (“Labor Organic” or “Company”), we place great importance on the protection of your personal data. In this context, we would like to inform you about your personal data and processing processes as a “data controller” in accordance with the Personal Data Protection Law No. 6698 (“KVKK”).
This Policy aims to ensure the sustainability of the Company’s principle of “conducting company activities with transparency.” In this context, the fundamental principles adopted in terms of compliance with the regulations in the Personal Data Protection Law No. 6698 (“KVK Law”) regarding the Company’s data processing activities are determined and the practices carried out by the Company are explained.
The Policy is directed towards natural persons whose personal data is processed by the Company through automated or non-automated means, provided that it is part of any data recording system.
The Policy has been published on the Company’s website and presented to the public. In the event of a conflict between the regulations in this Policy and the applicable legislation, particularly the Law, the provisions of the legislation shall apply.
The Company reserves the right to make changes to the Policy in parallel with legal regulations.
DEFINITIONS
Company Labor Organic Cosmetics Inc.
Personal Data Any kind of information relating to an identified or identifiable natural person.
Processing of Personal Data Any operation performed on personal data, whether or not by automated means, such as obtaining, recording, storing, preserving, altering, rearranging, disclosing, transferring, taking over, making available, classifying, or preventing the use of personal data, provided that the data is part of a data recording system.
Personal Data Owner/Relevant Person Refers to Company Stakeholders, Company Business Partners, Company Officials, Employee Candidates, Employees, Visitors, Company Customers, Potential Customers, Third Parties, and individuals whose personal data is processed by the company.
Data Recording System Refers to the recording system in which personal data is processed by being structured according to specific criteria.
Data Controller Refers to the natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system.
Data Processor Refers to the natural or legal person who processes personal data on behalf of the data controller based on the authority given by the data controller.
Explicit Consent Consent that is based on information and expressed with free will regarding a specific subject.
Anonymization The process of making data, which was previously associated with a person, unidentifiable with a specific or identifiable natural person, even when matched with other data.
Destruction The process of deleting, destroying, or anonymizing personal data.
Law Refers to the Personal Data Protection Law No. 6698.
KVK Board Refers to the Personal Data Protection Board.
WHICH PERSONAL DATA DO WE PROCESS.
Depending on your visit to Labor Organic’s website, your Labor Organic Club Card membership, your phone or email communications, your e-newsletter subscription, your phone conversations/shares with Customer Service, your purchase of products/services from Labor Organic through contact or appointment forms you filled out, your visits to our workplaces, your job applications, or any other legal or commercial relationship you enter into, the following personal data may be processed.
Identity Information: Name-Surname, National ID Number, Place of Birth, Date of Birth, Signature.
Contact Information: Address, phone number, email address.
Visual and Audio Information: Data related to individuals appearing in camera recordings made for security purposes in Labor Organic’s physical environments, and data related to individuals’ voices recorded during call center conversations.
Customer Transaction Data: This includes records of the use of products and services purchased from Labor Organic's websites or stores, as well as information such as customer number, contract numbers, transaction date, and account number, along with instructions and requests necessary for the customer's use of the products and services.
Special Category Personal Data: This category includes (i) health data obtained from personnel within the scope of healthcare services, personnel records, and occupational safety, or health declarations obtained from personnel candidates; and (ii) criminal record data related to convictions of personnel and personnel candidates.
Personnel Information: This category includes types of data such as identity and contact information, as well as professional, educational, and financial information that are legally required to be created within the personnel file as part of the employment contract with the personnel.
Educational Data: This includes data such as diplomas, transcripts, and certificates that show the educational background of personnel and candidates, which are included in the forms filled out or resumes prepared during job applications or requested during the hiring process.
Professional Experience: This includes data that show the work experiences and professional titles of personnel candidates, which are included in the forms filled out or resumes prepared during job applications.
Transaction Security Data: This includes data such as IP addresses, access logs, service start and end times, types of services utilized, and the amount of data transferred.
RELATED PERSON CATEGORIES
This refers to real or legal persons who benefit from the services provided by Labor Organic.
Potential Customer: This refers to real or legal persons who show interest in using the services provided by Labor Organic, demonstrate the intention to benefit from the services through the website or other channels, and request a quote, indicating their potential to become customers.
This refers to real persons who visit all workplaces and the website of the company.
Third Parties: This refers to real persons other than those included in the above-mentioned Related Person categories and Labor Organic employees.
Business Partners/Suppliers and Their Employees: This refers to parties with whom Labor Organic establishes business partnerships or who provide goods or services to the Company in accordance with Labor Organic's instructions and on a contractual basis for purposes such as conducting commercial activities, as well as the employees of these parties.
Employee Candidate: This refers to persons who apply for a job at Labor Organic.
This refers to real persons who perform services under an employment contract at Labor Organic.
This refers to the shareholders and partners of the company.
HOW AND FOR WHAT LEGAL REASONS WE COLLECT YOUR PERSONAL DATA
In Physical Environment;
Your personal data is collected directly from you through your purchases from Labor Organic's stores, forms you fill out in stores such as skin and hair analysis forms, forms developed for our "Refer a Friend" application, store visits, contracts you sign, CVs you share as part of your job application, or job application forms you fill out.
In Electronic Environment;
Your personal data is collected directly from you through your purchases from Labor Organic's website, Labor Organic Club Card membership forms you fill out, requests and complaints you share via the website, phone, or email, our call center, your posts on our social media accounts, and images reflected on security cameras.
Personal data collected from both environments is recorded in the Labor Organic database and can be processed through automated and non-automated means.
Within the scope of the commercial and/or contractual relationship between you and Labor Organic (product or service purchase, membership contract, workplace visits), your personal data can be processed for the purposes specified below and in accordance with Article 5 of Law No. 6698; for the establishment and execution of the contract, the establishment of a right, fulfilling legal obligations, and within the scope of our legitimate interests, provided that your rights are protected and not harmed. During your visits to our workplaces, your image is recorded by security cameras for security reasons and processed limited to this operation.
If you do not purchase goods or services from Labor Organic, and there is no legal or commercial relationship established between us, we may process your personal data mentioned above based on your EXPLICIT CONSENT in accordance with Article 5, Paragraph 1 of the Law. Your explicit consent can be obtained by communicating the PASSWORD generated for you to Labor Organic personnel if you find the information text sent to you via SMS or Email appropriate. Additionally, your consent will be considered obtained if you check the permission/approval boxes located in the membership and shopping areas of the website and click the “submit” button. You can withdraw your consent at any time.
PURPOSES OF PROCESSING YOUR PERSONAL DATA
Your Personal Data is processed for the purposes outlined below:
For Customers and Members;
Execution of Goods/Services Procurement Processes
Execution of Goods/Services Sales Processes
Managing Customer Relationship Management Processes
Conducting Customer Satisfaction Activities
Ensuring Physical Space Security
Post-Sales Support Services Management
Conducting Financial and Accounting Affairs
Managing Processes Related to Company/Product/Service Loyalty
Conduct Transactions and Activities Under Commercial/Contractual Relationships, Fulfill Financial and Legal Obligations
Tracking Requests / Complaints
Fulfillment of Legal Obligations
Providing Information to Authorized Persons, Institutions, and Organizations
Formation and Execution of Membership Agreement and Customer Membership
Utilization of Advantages
Execution of Legal Proceedings
Marketing and Promotional Activities
Commercial Electronic Message Transmission
Conducting Marketing Analysis Studies
Managing Advertisement / Campaign / Promotion Processes
Information Security, Storage, and Archiving Activities
For Potential Customers;
Your identity and contact information, which are directly obtained from you through your visits to our website and stores, the forms you fill out, your e-newsletter subscription, your posts on our Social Media Accounts, and the requests and complaints you convey to our call center, are processed based on your explicit consent for marketing purposes within the scope of sending you advertisements, campaigns, and other commercial communications related to our products and services, and offering you some special products. If there is a request or complaint that you have conveyed to Labor Organic, then in this case, your identity and contact information are processed for a limited period in accordance with Article 5/2 of the Law, in order to manage this request and complaint.
For Suppliers/Business Partners;
Within the scope of the commercial relationship between our company and you, the personal data of your company officials and employees can be processed for the purposes listed below, in accordance with the main principles stipulated in the Law and the personal data processing conditions, as specified in Article 5 of the Law: Establishment and execution of our contracts, fulfillment of legal obligations, and within the scope of our company's legitimate interests.
Fulfillment of Legal Obligations
Managing Contract Processes
Conducting Financial and Accounting Affairs
Legal Process Management and Monitoring
Conducting Internal Company Operations
Strategic Planning & Business Partners/Supplier Management
Ensuring Physical Space Security
Conducting Logistics Operations
Managing Supply Chain Management Processes
The preservation of your information as required by relevant legislation; copying and backing up to prevent data loss; ensuring the consistency of your information; taking necessary technical and administrative measures for the security of our databases and your information.
For Visitors;
In order to ensure the safety of our company and visitors, as well as to fulfill our legal obligations and legitimate interests, visual data from security cameras in physical environments and transaction security data obtained during your use of internet access provided during your visit to our workplace are processed for the following purposes.
Conducting Auditing and Security Activities
Managing Information Security Processes
Creating and Tracking Visitor Records
Ensuring Physical Space Security
Providing Information to Authorized Persons, Institutions, and Organizations
Ensuring the Security of Data Controller Operations
Providing Internet Access and Ensuring Access Security
For Job Applicants;
Labor Organic processes personal data shared through CVs or application forms submitted via our website www.labororganic.com or directly to our company headquarters or stores, in accordance with Article 5 of the Law. This processing is carried out for the purposes of personnel recruitment and management of human resources processes, establishing employment contracts, asserting a right, and using them as evidence in legal disputes, within the scope of our company's legitimate interests and for the purposes listed below.
Conducting Candidate/Intern/Student Selection and Placement Processes
Managing Job Application Processes for Candidates
Managing Human Resources Operations and Especially Recruitment Processes
Conducting Activities to Ensure Business Continuity
Ensuring Physical Space Security
For Employees;
Labor Organic processes personal data of employees for reasons stemming from relevant legislation, to create personnel files, to enter into service contracts with you, and within the scope of Labor Organic's management rights and legitimate interests, for the purposes listed below.
Managing Information Security Processes
Fulfilling Employment Contracts and Legal Obligations for Employees
Managing Employee Benefits and Perks Processes
Conducting Auditing/Ethical Activities
Conducting Training Activities
Managing Access Permissions
Ensuring Compliance with Legislation in Conducting Activities
Conducting Financial and Accounting Affairs
Ensuring Physical Space Security
Managing Assignment Processes
Monitoring and Conducting Legal Affairs
Planning Human Resources Processes
Conducting/Monitoring Business Activities
Conducting Occupational Health and Safety Activities
Conducting Activities to Ensure Business Continuity
Providing Information to Authorized Persons, Institutions, and Organizations
Conducting Management Activities
Making Necessary Legal Notifications to Official Institutions, Benefiting from Incentives Before Official Institutions, Making Notifications to Relevant Authorities within the Scope of Audits by Official Institutions
Managing Human Resources Operations and Especially Personnel Affairs
PARTIES TO WHOM YOUR PERSONAL DATA IS TRANSFERRED AND PURPOSES OF TRANSFER
Labor Organic may transfer your personal data to the following domestic recipient groups for the purposes listed in this Policy and within the scope of the Law and other relevant legislation:
Our suppliers and business partners (such as companies providing web infrastructure services, cargo companies, auditing firms) that we work with to provide or deliver the services offered to you,
Our business partners and suppliers with whom we cooperate and/or receive services for the purposes of providing and promoting services, and similar purposes, including banks, financial institutions, IT service companies, companies providing SMS and email sending services, survey companies
Lawyers, auditors, consultants, and service providers,
Your authorized proxies, guardians, and representatives,
Regulatory and supervisory institutions and organizations authorized to request your personal data, such as courts and enforcement offices, and the persons they designate,
The Labor Organic Group of Companies to which our company belongs.
COMMERCIAL ELECTRONIC COMMUNICATION
Labor Organic may process identity and contact data and communicate with data subjects to send commercial electronic communications (such as SMS, EMAIL, etc.) for advertising, campaign announcements, promotions, and similar commercial purposes using their contact information. Labor Organic obtains electronic communication consent from the relevant persons for this activity and conducts the activity within the scope of this consent.
RIGHTS OF DATA SUBJECTS LISTED IN ARTICLE 11 OF THE LAW
To learn whether your Personal Data is being processed,
To request information if your Personal Data has been processed,
To learn the purpose of processing your Personal Data and whether it is being used in accordance with its purpose,
Knowing the third parties to whom your Personal Data is transferred, whether domestically or abroad,
Requesting the correction of your Personal Data if it has been processed incompletely or inaccurately,
Requesting the deletion or destruction of your Personal Data within the framework of the conditions stipulated in the KVKK legislation,
Requesting that the actions carried out within the scope of Articles 5 and 6 be notified to the third parties to whom your Personal Data has been transferred,
Objecting to any result that arises against you through the analysis of the processed data exclusively by automatic systems,
Having the right to demand the compensation of damages if you suffer harm due to the unlawful processing of Personal Data.
ENSURING THE SECURITY AND CONFIDENTIALITY OF PERSONAL DATA
The Company takes all necessary measures, within the bounds of possibility, according to the nature of the data to be protected, to prevent the unlawful disclosure, access, transfer, or other security deficiencies of personal data.
In this context, the Company takes all necessary (i) administrative and (ii) technical measures, (iii) establishes an audit system within the company, and (iv) acts in accordance with the measures stipulated in the KVKK Law in case of unlawful disclosure of personal data.
DESTRUCTION OF PERSONAL DATA
Pursuant to Article 7 of the Law, although it has been processed in accordance with the law, if the reasons requiring its processing disappear, the Company deletes, destroys, or anonymizes personal data ex officio or upon the request of the Relevant Person, in accordance with the Data Protection and Destruction Policy, legislation, and the guide published by the Authority, which it has specially prepared for this purpose.
Labor Organic has prepared and published a DESTRUCTION POLICY within the company that determines the procedures for the destruction of personal data. All destruction processes are carried out in accordance with this policy. At the same time, Labor Organic has clearly determined the destruction periods for each process and type of personal data in the personal data inventory. The retention periods determined in the inventory are taken as a basis in the periodic data destruction process carried out every 6 months.
MATTERS RELATING TO THE PROTECTION OF PERSONAL DATA
Labor Organic, in accordance with Article 12 of the KVKK Law, takes the necessary technical and administrative measures to ensure the appropriate level of security to prevent the unlawful processing of personal data, unlawful access to data, and to ensure the protection of data, and within this scope, conducts or has conducted the necessary audits.
Labor Organic takes technical and administrative measures according to technological capabilities and implementation costs to ensure the lawful processing of personal data.
TECHNICAL MEASURES
The main technical measures taken by Labor Organic to ensure the lawful processing of personal data are listed below:
The personal data processing activities carried out within Labor Organic are monitored by established technical systems.
The technical measures taken are periodically reported to the relevant party as part of the internal audit mechanism.
Departments have been established for technical matters, and knowledgeable personnel are employed in this regard.
New technological developments are followed, and technical measures are taken on systems, especially in the field of cybersecurity. The measures taken are periodically updated and renewed.
Technical solutions for access and authorization are implemented within the framework of the legal compliance requirements specified for each department within Labor Organic.
Access rights are restricted and regularly reviewed. Access restrictions are applied to former employees, and accounts are closed.
The technical measures taken within the scope of Labor Organic's internal operations are reported to the relevant users, and necessary technological solutions are produced by re-evaluating the issues that pose a risk.
Software and hardware including virus protection systems, data vulnerability securities, and firewalls are installed.
Expert personnel are employed for technical matters.
All information systems, including applications where personal data is collected, are regularly subjected to external impact tests to identify security vulnerabilities, and the identified vulnerabilities are closed based on the results of these tests.
ADMINISTRATIVE MEASURES
Administrative measures taken by Labor Organic to ensure the lawful processing of personal data:
Labor Organic employees are informed and trained on personal data protection law and the lawful processing of personal data.
All personal data processing activities carried out by Labor Organic are conducted in accordance with the personal data inventory and its annexes, which have been created by thoroughly analyzing all business units.
Personal data processing activities carried out by relevant departments within Labor Organic are bound by written policies and procedures to ensure compliance with the personal data processing conditions required by KVKK. Each business unit has been informed about this issue and the specific points to be considered in their particular activities have been identified.
The audit and management of personal data security within the departments of Labor Organic are organized by the Information Security Committees. Awareness is raised to meet the legal requirements determined on a business unit basis, and necessary administrative measures are implemented through internal policies, procedures, and training to ensure the continuity of these practices.
Service contracts and related documents between Labor Organic and employees include records containing information on personal data and data security, and additional protocols are made. Efforts have been made to create the necessary awareness among employees on this issue.
Legal compliance, access to personal data, and authorization processes are implemented within the company, taking into account the personal data processing processes specific to each department within Labor Organic.
To exercise your rights under KVKK as mentioned above, you can submit your request to Labor Organic by filling out the relevant person application form available on www.labororganic.com or by sending a similar written document with a wet signature to (i) Labor Organic's postal address below via registered mail with return receipt requested, or (ii) by using the email address registered in our systems to send an email to kvkk@labororganic.com, or (iii) through other application methods specified in the relevant legislation.
When individuals submit their requests regarding their personal data to our Company in writing, the Company, as the data controller, conducts the necessary processes to ensure that the request is concluded as soon as possible and within thirty (30) days at the latest, in accordance with Article 13 of the KVKK, depending on the nature of the request.
To ensure data security, the Company may request information to verify whether the applicant is the owner of the personal data subject to the application. Our Company may also ask questions to the Applicant to ensure that the application is concluded in accordance with the request.
In cases where the applicant's request may potentially obstruct the rights and freedoms of other individuals, require disproportionate effort, or if the information is publicly available, Labor Organic may reject the request by providing justification.
ENFORCEMENT OF THE POLICY
This Policy, issued by Labor Organic, came into effect in 2020. This Policy is published on Labor Organic's website (www.labororganic.com) and is made available to relevant individuals upon request.
LABOR ORGANIC COSMETICS INC. (DATA CONTROLLER)
ADDRESS: Karaciğan Mah. Şair Senihi Sk. Enntepe Mall Office C Block Floor 7 No 3/708 42050 Karatay/KONYA/Turkey
PHONE: 0850 335 0 373
TAX OFFICE/NO: Selçuk VD 815 106 7679
WEB: www.labororganic.com