Last updated: (publishing date) 05/12/2021


Welcome to our website https://albursa.com/. Here you can find our GDPR and KVKK Compliance Policy. As ALBURSA E-TİCARET ANONİM ŞİRKETİ (referred to as “ALBURSA”, “Company” or “we/our/us”.) We are using the phrase "KVKK And GDPR Compliance Policy" (“Policy” or “Agreement”) to describe a general agreement between ALBURSA and all Users (which are; visitors, members (registered-free or paid) user(s), contributors and others who access the Service for any purpose (as “User”)).

This website, albursa.com our web page, explains the terms by which you may use our online and/or mobile services, website, and software provided on or in connection with the service (collectively the “Service”).

Our website is not designed or directed at children. As ALBURSA, we comply with COPPA, and other regulations to protect children’s rights.

Also visit our General Terms Of Use, Privacy Policy and Cookie Policy posted on our website. We recommend you visit this page regularly to review the current KVKK and GDPR Compliance Policy.

1-) Introduction
The General Data Protection Regulation (GDPR) is a European Union (EU) legislation that aims to give EU residents more control over their data, and the Personal Data Protection Law (KVKK) in Turkey also aims at a similar protection with its regulations.
KVKK and GDPR regulate the obligations, procedures, and principles that natural and/or legal persons accessing personal data must comply with. With these regulations, it is aimed to protect the privacy of the natural person whose personal data is processed, as well as to ensure data security.

These two legal regulations prevent the collection of personal data without any discrimination and aim to prevent the misuse of personal data, the access of unauthorized persons and thus the violation of personal rights. Besides, these two of the mentioned legislations regulate a similar scope with a similar aim.

2-) Definitions
In addition to the definitions in the text of this agreement the definitions of terms in this Policy are as follows;

o GDPR: The General Data Protection Regulation, is a regulation in European Law that sets a guideline for the collection and processing of personal information from individuals.
o KVKK: Turkish Personal Data Protection Law No. 6698, as published in the Official Gazette No. 29677, dated April 7th, 2016, and aims to prevent the violation of personal rights as a result of unrestricted and unlawful collection of, unauthorized access to, disclosure, abuse or misuse of personal data by regulating the processing of personal data.

o Cookies and Similar Tracking Technologies: Cookies and other similar technologies are text files with small pieces of data that are stored on the users’ device when websites are loaded in a browser and considered as personal data under the GDPR and KVKK.

o Data Processing: Any action performed on data, whether automated or manual.

o Data Subject: The person whose data is processed.

o Data Controller: The person who decides why and how personal data will be processed.

o Data Processor: A third party that processes personal data on behalf of a data controller.

o Personal Data: Personal Data is any information relating to an identified or identifiable natural person.

3-) About EU General Data Protection Regulation (GDPR)
General Data Protection Legislation is a European Union law that came into force on 25 May 2018. GDPR determines how individuals and institutions use, process, and store personal data. It applies to all organizations within the EU as well as organizations that supply goods or services to the EU or process data of EU citizens.

4-) About Turkey Personal Data Protection Law (KVKK)
KVKK, which is a kind of the equivalent of GDPR in Turkey, includes the procedures and principles regarding the protection of personal data. KVKK is the first law in the Republic Of Turkey that regulates the protection of personal data and determines the legal obligations that individuals and institutions that process personal data must comply with. The Law on Protection of Personal Data No. 6698, or KVKK for short, entered into force on 7 April 2016.

To whom it applies: KVKK applies to all data controllers and data processors who process or collect data from Turkey. This includes organizations residing in Turkey and foreign natural or legal persons who process the personal information of Turkish data subjects.

5-) Transfer of Personal Data
Our Company may share your personal data within the scope of the Cookie and Privacy Policy with legally authorized public institutions, limited to the realization of the purposes set out in our Policies and in accordance with the legislation and regulations. For more information, please read our Privacy Policy.

6-) Protection Of Personal Data
As ALBURSA A.Ş., we care for and protect the personal data of our Users within the scope of GDPR, the Law on Protection of Personal Data No. 6698 (KVKK), and other legislation. Please visit our “Privacy Policy” to learn more about data protection. In addition, as a Company, we do not save your private personal data. In the limited circumstances where we attempt to collect such data, we will do so in accordance with data privacy law requirements and/or seek your consent.

7-) Data Protection Principles
According to the GDPR, to process the personal data, the processor must comply with seven protection and accountability principles outlined in Article 5.1-2:

o Lawfulness, fairness, and transparency — Processing must be lawful, fair, and transparent to the data subject.
o Purpose limitation — You must process data for the legitimate purposes specified explicitly to the data subject when you collected it.
o Data minimization — You should collect and process only as much data as absolutely necessary for the purposes specified.
o Accuracy — You must keep personal data accurate and up to date.
o Storage limitation — You may only store personally identifying data for as long as necessary for the specified purpose.
o Integrity and confidentiality — Processing must be done in such a way as to ensure appropriate security, integrity, and confidentiality (e.g., by using encryption).
o Accountability — The data controller is responsible for being able to demonstrate GDPR compliance with all of these principles.

8-) Territory
In terms of GDPR;
Any company that markets goods or services to EU residents, as well as EU members, is subject to regulation, regardless of location.
In terms of KVKK;
Unlike the GDPR, the Personal Data Protection Law in Turkey (or KVKK) does not have a territorial scope. KVKK applies to all natural and legal persons who process data originating in Turkey, regardless of whether they are located in Turkey or abroad.

9-) Our Principle On Children's Data
The GDPR provides a specific level of protection to the personal data of children. Article 8 of the GDPR stipulates that the processing of the personal data of a child shall be lawful where the child is at least 16 years of age. On the other hand, Children's Online Privacy Protection Act (COPPA) is also protects the privacy of children under the age of 13 and passed by the US Congress in 1998. The COPPA rules prohibit unfair and deceptive acts and practices in connection with the collection and use of personal information from and about children on the Internet.

As ALBURSA, we comply with those regulations to protect children’s rights. We do not collect personal information from children under the age of 18 and If we become aware of any personal information from a child under the age of 18, we delete them and prevent those access to our Services immediately.

10-) Cookies And Other Technologies
Cookies and other similar technologies are the small text files placed on the computer to collect standard Internet log information and visitor behavior information. They are unique IDs that allow your website to remember the individual user and their preferences and settings when they return to your website. When a user visits our websites or other Service, we may collect information from them automatically through cookies or similar technology. Cookies and other tracking technologies are considered as personal data within the scope of GDPR and KVKK. For further information, please visit our Cookie Policy on this website.

11-) Your Rights as the Data Subject
We would like to make sure you are fully aware of all your data protection rights. Pursuant to Article 11 of the Personal Data Protection Law (KVKK) and GDPR the rights of natural persons whose personal data are processed are as follows.

o The right to access – Users have the right to request our Company for copies of their personal data.
o The right to learn – Users have the right to learn whether or not her/his personal data have been processed and to learn the purpose of the processing of the personal data and whether data are used in accordance with their purpose or not by requesting our Company for copies of their personal data.
o The right to rectification – Users have the right to request that our Company correct any information they believe is inaccurate and also have the right to request our Company to complete the information they believe is incomplete.
o The right to erasure – Users have the right to request that our Company erase their personal data, under certain conditions.
o The right to restrict processing – Users have the right to request that our Company restrict the processing of their personal data, under certain conditions.
o The right to object to processing – Users have the right to object to our Company’s processing of their personal data, under certain conditions.
o The right to data portability – Users have the right to request that our Company transfer the data that we have collected to another organization, or directly to users, under certain conditions.
o The right to know the third parties in the Country or abroad to whom personal data have been transferred;
o The right to object to occurrence of any result that is to her/his detriment by means of the analysis of personal data exclusively through automated systems;
o The right to claim compensation for the damage arising from the unlawful processing of his/her personal data.

In your application containing your requests regarding the right you want to use as a data owner; your request must be clearly stated, and the subject of your request must be personal. In addition, the application must include identification and address details, along with supporting documents confirming your identity. If you are acting on behalf of another person, you must also attach a document containing your special authority.

If you would like to exercise any of these rights, please contact us at our email at: [email protected]

12-) Right to be Forgotten:
The data subject has the right to request the erasure of his/her data. The controller shall erase the subject data if:
o The personal data are no longer necessary and in relation to the purpose for which they are processed,
o The data subject withdraws consent, on which the processing was based,
o The data subject objects to the processing and where the legitimate grounds of processing are not available,
o The personal data have been unlawfully processed,
o The personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;

To exercise any of these, you can contact us at our email at: [email protected]

13-) Severability
If any provisions of this Agreement shall be held to be invalid or unenforceable for any reason, the remaining provisions shall continue to be valid and enforceable. If a court or other competent authority finds that any provision of this Agreement is invalid or unenforceable, but that by limiting such provision it would become valid or enforceable, then such provision shall be deemed to be written, construed, and enforced as so limited.

14-) Amendment
We reserve all the rights, at our sole discretion, to change, amend, update, withdraw, modify, or replace these Agreement terms and also other information, material and content provided in the Site at any time and without any prior notification, and revised KVKK and GDPR Compliance Policy terms and other information shall be effective immediately on posting.

By using our Site, you accept to receive notifications at any time, if you so desire, you may unsubscribe from receiving them. Therefore, please visit this Agreement regularly to stay informed.

15-) In Case of Dispute
As a user, you may always contact us if you believe that your data protection rights have been impaired. Our Company will carefully examine your concern and take the possible precautions. ALBURSA is also obliged to protect the confidentiality of your other personal data obtained in connection with your request.

Moreover, arbitration is an available solution to resolve disputes through out-of-court remedies effectively, quickly and at a lower cost. For more information about arbitration, please visit our General Terms of Use on this website.

16-) Law and Jurisdiction
This Agreement shall be governed by and construed in accordance with the laws of the Republic of Turkey, any disputes relating to these terms and conditions will be subject to the exclusive jurisdiction of the courts of the Republic of Turkey.

17-) Contact Information
Please contact us at [email protected] with any questions regarding this Agreement.

The Data Controller:
Yakuplu Mah. Hürriyet Bulvarı No: 111
İç Kapı No: 4, 34524,
Beylikdüzü/ İstanbul