General Data Protection Regulation
Personal Data Protection Policy (“Policy”), KREMBİ BİLİŞİM VE TEKNOLOJİ A.Ş. As (“KREMBI”), it contains information about how we protect the personal data of users (“User”) who benefit from our services (any information that identifies or serves to identify a person), the rules we comply with when processing personal data, and our data processing processes.
Basic information on the protection of personal data transferred to KREMBI is given below. KREMBI, Law No. 6698 on the Protection of Personal Data (“Law”), art. In order to fulfill the lighting obligation arising from 10, the following explanations are brought to the attention of the user or related person who uses our website, mobile site and/or mobile applications.
KREMBI reserves the right to update this Personal Data Protection Policy, Clarification Text and Privacy Policy at any time within the framework of the changes that can be made in the current legislation and to make some changes in order to make it easier to read.
Within the framework of the explanations made above and in the Personal Data Protection Policy, you declare that you have read and understood this Clarification Text and the Privacy Policy and that you consent to the processing of your personal data by ticking the boxes that you need to tick while registering on the site.
For any questions regarding the protection and processing of your personal data, you can contact us via [email protected].
1.2. Legal Reasons for Personal Data Processing
1.3. Factors Considered When Asking for Explicit Consent
1.4. Personal Data Security
1.5. Rights of Relevant Persons
2.2. Personal Data Collection Methods
2.3. Personal Data Processing Purposes
2.4. Transfer of Personal Data
2.5. Use of Cookies
2.6. Protection of Personal Data
● Compliance with the law and honesty rules. We carry out our data processing activities in accordance with legislative regulations and good faith principles.
● Being accurate and up-to-date when necessary. We always keep channels open to ensure that your personal data is accurate and up-to-date.
● Processing for specified, explicit and legitimate purposes. We determine the purposes for which personal data will be processed and present these purposes for your information in a transparent and understandable manner.
● Relating to processing purposes, being limited and restrained. We do not process personal data that is not related to the realization of the purpose or that is not needed, and we do not carry out personal data processing activities to meet possible needs.
● To be kept for as long as required by the relevant legislation or for the purpose for which they are processed. If there is a period stipulated in the legislation for the storage of personal data, it complies with this period; If such a period is not foreseen, we only store personal data for the period required for processing purposes.
1. The personal data processing is necessary for the establishment or performance of the contract between you and KREMBI.
2. Processing of personal data for the establishment, exercise or protection of a right.
3. Processing of personal data in order to fulfill our legal obligations.
4. The processing of personal data is necessary for our legitimate interests.
5. The person concerned has provided his explicit consent for the processing of his personal data. We also make an assessment when determining whether a data processing activity is necessary for our legitimate interests. While making this assessment, it is based on the criteria specified in the Board's Decision dated 25/03/2019 and numbered 2019/78; We perform a balance test by comparing the fundamental rights and freedoms of the person with the legitimate interest that will arise. If there is at least one of the legal reasons specified in the Law for the processing of personal data, we do not ask for the explicit consent of the person. We only ask whether the person concerned has express consent for the processing of their personal data when there are no legal grounds in the Law.
1. Being related to a specific subject→ We ask for the explicit consent of the relevant persons for specific data processing activities/activities and ensure that the consent texts are understandable.
2. Based on information → We present the consent texts and the clarification texts together/on the same channel, supporting the data subject to understand the results of the data processing activity.
3. Being disclosed with free will → We avoid misleading statements that will cripple people's will when asking for their consent.
1. Learning whether KREMBI processes your personal data,
2. If we are processing your personal data, requesting information about data processing,
3. Learning the purposes of processing your personal data and whether KREMBI uses personal data in accordance with its purpose,
4. Learning whether your personal data is transferred to third parties; if transferred, to learn the third parties to whom it is transferred, in the country or abroad,
5. To request that your personal data be corrected in case of incomplete or incorrect processing and to request that we notify the third parties to whom we have transferred the personal data, if any, of the action taken within this scope,
6. Even though we have processed your personal data in accordance with the Law and relevant legislation, to request the deletion or destruction of your data in case the reasons requiring the processing of personal data disappear and to request that we notify the third parties to whom we have transferred your personal data, if any,
7. Objecting to situations where a result arises against you by analyzing your personal data we process exclusively through automated systems,
8. Requesting compensation for your damage in case you suffer damage due to unlawful processing of your personal data. You can choose the following methods to exercise your rights and submit your requests to KREMBI:
1. By using your e-mail address registered in our systems, you can submit your request. [email protected] You can send it to your e-mail address.
2. You can send your requests in writing to Krembi Bilişim ve Teknoloji A.Ş. Universite Mah. Sarigul Sk. You can send it to 0 Blok No: 37/1, Interior Door No: 3 Avcılar / Istanbul
3. You can choose other methods specified in the Communiqué on Application Procedures and Principles to the Data Controller.
1. Calling KREMBI Customer Service,
2. Filling out the contact form on our website,
3. to send an e-mail,
4. Contact us via KREMBI social media accounts.
1. To perform user registration so that you can benefit from our services,
2. To communicate with our users and to manage relations with our customers,
3. Carrying out the processes of receiving reservations and payments and providing the Services,
4. To offer the most suitable service options for your preferences, likes, interests, usage habits and location,
5. To inform users about the most suitable services and opportunities,
6. Managing the communication between KREMBI Service Providers, Hairdressers and customers,
7. Performing analyzes to improve our products and services,
8. To create and increase user satisfaction, loyalty and loyalty, to recognize our users who make transactions on our website and/or mobile applications and to use them in user environment analysis, to use them in various marketing and advertising activities, and to organize surveys in electronic and/or physical environment through contracted institutions,
9. To receive and evaluate feedback for the improvement of our products/services,
10. To be able to offer suggestions to our customers by our contracted institutions and solution partners, to inform our customers about our services,
11. To follow up and finalize requests/complaints,
12. To carry out our activities in accordance with the legislation,
13. To examine and audit our business activities,
14. Carrying out financial and accounting works related to payments,
15. To ensure the legal and commercial security of KREMBI and individuals and institutions that have a business relationship with KREMBI, (planning and execution of KREMBI, our commercial partnerships and strategies correctly, ensuring the physical security and supervision of the company's locations, evaluating the business partner (authorized or employees) processes, reputation research processes, legal compliance process, audit, financial affairs etc.)
16. To fulfill our legal obligations and to use our rights arising from the current legislation,
17. Investigation, detection, prevention of violations of the contract and the law and reporting to the relevant administrative or judicial authorities,
18. To provide information to public officials, upon request and in accordance with the legislation, on matters related to public safety,
19. To protect the legitimate interests of KREMBI, provided that it does not harm the fundamental rights and freedoms of the data owner.
1. Relevant Person: The natural person whose personal data are processed.
2. Destruction: Deletion, destruction or anonymization of personal data.
3. Law: Law on Protection of Personal Data No. 6698, dated 24/3/2016.
4. Processing of Personal Data: Obtaining, recording, storing, storing, changing, rearranging, disclosing, transferring, taking over, making available, classifying personal data by fully or partially automatic or non-automatic means provided that it is a part of any data recording system or any kind of operation performed on the data, such as preventing its use.
5. Board: Personal Data Protection Board.
6. Institution: Personal Data Protection Authority.
7. Service Provider: Persons who have created a profile to provide services on the marketplace platform offered by KREMBI.
8. Customer/Service User: Potential or existing customers who receive service using the reservation system of KREMBI, one of the Service Providers in the marketplace that KREMBI provides.
9. Data Controller: The natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system. Last Update Date: 19/05/2021
1. Personal Data Processing Rules
1.1. Personal Data Processing Principles1.2. Legal Reasons for Personal Data Processing
1.3. Factors Considered When Asking for Explicit Consent
1.4. Personal Data Security
1.5. Rights of Relevant Persons
2. Personal Data Processing Processes
2.1. Processed Personal Data2.2. Personal Data Collection Methods
2.3. Personal Data Processing Purposes
2.4. Transfer of Personal Data
2.5. Use of Cookies
2.6. Protection of Personal Data
1. Personal Data Processing Rules
1.1. Personal Data Processing Principles
While processing your personal data, we comply with the following data processing principles.● Compliance with the law and honesty rules. We carry out our data processing activities in accordance with legislative regulations and good faith principles.
● Being accurate and up-to-date when necessary. We always keep channels open to ensure that your personal data is accurate and up-to-date.
● Processing for specified, explicit and legitimate purposes. We determine the purposes for which personal data will be processed and present these purposes for your information in a transparent and understandable manner.
● Relating to processing purposes, being limited and restrained. We do not process personal data that is not related to the realization of the purpose or that is not needed, and we do not carry out personal data processing activities to meet possible needs.
● To be kept for as long as required by the relevant legislation or for the purpose for which they are processed. If there is a period stipulated in the legislation for the storage of personal data, it complies with this period; If such a period is not foreseen, we only store personal data for the period required for processing purposes.
1.2. Legal Reasons for Personal Data Processing
We process your personal data based on the legal reasons specified in Articles 5 and 6 of the Personal Data Protection Law. We clearly state these legal reasons in the disclosure texts we provide to the relevant persons. The legal grounds we rely on when processing Users' personal data are as follows:1. The personal data processing is necessary for the establishment or performance of the contract between you and KREMBI.
2. Processing of personal data for the establishment, exercise or protection of a right.
3. Processing of personal data in order to fulfill our legal obligations.
4. The processing of personal data is necessary for our legitimate interests.
5. The person concerned has provided his explicit consent for the processing of his personal data. We also make an assessment when determining whether a data processing activity is necessary for our legitimate interests. While making this assessment, it is based on the criteria specified in the Board's Decision dated 25/03/2019 and numbered 2019/78; We perform a balance test by comparing the fundamental rights and freedoms of the person with the legitimate interest that will arise. If there is at least one of the legal reasons specified in the Law for the processing of personal data, we do not ask for the explicit consent of the person. We only ask whether the person concerned has express consent for the processing of their personal data when there are no legal grounds in the Law.
1.3. Factors Considered When Asking for Explicit Consent
Explicit consent is defined in the Law as “consent on a certain subject, based on information and expressed with free will”. As KREMBI, we consider the following three factors when asking for the explicit consent of the persons concerned:1. Being related to a specific subject→ We ask for the explicit consent of the relevant persons for specific data processing activities/activities and ensure that the consent texts are understandable.
2. Based on information → We present the consent texts and the clarification texts together/on the same channel, supporting the data subject to understand the results of the data processing activity.
3. Being disclosed with free will → We avoid misleading statements that will cripple people's will when asking for their consent.
1.4. Personal Data Security
We take the necessary technical and administrative measures to ensure the protection of your personal data. For example, it uses intrusion detection and prevention software to detect and prevent potential cyber attacks; we determine the access rights of employees to personal data and use data loss prevention software. 1.5. Rights of Relevant Persons Article 11 of the Personal Data Protection Law regulates the rights of the data subjects (real persons whose personal data are processed). These rights are as follows:1. Learning whether KREMBI processes your personal data,
2. If we are processing your personal data, requesting information about data processing,
3. Learning the purposes of processing your personal data and whether KREMBI uses personal data in accordance with its purpose,
4. Learning whether your personal data is transferred to third parties; if transferred, to learn the third parties to whom it is transferred, in the country or abroad,
5. To request that your personal data be corrected in case of incomplete or incorrect processing and to request that we notify the third parties to whom we have transferred the personal data, if any, of the action taken within this scope,
6. Even though we have processed your personal data in accordance with the Law and relevant legislation, to request the deletion or destruction of your data in case the reasons requiring the processing of personal data disappear and to request that we notify the third parties to whom we have transferred your personal data, if any,
7. Objecting to situations where a result arises against you by analyzing your personal data we process exclusively through automated systems,
8. Requesting compensation for your damage in case you suffer damage due to unlawful processing of your personal data. You can choose the following methods to exercise your rights and submit your requests to KREMBI:
1. By using your e-mail address registered in our systems, you can submit your request. [email protected] You can send it to your e-mail address.
2. You can send your requests in writing to Krembi Bilişim ve Teknoloji A.Ş. Universite Mah. Sarigul Sk. You can send it to 0 Blok No: 37/1, Interior Door No: 3 Avcılar / Istanbul
3. You can choose other methods specified in the Communiqué on Application Procedures and Principles to the Data Controller.
2. Personal Data Processing Processes
2.1. Processed Personal Data
Within the scope of the service we provide to users, we process the following personal data: Identity and Communication Name-surname, User ID, advertising ID/identifiers, gender, age, profile photo, mobile phone, e-mail, address finance Information on payments and payment methods User Action Reservation history, Reservation information, Number of reservations, application usage information, billing information, request/complaint information Location Your location (location) information Transaction Security Device operating system and version, device type, device ID, hardware model, IP address, user logs, password information In addition to this information, we process your personal data regarding your preferences, likes, interests and usage habits, and the information obtained as a result of the analysis of the above-mentioned data (for example, the most requested services, the service providers you order most).2.2. Personal Data Collection Methods
Personal data of mobile application users, through the KREMBI mobile application; We collect with automatic and partially automatic methods. In case you benefit from our services through our website (www.krembi.com), your data through the website; We collect with automatic and partially automatic methods. If you reach us through the channels listed below, we collect your personal data through these channels:1. Calling KREMBI Customer Service,
2. Filling out the contact form on our website,
3. to send an e-mail,
4. Contact us via KREMBI social media accounts.
2.3. Personal Data Processing Purposes
KREMBI will be able to record, store, update, disclose, transfer, classify your personal information to third parties and process your personal data at home and abroad for the following purposes, in cases and to the extent permitted by the legislation:1. To perform user registration so that you can benefit from our services,
2. To communicate with our users and to manage relations with our customers,
3. Carrying out the processes of receiving reservations and payments and providing the Services,
4. To offer the most suitable service options for your preferences, likes, interests, usage habits and location,
5. To inform users about the most suitable services and opportunities,
6. Managing the communication between KREMBI Service Providers, Hairdressers and customers,
7. Performing analyzes to improve our products and services,
8. To create and increase user satisfaction, loyalty and loyalty, to recognize our users who make transactions on our website and/or mobile applications and to use them in user environment analysis, to use them in various marketing and advertising activities, and to organize surveys in electronic and/or physical environment through contracted institutions,
9. To receive and evaluate feedback for the improvement of our products/services,
10. To be able to offer suggestions to our customers by our contracted institutions and solution partners, to inform our customers about our services,
11. To follow up and finalize requests/complaints,
12. To carry out our activities in accordance with the legislation,
13. To examine and audit our business activities,
14. Carrying out financial and accounting works related to payments,
15. To ensure the legal and commercial security of KREMBI and individuals and institutions that have a business relationship with KREMBI, (planning and execution of KREMBI, our commercial partnerships and strategies correctly, ensuring the physical security and supervision of the company's locations, evaluating the business partner (authorized or employees) processes, reputation research processes, legal compliance process, audit, financial affairs etc.)
16. To fulfill our legal obligations and to use our rights arising from the current legislation,
17. Investigation, detection, prevention of violations of the contract and the law and reporting to the relevant administrative or judicial authorities,
18. To provide information to public officials, upon request and in accordance with the legislation, on matters related to public safety,
19. To protect the legitimate interests of KREMBI, provided that it does not harm the fundamental rights and freedoms of the data owner.
2.4. Transfer of Personal Data
The sharing of personal data of our Users with third parties takes place within the framework of the consent of our Users, and as a rule, personal data is not transferred to third parties without the consent of our Users. However, due to and limited to our legal obligations, personal data is shared with courts and other public institutions. In addition, personal data is transferred to contracted third parties in order to provide the services we undertake and to control the quality of the services provided. Necessary technical and legal measures are taken to prevent violations of rights during data transfer to third parties. However, due to the data protection policies of the third party receiving the personal data, KREMBI is not responsible for the violations that occur in the risk area under the responsibility of the third party. Your personal data is shared with KREMBI's shareholders, with our direct/indirect domestic/foreign affiliates, with program partner institutions and organizations that we cooperate to carry out our activities, with domestic/foreign persons and institutions from which we get data storage services in the cloud, and with domestic/foreign countries with which we have an agreement to send commercial electronic messages to our customers. institutions, the Interbank Card Center, the banks we have a contract with, and various domestic and international agencies, advertising companies and survey companies, and other domestic/foreign third parties and our relevant business partners within the scope of various marketing activities in order to provide you with better service and customer satisfaction.2.5. Use of Cookies
The website www.krembi.com owned by KREMBI is a site that uses cookies. cookie; It is a file consisting mostly of letters and numbers, which allows the device to be detected by being stored in the internet browser or hard disk of the device being used. The mobile application or website (www.krembi.com) may match the information collected from you on the site at different times or in different ways, such as information collected online and offline, and may use this information together with information obtained from other sources such as third parties. www.krembi.com uses session cookies and persistent cookies. The session ID cookie expires when you close your browser. Persistent cookie stays on your hard drive for a long time. You can remove persistent cookies and reject both session cookies and persistent cookies by following the instructions in the help file of your internet browser or by visiting www.allaboutcookies.org or www.youronlinechoices.eu. If you refuse persistent cookies or session cookies, you can continue to use the website, mobile application, but you may not be able to access all functions of the website, mobile application or your access may be limited.2.6. Personal Data Protection
Personal data shared with KREMBI are under the supervision and control of KREMBI. KREMBI, as the data controller, has undertaken the responsibility of establishing the necessary organization and taking and adapting the technical measures in order to protect the confidentiality and integrity of the information in accordance with the relevant legislation provisions in force. Being aware of our obligation in this regard, we always update our data processing policies. Terms The explanations of the terms we use in the Policy are given below:1. Relevant Person: The natural person whose personal data are processed.
2. Destruction: Deletion, destruction or anonymization of personal data.
3. Law: Law on Protection of Personal Data No. 6698, dated 24/3/2016.
4. Processing of Personal Data: Obtaining, recording, storing, storing, changing, rearranging, disclosing, transferring, taking over, making available, classifying personal data by fully or partially automatic or non-automatic means provided that it is a part of any data recording system or any kind of operation performed on the data, such as preventing its use.
5. Board: Personal Data Protection Board.
6. Institution: Personal Data Protection Authority.
7. Service Provider: Persons who have created a profile to provide services on the marketplace platform offered by KREMBI.
8. Customer/Service User: Potential or existing customers who receive service using the reservation system of KREMBI, one of the Service Providers in the marketplace that KREMBI provides.
9. Data Controller: The natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system. Last Update Date: 19/05/2021