Data Privacy and Security
Dear Customers, Members, Business Partners/Suppliers, Personnel Candidates and Visitors; Hypnotic Human Ready-made Giyim San. And Trade. As LTD.ŞTİ (“HYPNOTIC HUMAN” or “Company”), we attach great importance to the protection of your personal data. In this context, we would like to inform you about your personal data and processing processes as "data controller" in accordance with the Personal Data Protection Law No. 6698 ("KVKK"). This Policy aims to ensure the sustainability of the Company's "principle of conducting company activities in transparency". In this context, the basic principles adopted in terms of compliance of the Company's data processing activities with the regulations in the Personal Data Protection Law No. 6698 ("KVK Law") are determined and the practices implemented by the Company are explained. The Policy is directed to natural persons whose personal data are processed by the Company through automatic or non-automatic means provided that it is part of any data recording system. The policy was published by the Company on its website and made available to the public. In case of conflict between the current legislation, especially the Law, and the regulations contained in this Policy, the provisions of the legislation shall apply. The Company reserves the right to make changes to the Policy in parallel with legal regulations.
WHAT PERSONAL DATA DO WE PROCESS?
The following personal data may be processed depending on the exchange of goods/services between you and HYPNOTIC HUMAN, concluding a membership agreement, visiting our workplaces, applying for a job, or otherwise entering into a legal or commercial relationship.
Identity Information: Name-Surname, T.R. Data regarding identification number, Gender, Date of Birth and IP address.
Contact Information: Data regarding address, telephone number and e-mail address.
Visual and Audio Information: Data regarding the images of people recorded in camera recordings made for security purposes in HYPNOTIC HUMAN physical environments and the voices of people recorded during call center calls.
Purchased Product and Payment Information: Data regarding the products purchased within the scope of purchases made from the HYPNOTIC HUMAN website or stores.
Shopping Habit: Data regarding the results of a person's tastes, likes and preferences obtained through cookies during navigation on HYPNOTIC HUMAN websites.
Education Data: Data such as diplomas, transcripts and certificates that are included in the forms filled out by personnel candidates within the scope of their job applications or in the CV document they prepared, showing their educational history.
Professional Experience: Data that is included in the form filled out by personnel candidates within the scope of their job applications or in the CV document they prepared, showing their experience in working life and professional titles.
Special Personal Data: Data consisting of health declaration and criminal record shared by personnel candidates within the scope of their job applications.
HOW AND FOR WHAT LEGAL REASONS DO WE COLLECT YOUR PERSONAL DATA?
In the Physical Environment;
Your personal data; It is collected directly from you within the scope of your purchases from HYPNOTIC HUMAN stores, the forms you fill out in stores and events, your store visits, the contracts you sign, the CVs you share within the scope of your job application or the job application forms you fill out.
In Electronic Media;
The purchases you make on HYPNOTIC HUMAN's website, the requests and complaints you share on the website, by phone or via e-mail, are collected directly from you electronically through our call center and your posts on our social media accounts.
Your personal data collected from both environments is recorded in the HYPNOTIC HUMAN database and can be processed by automatic and non-automatic means.
Within the scope of the commercial and/or contractual relationship between you and HYPNOTIC HUMAN (product or service exchange, membership agreement, workplace visits), within the framework of the following purposes and in accordance with Article 5 of Law No. 6698; It can be processed within the scope of our legitimate interests, provided that the establishment and execution of a contract, the establishment of a right, the fulfillment of legal obligations, and to protect your rights and not harm you. During your visits to our workplaces, for security reasons, your identity information and your image via security cameras are recorded and processed on a limited basis with this operation.
In cases where you do not receive goods or services from HYPNOTIC HUMAN or if no legal or commercial relationship is established between us, we may process your above-mentioned personal data based on YOUR EXPRESS CONSENT in accordance with Article 5, Paragraph 1 of the Law. Your explicit consent can be obtained by submitting the PASSWORD generated for you to the HYPNOTIC HUMAN staff in return for your wet signature on printed forms in our stores or if you find the information text sent to you via SMS appropriate, or by ticking the permission/approval boxes in the membership and shopping areas on the website and clicking the "send" button. It will also be received if you press the ” button. You can revoke permissions at any time.
PURPOSES OF PROCESSING YOUR PERSONAL DATA
Your Personal Data is processed for the following purposes:
1) For Customers and Members;
1) Execution of Goods / Service Purchasing Processes
2) Execution of Goods / Service Sales Processes
3) Execution of Customer Relationship Management Processes
4) Carrying out Activities for Customer Satisfaction
5) Ensuring Physical Space Security
6) Carrying out transactions and activities within the scope of commercial / contractual relationships and fulfilling financial and legal obligations
7) Tracking of Requests / Complaints
8) Fulfillment of legal obligations
9) Establishment and execution of the membership agreement and enabling customers to benefit from membership benefits
10) Carrying out legal processes
11) Promotion and marketing activities
12) Providing Information to Authorized Persons, Institutions and Organizations
13) Sending commercial electronic messages
14) Information Security
15) Preservation of your information that must be kept in accordance with the relevant legislation; copying and backing up information to prevent information loss; ensuring the consistency of your information; Taking the necessary technical and administrative measures for the security of our databases and your information
2) For Potential Customers;
Your identity and contact information obtained directly from you through your visits to our website and stores, the forms you fill out, your e-bulletin membership, your posts on our Social Media Accounts, your requests and complaints submitted to our call center; It is processed based on your explicit consent, in accordance with marketing purposes, within the framework of the aim of informing you about our company's products and services and offering you some special products. If there is a request or complaint you have forwarded to HYPNOTIC HUMAN, your identity and contact information are processed for a limited time in accordance with Article 5/2 of the Law in order to manage this request and complaint.
3) For Suppliers/Business Partners;
Within the scope of the commercial relationship between you and our company, the personal data of your company officials and employees are specified in Article 5 of the Law; It may be processed within the scope of the establishment and execution of our contracts, fulfillment of legal obligations and the legitimate interests of our company, in accordance with the basic principles stipulated in the Law and within the scope of personal data processing conditions, for the following purposes.
1) Fulfillment of Legal Obligations
2) Execution of contract processes
3) Carrying out Finance and Accounting Affairs
4) Execution and follow-up of legal processes
5) Conducting Company Internal Operations
6) Strategy planning & business partners/supplier management
7) Ensuring physical space security
8) Execution of Logistics Activities
9) Managing Supply Chain Management Processes
10) Preservation of your information that must be kept in accordance with the relevant legislation; copying and backing up information to prevent information loss; ensuring the consistency of your information; Taking the necessary technical and administrative measures for the security of our databases and your information
4) For Visitors;
Within the scope of your visits to our company, our website and other workplaces, in order to ensure the security of our company and you, as well as to fulfill our legal obligations and depending on our legitimate interests, your identity and visual data with security cameras and visitor log books in physical environments, within the scope of internet access offered to you during your visit to our workplace. Your identity and contact data obtained are processed for the following purposes.
1) Carrying out Audit and Security Activities
2) Security of movable goods and resources
3) Execution of Information Security Processes
4) Creating and Tracking Visitor Records
5) Ensuring Physical Space Security
6) Providing Information to Authorized Persons, Institutions and Organizations
7) Ensuring the Security of Data Controller Operations
8) Providing Internet Access and Ensuring Access Security
4) For Employee Candidates;
HYPNOTIC uses your personal data obtained by personnel candidates through the CVs you share or the application forms you fill out within the scope of job applications you make either through our website www.hypnotichuman.com or at our company headquarters or stores, as specified in Article 5 of the Law; It carries out data processing activities within the scope of our company's legitimate interests, for the purposes of personnel recruitment and management of human resources processes, and for the establishment of employment contracts, establishment of a right, and use as evidence in legal disputes, for the following purposes. If health declaration and sanction data are obtained from the personnel candidate, explicit consent is also requested.
1) Conducting Employee Candidate / Intern / Student Selection and Placement Processes
2) Carrying out the application processes of employee candidates
3) Conducting human resources operations and especially personnel recruitment and recruitment processes,
4) Carrying out Business Continuity Activities and Ensuring Physical Space Security
PARTIES TO WHICH YOUR PERSONAL DATA IS TRANSFERRED AND PURPOSES OF TRANSFER
HYPNOTIC HUMAN may transfer your personal data to the following domestic recipient groups within the scope of the Law and other legislation for the purposes stated in this Policy:
1) To our suppliers and business partners with whom we work to provide or deliver the services offered to you (such as companies from which web infrastructure services are received, cargo companies, auditing companies)
2) Our business partners, supplier companies, banks, financial institutions with whom we cooperate and/or receive services for the provision, promotion and similar purposes of services,
3) To the advertising agencies from which we receive services for the management of our website and social media accounts,
4) Lawyers, auditors, consultants and companies from which services are received,
5) To your attorneys, guardians and representatives authorized by you,
6) To institutions or organizations authorized to request your personal data, such as regulatory and supervisory institutions, courts and enforcement offices, and to persons determined by them,
COMMERCIAL ELECTRONIC COMMUNICATION
HYPNOTIC HUMAN may also process identity and contact data and communicate with data subjects in order to send electronic commercial messages (SMS, E-MAIL, etc.) for commercial purposes such as advertisements, campaign announcements and promotions, by using contact data. HYPNOTIC HUMAN obtains electronic communication permission from the relevant persons for this activity and carries out the said activity within the scope of this permission.
RIGHTS OF RELATED PERSONS MENTIONED IN ARTICLE 11 OF THE LAW
1) Learning whether your Personal Data is being processed or not,
2) Requesting information if your Personal Data has been processed,
3) Learning the purpose of processing Personal Data and whether they are used for their intended purpose,
4) Knowing the third parties to whom your Personal Data is transferred at home or abroad,
5) Request correction of your Personal Data if it is incomplete or incorrectly processed,
6) Requesting the deletion or destruction of your Personal Data within the framework of the conditions stipulated in the KVKK legislation1,
7) To request that the transactions carried out within the scope of Articles 5 and 6 be notified to third parties to whom your Personal Data has been transferred,
8) Object to the emergence of a result against you by analyzing the processed data exclusively through automatic systems,
9) If you suffer damage due to unlawful processing of Personal Data, you have the right to request compensation for this damage.;
ENSURING THE SECURITY AND CONFIDENTIALITY OF PERSONAL DATA
The Company takes all necessary precautions, within the means possible, depending on the nature of the data to be protected, in order to prevent unlawful disclosure, access, transfer of personal data or security deficiencies that may occur in other ways.
In this context, the Company takes all necessary (i) administrative and (ii) technical measures, (iii) an audit system is established within the company and (iv) in case of illegal disclosure of personal data, the measures foreseen in the Personal Data Protection Law are acted upon.
DESTRUCTION OF PERSONAL DATA
Even though personal data has been processed in accordance with the law in accordance with Article 7 of the Law, in case the reasons requiring processing are eliminated, the personal data may be processed ex officio or upon the request of the Relevant Person, in accordance with the Data Protection and Destruction Policy, legislation and the guide published by the Institution, which has been specially prepared for this job. deletes, destroys or anonymizes it as appropriate.
HYPNOTIC HUMAN has prepared a DISPOSAL POLICY in which the destruction procedures of personal data are determined and published within the company. All destruction processes are carried out in accordance with this policy. At the same time, destruction times for each process and type of personal data are clearly determined in the HYPNOTIC HUMAN personal data inventory. Periodic data destruction, which is carried out every 6 months, is based on the retention periods determined in the inventory.
ISSUES RELATED TO THE PROTECTION OF PERSONAL DATA HYPNOTIC HUMAN; In accordance with Article 12 of the KVK Law, it takes the necessary technical and administrative measures to ensure the appropriate level of security in order to prevent the unlawful processing of the personal data it processes, unlawful access to the data and to ensure the preservation of the data, and carries out the necessary inspections or has them carried out in this context. HYPNOTIC HUMAN takes technical and administrative measures according to technological possibilities and implementation costs to ensure that personal data is processed in accordance with the law.
TECHNICAL MEASURES
The main technical measures taken by HYPNOTIC HUMAN to ensure the lawful processing of personal data are listed below:
1) Personal data processing activities carried out within HYPNOTIC HUMAN are audited by the established technical systems.
2) The technical measures taken are periodically reported to the relevant person in accordance with the internal audit mechanism.
3) Departments on technical issues have been established and knowledgeable personnel are employed in this field.
4) New technological developments are followed and technical measures are taken on systems, especially in the field of cyber security, and the measures taken are periodically updated and renewed.
5) Access and authorization technical solutions are put into operation within the framework of legal compliance requirements determined specifically for each department within HYPNOTIC HUMAN.
6) Access authorizations are limited and authorizations are reviewed regularly. Access restrictions are imposed on former employees and accounts are closed.
7) Technical measures taken in accordance with HYPNOTIC HUMAN internal functioning are reported to the relevant users, risky issues are re-evaluated and the necessary technological solution is produced.
8) Software and hardware including virus protection systems, data vulnerability security and firewalls are installed.
9) Personnel specialized in technical matters are employed.
10) All information systems, including applications where personal data is collected, are regularly subjected to external impact testing to detect security vulnerabilities, and the vulnerabilities found are closed according to the results of this test.
ADMINISTRATIVE MEASURES
Administrative measures taken by HYPNOTIC HUMAN for the lawful processing of personal data:
1) HYPNOTIC HUMAN employees are informed and trained on personal data protection law and the lawful processing of personal data.
2) All personal data processing activities carried out by HYPNOTIC HUMAN; It is carried out in accordance with the personal data inventory and attachments created by analyzing all business units in detail.
3) Personal data processing activities carried out by the relevant departments within HYPNOTIC HUMAN; The obligations to be fulfilled to ensure that these activities comply with the personal data processing conditions required by KVKK are bound to written policies and procedures by HYPNOTIC HUMAN, each business unit has been informed on this issue and the issues to be taken into consideration specific to the activity it carries out have been determined.
4) The supervision and management of the departments within HYPNOTIC HUMAN regarding personal data security are organized by Information Security Committees. Awareness is created to ensure that the legal requirements determined on a business unit basis are met, and the necessary administrative measures are implemented through in-company policies, procedures and training to ensure the control of these issues and the continuity of the implementation.
5) Records containing information about personal data and data security are included in the service contracts and related documents between HYPNOTIC HUMAN and employees, and additional protocols are made. Studies have been carried out to raise the necessary awareness for employees on this issue.
6) Legal compliance, access to personal data within the company and authorization processes are implemented for each department within HYPNOTIC HUMAN, taking into account personal data processing processes.
7) You can submit your request to exercise your rights within the scope of KVKK mentioned above by filling out the application form on HYPNOTIC HUMAN's website, together with the documents that will identify you, (i) by hand or by registered mail, with a wet signature, to HYPNOTIC HUMAN's mailing address, or (ii) You can send a copy with a secure electronic signature to HYPNOTIC HUMAN via info@hypnotichuman.com.
In case the data owners (relevant persons) submit their requests regarding their personal data to our Company in writing, the Company, as the data controller, will take the necessary processes to ensure that the request is concluded as soon as possible and within thirty (30) days at the latest, in accordance with Article 13 of the KVK Law. is carrying out.
Within the scope of ensuring data security, the Company may request information to determine whether the applicant is the owner of the personal data subject to the application. Our company may also ask questions about the Relevant Person's application in order to ensure that his/her application is finalized in accordance with the request.
Application of the relevant person; In cases where there is a possibility of hindering the rights and freedoms of other persons, it requires disproportionate effort, or the information is public information, HYPNOTIC HUMAN may reject the request by explaining the reason.
SECURITY OF INFORMATION
HYPNOTIC HUMAN attaches great importance to the security of its customers' information and works with the most advanced technological tools to ensure this. In order to ensure the security of our site, all physical, electronic and administrative measures have been taken in secure environments. All information is stored and backed up on secure servers.
Information received through our site is transmitted using a technology called SSL (Secure Socket Layer) that provides secure information transfer. On the pages on our site where you transfer your financial information, you will see a lock or key image on the far right side of your browser's address line (depending on the browser you use) and the first letters of the address in this address line change from 'http' to 'https' connected. If you see these, you can be sure that you are on the secure servers of our site.
SITE-VISITOR COMMUNICATION SECURITY
Communication between the site and the visitor on the order pages of HYPNOTIC HUMAN's website takes place with 128 bit SSL standard. The communication standard in question is of a quality that can be used safely even on sites with a large number of transactions. It indicates whether this form of communication is available on the page where credit card information will be given or not, when the page is accessed, the expression written in the address bar is in the form of https://.., not http://... When you access pages of this nature, there is also a lock sign in the lower right corner of the browser.
SITE-BANKCOMMUNICATIONSECURITY
Security regarding the transfer of credit card information from the site to the bank is achieved with the maximum security offered by the Bank. In addition to many components of the security in question, the CVV2/CVC2 code is also used on our site as a precaution against shopping with stolen cards or card information.
IN-SITE DATA SECURITY
During your transactions in a secure environment, no person, institution or organization can access your information except you and the bank that allocated the credit card to you. The credit card transaction page transmits the card information directly to the bank POS system and notifies the customer of the transaction result. Credit card information is not transferred via e-mail or similar methods. It is not possible even for us to access the credit card information transferred as a result of the online transaction.
ENFORCEMENT OF THE POLICY
This Policy, issued by HYPNOTIC HUMAN, came into force on December 17, 2019. This Policy is published on HYPNOTIC HUMAN's website (www.hypnotichuman.com) and is made available to relevant persons upon the request of personal data owners.
HYPNOTIC HUMAN HAZIR GİYİM SAN. VE TİC. LTD.ŞTİ. (VERİ SORUMLUSU)
ADRESS: Caddebostan mahallesi Yener Sokak No:1/1 İç kapı No: 12 Kadıköy / İstanbul
TELEPHONE: 0532 685 65 80
MERSİS: 0465151338400001
WEB: www.hypnotichuman.com