Privacy Policy

GENERAL CLARIFICATION TEXT REGARDING THE PROTECTION AND PROCESSING OF PERSONAL DATA

As AFİYA GIDA E-TİCARET LİMİTED ŞİRKETİ (el-afiya), we attach utmost importance to the security of your personal data. With this awareness, we place great emphasis on the processing and storage of the personal data of real persons with whom our Company interacts, in compliance with the Personal Data Protection Law No. 6698 (“Law”), secondary legislation (regulations, communiqués, etc.) enacted or to be enacted under the Law, and binding decisions taken or to be taken by the Personal Data Protection Board. Fully aware of this responsibility, as the “Data Controller” defined in the Law, we process your personal data as explained below, within the limits prescribed by the legislation.

1. Information Regarding the Data Controller

In accordance with the Law, AFİYA GIDA E-TİCARET LİMİTED ŞİRKETİ, registered with the Istanbul Trade Registry Office under tax ID number 0091956022 and residing at “MERKEZ MAH. TABYA CAD. NO: 10 A KAĞITHANE / ISTANBUL,” is the Data Controller.

2. Purposes of Processing Personal Data

Your personal data are processed by the Company for the following purposes:

  • Ensuring that the commercial activities carried out by the Company are conducted in accordance with legislation and Company policies;

  • Conducting the necessary operational work by the relevant business units in line with these activities;

  • Determining, planning, and implementing the Company’s short, medium, and long-term commercial policies;

  • Designing and managing human resources processes;

  • Fulfilling the Company’s obligations arising from applicable legislation;

  • Managing customer relations and corporate communication processes;

  • Ensuring the commercial and legal security of individuals and legal entities with whom the Company maintains business relationships.

In this context, your personal data are processed in accordance with the principles of lawfulness, fairness, and relevance, and are limited and proportionate to the above-stated purposes within the scope of the Law.

3. Transfer of Personal Data

Your personal data may be transferred, in accordance with Articles 8 and 9 of the Law and solely for the realization of the purposes listed above and the uninterrupted operation of the Company's commercial activities and processes, to:

  • Legally authorized public institutions and administrative or judicial authorities,

  • Private legal and real persons permitted by applicable legislation,

  • Audit institutions authorized to audit the Company,

  • Contracted payment institutions for financial transactions and obligations,

  • Business partners from whom services are received or with whom cooperation exists for the execution and development of Company operations,

  • Suppliers of the Company, only when necessary.

Such transfers are conducted with the necessary and adequate data security measures defined in the Law.

4. Method and Legal Grounds for Collecting Personal Data

Your personal data are collected by authorized departments and employees of the Company through automatic or non-automatic means, and verbally, in writing, or electronically.

In this context, categories of data processed include identity, contact, location, employment, legal transaction, customer transaction, physical space security, transaction security, risk management, finance, professional experience, marketing, visual and audio recordings, criminal conviction and security measures, and health information. These are processed based on the legal grounds outlined in Articles 5/2 (a)-(f) of the Law, namely:

  • If explicitly stipulated in the law,

  • If necessary for the performance of a contract,

  • If necessary for the fulfillment of the legal obligations of the data controller,

  • If made public by the data subject,

  • If data processing is necessary for the establishment, exercise, or protection of a right,

  • If data processing is necessary for the legitimate interests of the Company, provided that such processing does not violate the fundamental rights and freedoms of the data subject.

Health data, which are classified as special categories of personal data, are processed based on Article 6/3 of the Law for reasons such as protecting public health, preventive medicine, medical diagnosis, treatment and care services, and management of health services and financing—by workplace physicians or occupational health and safety specialists under confidentiality obligations. Criminal record data, also special category data, are processed based on your explicit consent in accordance with Article 6/2 of the Law.

Additionally, your personal data may be processed based on your explicit consent in accordance with Article 5/1 of the Law for marketing products and services, strategic marketing activities, and for sending commercial electronic messages for promotional and campaign purposes.

5. Rights of Data Subjects Under the Law

You may apply to AFİYA GIDA E-TİCARET LİMİTED ŞİRKETİ at any time to:

  • Learn whether your personal data are being processed,

  • Request information if your personal data have been processed,

  • Learn the purpose of processing and whether it is being used in accordance with that purpose,

  • Know the third parties to whom personal data are transferred domestically or abroad,

  • Request correction of personal data if they are incomplete or incorrectly processed,

  • Request deletion or destruction of personal data within the conditions set forth in Article 7 of the Law,

  • Request notification of the transactions made under subparagraphs (d) and (e) above to third parties to whom your personal data have been transferred,

  • Object to any outcome against you resulting from the exclusive analysis of your personal data through automated systems,

  • Demand compensation if you suffer damages due to unlawful processing of your personal data.

You may exercise your rights by filling out the application form available from our Company or at elafiya.com and sending it with a wet signature to “MERKEZ MAH. TABYA CAD. NO: 10 A KAĞITHANE / İSTANBUL” via notary, registered mail, or personal delivery. Alternatively, you may sign the form electronically using your secure electronic or mobile signature and send it from your KEP address or your e-mail address already registered in the Company's system to info@elafiya.com.

If a written response is required, no fee will be charged for up to ten pages; a processing fee of 1 Turkish lira per page may be charged for pages exceeding ten. If the response is provided on a physical medium such as CD or USB, the Company may only charge the cost of the medium.

To exercise your above-mentioned rights, your application must clearly specify which right you are requesting to exercise and be clear and understandable. If you are acting on behalf of someone else, a notarized power of attorney must be submitted. Your application must include your full name, signature, Turkish ID number, residential or workplace address, e-mail address, telephone and fax number, and details of your request in accordance with the "Communiqué on the Procedures and Principles of Application to the Data Controller." Applications lacking these elements will be rejected by AFİYA GIDA E-TİCARET LİMİTED ŞİRKETİ.

AFİYA GIDA E-TİCARET LİMİTED ŞİRKETİ reserves the right to amend this clarification text at any time due to legal changes, secondary legislation, or decisions of the Board. Any changes to this clarification text shall become effective immediately upon their notification to you. For detailed information regarding personal data processing activities recorded in the Data Controllers Registry Information System (VERBIS) in connection with this clarification text, please click the relevant link. Contact us if you require further information.