KVKK Policy

MİNİMONO BEBEK ÜRÜNLERİ A.Ş.: PROCESSING OF PERSONAL DATA

MİNİMONO BEBEK ÜRÜNLERİ A.Ş. (“MİNİMONO”) takes utmost care to protect privacy and confidentiality and to ensure continuous compliance with the Personal Data Protection Law. In order to comply with the Personal Data Protection Law No. 6698 (“KVKK”), MİNİMONO adopts the basic principles stipulated by the KVKK and fulfills its obligations regarding data security.

Technical and Administrative Measures Taken to Ensure the Security of Personal Data

Minimono undertakes to take all necessary technical and administrative measures and to show due diligence to ensure the security of your personal data. Minimono takes necessary precautions to prevent unauthorized access to personal data, incorrect use, unlawful processing, disclosure, alteration, or destruction of personal data. Minimono uses generally accepted security technology standards such as firewalls and encryption when processing personal data. Minimono, in order to prevent unlawful access to personal data it processes, to prevent unlawful processing of this data, and to ensure the preservation of personal data: protects all areas of the website where personal data is collected with SSL, implements access authorizations and restrictions for its employees, ensures that personal data in paper form is kept in locked cabinets and accessed only by authorized personnel. Personal data processed through third-party cookies is deleted from third-party systems if membership ends.

Scope of the Personal Data Processing Policy

This Personal Data Processing Policy informs relevant individuals about the following topics;

↳ Methods and legal reasons for collecting personal data,
↳ Which groups of people's personal data are processed, categories of personal data being processed,
↳ In which business processes and for what purposes this personal data is used,
↳ Technical and administrative measures taken to ensure the security of personal data, to whom and for what purpose personal data can be transferred,
↳ Retention periods of personal data, legal rights of Data Subjects,
↳ How Data Subjects can change their preferences for receiving electronic commercial communications,

Methods and Legal Reasons for Collecting Personal Data

Minimono collects personal data through membership forms, purchase forms, and event participation forms on the Minimono website in accordance with the personal data processing conditions stipulated in the KVKK and in line with the legal reasons stated in this Personal Data Processing Policy.

Data CategoriesCustomers

↳ Identity Information: Name, surname, Date of Birth,
↳ Contact Information: Email address, Phone Number
↳ Financial Information: Invoice information
↳ Risk Management Information: IP address, Time Zone, operating system,
↳ Transaction Security Information: Password, country information, city information
↳ Marketing Information: Cookie records, targeting information, evaluations showing habits and preferences
↳ Legal Action and Compliance Information: Start and end time of the service provided, type of service utilized, amount of data transferred, Data Subject's consent for commercial electronic communication given electronically
↳ Marketing Information: Emails sent based on the Data Subject's consent for commercial electronic communication

Website Visitors

↳ Location Information: Country, city
↳ Risk Management Information: IP address, session information
↳ Marketing Information: Cookie records, targeting information, evaluations showing habits and preferences
↳ Marketing Information: Marketing e-mail messages sent based on the Data Subject's consent for commercial electronic communication
↳ Request/Complaint Management: Records of processes carried out during the evaluation or management of complaints and/or requests submitted by the Data Subject regarding the product or service purchased

In Which Business Processes and For What Purposes Personal Data is Used

Customer Personal Data

↳ Carrying out membership transactions,
↳ Improving services offered through the Minimono website, developing new services, and providing information related to them,
↳ For the performance of distance contracts established with users, analyzing the preferences, tastes, and needs of customers who have consented to commercial electronic communication, and providing special promotions, opportunities, and benefits to customers,
↳ Based on users' explicit consent, remarketing, targeting, profiling, and analysis to promote and market products and services in line with customers' preferences and tastes,
↳ Resolving user problems and complaints,
↳ Improving user experience on the website,
↳ Tracking accounting and purchasing transactions,
↳ Legal processes and compliance with legislation,
↳ Responding to information requests from administrative and judicial authorities,
↳ Ensuring information and transaction security and preventing malicious use,
↳ Making necessary arrangements to ensure that processed data is up-to-date and accurate

Website Visitors

↳ Improving services offered through the website, developing new services, and providing information related to them,
↳ For visitors with commercial electronic communication consent; analyzing their preferences, tastes, and needs, and providing special promotions, opportunities, and benefits to visitors,
↳ Based on visitors' explicit consent, remarketing, targeting, profiling, and analysis to promote and market applications, goods/products, and services in line with visitors' preferences and tastes,
↳ Resolving visitor problems and complaints,
↳ Legal processes and compliance with legislation,
↳ Responding to information requests from administrative and judicial authorities,
↳ Ensuring information and transaction security and preventing malicious use,
↳ Making necessary arrangements to ensure that processed data is up-to-date and accurate,
↳ Fulfilling legal obligations

Technical and Administrative Measures Taken to Ensure the Security of Personal Data
Minimono undertakes to take all necessary technical and administrative measures and to show due diligence to ensure the security of your personal data.

Minimono takes necessary precautions to prevent unauthorized access to personal data, incorrect use, unlawful processing, disclosure, alteration, or destruction of personal data.

Minimono uses generally accepted security technology standards such as firewalls and encryption when processing personal data.

Minimono, in order to prevent unlawful access to personal data it processes, to prevent unlawful processing of this data, and to ensure the preservation of personal data:

↳ Protects all areas of the website where personal data is collected with SSL,
↳ Implements access authorizations and restrictions for its employees,
↳ Ensures that personal data in paper form is kept in locked cabinets and accessed only by authorized personnel.
↳ Personal data processed through third-party cookies is deleted from third-party systems if membership ends.

Despite Minimono taking necessary information security measures, in the event of damage to personal data or its acquisition by unauthorized third parties as a result of attacks on platforms operated by Minimono or the Minimono system, Minimono will immediately notify the relevant individuals and the Personal Data Protection Board and take necessary measures.

Transfer of Personal Data

Minimono transfers personal data to third parties only for the purposes specified in this Personal Data Processing Policy and in accordance with Articles 8 and 9 of the KVKK. Website usage preferences and browsing history, personal data collected through the performance of distance sales contracts, membership forms, and other forms are shared with our domestic/international business partners from whom we receive cookie services for profiling and contacting relevant individuals in line with their tastes and preferences. Personal data transfers carried out within this scope take place through secure environments and channels provided by the relevant third party. Depending on the content and scope of the service received from third parties, in all cases where personal data transfer is not necessary, masked personal data is used for transfer.

Shopify

E-commerce infrastructure service is received for the Minimono website. Shopify servers are located in the United States. You can access their Privacy Policies here. Invoicing, collection, and pre-accounting services are received for fulfilling our accounting obligations. Bizim Hesap servers are hosted domestically. You can access their Privacy Policies here.

Sovos Foriba

Services are received for fulfilling our accounting obligations such as e-invoicing and e-delivery notes. Sovos Foriba servers are hosted domestically. You can access their Privacy Policies here.

Hepsipay

Payment infrastructure service is received for our e-commerce site. Hepsipay is hosted domestically. You can access their Privacy Policies here.

Sipay

Payment infrastructure service is received for our e-commerce site. Hepsipay is hosted domestically. You can access their Privacy Policies here.

HotJar

Used for measuring in-app usage for our e-commerce site and improving our services. HotJar servers are hosted in the United States. You can access their Privacy Policies here.

Google Ads

It is an online marketing tool that allows us to display our ads in Google search results or on partner sites. Google Ads servers are hosted in the United States. Your personal data is not transferred directly but shared using masking methods. You can access their Privacy Policies here .

Google Analytics

Site performance and analytics technology service is received for our e-commerce site. Google Analytics servers are hosted in the United States. Your personal data is not transferred directly but shared using masking methods. You can access their Privacy Policies here .

The personal data subject to domestic and international transfer mentioned above, in addition to technical measures to ensure their security, are also legally protected through KVKK-compliant provisions included in our contracts, taking into account whether the counterparty to the legal relationship is a data controller or a data processor.

When transferring personal information to countries outside Turkey during information sharing as stated above, it is ensured that the data is transferred in accordance with this policy and as permitted by the applicable data protection law.

Retention Periods of Personal Data

Minimono retains the personal data it processes in accordance with the KVKK for the periods stipulated in the relevant legislation or required by the processing purpose. In our Personal Data Retention and Disposal Policy, these periods are approximately as follows:

Membership records: 10 years

All records related to accounting and financial transactions: 10 years

Cookies: maximum 3 years

Traffic information related to online visitors: 2 years

Resumes: 1 year

Personal data related to customer companies: 10 years after the end of the legal relationship

Personal data related to suppliers: 10 years after the end of the legal relationship

Rights of the Data Subject

The rights of the Data Subject over the personal data processed by Minimono in accordance with Article 11 of the KVKK are listed below:

↳ Learning whether personal data is processed,
↳ Requesting information if personal data has been processed,
↳ Learning the purpose of processing personal data and whether they are used in accordance with their purpose,
↳ Knowing the third parties to whom personal data is transferred domestically or abroad,
↳ Requesting correction of personal data if it is incomplete or incorrectly processed,
↳ Requesting the deletion or destruction of personal data within the framework of the conditions stipulated in Article 7 of the KVKK,
↳ Requesting notification of the transactions made pursuant to clauses (d) and (e) to third parties to whom personal data has been transferred,
↳ Objecting to the emergence of a result against the person by analyzing the processed data exclusively through automated systems,
↳ Requesting compensation for damages in case of suffering damage due to unlawful processing of personal data.

To exercise your rights over your personal data; you can make your application and exercise your rights through the methods specified in the “Application Form” on the Minimono website.

Conditions for Destruction of Personal Data

Minimono retains the personal data it processes through its website and Platform for the periods stipulated by the relevant laws and/or required by the processing purpose, in accordance with KVKK Articles 7, 17, and Turkish Penal Code Article 138. At the end of these periods, it will delete, destroy, or anonymize the data in accordance with the provisions of the Regulation on the Deletion, Destruction, or Anonymization of Personal Data.

The deletion of personal data by Minimono refers to making personal data inaccessible and unusable for the relevant users in any way. For this purpose, Minimono implements access authorizations and restrictions at the user level. It takes necessary measures to perform the deletion process in databases.

The anonymization of personal data by Minimono refers to making personal data no longer linkable to an identified or identifiable natural person, even when matched with other data.

Minimono explains the methods for deletion, destruction, and anonymization and the technical and administrative measures taken in detail within the scope of its Personal Data Retention and Disposal Policy, prepared in accordance with the Regulation on the Deletion, Destruction, or Anonymization of Personal Data.

Changes to the Privacy/Personal Data Protection Policy

Minimono may make changes to this Personal Data Processing Policy at any time. These changes become effective immediately upon the publication of the amended new version of the Personal Data Processing Policy. The relevant individuals will be informed of any changes to this Personal Data Processing Policy.