Privacy policy

Privacy Policy

EPISODE 1 -  PERSONAL DATA PROCESSING POLICY INTRODUCTION


  • AIM

  • This Policy, Asanlar Gayrimenkul San. and Tic. Inc. (“Morpho" or “Company, Firm” It has been prepared to clearly set forth the processes and methods regarding the storage, processing or destruction of all Personal Data obtained by the employees or entering their information while working, and the works and transactions related to the title of data controller arising from the personal data processing, storage and destruction activities carried out by ) . This policy has been issued in accordance with the decisions taken by the Personal Data Protection Authority and the secondary legislation that derives its legal basis from it, especially the Personal Data Protection Law No. 6698. The purpose of this policy is to comply with Morpho's Law on the Protection of Personal Data published in the Official Gazette dated 7 April 2016 and numbered 29677."KVKK") regulates the methods and principles to be followed in order to ensure that they are processed and protected in a harmonious manner and disclose them to the public.


  • SCOPE

  • This Policy applies to all of our employees who, within the scope of their duties, process Personal Data wholly or partially by automated means and tools, or that form part of a registration system or that are intended to form a part of a registration system, by other means and means (other than automatic means and tools); It applies to the processing of personal data of Morpho employees, employee candidates, service providers, visitors, Morpho candidates and other third parties.

     

  • DEFINITIONS

  • Personal Data : It means any information relating to the Data Subject such as name, address, telephone number, e-mail address or similar identification information.

    Processing of Personal Data : Obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making available, classifying or using personal data in whole or in part by automatic or non-automatic means provided that it is a part of any data recording system. Any operation performed on the data, such as blocking.

    Personal Health Data : All kinds of information about the physical and mental health of an identified or identifiable natural person, and information about the health service provided to the person.

    Buyer Group : The category of natural or legal person to whom personal data is transferred by the data controller.

    Open Consent : Consent on a specific subject, based on information and expressed with free will

    Anonymization : Making personal data incapable of being associated with an identified or identifiable natural person under any circumstances, even by matching with other data.

    Special Qualified Personal Data : Data on a person's race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, disguise and clothing, membership in associations, foundations or trade unions, health, sexual life, criminal convictions and security measures, and biometric and genetic data

    WORDS : Data controllers (Morpho) data registry information system

    Data Contact Person : The real person notified to VERBIS by the Morpho Board of Directors for the communication to be established with the personal data protection agency.

    Data Processor : A natural or legal person who processes personal data on behalf of the data controller, based on the authority given by the data controller.

    Data Subject or Relevant Person : An identified or identifiable natural person to whom the data belongs.

    Worker : Persons employed in Morpho based on an Employment Contract

    Employee Candidate : Natural persons who make their CV and related information accessible to Morpho by applying for a job or by any other means.

    Customer / Contractor Candidate : Real persons whose personal data are obtained due to business relations within the scope of the activities carried out by Morpho, regardless of whether there is any contractual relationship or not.

    visitors : Natural persons who have entered Morpho's physical facilities for various purposes or visited its websites.

    Destruction : Deletion, destruction or anonymization of personal data

    Periodic Destruction : In the event that all of the personal data processing conditions in the law are eliminated, the deletion, destruction or anonymization process that will be carried out ex officio at repetitive intervals and specified in the personal data storage and destruction policy

    Third Parties : Although not defined in the Procedure, the supplier, victim, family members, etc. whose personal data are processed within the framework of this Procedure. other natural persons, including but not limited to.







    SECTION 2-  PROCESSING AND STORAGE OF PERSONAL DATA


    While processing personal data, Morpho receives personal data in accordance with the following issues due to the requirements of the business, especially the laws:

  • general principles,
  • Personal Data Processing Terms,
  • It acts in accordance with Special Quality Personal Data.

  • Personal data cannot be obtained without complying with these reasons. In cases where it is noticed that personal data has been processed in this way, the data is destroyed. Below we will examine the processing aspects in detail.


    2.1. COMPLIANCE WITH GENERAL PRINCIPLES


  • Processing in Compliance with Law and Integrity

  • Morpho acts in accordance with the principles brought by legal regulations in the processing of personal data and the general rule of trust and honesty to which the processed data is subject. Morpho considers the interests of the person concerned when processing personal data in accordance with the honesty rule. Morpho data does not act against the person whose personal data is processed, from the first moment the personal data is received until the data destruction process. It cannot be processed or transferred in a way that the data subject does not specify while processing the data and cannot be foreseen by the data subject. Data processing activity carried out in accordance with the rules of law and honesty is open, specific and transparent.

  • Ensuring Personal Data Is Accurate and Up-to-Date When Necessary

  • Morpho takes the necessary measures to ensure that personal data is accurate and up-to-date throughout the period of processing, and establishes the necessary mechanisms to ensure the accuracy and up-to-dateness of personal data for certain periods. When it comes to data to be updated, it is important that the data in Morpho is not outdated. Morpho is aware of the damages that may be incurred by individuals due to incorrect or incomplete keeping of personal data. With the system created for this reason, Morpho updates the data of the relevant persons at intervals of 1 year. Since it can no longer be considered as current data in terms of data that is not updated at 1 year intervals, current data provisions are not applied. The request of the person who requests a data update is updated as soon as possible. The person concerned can access the updated version of their data by applying again.

  • Processing of Personal Data for Specific, Explicit and Legitimate Purposes

  • Morpho determines a purpose when processing personal data. This purpose is clear, precise and precise. Not only the purpose of processing the relevant data of Morpho, but also the purpose of obtaining and collecting it is legitimate, specific, clear and clear. Here it is understood that; While Morpho processes the data, it will process this data for purposes compatible with its field of activity. Objectives are not disjointed or irrelevant from the operating framework. These determined purposes are explained in the Clarification Text on our Website. In cases where there is a new purpose related to a subject other than the purpose of collecting data with a data, express consent is obtained from the data subject again, provided that the explicit consent of the person concerned is required.

  • Relating to the Purpose for which Personal Data is Processed, Limited and Measured

  • Morpho processes the least amount of data that will serve the purpose determined while receiving personal data and that can be obtained for this purpose. The processed personal data are processed adequately, relevantly and limited to the purposes for which they are processed. There is a connection between the personal data received and the data acquisition tool. Enetk cannot process or use the personal data it receives, except for purposes that it does not clearly show. In the event that a new data processing purpose arises later or is not compatible with the determined purpose, the conditions that must be met during the first collection of Morpho data are also provided for new purposes. In addition, Morpho determines the personal data it obtains according to the form of the contract, without prejudice to the regulations of the Law. Morpho first determines whether a period is foreseen for the storage of personal data in the relevant legislation, and if a period is determined, it acts in accordance with this period. If there is no legal period, personal data are stored for the period necessary for the purpose for which they are processed. At the end of the specified storage periods, personal data is destroyed in accordance with the periodic destruction periods or the application of the data owner and with the determined destruction methods (deletion and / or destruction and / or anonymization).

    2.2. COMPLIANCE WITH PERSONAL DATA PROCESSING TERMS

    The existence of certain conditions is required by the Law in order to process personal data. These processing conditions listed in Articles 5 and 6 of the Law, exceptions to the prohibition of processing personal data, which form the basis of data protection law, are the reasons that make the processing lawful. The reasons for processing personal data are limited in the law and Morpho does not process data for any other purpose other than these purposes.

  • Finding the Explicit Consent of the Personal Data Owner
  • One of the conditions for personal data processing is the express consent given by the person concerned. Morpho receives this statement for legitimate purposes. In order to obtain explicit consent from the person concerned, the person is first illuminated for the data to be given to Morpho. Data may be obtained from the person concerned about a particular subject, limited to the purposes included in the disclosure statement.

    Except for express consent, the cases where the law can be processed without the need for express consent are listed in the law.

  • Explicitly Provided in Laws

  • In case the processing of Morpho is necessary for the performance of a task performed for the public interest or is necessary in the context of the data controller's use of official authority, it may perform data processing activities without the explicit consent of the data subject. In this way, Morpho processes data in the formal sense to the extent required by the laws. For example Morpho; It does not take explicit consent to keep the data which is shown to be mandatory under the Labor Law, Turkish Commercial Code, Social Security Law, Code of Obligations. It illuminates and processes the data in accordance with the mandatory provisions within the scope of the law. For the data processed for these reasons, the person concerned does not have the right to demand the deletion or destruction of the data in accordance with KVKK.

  • Failure to Obtain the Explicit Consent of the Person Related to the Cause of Actual Impossibility

  • It is applied to persons whose consent is not legally valid, and to persons whose explicit consent cannot be obtained due to actual impossibility. In cases where it is obligatory to protect the life or bodily integrity of the person or third party, this processing activity is carried out excluding health data.

  • Direct Concern with the Establishment or Performance of the Contract

  • Personal data may be processed within the framework of mandatory transactions for the performance of an existing and valid contract between Morpho and the person concerned or the establishment of a new contract. In general, data acquisition in contracts is an integral part of the contract. For this reason, since it is mandatory to process personal data for the conclusion of the contract, Morpho processes the contract-related data of the contracted persons without seeking explicit consent. Even if it is not included in the contract from which the personal data will be collected, the personal data directly required for the performance of the contract will be processed. Personal data in terms of not only the essential elements of the contract but also the secondary elements are also evaluated within this scope. For example, in the sales contract with Morpho, Morpho processes personal data according to the requirements of the contract.

  • Fulfilling the Company's Legal Obligation

  • Morpho may process the data of individuals without express consent in order to fulfill its legal obligations, provided that it is prescribed by law and necessary for the performance of the contract. Morpho performs data processing activities arising from legal obligations arising from legal regulations, court decisions and duly issued official authority instructions, without the need for express consent in this context. Presidential decree, regulation, communiqué, etc. Regulatory actions issued by judicial and administrative authorities, such as submitting security camera or fingerprint information to the court, recording the information requested by certain institutions in the specified database.

    Morpho does not process data for legal obligations unless there is a legal obligation for data processing.

  • Making Personal Data Public by Personal Data Owner

  • Personal data made public by the person concerned, in other words, disclosed to the public in any way, may be processed by Morpho without their explicit consent. However, in any case, the data of the person concerned, who has made his data public, will not be processed by Morpho for any other reason than for the reason for making it public. For example, if the participants went to the place where the photos were taken in order to take their photos, for example, in the training or all kinds of social activities Morpho organized, it will be deemed that the photos have been made public, and Morpho can process personal data in this way without seeking explicit consent.


  • Mandatory Data Processing for the Establishment or Protection of a Right

  • Morpho does not obtain explicit consent from the data subject when processing data that is necessary for the establishment, protection or use of a legally protected right. In this respect, data can be stored not only for the rights of the persons concerned, but also for the protection of such rights regarding the rights of third parties. For example, Morpho can keep the data of the personnel who quit their job during the statute of limitations after the employment relationship ends, to be used in the future, for example in case of a lawsuit.


  • Mandatory Data Processing for the Legitimate Interest of Our Company

  • In cases where Morpho has to process the personal data of the person concerned for its legitimate interests, it may carry out processing activities provided that it does not harm the fundamental rights and freedoms of the person concerned. This is not an unlimited authority for Morpho, but an authority to be exercised in cases where legitimate interests and interests outweigh. This provision will find application for certain, clear and legitimate interests and benefits.


    2.3. PROCESSING OF SPECIAL QUALITY PERSONAL DATA


    Morpho can process private personal data of individuals by obtaining express consent, except for the cases listed in the law. Sensitive Personal Data can only be processed if the data subject has Explicit Consent or if it is expressly required by law in terms of Sensitive Personal Data other than sexual life and personal health data. Personal data related to health and sexual life can only be obtained from persons (e.g. company physicians) or authorized institutions and organizations who are under the obligation of confidentiality for the purpose of protecting public health, performing preventive medicine, medical diagnosis, treatment and care services, planning and managing health services and financing. may be processed by organizations without express consent. All administrative and technical measures foreseen by the Institution are taken for the processing and storage of personal data of special nature. The Company provides the necessary trainings for the employees involved in the processing of Special Quality Personal Data, makes a confidentiality agreement, and informs the personnel working on this subject with information security commitments. Authorization matrixes regarding the processing of special categories of personal data have been considerably reduced. Only the personnel whose work is directly related to the special quality personal data have access to the relevant data. With the periodic destruction method, special categories of personal data whose storage period has expired are destroyed. These measures are explained in detail in the administrative and technical measures section in the continuation of this policy.

    2.4. TRANSFERRING PERSONAL DATA

    Transferring personal data to third parties is also a personal data processing activity. Morpho does not transfer personal data of individuals without express consent. In terms of the transfer to be made, it performs this transfer in accordance with the general and special nature of personal data processing rules set forth in the law. Our company can transfer personal data to third parties when necessary.

    Even without the explicit consent of the personal data owner, in case one or more of the following conditions are present, personal data may be transferred to third parties by taking all necessary security measures, including the methods envisaged by the Board, with due diligence by our Company.

    • The relevant activities regarding the transfer of personal data are clearly stipulated in the laws,
    • The transfer of personal data by the Company is directly related to and necessary for the establishment or performance of a contract,
    • The transfer of personal data is mandatory for our Company to fulfill its legal obligation,
    • Transferring personal data by our Company in a limited manner for the purpose of making it public, provided that the personal data has been made public by the data owner,
    • The transfer of personal data by the Company is mandatory for the establishment, exercise or protection of the rights of the Company or the data owner or third parties,
    • It is mandatory to carry out personal data transfer activities for the legitimate interests of the Company, provided that it does not harm the fundamental rights and freedoms of the data owner,
    • It is obligatory for a person who is unable to express his consent due to de facto impossibility or whose consent is not legally valid, for the protection of himself or someone else's life or physical integrity.

    2.5. DISCLOSURE OF RELATED PERSONS

    Morpho enlightens personal data owners in accordance with Article 10 of the Law and secondary legislation. In this context, Morpho informs the persons concerned about who, as the data controller, and for what purposes, the personal data is processed, with whom it is shared, with what methods it is collected, the legal reason and the rights of the data owners within the scope of the processing of their personal data.


    SECTION 3- MEASURES TAKEN TO PROTECT PERSONAL DATA


    Morpho attaches importance to the processing of personal data as well as its business. The most important aspect of personal data processing is the storage and protection of the processed data. Morpho takes precautions in accordance with the protection requirements arising from the law in terms of private and general personal data. Morpho does not store these measures for a specific data, but takes protection measures for the protection and storage of all data.

    First of all, the most robust precaution taken for personal data is about not keeping non-essential data. Morpho determines the nature, importance, scope, context and purpose of the processing activity in accordance with the level of technology and scientific development, determines whether there are risks with various possibilities and seriousness in terms of the rights and freedoms of natural persons with personal data, and takes protection measures accordingly and determines the risks. .

    Morpho takes all kinds of technical and administrative measures in order to prevent the illegal processing and access of personal data and to ensure the protection of personal data as required. It is the explanation of the data processed in the data inventory in terms of destruction, measures and protection of personal data. As will be stated below, Morpho has measures that include more comprehensive and broader security measures for sensitive personal data.

    3.1 ENVIRONMENTS AND SAFETY PRECAUTIONS

    Personal data received by Morpho are processed and stored in appropriate environments. The recording media used for the storage of personal data are generally printed media and local digital media.

  • Printed Media: They are media where data is kept by printing on paper or microfilms.
  • Local Digital Media: Other digital media such as automation systems, recording systems, servers, fixed or portable disks, optical disks and cloud within the company.
  • Morpho takes all necessary technical and administrative measures in accordance with the characteristics of the relevant personal data and the environment in which it is kept, in order to keep personal data safe and to prevent unlawful processing and access.


    3.1.1. Technical Measures Taken to Prevent the Unlawful Processing of Personal Data, Prevent Unlawful Access to Data and Ensure the Conservation of Data

    • Technical measures are taken by Morpho regarding the protection of personal data as far as technology allows, and the measures taken are periodically updated according to technological developments. Audits are carried out at regular intervals for the implementation of the measures taken.
    • Software and systems are established and used to ensure data security, servers that host data are protected by up-to-date virus protection software, session management software that records session logs, password management software in order to prevent unlawful access and/or intervention to personal data from both inside and outside the company. Protection is provided at various layers, especially with firewalls.
    • The authorization to access personal data is limited in line with the determined data processing purpose and authorizations are reviewed regularly. Authorization is done on the basis of the need-to-know principle.
    • Technical security systems for storage areas are established, security tests and research are carried out to detect security vulnerabilities on information systems, and the issues that can be considered as current or potential risks identified as a result of the tests and researches are eliminated.
    • In order to ensure that personal data is stored legally and securely, systems and backup software are used in accordance with technological developments.
    • There is a staff member in the company who is responsible for implementing the measures taken.
    • Access to the data is restricted to the environments where personal data is kept, and only authorized persons are allowed to access this data limited to the purpose of storing personal data, and all accesses are recorded.

    3.1.2 Administrative Measures Taken to Prevent Unlawful Processing of Personal Data, Prevent Unlawful Access to Data, and Ensure Data Protection


    The main administrative measures taken to prevent unlawful processing of personal data, to prevent unlawful access to data and to ensure data protection are listed below:

    • At Morpho, regulations have been made in accordance with the Personal Data Protection Law.
    • Morpho employees are regularly informed and trained about the protection of personal data and its legal processing, behavior in accordance with information security, and privacy.
    • Morpho; Legal and technical consultancy services are obtained in order to follow the developments in the field of information security, privacy and protection of personal data and to take necessary actions.
    • All the activities carried out by Morpho were analyzed in detail for all business units, and as a result of this analysis, personal data processing activities specific to the business processes carried out by the relevant business units were determined and recorded in the personal data inventory.
    • The inventory is regularly updated by Morpho.
    • Specific to the personal data processing activities carried out by Morpho business units, the requirements to be fulfilled in order to ensure compliance with the personal data processing conditions have been determined for each business unit and detailed activity.
    • In order to meet compliance requirements, awareness is created for the relevant business units and implementation rules are determined; In order to ensure the continuity of these issues and implementation, internal policies are implemented and audits are carried out.
    • Provisions have been added to the contracts and documents signed with employees and third parties in order to ensure that personal data is processed, protected and confidential in accordance with the law, the responsibilities of the parties are clearly regulated, and provisions that impose sanctions for data processing activities contrary to the law and the contract have been implemented.

    3.1.3 Internal Audit on Protection of Personal Data

    In accordance with the KVKK, Morpho carries out the necessary inspections with its personnel or receives services from outside on this subject. The results of this audit are reported to the senior management and the relevant department within the scope of the internal operation of the Company, the actions to be taken are planned, and the follow-up of the plans for the improvement of the measures taken is followed up by the relevant process owners and the personnel involved in this work.

    SECTION 4- STORAGE AND DISPOSAL OF PERSONAL DATA


    4.1. REASONS FOR STORAGE AND DISPOSAL, ANONYMOUS

    4.1.1. Reasons for Storage

    Personal data within Morpho are processed and stored within the scope of the purposes set out in the Clarification text, Inventory and Annex-1. Morpho takes all the measures it takes so that this storage activity is in compliance with the conditions in the Law.

    4.1.2 Reasons for Disposal

    Morpho may destroy the data in its possession upon the conditions set forth in Article 5-6 of the KVKK or upon the application of the person concerned. The reasons listed in Articles 5 and 6 of the Law consist of the following:

    1. a) expressly stipulated in the law.
    2. b) It is compulsory for the protection of life or physical integrity of the person or someone else, who is unable to express his consent due to actual impossibility or whose consent is not legally valid.
    3. c) It is necessary to process the personal data of the parties to the contract, provided that it is directly related to the establishment or performance of a contract.
    4. d) It is mandatory for the data controller to fulfill its legal obligation.
    5. It is) Being made public by the person concerned.
    6. f) Data processing is mandatory for the establishment, exercise or protection of a right.
    7. g) Data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject.

    4.1.3 Methods of Disposal

    Our company preserves personal data for the period required for the purpose for which they are processed and in accordance with the minimum periods stipulated in the legal legislation to which the relevant activity is subject. In this context, our Company first determines whether a period is foreseen for the storage of personal data in the relevant legislation, and if a period is determined, it acts in accordance with this period. If there is no legal period, personal data are stored for the period necessary for the purpose for which they are processed. At the end of the specified storage periods, personal data is destroyed in accordance with the periodic destruction periods or the application of the data owner and with the determined destruction methods (deletion and / or destruction and / or anonymization).

    4.1.3.1. Deletion methods

    While destroying personal data, the data kept in the physical environment is deleted with a paper cutting machine by grinding, burning, scribbling and recycling methods.

    Personal data kept in the automatic environment is to damage the data containing media such as hard disk or USB memory by physical methods such as burning, drilling, etc. ROM or USB memory stick etc.) removal of magnetic effect, Preventing the relevant user from accessing the database by assigning roles and permissions in the databases where the data is located, and overwriting the existing data by means of software or by restoring the factory settings, In accordance with the access policies of the relevant user. The deletion process is carried out with the methods of preventing access to the relevant data.

    4.1.4 Anonymization Method

    In the process of anonymisation, which is a safer way than deletion in terms of protecting personal data, the connection of the relevant personal data with the relevant persons is disconnected and thus removed from being personal data.

    4.1.4.2 Masking

    This method means that a personal data information is disconnected from the person concerned by removing or changing certain areas. As Entek, some parts of personal data such as name, surname and similar personal data will be kept by starring in the event that the storage period for the data we keep in its automatic environment expires. Extracting variables or records, randomizing, etc. method, personal data is removed from being systematic. Some variables are removed from the data and it is brought to a situation where it cannot be determined who the data belongs to.

    4.1.4.3. Adding Noise

    With this method, the value in the data set is changed to the extent determined by addition or subtraction. For example, as a result of adding 5 to each age value in the data set, this age value was changed and new values were created.

    CHAPTER 5 - RIGHTS OF DATA OWNERS UNDER LAW

    By applying to Morpho at any time, your personal data;

    • You can learn whether it is processed, the purpose of processing and whether it is used in accordance with its purpose, and if it has been processed, it may request information on this subject,
    • In accordance with the Law, you can learn the third parties with whom your information is shared in the country and abroad,
    • If you think that your information is incomplete or incorrectly processed, you may request it to be corrected,
    • You may request the deletion or destruction of your information within the framework of the conditions stipulated in Article 7 of the Law,
    • You may request the third parties to whom your information is transferred to be notified of your requests specified in subparagraphs (c) and (d) and to perform the same actions,
    • You can object to the emergence of a result against you due to the analysis of your information by automatic systems, or you can request the removal of the damage if you think that it has been recorded or used unlawfully and you have suffered damage for this reason.

    To take advantage of your rights under the law, you can submit your applications in writing to Morpho, and visit the website of the Personal Data Protection Authority for detailed information.

    In the application containing your explanations regarding the right you have as the personal data owner and you will make and request to use the above-mentioned rights; You will need to submit your special power of attorney certified by a notary public, if the issue you request is clear and understandable, the issue you request is about yourself, or if you are acting on behalf of someone else.

    In your applications, name-surname, signature, T.C. ID number, residence or workplace address, e-mail address, telephone and fax number, the elements of the request are mandatory in accordance with the "Communiqué on the Procedures and Principles of Application to the Data Controller". Applications that do not contain these elements will be rejected by Morpho.

    Morpho always reserves the right to make changes for reasons arising from the Law, secondary regulations and Board decisions. Changes to be made in the clarification text and the updated text will become effective immediately as of the date they are notified to you.


    Annex-1 LIGHTING TEXT


    DISCLOSURE STATEMENT UNDER THE PERSONAL DATA PROTECTION LAW

    Centuries Gayrimekul San. and Tic. Inc. (“Morpho Sleep”) also uses its importance and attention in the field of business to protect personal data. Morpho Sleep collects, stores and deletes personal data in compliance with all general and special legislation that regulates personal data such as Article 20 of the Constitution, Personal Data Protection Law No. 6698 and all kinds of secondary regulations, generally. morpho Sleep has prepared this text to inform and enlighten you, our valued members, visitors and customers. Your Personal Data will be processed in the ways we describe below, and your data will not be stored in any matter not specified by us.

    Morpho Sleep , www. Membership relationship established with you by approving our membership or service contract on our website called morphosleeğp.com.tr, customer relationship established due to the purchase-sale relationship formed due to the order placed at this address, morpho due to visitor relationship created by visiting our website. You share your data with Sleep.

    morpho Sleep is the "Data Controller" within the scope of the Personal Data Protection Law No. 6698.

    morpho Sleep records your personal data with automatic or non-automatic systems. Morfo Sleep processes your data with automatic methods in its online stores and channels on its website. You share with us name-surname, gender, date of birth, address, e-mail, telephone number, purchased product information data with this form on this site. We process your data in accordance with the establishment or performance of the contract, the exercise or establishment of the right, our legitimate interests within the scope of the contract/membership you have established with us, and the obligations required by the service or membership contract.

    Morpho Sleep collects and processes your data with cookies due to the benefits of coupon privileges, discount checks, product definitions to be made on your behalf in your next orders within the scope of the membership agreement you have made with us.

    In addition, this data is collected by us using session cookies specified in our cookie policy, the date and time you entered www.morphosleep.com, the website that allows you to connect to the site, the time you have been on the site, the name of your internet service provider, your password and username reminder in case you are a member. is logged.

    Your data;

    • Establishment and execution of the sales contract,
    • Fulfilling the requirements arising from the law in order to conclude a distance sales contract,
    • Establishment of the membership agreement,
    • Sustaining Marketing Activities,
    • Fulfillment of Legal Obligations,
    • After Sales Support Activities,
    • Shipping and delivery of the products you ordered,
    • Accounting and financial affairs,
    • Continuation of communication activities,
    • Follow-up of requests and complaints,
    • Coupon right, discount formation within the scope of order and loyalty card,

    For reasons such as above, your data is processed. morpho Sleep does not process and use this information in violation of law, morality, good manners, and legislation.

    Your Personal Data, for the purposes listed above, in accordance with the conditions set forth in Articles 8 and 9 of the Law, to real and legal persons permitted in the legislation, to other authorized public institutions and organizations when necessary, to our third party service providers for the above-mentioned reasons within the scope of the execution of the contracts made with you, and shared with our cloud service provider.

    Your personal data is stored by taking all kinds of administrative and technical measures arising from the law. Our personnel are regularly trained on data protection and storage, a secure payment (SSL) double-key payment system is used, non-essential data is destroyed by periodic destruction, we do not process your personal data of special nature unless necessary, by having infiltration tests, logging and backing up your data. We provide security.

    By applying to morpho Sleep at any time, your personal data;

    You can learn whether it is processed, the purpose of processing and whether it is used in accordance with its purpose, and if it has been processed, it may request information on this subject,

    • In accordance with the Law, you can learn the third parties with whom your information is shared in the country and abroad,
    • If you think that your information is incomplete or incorrectly processed, you may request it to be corrected,
    • You may request the deletion or destruction of your information within the framework of the conditions stipulated in Article 7 of the Law,
    • You may request the third parties to whom your information is transferred to be notified of your requests specified in subparagraphs (c) and (d) and to perform the same actions,
    • You can object to the emergence of a result against you due to the analysis of your information by automatic systems, or you can request the removal of the damage if you think that it has been recorded or used unlawfully and you have suffered damage for this reason.

    In order to take advantage of your rights under the law, you can submit your applications in writing to morpho Sleep (see the Application Form at www.morphosleep.com), you can visit the website of the Personal Data Protection Authority for detailed information.

    In the application containing your explanations regarding the right you have as the personal data owner and you will make and request to use the above-mentioned rights; You will need to submit your special power of attorney certified by a notary public, if the issue you request is clear and understandable, the issue you request is about yourself, or if you are acting on behalf of someone else.

    In your applications, name-surname, signature, T.C. ID number, residence or workplace address, e-mail address, telephone and fax number, and the elements of the request are mandatory in accordance with the "Communiqué on the Procedures and Principles of Application to the Data Controller" within the scope of the Law on the Protection of Personal Data No. 6698. Applications that do not contain the aforementioned elements will be rejected by morpho Sleep.

    morpho Sleep always reserves the right to make changes in this clarification text for reasons arising from the Law, secondary regulations and Board decisions. Changes to be made in the clarification text and the updated text will become effective immediately as of the date they are notified to you.

    FACEBOOK DATA SHARING

    Our website, which directly shares data from our servers to Facebook, in order to use your information more effectively.Conversions APIuses. By continuing to use our website, you agree to this data sharing. This data cannot be blocked by ad blockers.



    ANNEX-2 STORAGE TIMES


    Data Type

    Storage Time

    Retention Start Date

    General Data of the Company

    10 years

    At the first periodic disposal period following the end of the storage period

    Financial and Tax Records

    10 years

    At the first periodic disposal period following the end of the storage period

    Payroll and salary information

    10 years

    At the first periodic disposal period following the end of the storage period

    Recruitment Positive Process (HR file)

    10 years

    At the first periodic disposal period following the end of the storage period

    Recruitment Negative Process

    6 Oh

    At the first periodic disposal period following the end of the storage period

    HR, employment, retirement information for employees

    10 years

    At the first periodic disposal period following the end of the storage period

    Data retained on the leaving employee

    10 years

    At the first periodic disposal period following the end of the storage period

    Employee health and safety records/data

    15 years

    At the first periodic disposal period following the end of the storage period

    Legal texts and contracts

    10 years

    At the first periodic disposal period following the end of the storage period

    Data on business contacts

    10 years

    At the first periodic disposal period following the end of the storage period

    Data of potential customers

    10 years

    At the first periodic disposal period following the end of the storage period

    Customer data

    10 years

    At the first periodic disposal period following the end of the storage period

    Security (CCTV, visitor registration, license plate and etc.)

    6 is

    At the first periodic disposal period following the end of the storage period

    Marketing Activities Planning and Execution

    10 years

    From the Termination of the Business Relationship

    IT Department Log / Record / Tracking Systems

    6 is

    At the first periodic disposal period following the end of the storage period

    Website Visitor

    6 is

    At the first periodic disposal period following the end of the storage period