• en
  • tr

Privacy policy

PRIVACY POLICY


EPISODE 1 - PERSONAL DATA PROCESSING POLICY INTRODUCTION


  • GOAL

  • This Policy, Asırlar Gayrimenkul San. Ve Tic. A.S. (“Morpho"Or "Company, Firm" ) in order to clearly reveal the processes and methods of storing, processing or destroying all Personal Data that employees receive or include their information while working with the business and transactions related to the data controller title resulting from the processing, storage and destruction of personal data carried out by . This policy has been issued in accordance with the secondary legislation taking its legal basis from it, especially the Personal Data Protection Law numbered 6698, and the decisions of the Personal Data Protection Authority. The purpose of this policy is to comply with Morpho's Personal Data Protection Law published in the Official Gazette dated April 7, 2016 and numbered 29677 ("KVKK") to regulate and publicize the methods and principles to be followed in order to ensure that they are processed and protected in harmony.


  • SCOPE

  • This Policy applies to all employees who process Personal Data completely or partially by automatic means or means, or who process Personal Data (other than automatic means and means) by other means and tools that are part of a recording system or are intended to form a part of a recording system; It is applied in relation to the processing activities of personal data belonging to Morpho employees, employee candidates, service providers, visitors, Morpho candidates and other third parties.

     

  • DEFINITIONS

  • Personal Data : Means any information regarding the Data Subject, such as name, address, telephone number, e-mail address, or similar identification information.

    Processing of Personal Data : Obtaining, recording, storing, preserving, changing, reorganizing, disclosing, transferring, taking over, making available, classifying or using personal data through fully or partially automatic means or non-automatic means provided that they are part of any data recording system Any action taken on the data, such as blocking. 

    Personal Health Data : All kinds of information regarding the physical and mental health of an identified or identifiable natural person and information about the health service provided to the person.

    Buyer Group : The category of natural or legal persons to whom personal data is transferred by the data controller.

    Open Consent : Consent on a specific subject, based on information and expressed with free will

    Anonymization : Making personal data unrelated to an identified or identifiable natural person under any circumstances, even by matching other data.

    Special Quality Personal Data : A person's race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, costume and dress, association, foundation or union membership, health, sexual life, criminal conviction and security measures, and biometric and genetic data

    VERBIS : Data controllers (Morpho) data registry information system 

    Data Contact Person : Real person notified by Morpho Board of Directors during registration to VERBIS for communication with the personal data protection agency. 

    Data Processor : A natural or legal person who processes personal data on behalf of the data controller, based on the authority given by him. 

    Data Subject or Related Person : An identified or identifiable natural person to whom the data belongs.

    Working : Persons employed in Morpho on the basis of an employment contract

    Employee Candidate : Real persons who make their CV and related information accessible to Morpho by applying for a job or by any other means.

    Client / Contractor Candidate : Regardless of any contractual relationship, real persons whose personal data are obtained due to business relations within the scope of the activities carried out by Morpho.

    Visitors : Real persons who have entered Morpho's physical facilities for various purposes or visited its websites.

    Destruction : Deletion, destruction or anonymization of personal data

    Periodic Destruction : The deletion, destruction or anonymization process to be carried out ex officio at repetitive intervals specified in the personal data storage and destruction policy in case all of the personal data processing conditions included in the law are eliminated

    Third Parties : Although not defined in the Procedure, suppliers, victims, family members, etc. whose personal data are processed within the framework of this Procedure. other natural persons, including but not limited to. 







    SECTION 2- PROCESSING AND STORAGE OF PERSONAL DATA


    When processing personal data, Morpho receives personal data in accordance with the following issues, primarily due to the laws and the requirements of the business:

  •    General principles,
  • Personal Data Processing Conditions,
  • It acts in accordance with Special Qualified Personal Data.

  • Personal data cannot be received without complying with these reasons. In cases where it is noticed that personal data is processed in this way, the data is destroyed. We will examine the processing considerations in detail below.


    2.1. COMPLIANCE WITH GENERAL PRINCIPLES


  • Processing in accordance with the Law and the Rules of Honesty

  • Morpho also acts in accordance with the principles introduced by legal regulations in the processing of personal data and the general trust and honesty rule to which the processed data is subject. Morpho takes into account the interests of the person concerned when processing personal data in accordance with the principle of honesty. From the first moment when personal data is received, until the destruction of the data, Morpho data does not act against the person being processed. It cannot perform any data processing or transfer activity that the person concerned did not specify while processing the data and that the person concerned could not predict. Data processing activities carried out in accordance with the rules of law and honesty are clear, specific and transparent. 

  • Ensuring that Personal Data is Accurate and Updated when Required

  • Morpho takes the necessary measures to ensure that personal data are accurate and up-to-date during the period of processing, and establishes the necessary mechanisms to ensure the accuracy and currency of personal data for certain periods of time. When it comes to data to be updated, it is important that the data in Morpho is not outdated. Morpho is aware of the damages that people may incur due to incorrect or incomplete personal data. For this reason, with the system created, Morpho updates the data of the relevant persons at 1-year intervals. Up-to-date data provisions are not applied, since data that are not updated at 1-year intervals can no longer be considered as up-to-date data. The request of the person who performs the data update is updated as soon as possible. The relevant person can access the updated version of their data by applying again.

  • Processing of Personal Data for Specific, Clear and Legitimate Purposes

  • Morpho sets a purpose when processing personal data. This goal is clear, precise and precise. The related data of Morpho is not only the purpose of processing, but also the purpose of obtaining and collecting it is legitimate, specific, clear and clear. It is understood from here that; Morpho will process this data for purposes compatible with the subject of activity while processing the data. Objectives are not separate or irrelevant from the operating framework. These determined purposes are explained in the Clarification Text on our Website. In cases where there is a new purpose other than the purpose of collecting data with a data, express consent is obtained from the person concerned, provided that the explicit consent of the relevant person is required. 

  • Being Connected, Limited and Measured for the Purpose of Processing Personal Data

  • Morpho processes the least amount of data that can serve the specified purpose while collecting personal data and that can be received for this purpose. The processed personal data are processed in a sufficient, relevant and limited manner for the purposes of processing. There is a connection between the personal data received and the data retrieval tool. Enetk cannot process or use the personal data it receives except for purposes that it does not clearly show. In the event that a new data processing purpose arises later or is not compatible with the specified purpose, the conditions to be met during the first collection of Morpho data are provided again for new purposes. In addition, Morpho determines the personal data it obtains according to the form of the contract, without prejudice to the Law regulations. Morpho firstly determines whether a period is stipulated for the storage of personal data in the relevant legislation, and if a period is specified, it acts in accordance with this period. If there is no legal period, personal data are stored for the period required for the purpose for which they are processed. Personal data are destroyed at the end of the specified storage periods in accordance with the periodic destruction periods or the data owner application and by the determined destruction methods (deletion and / or destruction and / or anonymization).

    2.2. COMPLIANCE WITH PERSONAL DATA PROCESSING CONDITIONS  

    In order to process personal data, some conditions are sought by the Law. These processing conditions listed in Articles 5 and 6 of the Law, exceptions to the prohibition of processing personal data, which constitute the basis of data protection law, are the reasons that make the processing legal. The reasons for processing personal data are limited in the law, and Morpho does not process data for any other purpose other than these. 

  • Obtaining the Explicit Consent of the Personal Data Owner
  • One of the conditions for the processing of personal data is the explicit consent given by the person concerned. Morpho receives this statement for legitimate purposes. In order to obtain explicit consent from the relevant person, the person is first illuminated for the data to be given to Morpho by lighting. Data can be obtained from the relevant person regarding a specific subject limited to the purposes included in the disclosure statement. 

    Except for express consent, situations where the law can be processed without the need for explicit consent are enumerated in the law.

  • Clearly Stipulated in Laws

  • If the processing of Morpho is mandatory for the performance of a task performed for the public interest or is necessary in the context of the data controller's official authority, it can perform data processing without the express consent of the relevant person. In this way, Morpho processes data to the extent required by the articles of the law. For example Morpho; It does not obtain explicit consent to keep the data required to be kept within the scope of the Labor Law, Turkish Commercial Code, Social Security Law, Law of Obligations. It illuminates and processes data in accordance with the mandatory provisions within the scope of the law. For these reasons, the person concerned does not have the right to request the deletion or destruction of the data in accordance with the KVKK. 

  • Failure to Obtain Explicit Consent of the Relevant Person Due to Actual Impossibility

  • It is applied to people whose consent is not legally valid, and those whose explicit consent cannot be obtained due to actual impossibility. In cases where the life or body integrity of the relevant person or third person must be protected, this processing activity is carried out excluding health data. 

  • Directly Related to the Establishment or Execution of the Contract

  • It may process personal data within the framework of mandatory procedures for the execution of an existing and valid contract between Morpho and the person concerned or the establishment of a new contract. In general, data acquisition in contracts is an integral part of the contract. For this reason, since it is compulsory to process personal data for the establishment of the contract, Morpho processes the contract-related data of the persons with whom it has contracted without explicit consent. Even if it is not included in the contract from which personal data will be received, personal data directly required for the performance of the contract will be processed. Personal data not only in terms of the essential elements of the contract but also in terms of its secondary elements are evaluated within this scope. For example, in the sales contract made with Morpho, Morpho processes personal data according to the requirements of the contract. 

  • Fulfilling the Company's Legal Obligation

  • Without prejudice to the conditions required by law and necessary for the execution of the contract, Morpho can process the data of individuals without explicit consent in order to fulfill its legal obligations. Morpho carries out data processing activities arising from legal regulations other than laws, court decisions and duly issued official authority instructions, without the need for explicit consent in this context. President's decree, regulation, communiqué etc. Regulatory procedures issued by judicial and administrative authorities such as the submission of security camera or fingerprint information to the court, recording the information requested by certain institutions in the specified database.

    Morpho does not process data for legal obligation unless there is a legal obligation for data processing.

  • Making Personal Data Public by Personal Data Owner

  • Personal data made public by the person concerned, in other words, disclosed to the public in any way, may be processed by Morpho without his express consent. However, in any case, it is not processed by Morpho in any way other than the reason of publicizing the data of the relevant person who has made his data public. For example, Morpho will be deemed to have made the photographs public if the participants have gone to the place where the photograph was taken, for example, in cases such as training or any social activity, Morpho will be able to process personal data without explicit consent.


  • When Data Processing is Mandatory for the Establishment or Protection of a Right

  • Morpho does not obtain explicit consent from the person concerned while processing data that is obligatory for the establishment, protection or use of a legally protected right. In this respect, data may be stored to protect not only the rights of the concerned persons but also the rights of all three persons. For example, Morpho can store the data of the personnel who leave their jobs during the prescription period after the business relationship is over, to be used in the future, for example in case of a lawsuit.


  • When Data Processing is Mandatory for the Legitimate Interest of Our Company

  • In cases where Morpho is obliged to process the personal data of the relevant person for his legitimate interests, it may operate on the condition that it does not harm the fundamental rights and freedoms of the relevant person. This is not an unlimited authority for Morpho, but a power to be applied in cases where legitimate interests and interests prevail. This provision will be applied for specific, explicit and legitimate interests and interests. 


    2.3. PROCESSING SPECIAL QUALITY PERSONAL DATA


    Morpho can process personal data of individuals with explicit consent, except for the cases listed in the law. Special Quality Personal Data can only be processed if the relevant person has the Explicit Consent or if it is explicitly required by law for Special Qualified Personal Data other than sexual life and personal health data. Personal data related to health and sexual life can only be used by persons (e.g. Company physician) or authorized institutions and organizations under the obligation of secrecy for the purpose of protecting public health, conducting preventive medicine, medical diagnosis, treatment and care services, planning and managing health services and financing. can be processed by organizations without explicit consent. All administrative and technical measures stipulated by the Authority are taken in terms of processing and storing special personal data. The Company provides the necessary training for employees involved in the processing of Special Qualified Personal Data, makes confidentiality agreements, and informs the personnel working on this subject with information security commitments. Regarding the processing of sensitive personal data, authorization matrices have been greatly reduced. Only personnel who are directly related to their work with personal data of special nature have access to the relevant data. With the periodic destruction method, personal data of special nature whose storage period has expired are destroyed. These measures are explained in detail in the administrative and technical measures section that follows this policy.

    2.4. TRANSFER OF PERSONAL DATA

    The transfer of personal data to third parties is also a personal data processing activity. Morpho does not transfer personal data of individuals without express consent. It performs this transfer in accordance with the general and special quality personal data processing rules specified in the law in terms of the transfer to be made. Our company can transfer personal data to third parties when necessary.

    Even if there is no express consent of the personal data owner, if one or more of the following conditions are present, personal data may be transferred to third parties by taking all necessary security measures, including the methods prescribed by the Board, by our Company. 

    • The relevant activities regarding the transfer of personal data are clearly stipulated in the laws, 
    • The transfer of personal data by the Company is directly related and necessary with the establishment or performance of a contract, 
    • The transfer of personal data is mandatory for our Company to fulfill its legal obligation, 
    • The transfer of personal data by our Company in a limited way for the purpose of publicization, provided that it has been made public by the data owner, 
    • The transfer of personal data by the Company is mandatory for the establishment, use or protection of the rights of the Company or the data owner or third parties, 
    • It is mandatory to carry out personal data transfer activities for the legitimate interests of the Company, provided that it does not harm the fundamental rights and freedoms of the data owner, 
    • It is obligatory for the person who is unable to explain his consent due to actual impossibility or whose consent is not legally valid, to protect himself or someone else's life or physical integrity.

    2.5. DISCLOSURE TO RELATED PERSONS

    Morpho enlightens personal data owners in accordance with Article 10 of the Law and secondary legislation. In this context, Morpho informs the relevant persons about who, as the data controller, for what purposes, for what purposes it is shared with whom, with what methods it is collected, the legal reason and the rights of the data owners within the scope of processing their personal data.   


    SECTION 3- MEASURES TAKEN FOR THE PROTECTION OF PERSONAL DATA


    Morpho pays attention to the processing of personal data as much as it does with its work in its field. The most important aspect of personal data processing is the storage and protection of the processed data. Morpho takes measures in accordance with the protection requirements arising from the law in terms of private and general personal data. Morpho does not keep these measures in relation to a specific data, but takes protection measures in terms of protection and storage of all data. 

    First of all, the most robust measure taken for personal data is about not keeping unnecessary data. Morpho determines the nature, importance, scope, context and purpose of the processing in accordance with the level of technology and scientific development and determines whether there are risks with various possibilities and seriousness in terms of the rights and freedoms of real persons who have personal data, and takes protective measures accordingly and determines the risks. . 

    Morpho takes all kinds of technical and administrative measures in order to prevent the unlawful processing of personal data, to prevent their access, to ensure the protection of personal data. It is the explanation of the data processed in the data inventory in terms of destruction of personal data, measures taken and protection. As stated below, Morpho has more comprehensive and broader security measures for personal data of special nature. 

    3.1 ENVIRONMENTS AND SAFETY PRECAUTIONS

    Personal data received by Morpho are processed and stored in appropriate environments. The recording media used for the storage of personal data are generally printed media and local digital media.

  • Printed Media: They are the media in which data are kept by printing on paper or microfilms.
  • Local Digital Media: The automation systems within the company are recording systems, servers, fixed or portable discs, optical discs, and other digital media such as the cloud.
  • Morpho takes all necessary technical and administrative measures in accordance with the characteristics of the environment in which it is stored with the relevant personal data in order to protect personal data safely and to prevent unlawful processing and access.


    3.1.1. Technical Measures Taken to Prevent Unlawful Processing of Personal Data, To Prevent Unlawful Access to Data and to Ensure Data Preservation

    • Technical measures are taken by Morpho regarding the protection of personal data to the extent that technology allows, and the measures taken are periodically updated according to technological developments. Inspections are carried out at regular intervals for the implementation of the measures taken. 
    • Software and systems that will ensure data security are established and used, servers hosting the data are protected by up-to-date virus protection software, session management software, password management software, to prevent unlawful access and / or intervention to personal data from inside and outside the company. Protection is provided in various layers, especially on firewalls.
    • Access authorization to personal data is limited in line with the specified data processing purpose, and authorizations are regularly reviewed. Authorization is made on the basis of the need-to-know principle. 
    • Technical security systems are established for storage areas, security tests and researches are carried out to detect security vulnerabilities on information systems, and any existing or potential risks identified as a result of the tests and researches are eliminated.
    • Systems and backup software suitable for technological developments are used to ensure that personal data are stored legally and securely.
    • There is a staff member in charge of implementing the measures taken in the company.
    • Access to the data is restricted to the environments where personal data are kept, allowing only authorized persons to access this data limited to the purpose of storing personal data, and all access is recorded.

    3.1.2 Administrative Measures Taken To Prevent Unlawful Processing of Personal Data, To Prevent Unlawful Access to Data, and to Ensure Data Preservation


    The main administrative measures taken to prevent unlawful processing of personal data, to prevent unlawful access to data and to ensure data preservation are listed below: 

    • Arrangements have been made within Morpho according to the Personal Data Protection Law.
    • Morpho employees are regularly informed and trained on the protection of personal data and processing in accordance with the law, behavior in accordance with information security, privacy of private life. 
    • Morpho; Legal and technical consultancy services are obtained in order to follow developments in the fields of information security, privacy of private life and protection of personal data and to take necessary actions.
    • All activities carried out by Morpho have been analyzed in detail for all business units, as a result of this analysis, personal data processing activities specific to the business processes carried out by the relevant business units were determined and processed in the personal data inventory. 
    • The inventory is updated regularly by Morpho. 
    • Specific to the personal data processing activities carried out by Morpho business units, the requirements to be fulfilled in order to ensure compliance with the personal data processing conditions are determined for each business unit and detail activity. 
    • In order to meet compliance requirements, awareness is created for relevant business units and implementation rules are determined; Internal policies are implemented and audits are carried out to ensure the continuity of these issues and practices. 
    • Provisions were added to the contracts and documents signed with employees and third parties in order to process and protect personal data in accordance with the law, and to ensure data confidentiality, and the responsibilities of the parties were clearly regulated, and provisions imposing sanctions for data processing activities contrary to the law and contract were applied. 

    3.1.3 Internal Audit in Protection of Personal Data

    Morpho, in accordance with the KVKK, performs the necessary audits with its personnel or receives services from outside. The results arising from this audit are reported to the senior management and the relevant department within the scope of the internal operation of the Company, the actions to be taken are planned and the actions planned for the improvement of the measures taken are followed up by the relevant process owners and the personnel who are interested in this business.

    SECTION 4- STORAGE AND DISPOSAL OF PERSONAL DATA


    4.1. STORAGE AND DESTRUCTION, REASONS FOR ANONYMIZING

    4.1.1. Storage reasons

    Personal data within the body of Morpho are processed and stored within the scope of the purposes included in the Illumination text, Inventory and Annex-1. Morpho carries out all the measures it takes to ensure that this custody activity is in accordance with the provisions of the Law.  

    4.1.2 Causes of Destruction

    Morpho may destroy the data in its responsibility upon the conditions in KVKK Art.5-6 or the application of the relevant person. The reasons listed in Articles 5 and 6 of the Law consist of the following:

    1. a) It is clearly stipulated in the laws.
    2. b) It is compulsory for the protection of the life or physical integrity of the person who is unable to disclose his consent due to actual impossibility or whose consent is not legally valid.
    3. c) Provided that it is directly related to the establishment or performance of a contract, it is necessary to process personal data belonging to the parties to the contract.
    4. D) It is mandatory for the data controller to fulfill his legal obligation.
    5. to) It is made public by the person concerned.
    6. f) Data processing is mandatory for the establishment, use or protection of a right.
    7. g) It is mandatory to process data for the legitimate interests of the data controller, provided that the fundamental rights and freedoms of the data subject are not harmed.

    4.1.3 Disposal Methods

    Our company preserves personal data in accordance with the time required for the purpose for which they are processed and the minimum periods stipulated in the legal legislation to which the relevant activity is subject. In this context, our company first determines whether a period is stipulated for the storage of personal data in the relevant legislation, and if a period is specified, it acts in accordance with this period. If there is no legal period, personal data are stored for the period required for the purpose for which they are processed. Personal data are destroyed at the end of the specified storage periods in accordance with the periodic destruction periods or the data owner application and by the determined destruction methods (deletion and / or destruction and / or anonymization).

    4.1.3.1. Deletion methods

    For the data kept in the physical environment while destroying personal data, it is deleted by the paper cutting machine by grinding, burning, scratching and recycling methods. 

    Personal data kept in an automatic environment is irreversibly damaged by physical methods such as burning, drilling, data containing data such as hard disk or USB memory, Preventing access to the data by the relevant user by encrypting the data with encryption methods, The process of destroying the magnetic effect of ROM or USB memory etc.), preventing the relevant user from accessing the database by assigning roles and permissions in the databases where the data is located, and overwriting the existing data by means of software or by restoring the factory settings, Deletion is carried out by means of preventing access to the relevant data.

    4.1.4 Anonymization Method

    In the anonymization process, which is a safer way to protect personal data than deletion, the relevant personal data is disconnected from the relevant persons and in this way, it is removed from being personal data.

    4.1.4.2 Masking

    This method refers to the disconnection of an information that qualifies as personal data from the person concerned by removing or changing certain fields. As Entek, some parts of personal data such as name, surname and similar personal data will be stored by an asterisk if the storage period for the data we keep in its automatic environment expires. Subtracting variables or registers, randomizing, etc. With the method, personal data are removed from being systematic. By removing some variables from the data, it is brought into situations where it cannot be determined to whom the data belongs. 

    4.1.4.3. Adding Noise

    With this method, the value in the data set is changed to a certain extent by adding or subtracting. For example, as a result of adding 5 to each age value in the data set, this age value was changed and new values were created.

    CHAPTER 5 - RIGHTS OF DATA OWNERS UNDER THE LAW

    Whenever you want, by applying Morpho to your personal data;

    • It can learn whether it has been processed, the purpose of processing and whether it is used according to its purpose, and if it has been processed, it can request information on this subject
    • You can learn the third parties with whom your information is shared in the country and abroad in accordance with the Law
    • If you think your information is incomplete or incorrectly processed, you can request correction,
    • Request the deletion or destruction of your information within the framework of the conditions stipulated in Article 7 of the Law,
    • You may request that third parties to whom your information is transferred be notified of your requests specified in subparagraphs (c) and (d) and perform the same actions,
    • You can object to the emergence of a result against you due to the analysis of your information with automated systems, or if you think that it has been recorded or used illegally and you have suffered damage for this reason, you can request the removal of the damage.

    In order to take advantage of your rights under the law, you can submit your applications in writing to Morpho and visit the website of the Personal Data Protection Authority for detailed information.

    In the application that you have as a personal data owner and that you will make in order to exercise your rights stated above and that you have requested to use; You will need to submit the subject you request to be clear and understandable, the subject you request is related to your person or if you are acting on behalf of someone else, you will need to submit your special power of attorney certified by a notary public in this regard.

    In your applications, name-surname, signature, T.C. Identification number, residence or workplace address, e-mail address, telephone and fax number, the subject of the request are obligatory in accordance with the "Communiqué on the Principles and Procedures of Application to the Data Officer". Applications that do not contain the aforementioned elements will be rejected by Morpho.

    Morpho always reserves the right to make changes due to reasons arising from the Law, secondary regulations and Board decisions. The changes to be made in the disclosure text and the updated text will become effective immediately as of the date of notification to you.


    Annex-1 DISCLOSURE TEXT


    DISCLOSURE STATEMENT UNDER THE PERSONAL DATA PROTECTION LAW

    Asırlar Gayrimekul San. Ve Tic. A.S. (“Morpho Sleep”) uses its importance and attention in the field of business to protect personal data. Morpho Sleep collects, stores and deletes personal data when necessary, complying with all general and special legislation that regulate personal data, such as Article 20 of the Constitution, Personal Data Protection Law No. 6698 and all kinds of secondary regulations. morpho Sleep has prepared this text to inform and enlighten you, our valuable members, visitors and customers. Your Personal Data will be processed in the ways we describe below, and your data will not be stored in any matter not specified by us.

     morpho Sleep, www. The membership relationship established with you by approving the membership or service agreement on our website where morphosleeğp.com.tr was created, the customer relationship established due to the purchase-sale relationship formed due to the order placed from this address, the visitor relationship created by visiting our website morpho With Sleep, you share your data. 

     morpho Sleep is a "Data Officer" within the scope of the Personal Data Protection Law No. 6698. 

     morpho Sleep saves your personal data with automatic or non-automatic systems. On the morpho Sleep website, lolan processes your data with automatic methods in its online store. With this form on this site, you share your name-surname, gender, date of birth, address, e-mail, phone number, purchased product information data with us. By us, your data are processed in accordance with the establishment or performance of the contract, the exercise or establishment of the right, our legitimate interests within the scope of the contract / membership you have established with us, the service or the obligations required by the membership agreement. 

    Morpho Sleep collects and processes your data with cookies due to the benefits of coupon privileges within the scope of the membership agreement you have made with us, discount checks, product descriptions to be made on your behalf in your next orders.

    In addition, by using the session cookies specified in our cookie policy, the date and time you entered the www.morphosleep.com address, the website that enables you to connect to the site, the time you are on the site, the name of your internet service provider, your password if you are a member, and the reminder of your username. are logged.

    Your data;

    • Establishment and execution of the sales contract,
    • Fulfilling the requirements arising from the law in order to conclude a distance sales contract, 
    • Establishing a membership agreement,
    • Sustaining Marketing Activities,
    • Fulfilling Legal Obligations,
    • After Sales Support Activities,
    • Shipping and delivery of the products you have ordered to you,
    • Accounting and finance affairs,
    • Continuation of communication activities,
    • Follow-up of requests and complaints,
    • Coupon right, discount formation within the scope of order and loyalty card,

    For such reasons, your data mentioned above are processed. morpho Sleep does not process or use this information contrary to the law, morality, etiquette and legislation.

    Your Personal Data, within the scope of the above-mentioned purposes, to real and legal persons permitted in the legislation in accordance with the conditions specified in Article 8 and 9 of the Law, to other authorized public institutions and organizations, our third party service providers for the reasons stated above within the scope of the execution of the contracts made with you, and shared with our cloud service provider. 

    Your personal data are stored by taking all kinds of administrative and technical measures arising from the law. Our personnel are regularly trained on data protection and storage, secure payment (SSL) method, double-key payment system is used, unnecessary data is destroyed through periodic destruction, they do not process your personal data of special nature unless necessary, by having infiltration tests, logging your data, and backing up data. we provide security.

    Whenever you want, by applying morpho Sleep, you can obtain your personal data;

    It can learn whether it has been processed, the purpose of processing and whether it is used according to its purpose, and if it has been processed, it can request information on this subject

    • You can learn the third parties with whom your information is shared in the country and abroad in accordance with the Law
    • If you think your information is incomplete or incorrectly processed, you can request correction,
    • Request the deletion or destruction of your information within the framework of the conditions stipulated in Article 7 of the Law,
    • You may request that third parties to whom your information is transferred be notified of your requests specified in subparagraphs (c) and (d) and perform the same actions,
    • You can object to the emergence of a result against you due to the analysis of your information with automated systems, or if you think that it has been recorded or used illegally and you have suffered damage for this reason, you can request the removal of the damage.

    In order to take advantage of your rights under the law, you can send your applications in writing to morpho Sleep (see the Application Form at www. Morphosleep, com), you can visit the website of the Personal Data Protection Authority for detailed information.

    In the application that you have as a personal data owner and that you will make in order to exercise your rights stated above and that you have requested to use; You will need to submit the subject you request to be clear and understandable, the subject you request is related to your person or if you are acting on behalf of someone else, you will need to submit your special power of attorney certified by a notary public in this regard. 

    In your applications, name-surname, signature, T.C. identification number, residence or workplace address, e-mail address, telephone and fax number, and the subject of the request are obligatory in accordance with the "Communiqué on the Principles and Procedures of Application to the Data Controller" under the Law on the Protection of Personal Data No. 6698. Applications that do not contain these elements will be rejected by morpho Sleep.

     morpho Sleep always reserves the right to make changes in this illumination text due to reasons arising from the Law, secondary regulations and Board decisions. The changes to be made in the disclosure text and the updated text will become effective immediately as of the date of notification to you.

    FACEBOOK DATA SHARING

    Our website directly shares data from our servers to Facebook in order to use your information more effectively. Conversions API uses. By continuing to use our website, you agree to this data sharing. This data cannot be blocked by ad blockers.



    ANNEX-2 STORAGE PERIODS


    Data Type

    Storage Period

    Storage Start Date

    General Data of the Company

    10 years

    During the first periodic destruction period following the expiry of the storage period

    Records Regarding Financial Affairs and Taxes

    10 years

    During the first periodic destruction period following the expiry of the storage period

    Payroll and salary information

    10 years

    During the first periodic destruction period following the expiry of the storage period

    Recruitment Positive Process (HR file)

    10 years

    During the first periodic destruction period following the expiry of the storage period

    Recruitment Negative Process

    6 months

    During the first periodic destruction period following the expiry of the storage period

    HR, employment, retirement information for employees

    10 years

    During the first periodic destruction period following the expiry of the storage period

    Data kept on the employee who left

    10 years

    During the first periodic destruction period following the expiry of the storage period

    Employee health and safety records / data

    15 years 

    During the first periodic destruction period following the expiry of the storage period

    Legal texts and contracts

    10 years

    During the first periodic destruction period following the expiry of the storage period

    Data on business contacts

    10 years

    During the first periodic destruction period following the expiry of the storage period

    Data of potential customers

    10 years

    During the first periodic destruction period following the expiry of the storage period

    Customer data

    10 years

    During the first periodic destruction period following the expiry of the storage period

    Security (CCTV, visitor recording, vehicle license plate and etc.)

    6 months

    During the first periodic destruction period following the expiry of the storage period

    Planning and Execution of Marketing Activities

    10 years

    Since the Termination of the Business Relationship

    Information Technologies Department Log / Record / Tracking Systems





    Website Visitor



    6 months 

    During the first periodic destruction period following the expiry of the storage period

    During the first periodic destruction period following the expiry of the storage period