Protection of personal data is an important issue for Made By Cat İnteraktif Pazarlama Hizmetleri A.Ş. (“MADEBYCAT”). MADEBYCAT realizes its services and general working principle based on the protection of personal data.
MADEBYCAT adopts the principles stipulated by the PVP Policy in order to comply with the Personal Data Protection Law No. 6698 (“PVP Policy”), and fulfills its obligations regarding the processing, deletion, destruction, anonymization, transfer of personal data, informing the relevant person and ensuring data security.
Information on personal data processed within the scope of MADEBYCAT is given below.

1) Purpose and Scope of the Policy

This Personal Data Protection Policy is hereby made by MADEBYCAT;
a) Methods and legal reasons for collecting personal data,
b) Which groups of persons’ personal data are processed (Data Subject Categorization),
c) Which category of personal data is processed in relation to these groups of persons (Data Categories) and sample data types,
d) In which business processes and for what purposes this personal data is used,
e) Technical and administrative measures taken to ensure the security of personal data,
f) To whom and for what purpose personal data may be transferred,
g) Retention periods for personal data,
h) It explains what the rights of the Data Subjects on their personal data are and how they can exercise these rights.

a) Methods and Legal Grounds for Collecting Personal Data

MADEBYCAT collects personal data audibly, electronically or in writing through the website, cookies, notifications from administrative and judicial authorities and other communication channels, in accordance with the personal data processing conditions specified in the PVP Policy and in accordance with the legal reasons specified in this Personal Data Protection Policy.

b) Data Subject Person Group Categorization

MADEBYCAT categorizes the data subject groups whose personal data are processed in personal data processing processes and activities related to these processes as follows. However, personal data of other groups of persons may also be processed in accordance with the personal data processing conditions specified in Articles 5 and 6 of the PVP Policy and in line with the legal reasons specified in this Personal Data Protection Policy.

1. Customer
2. Potential Customer
3. Online Visitor
4. Website Users

c) Data Categories and Sample Data Types

Customer,
• Identity Information: Name, surname,
• Contact Information: cell phone, e-mail address, address,
• Financial Information: Tax office, invoice information
• Customer/Member Transaction Information: Product purchased and amount,
• Risk Management Information: IP address
• Transaction Security Information: Password, password information
• Marketing Information: Cookie logs, targeting information, habit and liking assessments
• Legal Transaction and Compliance Information: The start and end time of the service provided, the type of service utilized, the commercial electronic message permission given by the Relevant Person in electronic environment, legal texts and contracts within the scope of the service provided

Potential Customer
Identity Information Name, surname
• Contact Information: e-mail address
• Risk Management Information: IP address

Online Visitor
Legal Action Information/Risk Management Information: IP address
• Legal Action and Compliance Information: Start and end time of the service provided, type of service utilized, amount of data transferred

Person submitting a request/complaint
Identity Information Name, surname
• Contact Information: e-mail address,
• Process Information: Message subject, message content

d) In Which Business Processes and for Which Purposes Personal Data is Used

Personal data;
Processing of online visitor data in accordance with the relevant legislation,
• Realization of customer transactions,
• Commercial electronic message approval established with the customer in terms of existing customers; special promotion, opportunity and benefit,
• Resolving customer problems and complaints,
• Creating customer satisfaction, loyalty and commitment,
• Statistical evaluations and market research,
• Determining and implementing MADEBYCAT’s commercial and business strategies,
• Follow-up of accounting and purchasing transactions,
• Legal processes and compliance with legislation,
• Responding to information requests from administrative and judicial authorities,
• Planning internal reporting and business development activities,
• Ensuring information and transaction security and preventing malicious use,
• Making the necessary arrangements to ensure that the processed data is up-to-date and accurate and numbered is used to carry out activities related to all these processes.

e) Technical and Administrative Measures Taken to Ensure the Security of Personal Data

MADEBYCAT undertakes to take all necessary technical and administrative measures and to show due diligence to ensure the confidentiality, integrity and security of your personal data.
MADEBYCAT takes the necessary measures to prevent unauthorized access to personal data, incorrect use, unlawful processing, disclosure, alteration or destruction of personal data.
Regarding the prevention of unlawful access to personal data it processes, prevention of unlawful processing of these data and ensuring the preservation of personal data:
All areas on the website where personal data is collected are protected with SSL,
• It creates and implements access authorization and control matrices for its employees in order to prevent unlawful processing of personal data collected from the website,
• It ensures that personal data is not unlawfully accessed.
Despite taking the necessary information security measures, if personal data is damaged or falls into the hands of unauthorized third parties as a result of attacks on its system, MADEBYCAT will immediately notify you and the Personal Data Protection Board and take the necessary measures.

f) To Whom and for What Purposes Personal Data Can Be Transferred

MADEBYCAT transfers personal data to third parties only for the purposes specified in the Personal Data Protection Policy and in accordance with articles 8 and 9 of the Personal Data Protection Law.
The personal data subject to domestic and international transfers mentioned above are legally protected by technical measures to ensure their security, as well as the provisions in our contracts that are compatible with the Personal Data Protection Law, taking into account whether the other party to the legal relationship is the data controller or the data processor.

g) Personal Data Storage Periods

MADEBYCAT stores the personal data it processes in accordance with the Personal Data Protection Law for the periods stipulated in the relevant legislation or required by the purpose of processing.

You can review our Cookie Policy regarding the storage periods of personal data we obtain through cookies.

h) What are the Rights of the Data Subjects on Their Personal Data and How They Can Exercise These Rights
The rights of the Data Subject on the personal data processed by MADEBYCAT, pursuant to Article 11 of the PVP Policy, are listed below:

Learning whether personal data has been processed,
• Requesting information regarding the processing of personal data,
• Learning the purpose of processing personal data and whether they are used in accordance with their purpose,
• Knowing the third parties to whom personal data is transferred domestically or abroad,
• Requesting correction of personal data if it is processed incompletely or incorrectly,
• Requesting the deletion or destruction of personal data within the framework of the conditions stipulated in Article 7 of the PVP Policy,
• Requesting notification of the transactions made pursuant to clauses (d) and (e) to third parties to whom personal data is transferred,
• Objecting to the emergence of a result against the person by analyzing the processed data exclusively through automated systems,
• Claiming compensation for the damages in the event of damages due to the processing of personal data in violation of the law requesting its removal.

You can exercise your rights by sending an e-mail to hello@madebycat.com in accordance with Article 13 of the Personal Data Protection Law.

2) Conditions for Deletion, Destruction and Anonymization of Personal Data

MADEBYCAT stores the personal data it processes through its website and mobile site for the periods stipulated by the relevant laws and/or the periods required by the purpose of processing in accordance with Articles 7 and 17 of the Personal Data Protection Law and Article 138 of the Turkish Penal Code. In the event that these periods expire, it will delete, destroy or anonymize in accordance with the provisions of the Regulation on Deletion, Destruction or Anonymization of Personal Data.
Deletion of personal data by MADEBYCAT refers to the process of rendering personal data inaccessible and non-reusable for the relevant users in any way.
Destruction of personal data by MADEBYCAT refers to the process of rendering personal data inaccessible, non-recoverable and non-reusable by anyone in any way.
Anonymization of personal data by MADEBYCAT refers to rendering personal data incapable of being associated with an identified or identifiable natural person in any way, even if it is matched with other data.
MADEBYCAT explains the methods and technical and administrative measures it has taken in detail in the relevant Policy prepared in accordance with the Regulation on the Deletion, Destruction or Anonymization of Personal Data. In this Policy, the time period for the periodic destruction foreseen by the Regulation has also been determined as 6 months.

3) Changes to be Made to the Personal Data Protection Policy

MADEBYCAT may make changes to this Personal Data Protection Policy at any time. These changes shall become effective immediately upon the publication of the new amended Personal Data Protection Policy. Necessary information will be provided to our members so that you are informed about the changes to this Personal Data Protection Policy.