Clarification Text

 

1. Introduction

This Clarification Text has been prepared to ensure that users are informed about the personal data processed and transferred during the provision and the development of various services within the scope of DOA Mobile Application pursuant to Article 10 of the Law No. 6698 on the Protection of Personal Data (“Law” or “KVKK”) and the Communiqué on the Procedures and Principles to be Followed in Fulfilling the Obligation to Inform.

The activities for the Deposit Management System (DYS) applied for beverage packaging on a national scale are carried out within the framework of cooperation protocols between the Turkish Environment Agency (TÜÇA), the General Directorate of Mint and Stamp Printing House (Mint) and Emlak Katılım Bankası (EKB). The data controller is TÜÇA, Mint and EKB.

2.      The purpose for which personal data shall be processed and to whom and for what purpose the processed personal data may be transferred

Your personal data collected during the provision of various services on DOA Mobile Application is transferred to;

·             the Authorized Public Institutions and Organizations in accordance with legal regulations and legislation in order to fulfill our legal obligations in accordance with the legal ground thereof,

·             our domestic Suppliers and domestic and/or foreign institutions and organizations authorized or cooperated by the data controller for the purposes of providing services, carrying out goods/service procurement processes, carrying out goods/service after-sales support services, carrying out customer relationship management processes, tracking requests/complaints, carrying out supply chain management processes,

·             the institutions and organizations authorized or cooperated by the data controller for the purposes of conducting risk management processes and strategic planning activities and ensuring the security of operations,

in accordance with Article 8 of the KVKK within the scope of the purposes listed and within the framework of other provisions regarding the transfer by taking the necessary technical and administrative measures

3. Method and legal grounds for collecting personal data

3.1. Registration and Profile Editing

Your personal data regarding your identity (name, surname, Turkish ID number, date of birth), visual and audio recording (profile photo), contact (e-mail address, mobile phone number), customer transaction (request and complaint information) information collected through electronic forms on the Register and Edit Profile screens is processed.

Your personal data is processed basing on the legal grounds regulated in paragraph 2 of Article 5 of the Law stipulating that “It is necessary to process personal data belonging to the parties to the contract, provided that it is directly related to the establishment or performance of a contract” for the purposes of establishing membership/account, executing contract processes and following-up requests/complaints, “Data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject” for the purposes of conducting customer relationship management processes and communication activities, and “It is mandatory for the data controller to fulfill its legal obligation ” for the purpose of verifying contact and identity information.

3.2. DOA Wallet Activities

Your personal data regarding your identity (name, surname) and customer transaction information (deposit number, virtual card and expenditure information, virtual card limit information, information on account activities, current balance information, transaction limit information, money transfer information, withdrawal information, IBAN information, bank information, refund information) collected through electronic forms, screens and supplier companies is processed during DOA Wallet activities.

Your personal data is processed basing on the legal grounds regulated in paragraph 2 of Article 5 of the Law stipulating that “It is necessary to process personal data belonging to the parties to the contract, provided that it is directly related to the establishment or performance of a contract” for the purposes limited to carrying out deposit and payment processes, executing contract processes, carrying out financial and accounting transactions, carrying out activities in accordance with the legislation, carrying out goods/service sales processes and “Data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject” for the purposes of conducting customer relationship management processes and carrying out activities intended to customer satisfaction.

Your personal data that you share within the scope of DOA Wallet creation process is transferred to Birleşik Ödeme Hizmetleri ve Elektronik Para A.Ş. For detailed information regarding your processed personal data, you can review the clarification text of Birleşik Ödeme Hizmetleri ve Elektronik Para A.Ş.

3.3. Marketplace Activities

Your personal data regarding your identity (name, surname, T.R. ID number), communication (mobile phone number, e-mail address, invoice and delivery addresses) and customer transaction (invoice information, order information, product information, cargo information, authorized service information) information collected through electronic forms and information systems during the transactions you perform on the marketplace is processed basing on the legal grounds regulated in paragraph 2 of Article 5 of the Law stipulating that “It is necessary to process personal data belonging to the parties to the contract, provided that it is directly related to the establishment or performance of a contract”  and “Data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject” for the purposes limited to conducting financial and accounting transactions, conducting/auditing business activities, conducting customer relationship management processes, conducting internal audit/investigation/intelligence activities, providing information to authorized persons, institutions and organizations, conducting goods/service sales processes and carrying out activities in accordance with the legislation.

3.4. Deposit Transactions

Your personal data regarding your customer transaction (deposit device information, product type, number of products, transaction date) information collected through our mobile application within the scope of the return transactions you carry out through DOA application is processed.

Your personal data is processed basing on the legal grounds regulated in paragraph 2 of Article 5 of the Law stipulating that “It is necessary to process personal data belonging to the parties to the contract, provided that it is directly related to the establishment or performance of a contract” for the purposes of carrying out return transactions and executing contract processes and “Data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject” for the purposes of conducting customer relationship management processes and carrying out activities intended to customer satisfaction.

Your personal data regarding your customer transaction (product brand information, product type, product volume information) information collected through our mobile application within the scope of product inquiry transactions you carry out through DOA application is processed basing on the legal grounds regulated in paragraph 2 of Article 5 of the Law stipulating that “It is necessary to process personal data belonging to the parties to the contract, provided that it is directly related to the establishment or performance of a contract” for the purposes of carrying out product inquiry transactions and executing contract processes and “Data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject” for the purposes of conducting customer relationship management processes and carrying out activities intended to customer satisfaction.  

3.5. Find the Nearest Return Machine

Your personal data regarding your location (mobile device location information) information collected through our mobile application in order for you to find the nearest return machine within the scope of our deposit service is processed.

Your personal data is processed based on the legal ground of explicit consent regulated in paragraph 1 of Article 5 of the Law in order to enable you to find the nearest return machine, if you consent to the processing of your location information.

If you wish, you may not consent to the notifications that shall appear on "Find the nearest return machine” screen. You can also change and/or deactivate location services in the settings section of your mobile device or DOA application.

3.6. DOA Application Support, Development and Information Security Processes

Within the scope of the services offered in DOA Mobile Application, information on transaction security (information on the device used to log in to the mobile application, login-logout information, IP address, traffic data) is collected through information security systems and electronic devices in order to carry out support and development activities and information security processes.

Your personal data collected is processed is processed basing on the legal grounds regulated in paragraph 2 of Article 5 of the Law stipulating that “It is clearly stipulated in the laws”, “It is mandatory for the data controller to fulfill its legal obligation” and “Data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject” for the purposes limited to carrying out information security processes, conducting and auditing business activities, carrying out storage and archive activities, ensuring the security of data controller operations, providing information to authorized persons, institutions and organizations and carrying out activities in accordance with the legislation.

3.7. Profiling Processes

Your personal data collected through the mobile application within the scope of DOA application membership and your use of application services is processed basing on the legal grounds regulated in paragraph 2 of Article 5 of the Law stipulating that “Data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject” for the purposes of planning and carrying out customized user satisfaction activities, improving user experience, and providing personalized user experience and on the legal ground of explicit consent regulated in paragraph 1 of Article 5 of the Law for the purposes of enabling you to benefit from membership-specific advantages, conducting marketing and remarketing activities by tracking user movements, creating promotional suggestions, conducting marketing and analysis studies, customizing and presenting our products according to usage habits and needs, and conducting advertising and promotion processes.

4. Other rights of the User listed in Article 11 within the scope of KVKK;

Within the scope of the rights regarding your personal data listed in Article 11 of the KVKK, you are entitled to:

a)     learn whether your personal data is processed,

b)    request information related thereto, if your personal data has been processed,

c)     learn the purpose of processing your personal data and whether it is used in accordance with its purpose,

d)    know the third parties to whom your personal data are transferred domestically or abroad,

e)     request correction of your personal data in case of incomplete or incorrect processing thereof,

f)      request the deletion or destruction of your personal data within the framework of the conditions stipulated in Article 7,

g)     request notification of the transactions made pursuant to subparagraphs (e) and (f) to third parties to whom personal data are transferred,

h)    raise objection against emergence of a result to the detriment of you due to analyzing the processed data exclusively through automated systems,

i)      demand the compensation of the damage, in case of you have incurred damage due to unlawful processing of your personal data by applying to the data controller.

You can send your claims and requests regarding your processed personal data to the application page on www.dbys.gov.tr. You may also choose other methods specified in the Communiqué on the Procedures and Principles of Application to the Data Controller.

Your requests regarding your rights regulated in Article 11 of the KVKK shall be finalized free of charge as soon as possible and within thirty days at the latest, depending on the nature of the request. However, if the transaction requires an additional cost, you may be charged a fee according to the tariff to be determined by the Personal Data Protection Board.