Login

Cart

Your cart is empty

The Law on the Protection of Personal Data

EXQUISE PERSONAL DATA PROTECTION AND PROCESSING POLICY

In accordance with Law No. 6698 on the Protection of Personal Data (“KVKK”), EXQUISE US INC. (“EXQUISE”), acting as the Data Controller, may process your personal data within the scope described below.

1. Purpose and Legal Grounds for Data Processing
Your personal data is processed lawfully, fairly, and transparently for specific, explicit, and legitimate purposes. These purposes include:

  • Issuing invoices in accordance with the Tax Procedure Law,

  • Sending electronic commercial messages related to promotions and campaigns in accordance with the Law on the Regulation of Electronic Commerce,

  • Analyzing your shopping habits to provide better services,

  • Fulfilling legal obligations and business requirements.

2. Transfer of Personal Data
Your personal data may be transferred within the legal framework to:

  • Public authorities when legally required,

  • Group companies, business partners, service providers (domestic and international),

  • Third-party institutions with whom we collaborate.

3. Data Subject Rights (Article 11 of KVKK)
As a data subject, you have the right to:

  • Learn whether your personal data is processed,

  • Request information if processed,

  • Learn the purpose and whether it is used accordingly,

  • Know the third parties to whom data is transferred,

  • Request correction of incomplete or inaccurate data,

  • Request deletion or destruction under Article 7,

  • Request notification of these changes to third parties,

  • Object to results obtained solely through automated systems,

  • Request compensation if you suffer damage due to unlawful processing.

You may submit your requests via registered email to shop@exquise.com, by notarized proxy, or in person with ID verification. Exquise will respond within 30 days.

4. Principles of Data Processing
Exquise processes personal data in accordance with the following principles:

  • Lawfulness and fairness,

  • Being accurate and up to date,

  • Processing for specified, legitimate purposes only,

  • Data minimization: adequate, relevant, and limited to what is necessary,

  • Retention for no longer than necessary,

  • Secure and confidential storage.

5. Retention and Deletion of Personal Data
Personal data is stored only as long as required by law or the purpose for which it was collected. Upon expiry or upon your request (where legally applicable), data is:

  • Deleted: permanently removed,

  • Destroyed: physically or digitally destroyed,

  • Anonymized: altered so the individual cannot be identified.

Techniques used include data masking, aggregation, derivation, and shuffling.

6. Sharing with Third Parties
Personal data is shared with third parties only to the extent necessary for legitimate business interests or contractual obligations. Any such sharing requires data subjects’ informed consent, unless legal exceptions apply.

7. Data Security Measures
Exquise takes all necessary technical and administrative measures to ensure:

  • Protection against unlawful access,

  • Data integrity and confidentiality,

  • Access limited to authorized personnel,

  • Periodic security updates and audits.

All employees and third-party vendors are obligated to comply with these security measures.

8. Special Categories of Personal Data
Sensitive personal data (e.g. health information) is processed only when:

  • Explicitly required by law, or

  • Necessary for public health or occupational safety and handled by authorized professionals,

and always with strict confidentiality and access control.

9. Data Collected
Examples of personal data processed:

  • Customers: name, contact info, address, gender, shopping preferences, loyalty history, etc.

  • Employees: ID, contact details, education, salary, insurance info, etc.

  • Suppliers: representative details, bank data, signature authority, etc.

  • Applicants: CV, contact details, references, education, etc.

  • Complaints: name, contact, issue details per consumer rights laws.

10. Informing Data Subjects
Exquise ensures that individuals are informed when collecting their data by:

  • Providing clear privacy notices,

  • Referring to this Policy in contracts and consent forms,

  • Ensuring proper training of personnel,

  • Displaying this Policy on our website.

11. Complaints and Requests
Data subjects may file complaints via:

Exquise will confirm receipt and respond within 30 days. Complex requests may be escalated to legal or IT teams if necessary.

12. Communication with Data Protection Authority
Exquise will provide any required information to the Turkish Data Protection Authority within 15 days of request and comply with all lawful decisions within 30 days.

13. Exceptions to This Policy
This Policy does not apply when:

  • Data is used for personal or family use,

  • Processed for official statistics or anonymized research,

  • Used by courts or public institutions under specific legal mandates.

14. Updates to the Policy
This Policy is reviewed and updated as needed to comply with changes in law or internal procedures. All data subjects will be informed of any substantial updates.