Personal Data Processing Policy

As Bassam AKili Fit ve Sanal Mağazacılık Limited Company, we use the Personal Data Processing Policy (hereinafter referred to as “Policy”) prepared within the framework of the Law on the Protection of Personal Data (hereinafter referred to as “KVKK”) and relevant legislation, regarding the processing, storage, and transfer of your personal data in relation to our activities. This Policy explains how these processes are carried out from the perspective of data subjects.

Data Controller

Bassam AKili Fit ve Sanal Mağazacılık Limited Company (“Bassam AKili Fit”)

Data Subjects

All customers who shop at Bassam AKili Fit’s online and physical stores.

Data Categories

1. Identity Information
  • Processed Personal Data: Name, surname, address, Turkish Republic identification number, passport number and/or foreign identification number for foreigners.
  • Purpose of Processing: Financial and accounting operations, communication activities, loyalty processes, compliance with legislation, legal affairs, business continuity, business operations and audits, sales and after-sales support, customer relationship management, customer satisfaction activities, advertising, campaigns and promotions, storage and archiving, contract and membership processes, tracking requests/complaints, planning and execution of commercial and business strategies, providing information to authorized persons, institutions, and organizations.
  • Legal Basis: Explicit provision by laws, necessity for contract establishment or performance, legal obligation of the data controller, and legitimate interests of the data controller without harming fundamental rights and freedoms of the data subject.
  • Collection Methods: Website membership forms, account page fields, requests and applications, contracts, campaigns, and third-party identity verification systems.
2. Contact Information
  • Processed Personal Data: Email address, invoice and delivery addresses, mobile phone number.
  • Purpose of Processing: Financial and accounting operations, communication activities, business operations, loyalty processes, legal affairs, sales and after-sales support, customer relationship management, customer satisfaction activities, marketing analysis, advertising, campaigns and promotions, tracking requests/complaints, marketing processes, storage and archiving, providing information to authorized persons and institutions.
  • Legal Basis: Same as Identity Information.
  • Collection Methods: Same as Identity Information.
3. Legal Transaction Information
  • Processed Personal Data: Information in case files in the event of a dispute, notices, information in correspondence with judicial and administrative authorities.
  • Purpose of Processing: Following and conducting legal affairs, business operations and audits, providing information to authorized persons, institutions, and organizations, compliance with legislation, storage and archiving, risk management, contract processes, tracking requests/complaints, ensuring security of data controller operations.
  • Legal Basis: Legal obligation of the data controller, necessity for establishment, exercise, or protection of a right, and legitimate interests of the data controller without harming fundamental rights and freedoms.
  • Collection Methods: Official letters and other printed/electronic documents from judicial and administrative authorities.
4. Customer Transaction Information
  • Processed Personal Data: Invoice information, request information, order information, customer comments, product information, cargo information, authorized service information.
  • Purpose of Processing: Supply chain management, business operations and audits, providing information to authorized persons and institutions, compliance with legislation, financial and accounting operations, storage and archiving, contract processes, sales and after-sales support, customer relationship management, customer satisfaction activities, marketing analysis, advertising, campaigns and promotions, tracking requests/complaints, marketing processes.
  • Legal Basis: Same as Identity Information.
  • Collection Methods: Printed/electronic forms, call center records, emails, and SAP programs.
5. Transaction Security Information
  • Processed Personal Data: IP address information, website login/logout information, username, password, traffic data (connection time/duration, etc.).
  • Purpose of Processing: Information security management, audit/ethical activities, business operations and audits, storage and archiving, ensuring security of data controller operations, providing information to authorized persons and institutions, compliance with legislation, legal affairs, sales processes, tracking requests/complaints.
  • Legal Basis: Same as Identity Information.
  • Collection Methods: Information security systems and electronic devices.
6. Financial Information
  • Processed Personal Data: Encrypted credit card information, bank account/IBAN number.
  • Purpose of Processing: Compliance with legislation, legal affairs, financial and accounting operations, refund processes, business operations and audits, sales processes, storage and archiving, risk management, contract processes, providing information to authorized persons and institutions.
  • Legal Basis: Necessity for contract establishment or performance, and legal obligation of the data controller.
  • Collection Methods: Printed and electronic forms, emails, and requests/messages within the website.
7. Visual, Written and Audio Records
  • Processed Personal Data: Visual records, call center voice recordings, support line correspondence.
  • Purpose of Processing: Loyalty processes for company products and services, customer relationship management, customer satisfaction activities, after-sales support, storage and archiving, tracking requests/complaints, marketing processes, marketing analysis, providing information to authorized persons and institutions.
  • Legal Basis: Same as Identity Information.
  • Collection Methods: Camera recordings in stores, head office, and other company departments, as well as electronic recordings during calls and support line correspondence.
8. Location Information
  • Processed Personal Data: Location/address information.
  • Purpose of Processing: Customer relationship management, marketing analysis, advertising/campaign/promotion processes, customer satisfaction activities, marketing processes, sales processes, production and operation processes.
  • Legal Basis: Explicit consent.
  • Collection Methods: Collected according to your cookie preferences in your internet browser.

Transfer of Personal Data

Customers’ personal data may be transferred in accordance with Articles 8 (“Transfer of Personal Data”) and/or 9 (“Transfer of Personal Data Abroad”) of KVKK, and with the necessary technical and administrative measures, only to the extent necessary for the relevant purpose, to:

  • Sellers (for product delivery)
  • Cargo companies (for delivery)
  • Banks and other payment institutions (for payment)
  • Business partners for bulk SMS/email notifications and after-sales services
  • Suppliers and authorized service providers
  • Business partners in joint campaigns
  • Authorized persons and official institutions as required by law
  • Technology infrastructure providers for program/system recording
Shopping Cart