Commercial Electronic Message Information Notice

1. PURPOSE

This Commercial Electronic Message Information Notice has been prepared by Stoneline Building Products Industry Joint Stock Company (hereinafter referred to as “Stoneline”) in accordance with the Personal Data Protection Law No. 6698 (KVKK), the Law on the Regulation of Electronic Commerce No. 6563, the Regulation on Commercial Communication and Commercial Electronic Messages dated July 15, 2015, the Regulation on Amendments to the Regulation on Commercial Communication and Commercial Electronic Messages dated January 4, 2020, and other relevant legislation. It aims to inform you about the processing, storage, and transfer of your personal data regarding our commercial electronic message services.

2. SCOPE

This Information Notice applies to the individuals and entities with whom commercial communication will be established and commercial electronic messages will be sent.

3. DEFINITIONS

The following definitions are used in this document:

• KVKK: Personal Data Protection Law No. 6698.

• Personal Data: Any information relating to an identified or identifiable natural person.

• Commercial Electronic Message: Data, voice, or visual content sent electronically for commercial purposes via tools such as phones, call centers, faxes, automated calling systems, electronic mail, and SMS.

• Commercial Electronic Message Management System (IYS): A system enabling the collection of consent for commercial electronic messages, exercising the right to opt out, and managing complaint processes.

• Commercial Communication: Any communication related to electronic commerce intended to generate profit.

• Processing of Personal Data: Any operation performed on personal data, such as obtaining, reviewing, recording, or using data.

• Data Controller: The natural or legal person determining the purposes and methods of personal data processing and managing the data recording system.

4. METHODS OF COLLECTION, LEGAL BASIS, AND PURPOSES OF PROCESSING PERSONAL DATA

Your personal data is collected through SMS channels, Stoneline’s website, and mobile applications. The data is processed in accordance with KVKK Articles 5 and 6 for the following purposes:

4.1. Contact Data

• Purposes: Emergency management, information security, access authorization, compliance with legislation, communication, customer satisfaction activities, marketing analysis, and promotional campaigns.

• Legal Basis: Explicit consent or requirements under KVKK Article 5(2).

• Retention Period: 10 years after the contract ends.

4.2. Transaction Security Data

• Purposes: Emergency management, ensuring information security, compliance, and managing business continuity.

• Legal Basis: Explicit consent or requirements under KVKK Article 5(2).

• Retention Period: 2 years.

4.3. Identity Data

• Purposes: Emergency management, legal compliance, financial processes, customer relationship management, and risk management.

• Legal Basis: Explicit consent or requirements under KVKK Article 5(2).

• Retention Period: 10 years after the contract ends.

4.4. Customer Transaction Data

• Purposes: Marketing analysis, campaign management, and complaint handling.

• Legal Basis: Explicit consent or requirements under KVKK Article 5(2).

• Retention Period: 10 years.

4.5. Marketing Data

• Purposes: Marketing analysis, managing promotions, and enhancing customer loyalty.

• Legal Basis: Explicit consent or requirements under KVKK Article 5(2).

• Retention Period: 10 years.

4.6. Location Data

• Purposes: Logistics, store locator services, and supply chain management.

• Legal Basis: Explicit consent or requirements under KVKK Article 5(2).

• Retention Period: 1 year.

5. PURPOSES OF TRANSFERRING PERSONAL DATA

Personal data may be transferred to:

• Email servers and communication centers to ensure business continuity.

• Third-party service providers for verification purposes.

• Relevant authorities (e.g., Ministry of Commerce) for compliance with commercial communication laws.

• Legal entities and public authorities for legal proceedings.

• Third parties for resolving complaints and inquiries.

If your email server is located abroad, this constitutes an international data transfer. Ensure that your email server is based in Turkey if you do not consent to the transfer.

6. DATA SECURITY MEASURES

Stoneline implements current technologies and administrative measures to protect your personal data, ensuring compliance with the decisions of the Personal Data Protection Board. For more details, please review the Privacy Policy on our official website.

7. RIGHTS OF DATA SUBJECTS UNDER KVKK ARTICLE 11

As a data subject, you have the following rights:

1. To learn whether your personal data has been processed.

2. To request information on the processing of your personal data.

3. To understand the purposes of processing and ensure compliance.

4. To know third parties to whom data is transferred domestically or abroad.

5. To request correction of incomplete or inaccurate data.

6. To request the deletion or destruction of data.

7. To request notification of correction, deletion, or destruction to third parties to whom data has been transferred.

8. To object to adverse outcomes resulting from automated data processing.

9. To seek compensation for damages caused by unlawful data processing.

APPLICATION METHODS

Applications may be submitted:

1. In writing with a notarized signature and copy of identification to Stoneline’s address: Mimar Sinan Mah., Sarılale Sk. No: 4, Eyüp Sultan, Istanbul.

2. In person with valid identification at the same address.

3. Electronically via registered email (KEP) to …@hs01.kep.tr.

Applications will be processed within 30 days, and if costs arise, fees will be charged based on the tariff determined by the Personal Data Protection Board.

Data Controller Contact Information: Stoneline Building Products Industry Joint Stock Company
Mimar Sinan Mah., Sarılale Sk. No: 4, 34075 Istanbul
Email: [email protected]
Phone: 0212 993 1330