Introduction & Scope
This Privacy Policy explains the principles regarding the processing of personal data of our visitors, customers, and users within the scope of the services offered through the outdooria.com.tr website (the "Site"), operated by Emre Koçak - Outdooria (the "Company", "we").
Acting as data controller under the Turkish Personal Data Protection Law No. 6698 ("KVKK"), Emre Koçak - Outdooria takes all necessary technical and administrative measures to process, store, and protect your personal data lawfully.
This policy covers all personal data obtained through membership, shopping, orders, communication, newsletter subscription, and similar transactions on the Site. By using the Site, you are deemed to have accepted the terms set forth in this policy.
Identity of the Data Controller
The data controller responsible for the processing of your personal data under KVKK is Emre Koçak - Outdooria. You may contact the data controller through the following channels:
Company Name: Emre Koçak - Outdooria — Address: Karacakaya Cad. No:83 Siteler/Ankara/Türkiye — Website: outdooria.com.tr — Email: [email protected]
You may submit any requests, questions, or complaints regarding your personal data to us via the email address above. Your applications will be processed free of charge within a maximum of 30 (thirty) days under KVKK and relevant legislation.
Categories of Personal Data Processed
The following categories of personal data are processed within the scope of services offered through the Site: Identity information (name, surname), contact information (email address, phone number, delivery and billing address), customer transaction information (order number, order content, payment details, delivery details).
Additionally, marketing information (purchase history, campaign and newsletter preferences), transaction security information (username, password, IP address, session data, cookie records), legal action information (returns, complaints, and legal correspondence records), and request/complaint management information are processed.
During payment processing, credit card details are processed directly by a PCI-DSS compliant payment institution and are not stored by our Company. Your card information is transmitted in encrypted form through secure infrastructure.
Purposes of Processing Personal Data
Your personal data is processed for the following purposes within the framework of the processing conditions set out in Articles 5 and 6 of KVKK: Creation and management of your membership account, execution of order and payment processes, delivery of purchased products, issuance of invoices, and fulfillment of legal retention obligations.
Additionally, processing is carried out for the purposes of ensuring customer satisfaction, managing requests and complaints, conducting returns and withdrawal processes, providing customer service, ensuring Site security, and preventing fraud.
With your explicit consent, your data may also be processed for purposes such as marketing activities, campaign and discount announcements, newsletter delivery, personalized product recommendations, satisfaction surveys, and similar commercial electronic messages.
Where necessary to fulfill our legal obligations (tax legislation, commercial legislation, consumer law, etc.), your personal data is shared and processed with relevant public institutions and authorities.
Legal Basis for Processing Personal Data
Your personal data is processed under Article 5 of KVKK on the following legal grounds: Where processing is necessary for the establishment or performance of a contract (e.g., order and delivery processes), and where it is necessary to fulfill our legal obligations (e.g., invoicing).
Where processing is necessary for the establishment, exercise, or protection of a right (e.g., return and complaint processes), and where processing is necessary for our legitimate interests, provided that your fundamental rights and freedoms are not harmed (e.g., Site security, fraud detection).
Your sensitive personal data is only processed when the conditions set out in Article 6 of KVKK exist and with your explicit consent. For the sending of commercial electronic messages, your consent is also required under Law No. 6563 on the Regulation of Electronic Commerce.
Transfer of Personal Data
Your personal data is shared with the following recipient groups in accordance with Articles 8 and 9 of KVKK for the purposes stated above: Shipping and logistics companies (for the delivery of your orders), payment institutions and banks (for the execution of payment transactions), call centers, and customer service providers.
Additionally, data may be shared with accounting, financial consultancy, and legal advisory firms (for the fulfillment of legal obligations), IT service providers, cloud storage services, and email/SMS sending service providers.
Authorized public institutions and authorities (courts, tax offices, prosecution offices, etc.) may also receive your personal data upon request under relevant legislation. All data transfers are carried out under data privacy and security agreements.
Your personal data is not transferred abroad without your explicit consent. When service providers requiring overseas transfer are used (e.g., cloud services operating on overseas servers), the necessary measures under Article 9 of KVKK are taken, and your explicit consent is requested when required.
Retention Period of Personal Data
Your personal data is retained for the period required by the purpose of processing and the minimum retention periods stipulated in relevant legislation. Your membership data is retained while your account is active; order and invoice information is retained for a minimum of 10 (ten) years under the Tax Procedure Law and the Turkish Commercial Code.
Data processed for marketing purposes is immediately ceased from processing and removed from relevant processes when you withdraw your explicit consent. Cookie records are retained for the duration of the session or for a maximum of 2 years, depending on the type of cookie.
Personal data whose retention period has expired is deleted, destroyed, or anonymized in periodic destruction cycles under our Personal Data Retention and Destruction Policy.
Data Security Measures
Emre Koçak - Outdooria takes all necessary technical and administrative measures to ensure an appropriate level of security to prevent unlawful processing of and access to your personal data and to protect your personal data.
Technical measures include SSL-encrypted communication (HTTPS), firewalls, penetration tests, authorization and access controls, up-to-date antivirus software, backups and log records, and database encryption.
Administrative measures include employee confidentiality undertakings, regular awareness trainings, maintaining a personal data processing inventory, registration in the Data Controllers Registry System (VERBİS), signing data processing agreements with suppliers, and internal audit mechanisms.
In the event of any data breach, notifications required under KVKK will be made to the relevant persons and the Personal Data Protection Board within 72 (seventy-two) hours.
Rights of the Data Subject Under KVKK
As a data subject under Article 11 of KVKK, you have the following rights: to learn whether your personal data is being processed, to request information if it has been processed, to learn the purpose of processing and whether the data is used in accordance with its purpose.
To know the third parties, domestic or foreign, to whom your personal data has been transferred, to request correction if your personal data has been processed incompletely or incorrectly, and to request deletion or destruction under the conditions set forth in Article 7 of KVKK.
To request that corrections, deletions, and destructions be notified to the third parties to whom your personal data has been transferred, to object to the occurrence of an adverse result against you through the analysis of the processed data solely by automated systems, and to claim compensation for damages caused by the unlawful processing of your personal data.
To exercise the above rights, you may submit an application by sending an email to [email protected] in accordance with the Communiqué on the Procedures and Principles for Application to the Data Controller. Your application will be processed free of charge within a maximum of 30 (thirty) days.
Policy Changes & Contact
Emre Koçak - Outdooria reserves the right to update this Privacy Policy at any time due to changes in legislation, updates to services offered on the Site, or changes in business processes. The current policy takes effect from the date it is published on the Site.
Significant changes to the policy will also be announced on the Site's homepage or via your registered email address. We recommend that you visit this page regularly to stay informed of updates.
For any questions, requests, or complaints regarding the Privacy Policy and the processing of your personal data, you may contact us:
Company Name: Emre Koçak - Outdooria — Address: Karacakaya Cad. No:83 Siteler/Ankara/Türkiye — Website: outdooria.com.tr — Email: [email protected] — Data Controller: Emre Koçak - Outdooria. In case your application is rejected, the response is found insufficient, or no response is provided within the time limit, you have the right to file a complaint with the Personal Data Protection Board within 30 days of learning the response and in any event within 60 days of the application date.