Compare Products 0
Order Tracking
Login / Register

Your Cart

  • Your cart is empty!
Free shipping for orders under 10km
What Are You Looking For?

KVKK

Comprehensive Information on the Law on the Protection of Personal Data (KVKK)

In Türkiye, the protection of personal data has become one of the most important issues of the modern world. Legal protection in this field is provided by the Law No. 6698 on the Protection of Personal Data (KVKK), which entered into force after being published in the Official Gazette on April 7, 2016. This Law aims not only to protect individuals’ privacy but also their fundamental rights and freedoms, while also regulating in detail the obligations that natural and legal persons who process personal data must comply with. The main purpose of KVKK is to ensure transparency, security, and lawfulness in the process of processing personal data. In this way, it is aimed to increase each individual’s control over their own data and to enable them to exist safely in the digital age.

Fundamental Principles of KVKK: Our Guide in Data Processing

KVKK has established a set of fundamental principles that must be complied with during the processing of personal data. These principles ensure that data controllers (that is, those who determine the purposes and means of processing personal data) carry out their data processing activities in a lawful, transparent, and responsible manner:

Compliance with Law and the Principle of Good Faith: Personal data must be processed in accordance with relevant legal regulations and general moral rules, with an honest approach. This requires transparency and fairness at every stage, from the collection of data to its disposal.
Being Accurate and, When Necessary, Up to Date: It is essential that the processed personal data is accurate, up to date, and complete. Timely updating of changes in the data is of great importance in maintaining data quality and accuracy. Processing based on incorrect or incomplete data should be avoided.
Processing for Specific, Explicit, and Legitimate Purposes: Personal data must be collected and processed for predetermined, clearly defined, lawful, and legitimate purposes. Clearly stating the purpose before data collection, informing the data subject, and ensuring transparency are essential.
Being Relevant, Limited, and Proportionate to the Purpose of Processing: Data must be directly related to the specified purpose, limited in a way that does not exceed this purpose, and processed in a proportionate manner. Unnecessary data should not be collected beyond what is required to achieve the purpose, and the principle of data minimization must be observed.
Being Retained for the Period Prescribed by Relevant Legislation or Required for the Purpose for Which They Are Processed: Personal data must be retained for the period specified in the relevant legislation or required by the purpose of processing, and at the end of this period, they must be immediately deleted, destroyed, or anonymized. Avoid retaining data for unnecessarily long periods.

Rights of the Data Subject: Your Control Over Your Data

KVKK grants a number of fundamental rights to data subjects (that is, real persons whose personal data is processed). These rights are regulated in detail in Article 11 of the Law and aim to ensure individuals’ control over their personal data:

The right to learn whether personal data is processed,
The right to request information if personal data has been processed,
The right to learn the purpose of processing personal data and whether they are used in accordance with their purpose,
The right to know the third parties to whom personal data is transferred domestically or abroad,
The right to request the correction of personal data if it is processed incompletely or incorrectly,
The right to request the deletion or destruction of personal data within the framework of the conditions stipulated in Article 7 of the Law,
The right to request that the operations carried out pursuant to the above items (correction, deletion, or destruction) be notified to third parties to whom personal data has been transferred,
The right to object to the occurrence of a result against the person by analyzing the processed data exclusively through automated systems,
The right to demand compensation for damages in case of loss due to the unlawful processing of personal data.

In order to exercise these rights, you must apply in writing to the data controller (for example, a company such as Camelaa). The data controller is obliged to respond to your application within the relevant legal period, generally within a maximum of 30 days.

Obligations of the Data Controller: The Assurance of Secure Data Processing

KVKK imposes significant and concrete obligations on data controllers who process personal data. These obligations are of critical importance in ensuring data security and creating a transparent data processing environment:

Obligation to Inform: When collecting personal data, it is mandatory to inform data subjects clearly and understandably about the purposes for which their data will be processed, to whom and by which methods it will be transferred, the legal basis, and the rights of the data subject. This is generally fulfilled through a privacy policy or an information notice.
Obligation to Ensure Data Security: Taking all necessary technical and administrative measures to prevent the unlawful processing of personal data, unauthorized access, disclosure, alteration, or loss is a fundamental duty of the data controller. This includes the security of data storage systems, access controls, encryption, and regular security audits.
Obligation to Register with the Data Controllers’ Registry (VERBİS): Data controllers that meet certain criteria specified in the Law (such as number of employees, annual financial balance sheet total, etc.) are required to register with the Data Controllers’ Registry (VERBİS) maintained by the Personal Data Protection Authority.
Compliance with Board Decisions: There is an obligation to fully comply with the decisions taken, guidelines published, and regulations made by the Personal Data Protection Authority (KVKK). The Authority is the highest supervisory and regulatory body in the field of personal data protection.

KVKK is a comprehensive regulation that aims to increase individuals’ control over their personal data and to ensure that data processing activities are carried out in a transparent, secure, lawful, and accountable manner. This law serves as an important shield that protects both individuals and institutions against the data risks brought by the digital age.

Your experience on this site will be improved by allowing cookies.

These cookies are essential for the website to function properly.

These cookies help us understand how visitors interact with the website.

These cookies are used to deliver personalized advertisements.