Privacy Policy

1. PERSONAL DATA PROTECTION AND PROCESSING PRIVACY NOTICE

This Privacy Notice has been prepared by Core Sağlık Hizmetleri Ve Kozmetik Ürünleri İmalat San. A.Ş. (“Company”), acting as the data controller, in accordance with the Turkish Personal Data Protection Law No. 6698 (“KVKK”), in order to inform data subjects about the processing of their personal data through the e-commerce platforms, websites, mobile interfaces, and digital channels operated by the Company.

The Company’s registered address is Gayrettepe Mah. Ayaz Maderesi Cad. Aliye Meriç Konak İş Merkezi No:3 34105 Beşiktaş / Istanbul, Türkiye. The Company offers products and services to customers located in Türkiye and various countries within the European Union through its online sales channels.

Scope and Definitions

This Privacy Notice applies to all visitors, members, customers, and users who access or interact with the Company’s digital platforms, place orders, create user accounts, subscribe to newsletters, or communicate with the Company through electronic channels. For the purposes of this Notice, personal data refers to any information relating to an identified or identifiable natural person as defined under KVKK.

Categories of Personal Data Processed

Within the scope of its e-commerce activities, the Company may process personal data including, but not limited to, identity information such as name and surname; contact information such as e-mail address, phone number, and delivery address; transaction information including order details, invoices, payment status, and return records; customer interaction records including call center logs, e-mail correspondence, and support requests; technical data such as IP address, device information, browser type, access logs, and website usage data; marketing and preference information including consent records and communication preferences.

Payment card information is processed solely by authorized payment service providers in compliance with applicable payment security standards, and the Company does not store complete card details.

Purposes of Processing Personal Data

Personal data are processed for the purposes of establishing and performing distance sales contracts, processing orders, managing delivery, return, and refund processes, providing customer support services, managing user accounts, ensuring secure payment transactions, fulfilling accounting, tax, and legal obligations, conducting internal reporting and operational planning, improving website performance and user experience, carrying out marketing and promotional activities where explicit consent is obtained, ensuring information security, preventing fraud and abuse, and responding to requests and complaints submitted by data subjects.

Legal Grounds for Processing

Personal data are processed in accordance with Articles 5 and 6 of KVKK based on one or more of the following legal grounds: explicit consent of the data subject where required; necessity of processing for the establishment or performance of a contract; compliance with legal obligations to which the Company is subject; legitimate interests of the Company provided that the fundamental rights and freedoms of the data subject are not harmed.

Transfer of Personal Data

Personal data may be transferred, limited to the stated purposes, to logistics and cargo companies, payment service providers, banks, IT and infrastructure service providers, hosting and cloud service providers, customer support and call center service providers, marketing and communication service providers, and legally authorized public institutions and organizations, in accordance with KVKK and relevant legislation.

As the Company provides services to customers located in the European Union, personal data may be transferred abroad to service providers located outside Türkiye, provided that the conditions set forth under KVKK regarding cross-border data transfer are fulfilled and necessary technical and administrative safeguards are implemented.

Retention Periods

Personal data are retained for the duration required by the purpose of processing and the periods stipulated under applicable legislation. Order and transaction records are stored in accordance with tax and commercial legislation, while marketing data are retained until consent is withdrawn. Upon expiration of the relevant retention periods, personal data are deleted, destroyed, or anonymized in accordance with KVKK and secondary regulations.

Data Security Measures

The Company takes appropriate technical and administrative measures to ensure the confidentiality, integrity, and security of personal data. These measures include access controls, data minimization practices, secure infrastructure systems, regular audits, and staff training on data protection and information security.

Rights of Data Subjects

Data subjects have the right to learn whether their personal data are processed, request information regarding processed data, learn the purpose of processing and whether data are used in accordance with such purpose, learn the third parties to whom data are transferred, request correction of incomplete or inaccurate data, request deletion or destruction of personal data under the conditions stipulated by KVKK, object to processing that results in an unfavorable outcome through automated systems, and request compensation for damages arising from unlawful processing.

Requests may be submitted in writing to the Company’s registered address or through the application methods announced on the Company’s website. Applications are concluded within the time limits prescribed under KVKK.