Free Shipping on Orders Over 200 TL

HAVLOO TEKNOLOJİ ARAŞTIRMA GELİŞTİRME ANONİM ŞİRKETİ Customer Personal Data Processing Disclosure Statement

Data Controller

Your personal data is processed by Havloo Teknoloji Araştırma Geliştirme A.Ş. (“Company”), acting as the data controller, registered with the Istanbul Trade Registry Office under registration number 1100853, with its headquarters located at Göktürk Merkez Mah. Çamlık Cad. No: 36/1a Eyüpsultan / Istanbul, within the scope of the Personal Data Protection Law No. 6698 (“KVKK”) and in accordance with this Customer Personal Data Processing Disclosure Statement (“Disclosure Statement”).

Our Company respects your concerns regarding privacy and the protection of your personal data and works to establish and maintain a trust-based relationship with you. In this context, your personal data is processed in compliance with PDPL and all applicable legislation on personal data protection, stored securely, and protected against unlawful access through all necessary security measures. This Disclosure Statement explains the scope under which your personal data collected during the sale and after-sales activities of products and/or services provided by or on behalf of our Company is processed.

Method of Collection of Your Personal Data

Your personal data is collected by our Company through fully or partially automated means, or non-automated means provided that they are part of a data recording system, in electronic and/or physical environments, via:

  • our website with the [*] extension

  • printed forms (contracts, technical support forms, invoices, etc.)

  • call/contact centers

  • email, SMS, telephone, fax

  • cargo/post services

  • cookies and similar identification technologies

  • request/complaint platforms

  • authorized public institutions and organizations

integrated systems of third parties

Categories of Personal Data Processed, Processing Purposes and Legal Grounds

Within the scope of Articles 5 and 6 of PDPL, your personal data is processed for purposes including but not limited to:

  • creating, updating, and canceling memberships on our website

  • fulfilling obligations arising from membership agreements

  • sale of products/services and after-sales support (e.g., returns, shipping)

  • customer notifications and legal information

  • invoicing and financial/accounting processes

  • customer relationship management

  • handling requests and complaints

  • ensuring customer satisfaction

  • ensuring information security and legal compliance

Below are the main personal data categories and their processing purposes:

dentity Data

Processed for:

  • legal compliance

  • auditing and ethics activities

  • contract processes

  • after-sales services

  • customer relationship management

  • business continuity

  • communication

  • archiving and storage

  • supply chain management

  • informing authorized institutions

May also be processed with explicit consent for:

  • marketing

  • campaigns/promotions

  • events/organization management

  • product/service marketing and loyalty processes

Contact Data

Processed for the same operational, legal, communication, customer service, and business continuity purposes listed above.
Marketing-related processing requires explicit consent.

Financial Data

Processed for:

  • finance and accounting operations

  • invoicing and payments

  • sales and after-sales processes

  • legal and regulatory compliance

  • archiving

Marketing uses require explicit consent.

Legal Transaction Information

Processed for:

  • legal follow-up and dispute management

  • compliance with legislation

  • archiving

  • contract management

  • after-sales support

Transaction Security Data

Processed for:

  • information security

  • system security

  • auditing

  • secure operation of services

  • complaint/request tracking

  • legal compliance

Marketing uses require explicit consent.

Customer Transaction Data

Processed for:

  • sales and after-sales processes

  • customer relationship management

  • legal compliance

  • complaint management

  • operational security

Marketing uses require explicit consent.

Marketing Data

Processed only with explicit consent for:

  • campaigns

  • promotions

  • personalized marketing

  • analysis and reporting

  • product/service marketing

Visual and Audio Data

(Only processed when contacting customer services during membership processes)

Processed for:

  • service quality monitoring

  • legal compliance

  • auditing

  • customer satisfaction

  • security

Marketing uses require explicit consent.

Request/Complaint Data

Processed for:

  • complaint management

  • improving business processes

  • communication

  • customer satisfaction

  • legal compliance

  • archiving

Marketing uses require explicit consent.

Transfer of Personal Data to Third Parties in Turkey and/or Abroad

Your personal data may be transferred, in accordance with Articles 8 and 9 of PDPL and limited to the purposes stated above, to:

  • domestic or international suppliers (legal advisors, auditors, customer service providers, agencies, event organizers, IT and hosting providers)

  • overseas third-party service providers using cryptographic/pseudonymization methods (e.g., Google, Criteo, Microsoft) for marketing and personalization

  • potential buyers, sellers, or transaction parties in mergers, acquisitions, or restructuring processes

  • authorized public authorities and courts

Transfers requiring explicit consent will only occur after obtaining your approval.

Retention Period of Personal Data

Your personal data is stored and destroyed in accordance with PDPL, the Regulation on Deletion, Destruction or Anonymization of Personal Data, and our internal retention and destruction policies.

Data is deleted, destroyed, or anonymized when the legal grounds for processing cease to exist. Some data may continue to be processed during statutory limitation periods. Data processed based on explicit consent will be deleted upon withdrawal of consent during the first destruction period.

Your Rights Under PDPL

Pursuant to Article 11 of PDPL, you have the right to:

  • learn whether your personal data is processed

  • request information if processed

  • learn the purpose of processing

  • know third parties to whom data is transferred

  • request correction of incomplete/incorrect data

  • request deletion or destruction of data when legal grounds cease

  • object to automated decision-making that produces unfavorable results

  • claim compensation for damages caused by unlawful processing

You may submit your requests in writing or electronically (via registered email, secure electronic signature, mobile signature, or your registered email address) by completing the Data Subject Application Form and providing identity verification information. Applications are concluded free of charge within 30 days unless additional costs arise.

Please ensure that no special category personal data (e.g., religion, blood type) is included in your application documents.