PRIVACY NOTICE UNDER LPPD


IN MUSA CARS , WE TREASURE YOUR SECURITY. IN THIS RESPECT, WE WOULD LIKE TO INFORM YOU ABOUT OUR DATA PROCESS ACTIVITIES UNDER THE LAW ON THE PROTECTION OF PERSONAL DATA NO. 6698, WHICH IS INTENDED TO PROTECT PERSONAL DATA AND DEFEND FUNDAMENTAL RIGHTS AND FREEDOMS OF INDIVIDUALS, INCLUDING THE PRIVACY OF PERSONAL LIFE.


Pursuant to the Law on The Protection of Personal Data no. 6698 (“LPPD”), personal data is defined as any information of an individual whose identity is or may be verified. Your personal data kept by our Company may be recorded, changed, edited, transferred subject to legal limits, categorized or updated and your personal data may be processed in line with conditions prescribed in the LPPD by means of such methods and for such purposes and reasons explained below.


WHO IS A DATA CONTROLLER?


A DATA CONTROLLER MEANS A LEGAL ENTITY OR INDIVIDUAL THAT DEFINES THE PURPOSE AND MEANS TO PROCESS PERSONAL DATA AND THAT IS RESPONSIBLE FOR SETTING UP AND ADMINISTRATING A DATA ENTRY SYSTEM. IN THIS RESPECT, MUSA CARS (THE “COMPANY”) PROCESSES YOUR PERSONAL DATA UNDER THE LPPD IN ITS CAPACITY AS THE DATA CONTROLLER.

PURPOSE OF PROCESSING YOUR PERSONAL DATA

YOUR PERSONAL DATA ARE PROCESSED IN LINE WITH THE PURPOSES BELOW IN LINE WITH SUCH PRINCIPLES PRESCRIBED IN THE LPPD.

• To make offers for products and services

• To handle sales processes of products and services

• To confirm IDs

• To conduct aftermarket support processes, including deliveries and returns, repair and maintenance works, claims and recourse procedures

• To monitor payment transactions

• To handle insurance procedures

• To sell second-hand cars

• To plan and execute customer relations management

• To size up solvency and to inquire into financial backgrounds

• To plan and execute risk processes

• To prevent abuse and to provide vehicle protection services

• To handle and monitor legal affairs and procedures

• To manage relations with business partners and/ or suppliers

• To contact about our products and services, to present customized offers, to carry out marketing, survey and satisfaction studies

• To manage marketing analysis and exercises

• To carry out social responsibility projects

• To ensure the management and data security of internet access records

• To carry out required audit and control processes under corporate operations and to submit reports and proceed with inspections

• To provide competent public agencies and bodies with information under the applicable law

• To evaluate requests and complaints.


TO WHOM MAY YOUR DATA BE DISCLOSED FOR WHAT PURPOSES?


YOUR PERSONAL DATA MAY BE TRANSFERRED TO THE FOLLOWING INDIVIDUALS/ ENTITIES SUBJECT TO THE DATA PROCESSING TERMS AND CONDITIONS PRESCRIBED IN ARTICLES 8 AND 9 OF THE LPPD ONLY TO THE EXTENT REQUIRED FOR THE SERVICES AND LIMITED TO THE PURPOSES LISTED HEREIN, INCLUDING HANDLING AFTERMARKET SUPPORT PROCESSES, RISK MANAGEMENT, DETERMINATION OF SOLVENCY, CONDUCT OF CLAIMS AND RECOURSE PROCESSES, COMPLETION OF INSURANCE TRANSACTIONS, PREVENTION OF ABUSES, COLLECTIONS, RECOURSE, ASSISTANCE SERVICES, OUTSOURCING FOR SENDING COMMERCIAL MESSAGES AND CUSTOMER SATISFACTION SURVEYS, CONDUCT OF MARKETING STUDIES, HANDLING AND MONITORING LEGAL PROCEDURES AND WORKS, AUDIT OPERATIONS AND PERFORMANCE OF OPERATIONS IN LINE WITH THE APPLICABLE LEGISLATION AS WELL AS FOR DATA SHARING WITH COMPETENT PUBLIC AGENCIES AND INSTITUTIONS THEREUNDER.

• Automotive companies, dealers or suppliers which are our business partners under leasing operations

• Service dealers and car parking lots

• Assistance service providers, including towing services

• Loss adjusters and insurers

• Banks and financial institutions

• Our legal, financial, tax and operational advisors

• Individuals or firms serving as an intermediary for second-hand car sales, including web sites

• Advertising agencies and marketing companies that we outsource our business/

• Courier companies and other cargo firms

• Business partners and suppliers that supply services to us in various areas

• Group companies of Bor Holding A.Ş.

• Competent public agencies and institutions


METHOD AND LEGAL GROUNDS FOR COLLECTING YOUR PERSONAL DATA


YOUR PERSONAL DATA ARE COLLECTED BY OUR COMPANY EITHER DIRECTLY FROM YOU, OUR CUSTOMERS, VIA  OUR CALL CENTRES, COMPANY OFFICERS, BUSINESS PARTNERS, ONLINE TRANSACTIONS OR PUBLIC AGENCIES AND INSTITUTIONS OR ALIKE, OR AUTOMATICALLY BY ELECTRONIC CHANNELS OR IN WRITING/ VERBALLY BY NON-AUTOMATIC MEANS THROUGH THOSE INSTITUTIONS.

In this respect, personal data collected are processed on the basis of the following legal grounds prescribed in Articles 5 and 6 of the Law:

“Provided to be directly related to the execution or performance of a contract, if processing the personal data of the contract parties is necessary”; “if it is mandatory for data controller to perform its legal obligations”; If it is required under the applicable law”; “provided not to cause any harm to fundamental rights and freedoms of relevant person, where data process is required for legitimate interests of the data controller.”


YOUR RIGHTS ABOUT YOUR PERSONAL DATA


YOU CAN SEND YOUR REQUESTS ABOUT YOUR RIGHTS LISTED BELOW UNDER ARTICLE 11 OF THE LPPD IN CONNECTION WITH THE PROCESS OF YOUR PERSONAL DATA TO US IN LINE WITH THE COMMUNIQUE ON TERMS AND PROCEDURES FOR APPLICATION TO DATA CONTROLLERS.

1.To inquire into whether your personal data are processed,

2. To ask information in case your personal data are processed,

3. To inquire into the purpose of process of your personal data or whether they are used in line with that purpose;

4. To know about third parties to whom your personal data are transferred in Turkey or abroad;

5. To ask for the correction in case your personal data are misprocessed or processed incompletely;

6. To ask for the deletion or destruction of your personal data;

7. To request that correction, deletion or destruction of your personal data shall be notified to third parties to which your personal data are transferred;

8. To object to a consequence against you that may arise as a result of analysis of your processed personal data via automatic systems only;

9. To claim damages to compensate your losses that you may sustain upon the unlawful process of your personal data.


Since our Company is under the obligation to keep records and documents in connection with transactions and deals with customers for a specific period of time under the legal regulations, in case you request that your personal data should be deleted, destroyed or anonymized and there is a legally defined statutory term, our Company may fulfil your request upon the expiry of such statutory term, but your personal data may not be processed by our Company during that term unless it is legally required.


You can send your requests about your personal data to us at all times by means of “Application Form for Personal Data” or by way of other methods in line with such terms and conditions set out in the Communiqué on Terms and Procedures for Application to Data Controllers. Also you can find detailed information about applications as well as contact details on the form.


This policy is subject to updates from time to time on account of changes to company policies and business operations. You may regularly visit our page to have access to the most current version of the text.