Customer Personal Data Protection Policy (“Policy”) includes information about how Getir Perakende Lojistik A.Ş. (“Getir”) protect customers' personal data (any information that identifies or serves to identify a person), the rules we comply with when processing personal data and our processing processes of personal data.
In the first part of the Policy, we included technical rules such as the principles we comply with when processing personal data and the legal grounds we based on. In the second part, we include explanations about the processing processes of customers’ personal data.
Click here to access the privacy statement about the processing of customer personal data.
For explanations of the terms we use in the Policy, you may review the last part of this document.
For all your questions regarding the processing of your personal data, you may contact us at firstname.lastname@example.org.
While processing your personal data, we ensure compliance with the data processing principles stated below.
We process your personal data based on the legal grounds specified in Articles 5 and 6 of the Law on the Protection of Personal Data. We explicitly state these legal grounds in the privacy statements we provide them to the data subjects.
The legal grounds we based on when processing our customers' personal data are as follows:
While making this assessment, we perform balance tests by comparing the fundamental rights and freedoms of the person with the legitimate interest that will arise, based on the criteria specified in the Decision of the Board dated 25/03/2019 and numbered 2019/78.
If there is at least one of the legal grounds specified in the Law so that personal data can be processed, we do not ask for explicit consent of the data subject. We only ask explicit consent in the absence of legal grounds stated in the Law.
Explicit consent is described in the Law as "consent on a particular subject, based on the information and disclosed with free will". When asking the explicit consent of data subject, we consider the following three factors:
We take the necessary technical and organizational measures to ensure the protection of your personal data. For example, we use detection and prevention softwares to detect and prevent potential cyber-attacks; we determine employees' access to personal data and use data loss prevention software.
Article 11 of the Law on the Protection of Personal Data regulates the rights of the data subjects (natural persons whose personal data are processed). These rights are as follows:
You can choose the methods below to exercise your rights and submit your requests to Getir:
In this part of the Policy, we included sample processes to better express how we process your personal data. In addition, we have specified topics such as which personal data Getir processes, and for what purposes this personal data processes.
|Account Registration||Performing mobile application membership/registration, verifying the identity and address of the user.||Name-surname, phone number, e-mail address, password information.|
|Order and Payment||Receiving the payment, confirming order and delivering your products as selected via the mobile application to your address.||Name-surname, address, order and payment information.|
|Mobile Application Notifications||Sending mobile application notifications about products you have purchased/interested in (you can change your notification preferences at any time in the "Communication Options" section of the application).||Personal data about your name, surname, preference, likes, interests and usage habits.|
|Request/Complaint Management||In case you send us your requests/comments/complaints about our products or delivery, following and concluding the request/complaint process.||Name-surname, request/complaint information.|
|Marketing Communication||Informing you about the most suitable products and opportunities for you in accordance with your communication preferences, examining your preferences, likes, interests, and usage habits.||Personal data about your name, surname, preference, likes, interests and usage habits.|
As part of the service we offer to our customers, we process your personal data listed below:
|Identity &Contact||Finance||Customer Transaction||Location||Transaction Security|
|Name-surname, customer ID, advertisement ID, gender, age, phone number, e-mail and address||Information regarding payments and payment methods||Shopping history, order information, number of orders, application usage information, invoice information, request/complaint information||Your location information processed with permission granted at mobile application opening or via device settings||Device operating system and version, device type, device ID, hardware model, IP address, user transaction records, password information|
In addition to this information, we process your personal data regarding your preferences, likes, interests and usage habits and your information obtained as a result of the analysis of your data mentioned above (for example, the most ordered products in the Getir mobile application).
We collect mobile application users' personal data via the Getir mobile application by automatic and partially automatic methods.
If you contact us through the following channels, we collect your personal data through these channels:
As Getir, we process your personal data within the country or outside the country for the following purposes:
We share your personal data with the following parties within the country or outside the country, for the following purposes:
|Getir Distributors, Couriers and GetirFood Restaurants||Conducting communication between distributors, couriers, restaurants and customers, conducting customer order transactions, informing the couriers about the address to which the order will be delivered.|
|Business Partners & Suppliers||Getting support from suppliers related to the products and services offered by Getir to its customers, conducting financial and accounting processes, managing business partner and supplier relations.|
|Authorized Persons, Institutions or Organizations||Providing information to authorized persons, institutions, or organizations, fulfilling our legal obligations, conducting legal processes and conducting our activities in accordance with the legislation.|
We use identification technologies that enable us to record user transactions and match the device information with the transactions performed in the application in order to ensure that users perform their mobile application experiences in the best way. For information about the use of identification technologies, you may review the Information Regarding Identification Technologies.
Descriptions of the terms we use in the Policy are as follows:
Last Update: 18/08/2020