PDF

Customer Personal Data Protection Policy

Customer Personal Data Protection Policy (“Policy”) includes information about how Getir Perakende Lojistik A.Ş. (“Getir”) protect customers' personal data (any information that identifies or serves to identify a person), the rules we comply with when processing personal data and our processing processes of personal data.

In the first part of the Policy, we included technical rules such as the principles we comply with when processing personal data and the legal grounds we based on. In the second part, we include explanations about the processing processes of customers’ personal data.

Click here to access the privacy statement about the processing of customer personal data.

For explanations of the terms we use in the Policy, you may review the last part of this document.

For all your questions regarding the processing of your personal data, you may contact us at kisiselveriler@getir.com.

1. RULES OF PERSONAL DATA PROCESSING

  • Principles of Personal Data Processing
  • Legal Grounds for Personal Data Processing
  • Factors Considered When Asking for Explicit Consent
  • Personal Data Security
  • Rights of the Data Subjects

2. PROCESSES OF PERSONAL DATA PROCESSING

  • Sample Processes of Data Processing and Descriptions
  • Processed Personal Data
  • Purposes of Personal Data Processing
  • Transfer of Personal Data
  • Use of Identification Technologies

1. RULES OF PERSONAL DATA PROCESSING

Principles of Personal Data Processing

While processing your personal data, we ensure compliance with the data processing principles stated below.

  • Being in compliance with the law and good faith principle. → We conduct our data processing activities in accordance with the legislation and good faith principles.
  • Being accurate and up-to-date when necessary. → We always keep channels open to ensure your personal data is accurate and up-to-date.
  • Processing for specific, explicit and legitimate purposes. → We determine for what purposes the personal data will be processed and present these purposes in a transparent and understandable manner for your information.
  • Being connected, limited and restrained with processing purposes. → We do not process personal data that are not related to processing purposes or needed, and we do not perform personal data processing activities to meet possible needs.
  • Storing for the period required by the relevant legislation or for the purpose for which they are processed.→ If there is a period set forth in the legislation for the storage of personal data, we comply with this period; if such a period is not provided, we only store personal data for the time required for processing purposes.

Legal Grounds for Personal Data Processing

We process your personal data based on the legal grounds specified in Articles 5 and 6 of the Law on the Protection of Personal Data. We explicitly state these legal grounds in the privacy statements we provide them to the data subjects.

The legal grounds we based on when processing our customers' personal data are as follows:

  • Personal data processing is necessary for the establishment or performance of a contract signed between you and Getir.
  • Processing personal data for the establishment, execution or protection of a right.
  • Processing personal data to fulfill our legal obligations.
  • Personal data processing is mandatory for our legitimate interests.
  • Explicit consent of the data subject to process her/his personal data.

While making this assessment, we perform balance tests by comparing the fundamental rights and freedoms of the person with the legitimate interest that will arise, based on the criteria specified in the Decision of the Board dated 25/03/2019 and numbered 2019/78.

If there is at least one of the legal grounds specified in the Law so that personal data can be processed, we do not ask for explicit consent of the data subject. We only ask explicit consent in the absence of legal grounds stated in the Law.

Factors Considered When Asking for Explicit Consent

Explicit consent is described in the Law as "consent on a particular subject, based on the information and disclosed with free will". When asking the explicit consent of data subject, we consider the following three factors:

  1. Being related to a particular subject → We ask for the explicit consent of the data subject for specific data processing activity/activities and ensure that the consent letters are understandable.
  2. Information-based → We present consent letters and privacy statements together/on the same channel; we support the data subject to understand the results of the data processing activity.
  3. Disclosure with free will → While asking for their consent, we avoid misleading statements that may defect their will.

Personal Data Security

We take the necessary technical and organizational measures to ensure the protection of your personal data. For example, we use detection and prevention softwares to detect and prevent potential cyber-attacks; we determine employees' access to personal data and use data loss prevention software.

Rights of the Data Subjects

Article 11 of the Law on the Protection of Personal Data regulates the rights of the data subjects (natural persons whose personal data are processed). These rights are as follows:

  1. To learn whether Getir processes your personal data,
  2. To request information if your personal data is processed,
  3. To learn the purpose for processing your personal data and whether these are processed in accordance with intended purposes,
  4. To learn whether your personal data has been transferred to third parties; if it is transferred, learning the third parties within the country or outside the country to which it is transferred,
  5. In case your personal data is processed incompletely or inaccurately, to request rectification of these and to request the notification of the transactions made in this respect, if any, to third parties with whom we shared your personal data,
  6. Despite the fact that we have processed your personal data in accordance with the Law and the relevant legislation, to request the deletion or destruction of your personal data in case where the grounds of processing is no longer present and to request the notification of the transactions made in this respect, if any, to third parties which we shared your personal data,
  7. To object to occurrence of any unfavorable consequence for you by means of analysis of the processed personal data exclusively through automated systems,
  8. If you incurred losses due to the unlawful processing of your personal data, to request the compensation of your loss.

You can choose the methods below to exercise your rights and submit your requests to Getir:

  1. You may send your request to kisiselveriler@getir.com by using your e-mail address registered in our systems.
  2. You may send your requests in written to Etiler Mah. Tanburi Ali Efendi Sok. Maya Residences Sit. T Blok No:13/334 Beşiktaş/İstanbul.
  3. You may use the other methods stated in the Communiqué on the Application Procedure and Principles to the Data Controller.

2. PROCESSES OF PERSONAL DATA PROCESSING

In this part of the Policy, we included sample processes to better express how we process your personal data. In addition, we have specified topics such as which personal data Getir processes, and for what purposes this personal data processes.

ProcessDescriptionsPersonal Data
Account RegistrationPerforming mobile application membership/registration, verifying the identity and address of the user.Name-surname, phone number, e-mail address, password information.
Order and PaymentReceiving the payment, confirming order and delivering your products as selected via the mobile application to your address.Name-surname, address, order and payment information.
Mobile Application NotificationsSending mobile application notifications about products you have purchased/interested in (you can change your notification preferences at any time in the "Communication Options" section of the application).Personal data about your name, surname, preference, likes, interests and usage habits.
Request/Complaint ManagementIn case you send us your requests/comments/complaints about our products or delivery, following and concluding the request/complaint process.Name-surname, request/complaint information.
Marketing CommunicationInforming you about the most suitable products and opportunities for you in accordance with your communication preferences, examining your preferences, likes, interests, and usage habits.Personal data about your name, surname, preference, likes, interests and usage habits.

Processed Personal Data

As part of the service we offer to our customers, we process your personal data listed below:

Identity &ContactFinanceCustomer TransactionLocationTransaction Security
Name-surname, customer ID, advertisement ID, gender, age, phone number, e-mail and addressInformation regarding payments and payment methodsShopping history, order information, number of orders, application usage information, invoice information, request/complaint information, comment, rating and review informationYour location information processed with permission granted at mobile application opening or via device settingsDevice operating system and version, device type, device ID, hardware model, IP address, user transaction records, password information

In addition to this information, we process your personal data regarding your preferences, likes, interests and usage habits and your information obtained as a result of the analysis of your data mentioned above (for example, the most ordered products in the Getir mobile application).

Collecting Methods of Personal Data

We collect mobile application users' personal data via the Getir mobile application by automatic and partially automatic methods.

If you contact us through the following channels, we collect your personal data through these channels:

  • When you call Getir Customer Service
  • When you fill out the contact form on our website,
  • When you reach us via Getir social media accounts.

Purposes of Personal Data Processing

As Getir, we process your personal data within the country or outside the country for the following purposes:

  • To conduct the signing up process to the mobile application
  • To communicate with our customers and manage relationships with our customers,
  • To conduct the processes of receiving orders and payments and delivering orders,
  • To offer the most suitable product options for your preferences, likes, interests, usage habits, and location; to inform you about the most suitable products and opportunities,
  • To conduct communication between Getir couriers, GetirFood restaurants, GetirLocals businesses and customers (your contact information is not shared with Getir couriers),
  • To perform analysis for improving our products and services,
  • To conduct activities for customer satisfaction,
  • To introduce the products and services offered by Getir; to conduct marketing activities,
  • To receive and evaluate feedback on the improvement of our products/services,
  • To follow up and conclude requests/complaints,
  • To conduct our activities in accordance with the legislation,
  • Review and audit of our business activities,
  • To prevent and detect security concerns, fraud and abuse of promos/discounts,
  • To conduct financial and accounting affairs related to payments.

Transfer of Personal Data

We share your personal data with the following parties within the country or outside the country, for the following purposes:

Getir Distributors, Couriers, GetirFood Restaurants and GetirLocals BusinessesConducting communication between distributors, couriers, restaurants, businesses and customers, conducting customer order transactions, informing the couriers about the address to which the order will be delivered.
Business Partners & SuppliersGetting support from suppliers related to the products and services offered by Getir to its customers, conducting financial and accounting processes, managing business partner and supplier relations.
Authorized Persons, Institutions or OrganizationsProviding information to authorized persons, institutions, or organizations, fulfilling our legal obligations, conducting legal processes and conducting our activities in accordance with the legislation.

Please note that your comments and ratings may be published if deemed appropriate in accordance with our Terms & Conditions. Within the scope of your comments, we would like to express that your identity or contact information will not be published to protect your privacy.

Use of Identification Technologies

We use identification technologies that enable us to record user transactions and match the device information with the transactions performed in the application in order to ensure that users perform their mobile application experiences in the best way. For information about the use of identification technologies, you may review the Information Regarding Identification Technologies.

Terms

Descriptions of the terms we use in the Policy are as follows:

  • Data Subject: The natural person whose personal data is processed.
  • Destruction: Deletion, destruction, or anonymization of personal data.
  • Law: The Law on Protection of Personal Data numbered 6698, dated 24 March 2016.
  • Personal Data Processing: Any operation performed on personal data such as collection, recording, storage, retention, alteration, re-organization, disclosure, transferring, taking over, making retrievable, classification or preventing the use thereof, fully or partially through automatic means or provided that the process is a part of any data registry system, through non-automatic means.
  • Board: Personal Data Protection Board.
  • Authority: Personal Data Protection Authority.
  • Customer: Potential or existing customers that Getir offers products/services through its mobile application.
  • Data Controller: Natural or legal person who determines who determines the purpose and means of processing personal data and is responsible for establishing and managing the data registry system.



 

Last Update: 04/06/2021