Running and Training
The only right way to run is your way! It's time to find the right pair for you from our running collection.
Delivery and Shipping
We aim to deliver orders to you within 1-3 (one-three) business days with standard shipping. Orders placed before 13:00 will be delivered to cargo by 16:00 on the same day. Orders placed later will be delivered to cargo the following day.
Up To 40% Off
Discover the opportunity in the season's favorite styles
Running and Training
The only right way to run is your way! It's time to find the right pair for you from our running collection.
Delivery and Shipping
We aim to deliver orders to you within 1-3 (one-three) business days with standard shipping. Orders placed before 13:00 will be delivered to cargo by 16:00 on the same day. Orders placed later will be delivered to cargo the following day.
In accordance with the regulation contained in the Article 20 of the Constitution of the Republic of Turkey, everyone shall have the right to request the protection of personal data related to him or her. This right comprises being informed about the personal data concerning the person, accessing to this data, requesting its correction or deletion, and finding out whether it is being used for their purposes
The Law on Protection of Personal Data No. 6698 ("Law"), which has published in the Official Gazette and entered into force on 07.04.2016 and regulates the protection of the fundamental rights and freedoms of the persons in the processing of personal data set out the obligations and principles to be followed by the real and legal persons processing the personal data. The purpose of this Policy prepared in this direction is to ensure compliance with the obligations related to the regulations of the Law.
Hereby this Protection and Processing of the Personal Data Policy (“Policy”) contains the NBI GİYİM A.Ş.(Company)’s (“Policy”), NBI GİYİM A.Ş. (“Şirket”) declarations and explanations regarding the processing of the personal data within the scope of the law, belonging to real persons other than employees of the company, in particular customers, visitors, suppliers and other third parties
Our Company reserves the right to make changes to the Policy in order to provide up-to-date information about our practices and legal regulations on the protection of Personal Data. If changes to the policy are material, data subject will be notified through various channels.
Definitions relevant to the concepts used within the scope of this policy are contained in Annex 1, taking into account legislation on the protection of personal data.
CONCEPTS |
DEFINITIONS |
Explicit Consent |
It refers to a statement of consent related to a specific subject based on voluntary notification and disclosure by the data subject. |
Anonymization |
It refers to the rendering personal data, even if matched with other data, to a form which cannot under any circumstances be associated with an identified or identifiable natural person. |
Relevant Person/ Data Subject |
It refers to the real person whose personal data are processed. |
Personal Data |
It refers to any information relating to an identified or identifiable real person; |
Special Categories of Personal Data |
It refers to data subject to a stricter protection regime under the Law, which, in the event of leakage or disappearance, may result in the data subject becoming a victim or being discriminated against. |
Processing of Personal Data |
It refers to any operation which is performed upon personal data such as collection, recording, storage, preservation, alteration, adaptation, disclosure, transfer, retrieval, making available for collection, categorization or blocking its use by wholly or partly automatic means or otherwise than by automatic means which form part of a filing system. |
Filling of the Data System |
It refers to any recording system through which personal data are processed by structuring according to specific criteria |
Data Controller |
It refers to a real or legal person who determines the purposes and means of the processing of personal data, and who is responsible for establishment and management of the filing system. |
Data Processor |
Real or legal person who processes personal data based on the authority granted by and on behalf of the data controller |
In accordance with the article 3 of the Law, any operation which is performed upon personal data such as collection, recording, storage, preservation, alteration, adaptation, disclosure, transfer, retrieval, making available for collection, categorization or blocking its use by wholly or partly automatic means or otherwise than by automatic means which form part of a filing system, fell within the scope of the processing of the personal data. Within the scope of personal data processing activities, our company acts according to the general principles described below
Being in conformity with the law and good faith: Our Company carries out its personal data processing activities in accordance with the law and good faith rules in accordance with the Law and all relevant legislation, especially the Constitution.
Being accurate and if necessary, up to date: Our company provides data subject with the opportunity to update their personal data and takes the necessary steps to ensure that the data is correctly transmitted to the database.
Being processed for specified, explicit, and legitimate purposes: Our company restricts personal data processing activities to certain legitimate purposes and clearly informs data subjects of these purposes through clarification texts.
Being relevant, limited and proportionate to the purposes for which data are processed: Personal data are processed by our company for this purpose and only to the extent necessary for the purposes notified to the data subject at the time the data was provided.
Being stored only for the period designated by relevant legislation or necessitated by the purpose for which data are collected: Personal data stored by our company is limited to the period specified by Law and all relevant regulations or as required for the purpose related to the data processing activities. After the above-mentioned period has expired, the data will be deleted, destroyed or anonymized in accordance with our company procedures.
Except for the explicit consent of the personal data subject, the basis of the personal data processing activity may be only one of the conditions specified below, and more than one condition may be the basis of the same personal data processing activity. If the data processed are personal data of a special nature, the following conditions apply
(i) Explicit Consent of the Personal Data Subject
One of the conditions for the processing of personal data is the explicit consent of the data subject. The explicit consent of the data subject should be interpreted on a specific subject matter on an informed and voluntary basis
In the existence of the following personal data processing conditions, personal data may be processed without the express consent of the data subject.
(i) Expressly prescribed by law
If the personal data of the data subject is explicitly prescribed by the law, in other words, if there is an explicit provision in the relevant law regarding the processing of personal data, the existence of this data processing condition may be mentioned.
(ii) Failure Obtain the Explicit Consent of the Person Concerned Due to Actual Impossibility
The personal data of the data subject may be processed if it is mandatory to process the personal data in order to protect the life or body integrity of the person concerned or the third person who are unable to explain their consent due to the actual impossibility or whose consent cannot be recognized as valid.
(iii) Being directly related to the execution or performance of the contract
Provided that it is directly related to the establishment or performance of a contract to which the data subject is a party, this condition may be deemed to have been fulfilled if the processing of personal data is necessary.
(iv) Fulfillment of Our Company’s Legal Obligation
The personal data of the data subject may be processed if the processing is necessary for our company to fulfill its legal obligations.
(v) Personal Data Subject's Disclosure of his/ her Personal Data
If the data subject has disclosed his/her personal data, the relevant personal data may be processed in the scope of the purpose of disclosure
(vi) If it is necessary for the institution, usage, or protection of a right
The personal data of the data subject may be processed if the data processing is mandatory for the establishment, use or protection of rights.
(vii) If Data Processing is Mandatory for the Legitimate Interest of Our Company
The personal data of the data subject may be processed if the data processing is mandatory for the legitimate interests of our Company, provided that it does not harm the fundamental rights and freedoms of the personal data subject
Personal data of sensitive nature are processed by our Company in accordance with the principles set forth in this Policy and by taking all necessary administrative and technical measures, including the methods to be determined by the Board, and in the presence of the following conditions
(i) Special Categories of personal data other than personal data relating to health and sexual life, may be processed without seeking the explicit consent of the data subject if it is explicitly stipulated in the laws, in other words, if there is an explicit provision in the relevant law regarding the processing of personal data. Otherwise, the explicit consent of the data subject will be obtained
(ii) Personal data relating to health and sexual life may be processed without obtaining the explicit consent of the data subject for purposes of protection of public health, operation of preventive medicine, medical diagnosis, treatment, and care services, planning and management of health services and financing by persons under the obligation of secrecy or authorized institutions and organizations. Otherwise, the explicit consent of the data subject will be obtained.
In accordance with Article 10 of the Law and secondary legislation, our Company informs the personal data subjects about who processes their personal data as the data controller, for what purposes, with whom it is shared, with which methods it is collected and the legal reason and the rights of the data subjects within the scope of the processing of their personal data.
Your personal data collected by our Company varies according to the nature of the relationship with our Company and legal obligations.
Your Personal Data collected may be listed as follows:
The types of Personal Data mentioned below do not cover all your data processed and similar types of Personal Data can be processed by our Company.
Your Personal Data obtained may be processed by our Company in accordance with the Personal Data Processing conditions specified in Articles 5 and 6 of the Law and within the scope of the following purposes:
Main Purposes |
Subgoals |
Constructing company specific business operations, coordination, development, execution of planning and execution of activities for business development |
|
Customization of products and services based on personal, analytical, promotional and marketing activities |
|
Demand and complaint management and construction and/or execution of after-sales processes |
|
Planning, execution and management of corporate relations |
|
Ensuring the legal, technical and commercial occupational safety of the Company and the relevant persons in business relations with the Company and carrying out activities for the performance of legal obligations |
|
Our company takes into account the applicable legislation and the purpose of processing the data in question when determining the storage period for personal data. In this context, legal obligations regarding Personal Data Processing activity and statute of limitations are taken into account. If the purpose of processing personal data is eliminated, the data will be deleted, destroyed or anonymized unless there are other legal reasons or reasons that allow the storage of personal data.This Detailed information on the subject https://www.newbalance.com.tr/kisisel-verilerin-korunmasi You can obtain it from the PERSONAL DATA STORAGE AND DISPOSAL POLICY at.
Your Personal Data can be shared for the purposes above in accordance with the personal data transfer conditions specified in Articles 8 and 9 of the Law No. 6698 in accordance with the table below. In these cases where your Personal Data is shared, our Company takes the necessary measures to ensure that the party to whom the data is shared carries out processing and transfer activities in accordance with the rules in this Policy and the provisions in the legislation.
The transfer of your Personal Data abroad is only;
The transfer of your Personal Data abroad is only;
Parties of Data Transfer |
Definition- Scope |
Purpose |
Associate |
It refers to the parties that our company cooperates with during its commercial, legal and administrative activities. |
Personal data are transferred on a limited basis in order to ensure the fulfillment of the purposes for which the business partnership was established |
Supplier |
It means the parties that provide the supply of products and / or services in the matters needed during the activities of our company. |
Personal data are transferred on a limited basis in order to supply the products and / or services required for the performance of the activities of our Company. |
Legally Authorized Public Institution |
It means public institutions and organizations authorized to request information and documents in accordance with the legal regulations in force. |
Personal data sharing is limited in order to meet the requests directed by the authorized public institutions. |
Legally Authorized Private law Persons |
It means private law persons authorized to request information and documents in accordance with the legal regulations in force. |
Personal data is shared on a limited basis in order to meet the requests directed by authorized private persons. |
To ensure the security of your personal data, our company takes reasonable technical and administrative measures to prevent the risk of unauthorized access, accidental data loss, intentional deletion or data corruption. You can get detailed information about the subject from the PERSONAL DATA RETENTION AND DESTRUCTION POLICY.
According to Article 11 of the Law, Data Subjects shall have the following rights against the Data Controller:
Article 28, paragraph 2 of the Law lists the situations in which data subject do not have the right to request and within this scope;
In such cases, the rights set out above shall not be exercised, except for the right to request the compensation of the damage to the data.
Necessary information that identifies you and your request for the effective use of these rights You can request to benefit from the rights specified in Article 11 of the KVKK, along with other information. Your request containing your explanations regarding the following; Data Owner Application Form by filling out the form and sending a signed copy of the form to Sultan Selim Mah. Hümeyra St. Documents proving your identity to the address of Nef 09 Sitesi B Blok No: 7 İç Kapı No: 152 Kağıthane - İstanbul. You can send it personally, by registered mail, through a notary or as specified in KVKK. You can send it via other methods or fill out the relevant form.nbigiyim@hs01.kep.tr with secure electronic signature to the address You can also submit your requests by sending.
In order for a third party to apply on your behalf, you must provide that third party with a special power of attorney issued by a notary public.
Our Company may request information from the Data Subject in order to determine whether the person making the application is the Data Subject or not, and may ask the Data Subject questions about the application in order to clarify the issues stated in the application.
Website Clarification Text
1. 1.Data Controller and Representative
According to the Law on the Protection of Personal Data No. 6698 ("Law No. 6698"), your personal data; may be processed by NBI GİYİM A.Ş. ("Our Company") as the data controller within the scope described below. For detailed information on the purposes for which we process your personal data; you can see NBI GİYİM A.Ş. The personal Data Protection Policy that has been published at the Internet address
Within the scope of this clarification test; you shall be informed about which of your personal data is processed, the purpose for which your personal data can be processed, the method and legal reason for collecting your personal data, the parties to whom your personal data can be transferred and the rights you have.
2. 2.Personal Data Processed
ID: Name Surname, Date of Birth, Gender
Contact: Phone Number, E-mail address, Address
Transaction Security Data: Website login-log out information, IP address information
Other Information: Data we obtain through the cookies we use, Your message about your requests and suggestions, Order information, Shopping history
3. Purposes of Processing Your Personal Data
Purposes of Processing Your Personal Data
4. 4.Method of Collecting Your Personal Data and the Legal Reason of it
Your personal data shall be collected in accordance with the law by automatic or non-automatic means by filling out the membership form and placing an order with your visit to the internet address http://www.newbalance.com.tr. Your personal data collected from the platforms mentioned above may be processed according to the purposes below, legal reasons and conditions set out in the Articles 5 and 6 of the Law
Based on the legal reasons that it is mandatory for our Company to fulfill its legal obligation as a data controller;
Based on the legal reason why it is necessary to process the personal data of the parties to the contract, provided that it is directly related to the establishment or performance of a contract;
Based on the legal reason that the data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject;
Based on your explicit consent;
5. Parties to whom Your Personal Data May Be Transferred and the Purposes of this Transfer
Your personal data; within the scope of the above-mentioned purposes, legally authorized public institutions including our subsidiaries, suppliers, business partners, and/or legally authorized private persons may be transferred in accordance with the personal data transfer conditions specified in Articles 8 and 9 of Law No. 6698.
6. 6.Rights of the Personal Data Subject Listed in Article 11 of the Law No. 6698
CLARIFICATION TEXT ON THE PROCESSING OF PERSONAL DATA IN CUSTOMER MARKETING, SALES, AFTER-SALES SERVICES
In accordance with the Personal Data Protection Law No. 6698 (“Law No. 6698”), your personal data; data NBI GİYİM A.Ş. as the responsible person. (“Our Company”) may be processed within the scope explained below. Detaile It was shared with the public on the website https://www.newbalance.com.tr/kisisel-verilerin-korunmasi NBI GİYİM A.Ş. You can access it from the Personal Data Protection Policy.
Within the scope of this clarification text; You are informed about which of your personal data is processed, for what purpose your personal data can be processed, the method and legal reason for the collection of your personal data, the parties to which your personal data can be transferred and the rights you have.
Identifying Information: Information of Name, Surname and TR Identity Number given by the visitor.
Contact Information: Telephone number, address and other contact information given by the visitor,
Legal Action: Information in correspondence with judicial authorities, Information in the case file, etc.
Customer Transaction: Call center records, Invoice, promissory note, check information, Information on box office receipts, Order information, Request information, etc.
Physical Environment Security: Camera recordings etc.
Risk Management: Information processed to manage commercial, technical, administrative risks, etc.
Finance: Balance sheet information, Financial performance information, Credit and risk information, Asset information etc.
Marketing: Shopping history information, Survey, Cookie records, Information obtained through Campaign work, etc.
Other data; Visual and Audio Recordings, Request Complaint Information
We may process your collected Personal data for the purposes listed below;
We may process it for purposes such as (collectively, "Purposes").
Your personal data, will be collected from electronic and/or physical environments through our Company's websites, printed forms used in our Company and our Company's dealers and stores, and current accounts, invoices, etc. financial documents, our Company's telephone/call centers, our Company's branches, our Company's e-mail and corporate social media accounts, and our Company's mobile applications. Your personal data collected from these channels are processed for the following purposes and legal reasons and based on the personal data processing conditions specified in Articles 5 and 6 of the Law
Based on the legal reason that it is obligatory for our Company to fulfill its legal obligation as a data controller;
Provided that it is directly related to the establishment or performance of a contract, based on the legal reason which is necessary to process the personal data of the parties to the contract,
Based on the legal reason that data processing is obligatory for the establishment, use or protection of a right;
Based on the legal reason that data processing is obligatory for the legitimate interests of the data controller; provided that it does not harm the fundamental rights and freedoms of the data subject
Based on your express consent;
Your personal data; Within the scope of the above-mentioned purposes, legally authorized public institutions and/or legally authorized private persons, including our affiliates, suppliers, business partners, can be transferred in accordance with the personal data transfer conditions specified in Articles 8 and 9 of the Law No. 6698.
As personal data owners, you have the following rights;
You have rights. In order to use these rights effectively, we must identify you. necessary information and other requested information and the rights specified in Article 11 of the KVKK. Your request containing your explanations about the right you wish to use; Data Owner Application Form By filling out the form at and submitting a signed copy of the form copy of Sultan Selim Mah. Hümeyra St. Nef 09 Sitesi B Blok No: 7 İç Kapı No: 152 Kağıthane - İstanbul You can send it in person, with documents proving your identity, or by registered mail, You can send it through a notary public or other methods specified in KVKK or send the relevant form. You can also submit your requests by sending them with a secure electronic signature to nbigiyim@hs01.kep.tr. You can forward it.
SUPPLIER CLARIFICATION TEXT
In accordance with the Personal Data Protection Law No. 6698 (“Law No. 6698”), your personal data; data NBI GİYİM A.Ş. as the responsible person. (“Our Company”) may be processed within the scope explained below. Detailed information about the purposes of processing your personal data by us; with the public at https://www.newbalance.com.tr/kisisel-verilerin-korunmasi/ shared by NBI GİYİM A.Ş. You can access it from the Personal Data Protection Policy.
Within the scope of this clarification text; you are informed about for what purposes, with whom your personal data is shared, with which methods it is collected and the legal reason and the rights of the data subjects within the scope of the processing of their personal data.
2. Suppliers’ Processed Personal Data
Identity Information: Name, Surname and Turkish ID number
Contact Information: Telefon Number, Address and Other Communication Information
Location Information: The place and location information of the suppliers’
Legal Action Information: Information in correspondence with judicial authorities, information in the case file
Physical Place Security: Entry and exit record information, camera records
Finance: Balance sheet information, Financial performance information, Credit and risk information, Asset information, etc.
Other Data: Audio and Visual Recordings, Vehicle, License Plate, Request-Complaint Information, Risk Administration
3. Purposes of Personal Data Processing
Your Personal Data are processed within the scope of the purposes listed below (“Purposes”)
We may process it for purposes such as (collectively, "Purposes").
4. The Manner and the Legal Reason of the Collection of Your Personal Data
Your personal data will be collected from physical platforms through Our Company’s websites, financial documents used in the dealers and stores of Our Company such as forms, invoice, current account etc; the call centers that belong Our Company’s dealers and business partners, corporate social media and e-mail accounts of Our Company, Our Company’s mobile applications, security cameras (CCTV). Your personal data collected from the platforms mentioned above may be processed according to the purposes below, legal reasons and conditions set out in the Articles 5 and 6 of the Law.
In case of necessity for Our Company as Data Controller to fulfill its legal obligations;
Provided that it is directly related to the establishment or performance of a contract, based on legal reasons necessary to process the personal data of the parties to the contract;
Provided that it is not harmful for his / her fundamental rights and freedoms, based on legal reasons necessary to process data for the benefits of the data subject;
Your Personal Data may be transferred for the purposes above in accordance with the personal data transfer conditions set out in Articles 8 and 9 of the Law No. 6698 in accordance to our affiliates, domestic suppliers, business partners and legally authorized public institutions and/or legally authorized private individuals.
6. The Rights of Personal Data Subject Prescribed by Article 11 of the Law No. 6698
The Owner of Personal Data has rights on his personal data below:
You have rights. In order to use these rights effectively, we must identify you. necessary information and other requested information and the rights specified in Article 11 of the KVKK. Your request containing your explanations regarding the right you wish to exercise; Data Owner Application Form by filling out the form and submitting a signed copy of the form. copy of Sultan Selim Mah. Hümeyra St. Nef 09 Sitesi B Blok No: 7 İç Kapı No: 152 Kağıthane - İstanbul You can send it in person, with documents proving your identity, or by registered mail, You can send it through a notary public or other methods specified in KVKK or send the relevant form. You can also submit your requests by sending them with a secure electronic signature to nbigiyim@hs01.kep.tr. You can forward it.
Top of The Form
PERSONAL DATA RETENTION AND DESTRUCTION POLICY
1.PURPOSE AND SCOPE
NBI GİYİM A.Ş. ("Our Company") undertakes to comply with the regulations on the protection, processing and destruction of personal data in accordance with its legal responsibilities arising from the relevant legal regulations. This Personal Data Retention and Destruction Policy ("Policy") contains the framework and principles for carrying out the necessary retention and destruction activities within the scope of the relevant legislation.
In accordance with the Regulation on the Deletion, Destruction or Anonymization of Personal Data ("Regulation") published in the Official Gazette dated October 28, 2017 and numbered 30224, data controllers are obliged to prepare a personal data retention and destruction policy in accordance with the personal data processing inventory. The purpose of this Policy, which has been prepared on the basis of the above regulation; Determining the processes of deletion, destruction or anonymization of the personal data processed by our Company with the maximum periods required for the purpose for which they are processed and defining the roles and responsibilities of the persons who will take part in these processes.
The scope of this Policy; The maximum retention periods of personal data and the technical and administrative measures taken for the storage and destruction of personal data in accordance with the law constitute recording environments with the units involved in the execution of the relevant processes within our Company.
2.DEFINITONS
Electronic Environment:Environments where personal data can be created, read, changed and written with electronic devices,
Non-Electronic Environment:: All written, printed, visual, etc. other environments other than electronic environments,
Law: Law No. 6698 on the Protection of Personal Data,
Personal Data: Any information relating to an identified or identifiable real person,
Processing of Personal Data: Any operation performed on the data, such as obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making available, classifying or prevention of using personal data completely or partially by automatic or non-automatic means provided that it is a part of any data recording system.
Data Controller: NBI GİYİM A.Ş. as a legal person,
PDP Committee: The Personal Data Protection (PDP) Committee shall constitute the committee to be formed to carry out the administrative follow-up of the processes established within the scope of the Law on the Protection of Personal Data and its sub-regulations appointed by the Data Controller,
Relevent Person: The real person whose personal data is processed,
Committee: Personal Data Protection Committe,
Anonymization: Making personal data impossible to associate with an identified or identifiable natural person under any circumstances, even by matching them with other data,
Destruction: Deletion, destruction or anonymization of personal data
Recording Medium: Any environment where Personal Data is processed wholly or partially automatically or non-automatically provided that it is a part of any data recording system.
Personal Data Processing Inventory: Personal Data processing activities; The inventory created by associating the purposes of processing the Personal Data, the data category, the group of recipients transferred and the group of persons subject to the data and detailing the maximum period required for the purposes for which the Personal Data is processed, the Personal Data foreseen to be transferred and the measures taken regarding data security,
Personal Data Retention and Destruction Policy: This is the policy on which data controllers base the process of determining the maximum period required for the purpose for which Personal Data is processed, and the process of deletion, destruction and anonymization.
Periodic Destruction: In the event that all of the conditions for the processing of Personal Data in the Law disappear, the deletion, destruction or anonymization process specified in the Personal Data Retention and Destruction Policy and to be carried out ex officio at repeated intervals,
Relevant User: It refers to the persons who process Personal Data within the organization of the Data Controller or in accordance with the authority and instruction received from the Data Controller, except for the person or unit responsible for the technical storage, protection and backup of the Personal Data.
Regulation: Regulation on the Deletion, Destruction or Anonymization of Personal Data
VERBIS: Data Controllers’ Registry Information System
3.RECORDING ENVIRONMENTS
During the activities of our Company, personal data is collected from employees, employee candidates, customers, visitors and supplier employees and officials, and the personal data collected are stored in accordance with the relevant legal legislation in the environments shown below:
In order to publish, keep up to date and monitor the implementation of this Policy, our Company's Board of Directors; A KVK Committee will be established and authorized for all these issues. KVK Committee will consist of Human Resources Manager, Administrative Affairs Manager, Information Processing Manager. The KVK Committee fulfills the following duties and responsibilities;
5. REASONS THAT REQUIRE THE KEEPING DATA
The concept of processing personal data is defined in Article 3 of the Law, and the following principles are stipulated in Article 4 for processing of personal data
a) Compliance with the law and good faith.
b) Being true and up-to-date when necessary.
c) Processing for specific, explicit and legitimate purposes.
ç) Being connected, limited and measured with the purpose for which they are processed.
d) Keep for the period stipulated in the relevant legislation or required for the purpose for which they are processed.
In Articles 5 and 6 of the Law, the conditions for the processing of personal data are listed. Accordingly, within the framework of our Company's activities, personal data retention for the period stipulated in the relevant legislation or suitable for our processing purposes.
5.1. LEGAL REASONS
5.2. PROCESSING OBJECTIVES THAT REQUIRE SAFEKEEPING
Personal data held within our company is subject to our Law and Personal Data Policy (according to the relevant policy). According to “https://www.newbalance.com.tr/kisisel-verilerin-korunmasi/”, It is stored for the purposes and reasons stated herein.
6. TECHNICAL AND ADMINISTRATIVE MEASURES
OUR COMPANY takes all necessary technical and administrative measures in accordance with the relevant personal data and the characteristics of the environment in which it is kept in order to keep personal data safely and prevent unlawful processing and access.
This measures, including but not limited to these, cover the following administrative and technical measures to the extent appropriate to the natüre of the relevant personal data and the environment in which it is kept.
6.1. TECHNICAL MEASURES
Network security and application security are provided.
A closed system network is used for personal data transfers via the network.
Security measures are taken within the scope of procurement, development and maintenance of information technology systems.
The security of personal data stored in the cloud is ensured.
An authorization matrix has been created for employees.
Access logs are kept regularly.
Current anti-virus systems are used.
Firewalls are used.
Necessary security measures are taken regarding entry and exit to physical environments containing personal data.
The security of physical environments containing personal data against external risks (fire, flood, etc.) is ensured.
The security of environments containing personal data is ensured.
Personal data is reduced as much as possible.
Personal data is backed up and the security of the backed up personal data is also ensured.
User account management and authorization control system are implemented and these are also follow-up.
Existing risks and threats have been identified.
Intrusion detection and prevention systems are used.
Penetration test is applied.
Cyber security measures have been taken and their implementation is constantly followed.
Encryption is done.
6.2. ADMINISTRATIVE MEASURES
There are disciplinary regulations that include data security provisions for employees.
Training and awareness activities are carried out periodically for employees on data security.
Confidentiality commitments are made.
Corporate policies on access, information security, use, safe keeping and destruction have been prepared and started to be implemented.
The authorizations of employees who have change in duty or leave their job in this field are removed.
Personal data security policies and procedures have been determined.
Personal data security issues are reported quickly
Personal data security is follow-up.
Data processing service providers are audited periodically on data security.
Awareness of data processing service providers on data security is provided.
In-house periodic and/or random audits are conducted and made.
7. REASONS REQUIRING THE DISPOSAL OF DATA
Personal data safe keeping within our company delete, destroye or ex officio delete, destroye or anonymize by our company upon the request of the person concerned in the following cases
It is deleted, destroyed or ex officio deleted, destroyed or anonymized by our company upon the request of the relevant person.
7. METHODS OF DISPOSAL
7.1. DELETION OF DATA
It is the process of making Personal Data inaccessible and non-reusable for Relevant Users in any way.
Personal Data is located in Physical Media: Data in such media, whose storage period has expired, are rendered inaccessible and non-reusable in any way. In this context, the blackout method can be used on the relevant data. The blackout method is done by cutting the personal data on the relevant document when possible, and making it invisible to other users by using marking ink in a way that cannot be returned and read with technological solutions in cases where it is not possible.
Personal Data is located in Electronic Media: Data is located in such media whose storage period has expired, methods are used to deleting the data from the relevant software in a such way that cannot be recovered while deleting.
7.2. DESTRUCTION OF DATA/b>
It is the process of making Personal Data inaccessible, unrecoverable and unusable by anyone in any way.
The data is located in such media, whose storage period has expired, is destroyed by using the appropriate methods of physical destruction or overwriting.
Network Devices: It is destroyed by using the appropriate method of magnetizing, physical destruction, overwriting in switches, routers, etc
Flash-Based Media: Destroyed using the appropriate manufacturer's recommended methods or physical destruction or overwriting.
Sim Card and Fixed Memory Cards: Destroyed using the appropriate physical destruction or overwriting method.
Optical Discs: Destroyed by physical methods.
Printer with Fixed Data Recording Medium, Door Access Systems with Fingerprint: It is destroyed by using the appropriate method of physical destruction or overwriting.
Paper etc. Medium: Personal data in paper medium are destroyed using paper shredders.
7.3. ANONYMIZATION OF DATA
It is the process of rendering Personal Data unrelated to an identified or identifiable natural person under any circumstances, even if it is matched with other data. Anonymization is the removal or change of all direct and/or indirect identifiers in a data set, preventing the identification of the data subject from being identified, or losing its distinctiveness in a group or crowd in a way that cannot be associated with a natural person. As a result of blocking or losing these features, data that does not point to a specific person is considered anonymized data. All of the bond breaking processes carried out by methods such as automatic or non-automatic grouping, masking, derivation, generalization, randomization applied to the records in the data recording system where Personal Data is kept are called anonymization methods. It is based on researching whether there is a risk of reversing the anonymized Personal Data with various interventions and transforming the anonymized data into re-identifying and distinguishing real persons, and taking action accordingly.
8. DATA RETENTION PERIOD WITHIN THE SCOPE OF THE RELEVANT LEGISLATION
Retention periods are determined for all Personal Data stored within our company. When determining the retention periods, firstly the relevant legislation, if there is no period stipulated by the relevant legislation, the period required for the purpose of processing Personal Data is taken into account. Relevant periods are included in the Personal Data Inventory and Data Controllers’ Registry Information System.
The Personal Data mentioned in the Personal Data Processing Inventory are stored in accordance with the legal regulations in the table below and are destroyed on the first periodic destruction date following the storage period, unless there is any legal situation that interrupts or stops the statute of limitations.
Data Category |
Data Retention Period |
1- Identity |
Legal relationship+ 20 Years |
2- Contact |
Legal relationship+ 20 Years |
3- Location |
Termination of the labor contract + 10 years |
4- Personnel Information |
Termination of the labor contract + 10 years |
5- Legal Transaction |
Until the finalization of the relevant court decision or the expiration of time limit |
6- Customer Transaction |
Legal relationship+ 10 Years |
7- Security of Physical Environment |
1 Month |
8- Process Security |
Until the termination of the labor contract |
9- Risk Management |
Legal relationship+ 10 Years |
10- Finance |
Legal relationship+ 10 Years |
11- Work Experience |
Termination of the labor contract + 10 years |
12- Marketing |
Final treatment + 10 years |
13- Visual and Auditory Records |
1 Mont |
14- Association Membership |
Termination of the labor contract + 10 years |
15- Foundation Membership |
Termination of the labor contract + 10 years |
16- Union membership |
Termination of the labor contract + 10 years |
17- Health Informations |
Termination of the labor contract + 10 years |
18- Criminal Conviction and Security Measures |
Termination of the labor contract + 10 years |
19- Biometric Data |
Until the termination of the employment contract or the relevant authorization |
20- Domain Knowledge |
In case of a negative result of the application, until the destruction period, the termination of the employment contract + 10 years |
21- Insurance Details |
Termination of the labor contract + 10 years |
22- Family Members and Close Information |
Termination of the labor contract + 10 years |
23- License Plate and Vehicle Licence Information |
Termination of the labor contract + 10 years |
24- Working Candidate Information |
Termination of the labor contract + 10 years |
25- Reference Informations and Evaluations |
Termination of the labor contract + 10 years |
Request/Complaint Information |
Termination of the labor contract + 10 years |
9. PERIODIC DESTRUCTION TIME
Pursuant to Article 11 of the Regulation, our Company has determined the period of periodic destruction as 6 months.[UKA1] belirlemiştir.
When the apply to our Company and request the deletion or destruction of their personal data, the relevant request is evaluated according to whether the conditions for processing personal data have been lifted. If the processing conditions for personal data are completely eliminated, our Company deletes, destroys or anonymizes the personal data subject to the request. If the processing conditions of personal data are not completely eliminated, the relevant request is rejected by explaining the reason. In any case, requests are finalized within 30 days and notified to the relevant person.
All transactions regarding the deletion, destruction and anonymization of Personal Data are recorded and these records are kept for at least 3 (three) years, excluding other legal obligations.
10. UPDATE PERIOD OF POLICY
The policy is reviewed by the PDP Committee as needed and the necessary sections are updated.
11. ENFORCEMENT OF THE POLICY
This Policy is deemed to have entered into force after its publication on our Company's website. It is considered valid and binding as of this date