Ana içeriğe geç

PDPA Privacy Notice

Last updated: March 27, 2026

1. Data Controller

In accordance with Law No. 6698 on the Protection of Personal Data ("PDPA"), your personal data may be processed by Deristok as the data controller within the scope described below.

2. Personal Data Processed

  • Identity Information: Name, surname, Turkish ID number (for corporate memberships)

  • Contact Information: Email address, phone number, address

  • Financial Information: Order and payment information, invoice information

  • Transaction Security: IP address, session information, browser information

  • Marketing: Cookie data, site usage statistics (with your consent)

3. Purposes of Processing Personal Data

  • Membership and account management

  • Processing orders and payments

  • Providing customer service and support

  • Fulfilling legal obligations

  • Marketing and campaign notifications (in accordance with your explicit consent)

  • Creating anonymous price index (does not contain personal data, for statistical purposes)

  • Ensuring site security and fraud prevention

4. Transfer of Personal Data

Your personal data may be shared with payment institutions (PayTR), cargo companies, and authorized public institutions and organizations within the scope of legal obligations. Your data is not transferred abroad.

5. Data Storage and Security

  • Your data is stored on servers located in Turkey

  • Database-level access control is implemented using Supabase Row Level Security (RLS)

  • Data transmission is secured with SSL/TLS encryption

  • Service continuity is ensured with Cloudflare DDoS protection

  • Regular security audits are conducted

6. Your Rights (PDPA Article 11)

You have the following rights under Article 11 of the PDPA:

  • Learning whether your personal data is being processed

  • Requesting information about it if it is being processed

  • Learning the purpose of processing and whether it is used in accordance with that purpose

  • Knowing the third parties to whom it is transferred domestically or abroad

  • Requesting correction if it is incomplete or incorrectly processed

  • Requesting deletion or destruction under PDPA Article 7

  • Requesting data portability (export in JSON format)

  • Objecting to a result being produced against you through exclusively automated systems analysis

7. How to Exercise Your Rights

  • Data Export: You can download your data in JSON format from My Account → Privacy Settings page

  • Account Deletion Request: You can submit a data deletion request from My Account → Privacy Settings page

  • Consent Management: You can update your marketing and cookie preferences at any time

  • Contact: You can contact kvkk@deristok.com

8. Cookie Policy

For detailed information about cookies used on our website and options to manage your preferences, please visit our Cookie Policy page.

9. Anonymous Price Data Usage

Product prices on the platform are processed anonymously and in aggregate by category to create the Leather Price Index. In this process:

  • No seller or buyer information is included in the price index data

  • Statistics are calculated only for categories with at least 3 products (k-anonymity)

  • Data is stored only as average, minimum, maximum, and median

  • This data may be made publicly available for B2B market analysis purposes