PERSONAL DATA PROTECTION INFORMATION NOTICE
1. GENERAL PRINCIPLES
1.1. The Seller/Provider shall process the personal data within the scope of this agreement solely for the purpose of providing the Product/Service, in a limited manner, and in accordance with the Law No. 6698 on the Protection of Personal Data (“KVKK”), secondary legislation, and the decisions of the Personal Data Protection Board. The Seller/Provider accepts, declares, and undertakes that it shall not process the Buyer’s personal data other than the personal data accessed via the Platform, and that it shall not contact the Buyer externally by means other than the methods provided through the Platform.
1.2. The Buyer accepts, declares, and undertakes that they are responsible for verifying that the personal data provided within the scope of this Agreement are accurate, complete, and up to date; for not sharing such information with third parties; for taking the necessary measures, including those against viruses and similar harmful applications, to prevent access by unauthorized persons; and for ensuring the security of such personal data. Otherwise, the Buyer shall be personally liable for any damages arising therefrom and for any claims made by third parties.
1.3. With respect to all information and content belonging to the Platform, as well as their arrangement, revision, and partial or full use; except for those belonging to other third parties pursuant to the agreement of the Seller/Provider; all intellectual and industrial property rights and ownership rights belong to the Platform Operator and the intermediary service provider.
1.4. The SELLER/PROVIDER and the INTERMEDIARY SERVICE PROVIDER are obliged to take all necessary administrative and technical measures to protect the confidentiality of all personal and commercial information shared by the BUYER within the scope of this Agreement.
ARTICLE 2 – DATA CONTROLLERSHIP STRUCTURE
2.1. Central Data Controllership
2.1.1. Due to the central data structure of the Platform, SAWAFTECH is the data controller within the scope of the Law No. 6698 on the Protection of Personal Data (“KVKK”).
Purposes of Processing Personal Data
The personal data of the CONSUMER/BUYER are processed for the following purposes:
• Establishment and performance of the distance sales contract,
• Execution of product delivery,
• Provision of assembly and installation services,
• Issuance of invoices and fulfillment of legal obligations,
• Execution of customer service and support processes,
• Execution of withdrawal right and return procedures,
• Provision of warranty and after-sales services,
• Fulfillment of legal data retention obligations.
2.1.2. SELLERS and DESIGNERS act as data processors on behalf of and in accordance with the instructions of SAWAFTECH.
|
Party |
Status |
Authority |
Responsibility |
|
SAWAFTECH |
Data Controller |
Processing, storage, deletion of all data |
Full responsibility under KVKK |
|
SELLER |
Data Processor |
Access to order data via the Platform |
Compliance with SAWAFTECH instructions |
|
DESIGNER / PROVIDER |
Data Processor |
Access to project data via the Platform |
Compliance with SAWAFTECH instructions |
2.1.3. Distribution of Data Controllership
2.2. Data Processor Status
2.2.1. Data Processor Position of the SELLER:
• The SELLER accesses customer order data only via the Platform.
• The SELLER may not transfer, copy, or download customer data to its own systems.
• The SELLER may view data solely for the purpose of order fulfillment.
• The SELLER may not contact the customer outside the Platform.
2.2.2. Data Processor Position of the DESIGNER/PROVIDER:
• The DESIGNER accesses project data only via the Platform.
• The DESIGNER may not transfer, copy, or download venue visuals and design files to its own systems.
• The DESIGNER may view data solely for the purpose of performing the design service.
• The DESIGNER may not contact the customer outside the Platform.
• All customer–designer communications take place via the Platform’s messaging system.
2.2.3. Obligations of Data Processors:
As data processors, the SELLER and the DESIGNER accept and undertake that they shall:
• Not process data outside the written instructions of SAWAFTECH,
• Protect the confidentiality of the data,
• Immediately notify SAWAFTECH in the event of a data security breach,
• Acknowledge that access authorization shall be automatically revoked upon termination of Platform membership,
• Act in compliance with KVKK and the relevant legislation.
ARTICLE 3 – PROCESSED PERSONAL DATA
3.1. Data Categories
3.1.1. Personal data categories processed by SAWAFTECH:
|
Category |
Data Types |
|
Identity Data |
Name, surname |
|
Contact Data |
E-mail, phone number, address |
|
Account Data |
Username, password (hash), profile photo |
|
Financial Data |
Invoice details, IBAN (for designers) |
|
Visual Data |
Space photos, drawings, design files |
|
Transaction Data |
Order history, design requests |
|
Communication Contents |
In-platform messages |
|
Evaluation Data |
Reviews, ratings, review visuals |
|
Technical Data |
IP address, device information, log records |
|
Cookie Data |
Session cookies, preference cookies |
3.2. Design Tool Data
3.2.1. Data processed when the Design Tool within the Platform is used:
|
Data Type |
Description |
Storage Location |
|
Space Visuals |
Room/space photos uploaded by the user |
SAWAFTECH servers |
|
Design Drawings |
Designs created through simulations |
SAWAFTECH servers |
|
Design Preferences |
Style, color, material selections |
SAWAFTECH servers |
|
Product Placements |
Placement of purchased products in the space |
SAWAFTECH servers |
|
Interaction Data |
Simulation tool usage history, commands |
SAWAFTECH servers |
3.2.2. Design Tool Privacy Guarantees:
SAWAFTECH guarantees that the space visuals uploaded to the Simulation Design Tool:
• Will be accessible only by the relevant USER,
• Will not be shared with third parties without the USER’s explicit consent,
• Will not be used in design training without the USER’s explicit consent,
• Will not be used for marketing purposes without the USER’s explicit consent,
• Will be deleted immediately upon the USER’s request.
3.3. Design Service Data
3.3.1. When the user requests a design service via the Platform:
|
Data Type |
Access Authority |
Storage Location |
|
Space visuals |
USER + Selected DESIGNER |
SAWAFTECH servers |
|
Design request details |
USER + Selected DESIGNER |
SAWAFTECH servers |
|
Messaging contents |
USER + Selected DESIGNER |
SAWAFTECH servers |
|
Design outputs |
USER + Selected DESIGNER |
SAWAFTECH servers |
|
Payment information |
SAWAFTECH only |
SAWAFTECH servers |
3.3.2. DESIGNER Access Restrictions:
• The DESIGNER may access only the data of the projects assigned to them. The DESIGNER may access the USER’s personal contact information (phone, e-mail, address) upon accepting the project. All communication takes place via the Platform messaging system.
• The DESIGNER may not transfer project data outside the Platform.
• Upon completion or cancellation of the project, the DESIGNER’s access authorization ends.
3.4. Order Data
3.4.1. When the user purchases products via the Platform:
|
Data Type |
Access Authority |
Storage Location |
|
Order details |
USER + Relevant SELLER |
SAWAFTECH servers |
|
Delivery address |
USER + Relevant SELLER + Cargo |
SAWAFTECH servers |
|
Invoice information |
USER + Relevant SELLER |
SAWAFTECH servers |
|
Payment information |
SAWAFTECH only + Payment institution |
SAWAFTECH servers |
3.4.2. SELLER Access Restrictions:
• The SELLER may access only the data of orders placed from its own store. The SELLER accesses the minimum data required for order fulfillment only. The SELLER may not transfer, download, or copy data outside the Platform. The SELLER may not contact the USER outside the Platform.
ARTICLE 4 – PURPOSES OF DATA PROCESSING AND LEGAL GROUNDS
4.1. Processing Purposes and Legal Grounds
|
Purpose |
Data Categories |
Legal Ground |
|
Membership and account management |
Identity, contact, account |
KVKK Art. 5/2-c (Contract) |
|
Product sales transactions |
Identity, contact, financial, transaction |
KVKK Art. 5/2-c (Contract) |
|
Provision of design services |
Identity, visual, communication contents |
KVKK Art. 5/2-c (Contract) |
|
Design Tool service |
Visual, design preferences |
KVKK Art. 5/2-c (Contract) |
|
Payment transactions |
Financial |
KVKK Art. 5/2-c (Contract) |
|
Invoice issuance |
Identity, contact, financial |
KVKK Art. 5/2-ç (Legal obligation) |
|
Statutory record keeping |
All transaction data |
KVKK Art. 5/2-ç (Legal obligation) |
|
Customer services |
Identity, contact, transaction |
KVKK Art. 5/2-c (Contract) |
|
Platform security |
Technical, transaction |
KVKK Art. 5/2-f (Legitimate interest) |
|
Evaluation system |
Evaluation, visual |
KVKK Art. 5/2-f (Legitimate interest) |
|
Marketing and campaigns |
Identity, contact |
KVKK Art. 5/1 (Explicit consent) |
|
Design model development |
Visual, design preferences |
KVKK Art. 5/1 (Explicit consent) |
4.2. Processing Requiring Explicit Consent
The USER’s explicit consent is required for the following activities:
• Sending commercial electronic messages,
• Using design outputs in Platform promotions,
• Processing profile and usage data for analytical purposes,
• Sharing data with third-party advertising partners.
ARTICLE 5 – DATA SHARING
5.1. In-Platform Data Sharing
5.1.1. SAWAFTECH shares the minimum data required for service performance within the Platform:
|
Sharing |
Purpose |
Shared Data |
Restrictions |
|
USER → SELLER |
Order fulfillment |
Name, delivery address, order details |
Access via Platform only, downloading prohibited |
|
USER → DESIGNER |
Design service |
Space visuals, design requests |
Access via Platform only, downloading prohibited |
|
USER → CARGO |
Delivery |
Name, delivery address, phone number |
Via SELLER |
5.1.2. In-Platform Sharing Principles:
• Data is shared solely within the scope of the relevant transaction. Sharing ends upon completion or cancellation of the transaction. SELLERS and DESIGNERS may not transfer data outside the Platform. All accesses are logged and auditable.
5.2. Data Sharing with Third Parties
5.2.1. SAWAFTECH may share data with the following third parties:
|
Third Party |
Purpose |
Shared Data |
Legal Ground |
|
Payment institutions |
Payment processing |
Payment information |
Contract |
|
Cargo companies |
Delivery |
Delivery address, recipient details |
Contract |
|
Cloud infrastructure providers |
Data storage |
All data (encrypted) |
Legitimate interest |
|
E-mail service providers |
Sending notifications |
E-mail address |
Contract |
|
Analytics services |
Platform analytics |
Anonymous usage data |
Explicit consent |
|
Public authorities |
Legal obligation |
Requested data |
Legal obligation |
5.2.2. SAWAFTECH enters into data processor agreements with third-party service providers pursuant to KVKK Art. 12.
5.3. Prohibition of Data Transfer
5.3.1. The following actions are strictly prohibited:
• SELLER or DESIGNER transferring data outside the Platform,
• SELLER or DESIGNER storing data in their own systems,
• SELLER or DESIGNER contacting the USER outside the Platform,
• Selling USER data to third parties for marketing purposes without explicit consent.
5.3.2. Any SELLER or DESIGNER acting in violation of this prohibition:
• Shall be permanently removed from the Platform,
• Shall have all access authorizations immediately revoked,
• Shall be subject to legal proceedings and liable for compensation of damages incurred.
ARTICLE 6 – DATA RETENTION PERIODS
6.1. Retention Periods Table
|
Data Category |
Retention Period |
Legal Basis |
|
Account and membership data |
During membership + 10 years |
TCC Art. 82 |
|
Order and invoice data |
10 years |
TCC Art. 82, Tax Procedure Law |
|
Design Tool data |
Until deleted by the user or 6 months after account closure |
Contract |
|
Design project data |
1 year from project completion |
Statute of limitations |
|
Messaging records |
3 years |
Legitimate interest |
|
Log records |
2 years |
Law No. 5651 |
|
Reviews and evaluations |
Until deleted by the user or 1 year after account closure |
Legitimate interest |
|
Marketing consents |
Until consent is withdrawn |
Explicit consent |
6.2. After the Retention Period
Upon expiration of the retention period, data:
• Is anonymized or securely deleted/destroyed. Deletion is irreversible, and access to deleted data is not possible.
ARTICLE 7 – USER RIGHTS
7.1. Rights under the KVKK
The USER has the following rights pursuant to KVKK Art. 11:
|
Right |
Description |
|
Right to Information |
To learn whether personal data is processed |
|
Right of Access |
To access processed personal data |
|
Right to Rectification |
To request correction of incorrect or incomplete data |
|
Right to Erasure |
To request deletion where the conditions of KVKK Art. 7 are met |
|
Information on Transfers |
To learn third parties to whom data is transferred |
|
Right to Object |
To object to outcomes arising from analysis exclusively by automated systems |
|
Right to Compensation |
To request compensation for damages arising from unlawful processing |
The USER also has the right to:
• Learn whether personal data is processed,
• Request information if personal data has been processed,
• Learn the purpose of processing and whether data is used in accordance with such purpose,
• Know third parties to whom personal data is transferred domestically or abroad,
• Request correction of incomplete or inaccurate personal data,
• Request deletion or destruction of personal data within the framework of KVKK Art. 7,
• Request notification of correction, deletion, or destruction to third parties to whom personal data has been transferred,
• Object to results against the USER arising from analysis exclusively through automated systems,
• Request compensation for damages incurred due to unlawful processing of personal data.
7.2. Special Rights Regarding Design Service Visuals
With respect to Space Visuals shared within the scope of the Design Service, the CONSUMER additionally has the right to:
• View which visuals are stored and obtain a copy,
• Request immediate deletion of the visuals,
• Withdraw reference usage consent at any time,
• Request editing/blurring of the visuals,
• Learn with whom the visuals have been shared.
7.3. Special Rights Regarding Review Visuals
With respect to Review Visuals shared by the CONSUMER, the CONSUMER has the right to:
• Request removal of the review and visuals,
• Request editing of visuals (blurring, cropping, etc.),
• Request anonymization of the review,
• Object to the use of visuals in advertising/marketing.
7.4. The CONSUMER may submit requests regarding these rights in writing or through other methods determined by the Personal Data Protection Board to the SELLER.
7.5. The SELLER shall finalize applications within a maximum of 30 (thirty) days. Visual deletion requests shall be fulfilled within the following periods:
• Design Service Space Visuals: 7 business days
• Review Visuals: 5 business days
• Visuals used as references: 7 business days
ARTICLE 7.6 – METHOD OF EXERCISING RIGHTS
Application Methods
|
Method |
Address / Information |
|
|
Info@decorwidgets.com |
|
Postal Mail |
[Başakşehir Mah. Toros Cad. Arterium Avc. No: 1 Interior Door No: 47 Başakşehir/ISTANBUL] |
|
Platform |
Account Settings > Privacy > KVKK Requests |
|
Notary Public |
Where identity verification is required |
Application Process:
• Applications are processed after identity verification.
• SAWAFTECH finalizes the application within 30 days at the latest.
• The process is free of charge; however, a fee may be charged in cases determined by the Board.
• The result of the application is notified in writing or electronically.
7.6. Platform-Based Data Management
The USER may directly perform the following actions via the Platform:
|
Action |
Path |
|
Update profile information |
My Account > Profile |
|
Change communication preferences |
My Account > Notifications |
|
Delete AI Design data |
My Designs > Delete |
|
Delete reviews |
My Reviews > Delete |
|
Close account |
My Account > Close Account |
|
Download data |
My Account > Download My Data |
ARTICLE 8 – PROCESSING OF SPACE VISUALS AS PERSONAL DATA
8.1. Assessment as Sensitive Personal Data
Space Visuals belonging to the CONSUMER’s living spaces contain information related to private life; therefore, they are considered sensitive data within the scope of the KVKK and are subject to special protection measures.
8.2. Purposes of Processing Space Visuals
|
Purpose |
Description |
Legal Basis |
|
Product Simulation |
Digitally displaying how the purchased/to-be-purchased product will appear in the CONSUMER’s space |
Performance of contract (KVKK Art. 5/2-c) |
|
Design Recommendation |
Providing product and color recommendations suitable for the CONSUMER’s space |
Performance of contract (KVKK Art. 5/2-c) |
|
Measurement Determination |
Determining space measurements for custom production |
Performance of contract (KVKK Art. 5/2-c) |
|
Installation Planning |
Planning product installation and technical assessment |
Performance of contract (KVKK Art. 5/2-c) |
|
Reference / Portfolio |
Use on website, social media, or promotional materials |
Explicit consent (KVKK Art. 5/1) |
|
Marketing |
Use in advertising and marketing activities |
Explicit consent (KVKK Art. 5/1) |
8.3. Processing Requiring Explicit Consent
The CONSUMER’s separate and explicit consent is mandatory for the following:
• Publishing Space Visuals on the website,
• Sharing on social media accounts,
• Use in catalogs, brochures, or promotional materials,
• Transfer to third parties (designer, architect, etc.),
• Use in advertising campaigns,
• Sharing with press and media outlets.
8.4. Method of Obtaining Consent
• Consent for reference use is obtained via a separate form independent of the main contract.
• The consent text must be clear, understandable, and specific.
• Consent cannot be made a precondition for the provision of the service.
• If the CONSUMER does not give consent, the contract terms remain unchanged.
8.5. Legal Basis for Processing Personal Data
Personal data is processed based on the following legal grounds under KVKK Art. 5:
• Being directly related to the establishment or performance of a contract (KVKK Art. 5/2-c),
• Fulfillment of the data controller’s legal obligation (KVKK Art. 5/2-ç),
• Legitimate interest of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject (KVKK Art. 5/2-f),
• Explicit consent of the CONSUMER (for reference use of Space Visuals and marketing activities).
8.6. Retention Period of Personal Data
Personal data belonging to the CONSUMER is retained for the period required by the purposes of processing and within the framework of statutory retention obligations.
Statutory retention periods:
|
Data Type |
Retention Period |
Legal Basis |
|
Invoices and financial documents |
5 years |
Tax Procedure Law |
|
Consumer transaction records |
3 years |
Distance Sales Regulation Art. 16 |
|
Electronic records |
3 years |
E-Commerce Law |
|
Space Visuals |
6 months |
End of processing purpose |
|
Space Visuals (Reference use) |
Until consent is withdrawn |
Explicit consent |
8.7. Upon expiration of the retention period, personal data is deleted, destroyed, or anonymized in accordance with the KVKK and relevant legislation.
TRANSFER OF PERSONAL DATA
The CONSUMER’s personal data may be transferred to the following parties where necessary for the performance of the contract:
• Cargo and logistics companies (for delivery),
• Banks and payment institutions (for payment transactions),
• Installation and technical service teams (for installation services),
• Authorized public institutions and organizations (where legally required),
• Accounting and financial consultancy service providers.
Transfer of Space Visuals:
• Space Visuals may not be transferred to any third party without the CONSUMER’s explicit written consent.
• Where transfer to a design partner, interior architect, or manufacturing company is required, separate consent shall be obtained.
• The parties to whom the transfer will be made and the purpose of the transfer shall be clearly notified to the CONSUMER.
In the event of cross-border data transfer, the provisions of Article 9 of the KVKK shall be complied with.
9. PROCESSING OF CONSUMER REVIEWS AND REVIEW VISUALS
9.1. Nature of Review Visuals as Personal Data
Review Visuals shared by the CONSUMER within the scope of product evaluations may constitute personal data if they reflect the CONSUMER’s living space or the environment in which the product is used.
9.2. Purposes of Processing Review Visuals
|
Purpose |
Description |
Legal Basis |
|
Publication of Reviews |
Publishing reviews and visuals on the website to inform other consumers |
Legitimate interest (KVKK Art. 5/2-f) + Implied consent |
|
Quality Improvement |
Improving product and service quality |
Legitimate interest (KVKK Art. 5/2-f) |
|
Marketing |
Use of review visuals in advertising and promotions |
Explicit consent (KVKK Art. 5/1) or License of Use |
9.3. Implied Consent for Review Visuals
By uploading visuals to the Review and Evaluation System, the CONSUMER is deemed to have given implied consent to:
• Publication of such visuals on the website/application,
• Display together with a username/nickname,
• Viewing by other consumers.
9.4. Situations Requiring Explicit Consent for Review Visuals
The CONSUMER’s separate explicit consent is required for the following uses:
• Use of review visuals in TV advertisements,
• Publication in printed media (newspapers, magazines, billboards),
• Use in paid social media advertisements.
9.5. Protection of Third Parties in Review Visuals
• The SELLER checks whether recognizable images of third parties are present in Review Visuals.
• If third-party images are detected, the visual is not published and the CONSUMER is requested to make corrections.
• Upon complaint, visuals containing third parties are immediately removed.
ARTICLE 10 – COOKIES
The website/mobile application belonging to the Intermediary Service Provider / Platform Owner uses cookie technology to enhance the CONSUMER’s user experience and improve service quality. Cookies are small text files placed on the user’s device when the website is visited.
10.1. Types of Cookies
|
Type |
Purpose |
Duration |
Mandatory |
|
Session Cookies |
Login status |
Session |
Yes |
|
Security Cookies |
CSRF protection |
Session |
Yes |
|
Functional Cookies |
Language, theme preferences |
1 year |
No |
|
Cart Cookies |
Shopping cart |
30 days |
Partially |
|
Analytics Cookies |
Usage analysis |
2 years |
No |
|
Advertising Cookies |
Personalized advertising |
1 year |
No |
Types of Cookies Used
10.1.1. Mandatory Cookies:
• Required for the basic functions of the site to operate.
• Provide core functions such as shopping cart and session management.
• Do not require explicit consent.
10.1.2. Functional Cookies:
• Remember user settings such as language preference and location information.
• Personalize the user experience.
10.1.3. Performance/Analytics Cookies:
• Collect site visit statistics.
• Help measure site performance.
• Collect anonymous data.
10.1.4. Marketing/Advertising Cookies:
• Enable the display of advertisements tailored to user interests.
• Are used to measure advertising effectiveness.
• Require explicit consent.
10.2. Cookie Preferences
The CONSUMER has the right to accept or reject cookies other than mandatory cookies. The CONSUMER may manage, delete, or block cookies through browser settings.
• If cookies are blocked, some features of the site may not function properly.
• A cookie preference screen is displayed upon first access to the Platform.
• You have the right not to accept non-mandatory cookies.
• You may change your preferences at any time via “Cookie Settings.”
• You may delete or block cookies through browser settings.
ARTICLE 11 – COMMERCIAL ELECTRONIC COMMUNICATION
Commercial Communication Consent
This text has been prepared in order to obtain your explicit consent pursuant to the Law No. 6563 on the Regulation of Electronic Commerce (“ETK”) and the relevant legislation, as well as the Law No. 6698 on the Protection of Personal Data (“KVKK”).
1. Data Controller and Service Provider
SAWAFTECH BİLİŞİM TEKNOLOJİLERİ TİCARET LİMİTED ŞİRKETİ
Address: Başakşehir Mah. Toros Cad. Arterium Avc. No: 1 Interior Door No: 47 Başakşehir / ISTANBUL
E-mail: Info@decorwidgets.com
Subject and Scope of Consent
By accepting this text (or the relevant consent checkbox), you grant permission for your communication data (e-mail address, phone number) provided via www.decorwidgets.com to be processed within the scope of marketing activities related to the services offered by De Jure, and for commercial electronic communications to be sent to you for this purpose.
11.1.1. The INTERMEDIARY SERVICE PROVIDER shall not send commercial electronic communications (SMS, e-mail, calls, etc.) without the CONSUMER’s explicit consent.
11.1.2. Consent for commercial electronic communications may not be asserted as a prerequisite for the provision of goods or services.
11.1.3. If the CONSUMER agrees to receive commercial electronic communications, information may be provided regarding the following:
• Campaigns and discounts,
• New product announcements,
• Special offers,
• Loyalty programs.
These communications will be sent through the communication channels you have consented to (E-mail, SMS, Phone Call and/or in-platform notifications).
11.2. Right to Opt Out of Commercial Communications
11.2.1. The CONSUMER may terminate receiving commercial electronic communications at any time.
11.2.2. To submit an opt-out notice, the CONSUMER may:
• Use the “Unsubscribe” link included in e-mails,
• Send the opt-out code specified in SMS messages,
• Contact customer services,
• Submit an opt-out request via the IYS (Message Management System).
11.2.3. The INTERMEDIARY SERVICE PROVIDER shall cease sending commercial electronic communications within 3 (three) business days from the date it receives the opt-out notice.
11.3. Message Management System (IYS)
11.3.1. The INTERMEDIARY SERVICE PROVIDER is obliged to register commercial electronic communication consents with the Message Management System (IYS).
11.3.2. The CONSUMER may manage consent and opt-out preferences via the IYS (iys.org.tr).
