1. Introduction
At ATABAŞ GRUP, we are committed to protecting the privacy and security of personal data in compliance with the General Data Protection Regulation (GDPR) (EU) 2016/679 and other relevant data protection laws. Our mission is to ensure that all personal data collected, processed, and stored by us is handled with the highest level of integrity, security, and transparency.
This Personal Data Protection & GDPR Compliance Policy outlines how ATABAŞ GRUP collects, uses, stores, and safeguards personal data while ensuring full compliance with applicable regulations.
2. Scope of This Policy
This policy applies to:
✅ All customers, business partners, suppliers, and website visitors who provide personal data to ATABAŞ GRUP.
✅ All employees, contractors, and third-party service providers processing personal data on behalf of ATABAŞ GRUP.
✅ Any data collected through our website, mobile applications, email communications, business transactions, and marketing activities.
3. Personal Data We Collect
We may collect and process different types of personal data, including but not limited to:
- Identification Data (Name, Surname, ID or passport numbers)
- Contact Information (Phone number, email, mailing address)
- Business & Financial Data (Company details, VAT/tax identification numbers, bank account information)
- Transaction Data (Orders, payments, purchase history)
- Website Usage Data (IP address, cookies, browsing behavior, preferences)
- Communication Data (Emails, support tickets, feedback, and customer inquiries)
4. Purpose of Data Processing
ATABAŞ GRUP processes personal data only for legitimate business purposes in accordance with GDPR Article 6. Our purposes include:
🔹 Providing Services: Managing orders, contracts, payments, and deliveries.
🔹 Customer Communication: Responding to inquiries, providing support, and resolving issues.
🔹 Legal & Compliance Obligations: Complying with tax, regulatory, and legal requirements.
🔹 Security & Fraud Prevention: Protecting against fraud, cyber threats, and unauthorized access.
🔹 Marketing & Analytics: Sending updates, offers, and promotional content (with user consent).
We ensure that all processing activities are lawful, fair, and transparent while minimizing data collection to only what is necessary.
5. Legal Basis for Processing Personal Data
Under GDPR, we process personal data based on one or more of the following legal grounds:
✅ Consent – When individuals give explicit permission (e.g., for marketing).
✅ Contractual Necessity – When processing is required to fulfill a contract.
✅ Legal Obligations – When required by laws, such as tax or regulatory compliance.
✅ Legitimate Interests – When processing is necessary for business operations without overriding individual rights.
6. Data Sharing & Third Parties
We may share personal data with authorized third parties strictly for operational and legal purposes, including:
🔹 Service Providers: IT support, payment processors, logistics partners, and cloud storage providers.
🔹 Regulatory Authorities: Government bodies and law enforcement, if legally required.
🔹 Business Partners: For contractual obligations in supply chain operations.
ATABAŞ GRUP ensures that all third-party partners comply with GDPR and maintain strict data security standards.
7. International Data Transfers
If personal data is transferred outside the European Economic Area (EEA), we ensure:
✔ Transfers are made only to countries with adequate data protection laws.
✔ Standard EU-approved contractual clauses are in place to protect data.
✔ All necessary security measures are applied to prevent unauthorized access.
8. Data Retention Policy
We retain personal data only for as long as necessary to fulfill the purposes outlined in this policy. Data retention periods include:
- Customer & Transaction Records: Retained for up to 7 years (legal requirement).
- Marketing Data: Stored until consent is withdrawn.
- Website Logs & Cookies: Automatically deleted after 12 months.
Once data is no longer needed, it is securely deleted or anonymized.
9. Data Subject Rights (GDPR Rights)
As per GDPR, individuals have the following rights regarding their personal data:
🛡 Right to Access: Request a copy of the personal data we hold.
🛡 Right to Rectification: Correct any inaccurate or incomplete data.
🛡 Right to Erasure (Right to be Forgotten): Request deletion of personal data.
🛡 Right to Restrict Processing: Limit how data is processed in certain cases.
🛡 Right to Data Portability: Request data transfer to another organization.
🛡 Right to Object: Object to data processing for direct marketing purposes.
🛡 Right to Withdraw Consent: Withdraw consent for data processing at any time.
To exercise any of these rights, individuals can contact us at info@atabas.com.tr.
10. Data Security & Protection Measures
ATABAŞ GRUP implements robust security measures to protect personal data from loss, unauthorized access, and cyber threats. Our security practices include:
✔ Encryption & Secure Storage: Data is encrypted during transmission and stored securely.
✔ Access Control: Only authorized personnel have access to sensitive data.
✔ Regular Security Audits: Routine audits to identify and mitigate vulnerabilities.
✔ GDPR Compliance Training: Employees are trained on data protection policies.
11. Cookies & Website Tracking
Our website uses cookies and tracking technologies to enhance user experience. By visiting our site, users can accept, decline, or customize their cookie preferences.
For details on cookie usage, refer to our Cookie Policy (EU) page.
12. Updates to This Policy
We may periodically update this GDPR policy to reflect legal, regulatory, or operational changes. The latest version will always be available on our website.
📅 Last Updated: [Insert Date]
13. Contact & Data Protection Officer (DPO)
For questions or concerns regarding personal data protection, please contact:
📩 Email: info@atabas.com.tr
📞 Phone: +90 532 065 99 52
📍 Address: Küplüce Mahallesi Atlas Çiçeği Sokak No: 26/1 Üsküdar İstanbul Türkiye
If you believe your data rights have been violated, you have the right to file a complaint with the relevant Data Protection Authority (DPA) in your jurisdiction.