Orijinal Etiket Teknoloji
Other Labels
Blank Labels
Citrus Fruit Tag Labels
Citrus Fruit Minty Labels
Fish and SeaFood Labels
Car Tie Labels
Sectors
Blog
Contact
Request Sample
en
Privacy Policy

1. Identity of the Data Controller

Orijinal Etiket Teknoloji San. ve Tic. Ltd. Şti. ("Company") acts as the Data Controller within the scope of Law No. 6698 on the Protection of Personal Data (KVKK) and carries out all personal data processing activities in accordance with applicable legislation.

2. Collection and Purposes of Processing Personal Data

The following categories of personal data are collected electronically and processed for the purposes described in this Notice:

  • Identity and contact information you provide when using the "e-mail list" and/or "contact" forms on our Website,
  • Online identifiers, log records, and cookie data generated during your visit and browsing activities on the Website.

Your personal data may be processed for the following purposes:

  • Providing and improving the Company's services,
  • Delivering after-sales support services,
  • Enhancing customer satisfaction,
  • Evaluating and responding to complaints and suggestions,
  • Conducting statistical analyses,
  • Complying with legal and regulatory requirements,
  • Providing information requested by authorized public authorities,
  • Ensuring data security.

If you provide explicit consent, your identity and contact details may also be processed for marketing communications, promotional activities, and newsletter distribution.

Personal data will not be processed for purposes other than those specified in this Notice.

3. Transfer of Personal Data

Personal data may be transferred—limited to the purposes stated in Section 2 and in accordance with the Law—to:

  • Regulatory and supervisory public authorities (e.g., BTK, TÜİK, courts, banks),
  • Independent auditors,
  • Service providers offering software and hardware support,
  • Legally authorized private persons (e.g., attorneys).

Because the Company's Website servers are located abroad, personal data obtained through the Website will be transferred abroad based on your explicit consent, in line with Article 9 of the Law.

4. Rights of the Data Subject

Pursuant to Article 11 of the KVKK, you have the following rights:

  • To learn whether your personal data is processed,
  • To request information regarding the processing of your personal data,
  • To learn the purposes of processing and whether your data is used in accordance with such purposes,
  • To know the third parties to whom your personal data is transferred domestically or abroad,
  • To request the correction of incomplete or inaccurate data,
  • To request the deletion or destruction of your personal data,
  • To request notification of such correction or deletion to third parties to whom your data has been transferred,
  • To object to processing that results in an unfavorable outcome for you,
  • To request compensation if you suffer damage due to unlawful processing.

You may submit your requests in accordance with the Communiqué on the Principles and Procedures of Application to the Data Controller. The Company will evaluate and finalize your request as soon as possible and within thirty (30) days at the latest. If fulfilling your request requires additional cost, the Company may charge a fee according to the tariff set by the Personal Data Protection Board.

 

EXPLICIT CONSENT STATEMENT + COMMERCIAL ELECTRONIC COMMUNICATION CONSENT

EXPLICIT CONSENT FOR THE PROCESSING OF PERSONAL DATA

I hereby give my consent for your Company to process my personal data for the purposes of developing suitable offers and personalized campaigns for me regarding your Company's products and services, conducting marketing and promotions activities related to such products and services; reporting, development, planning, statistics, analysis, market research activities; evaluating and improving customer satisfaction, and managing customer relationship processes within the scope of the information provided by the Personal Data Protection Privacy Notice.

I acknowledge that this consent is provided within the scope of the information made available to me in the Personal Data Protection Privacy Notice.

I acknowledge that I may withdraw my explicit consent at any time, without affecting the lawfulness of processing carried out prior to the withdrawal.

COMMERCIAL ELECTRONIC COMMUNICATION CONSENT

In accordance with Law No. 6563 on the Regulation of Electronic Commerce, I consent to receiving commercial electronic messages, including newsletters, marketing communications, and promotional content related to the Company's products and services, through the communication channels I select below:

  • SMS
  • E-mail
  • Phone Call

I acknowledge that I may withdraw this consent at any time, and that withdrawal will not affect the legality of any communications sent before my withdrawal.

 

DATA SUBJECT APPLICATION PROCEDURE

1. PURPOSE

This Data Subject Application Procedure ("Procedure") has been prepared by Orijinal Etiket Teknoloji San. ve Tic. Ltd. Şti. ("Company") to ensure that requests submitted by data subjects under Articles 11, 13, and 14 of the Law No. 6698 on the Protection of Personal Data (KVKK) are received, evaluated, processed, and concluded in accordance with the Communiqué on the Principles and Procedures of Application to the Data Controller.

The purpose of this Procedure is to define the steps for the lawful, transparent, and timely handling of applications submitted by data subjects.

2. SCOPE

This Procedure applies to all applications submitted physically, electronically, or through other secure communication channels recognized under the Communiqué. It covers all departments involved in the evaluation and processing of such applications.

3. RESPONSIBILITY

The Company acts as the Data Controller and is responsible for ensuring that all applications are processed:

  • lawfully,
  • in good faith,
  • accurately,
  • and within statutory time limits.

The PDPL (KVKK) Committee coordinates the internal processes to ensure proper and timely evaluation.

4. APPLICATION METHODS

Data subjects may submit their applications to the Company through the following legally permitted methods:

  1. Written Application — Delivered in person or by postal mail to the Company's registered address.
  2. Registered Electronic Mail (KEP) — Sent from the applicant's KEP address.
  3. Secure Electronic Signature / Mobile Signature — Submitted using a secure electronic signature or mobile signature.
  4. E-mail Application — Sent from an e-mail address previously registered with the Company.
  5. Other secure electronic systems — As may be announced by the Personal Data Protection Authority.

Required Information in Applications

Each application must include:

  • Name and surname,
  • Turkish ID number or passport number,
  • Residential or workplace address,
  • E-mail address or phone number for correspondence,
  • The nature and scope of the request,
  • Relevant supporting documentation (if applicable).

Incomplete applications will not be processed until missing information is completed.

5. EVALUATION AND RESPONSE PROCESS

Applications are recorded and forwarded to the PDPL Committee.

Evaluation Steps

  1. Verification of the applicant's identity,
  2. Review of the scope and legal basis of the request,
  3. Consultation with relevant departments,
  4. Preparation of the response,
  5. Approval by authorized personnel.

Response Timeframe

The Company responds without undue delay and within 30 days at the latest, free of charge. If fulfilling the request requires an additional cost, a fee may be charged in accordance with the tariff set by the Personal Data Protection Board.

Responses may be submitted in writing or electronically.

6. REQUESTS THAT MAY BE SUBMITTED

Data subjects may request:

  • To learn whether their personal data is processed,
  • To request information regarding their data,
  • To learn the purposes of processing and whether data is used accordingly,
  • To learn domestic or international third-party transfers,
  • To request correction of inaccurate or incomplete data,
  • To request deletion or destruction of personal data,
  • To request notification of third parties regarding correction or deletion,
  • To object to processing results,
  • To seek compensation for damages caused by unlawful processing.

Requests related to deletion or destruction are evaluated according to the Retention and Destruction Policy.

7. GROUNDS FOR REJECTION

Applications may be denied with justification if:

  • The applicant fails to provide necessary verification information,
  • The request requires disproportionate effort,
  • The data subject's personal data is not processed by the Company,
  • The request has already been fulfilled previously,
  • The personal data has been anonymized,
  • Fulfilling the request would violate the rights of third parties,
  • The request does not fall within the scope of Article 11 of KVKK.

A reasoned written response will be provided.

8. RIGHT TO COMPLAIN

If a request is denied, insufficiently answered, or not responded to within 30 days: The data subject may file a complaint with the Personal Data Protection Authority within 30 days.

9. EFFECTIVE DATE AND UPDATES

This Procedure entered into force on 01.09.2022 and is reviewed annually or updated when necessary in line with legislative changes and Company requirements.

 

PERSONAL DATA PROTECTION AND PROCESSING POLICY

1. PURPOSE

This Personal Data Protection and Processing Policy ("Policy") has been issued by Orijinal Etiket Teknoloji San. ve Tic. Ltd. Şti. ("Company") to ensure full compliance with the Law No. 6698 on the Protection of Personal Data ("KVKK"), secondary legislation, Board decisions, and fundamental principles of personal data protection.

The purpose of this Policy is to establish internal rules, responsibilities, and control mechanisms for the lawful, fair, transparent, and secure processing of personal data while safeguarding the rights and freedoms of data subjects.

2. SCOPE

This Policy applies to:

  • The Board of Directors,
  • All Company employees,
  • Contractors, consultants, and service providers,
  • Interns, subcontractors, and any third parties with actual or potential access to personal data.

Violations of this Policy or applicable law may result in legal, administrative, or disciplinary action.

All third parties processing data on behalf of the Company are required to comply with this Policy.

3. DEFINITIONS

Key terms used in this Policy include:

Explicit Consent: Freely given, informed, and specific consent.

Anonymization: Making personal data impossible to associate with any identifiable individual, irreversibly.

Personal Data: Any information relating to an identified or identifiable natural person.

Processing: Any operation performed on personal data, such as collection, recording, storage, transmission, alteration, or destruction.

Personal Data Inventory: A structured record describing data categories, purposes, legal bases, recipients, retention periods, and security measures.

Authority (DPA): The Turkish Personal Data Protection Authority.

Board: The Personal Data Protection Board.

Data Controller / Data Processor: As defined in Article 3 of KVKK.

4. RESPONSIBILITIES

The Company acts as the Data Controller and is responsible for ensuring compliance with data protection laws.

All employees must:

  • Process data only for authorized and legitimate purposes,
  • Protect confidential information,
  • Report incidents and vulnerabilities,
  • Participate in mandatory training programs.

4.1 PDPL Committee

A PDPL Committee is appointed by the Board to oversee compliance, legislative updates, risk assessments, and internal monitoring related to personal data protection.

4.2 Duties of the PDPL Committee

The Committee is responsible for:

  • Keeping this Policy updated,
  • Coordinating compliance with all departments,
  • Ensuring data minimization and necessity principles,
  • Conducting annual data audits,
  • Managing deletion, destruction, and anonymization processes,
  • Reviewing new processing activities,
  • Maintaining and reviewing the Personal Data Inventory,
  • Supervising verification of data accuracy and integrity.

5. PRINCIPLES OF DATA PROCESSING

The Company processes personal data in accordance with KVKK principles:

  1. Lawfulness and fairness,
  2. Accuracy and up-to-date processing,
  3. Specific, explicit, and legitimate purposes,
  4. Data minimization and proportionality,
  5. Limited retention,
  6. Transparency to data subjects.

Personal data shall not be processed for purposes other than those notified to data subjects.

Appropriate Privacy Notices are presented at all data collection points.

6. RISK ASSESSMENT AND DPIA

For processing activities that may pose high risks to individuals' rights and freedoms, the Company performs a Data Protection Impact Assessment (DPIA), including an evaluation of likelihood, severity, and mitigation measures.

7. EXPLICIT CONSENT MANAGEMENT

Explicit consent:

  • Must be informed, voluntary, and purpose-specific,
  • Must be collected and stored in a verifiable manner,
  • May be withdrawn at any time.

The Company requests explicit consent only when legally required.

8. DATA SECURITY MEASURES

The Company implements appropriate technical and administrative safeguards, including:

  • Role-based and least-privilege access controls,
  • Encryption and pseudonymization when applicable,
  • Logging and monitoring systems,
  • Secure storage and transmission methods,
  • Incident response procedures.

Breach Notification

If a personal data breach occurs, the Company notifies the Authority and relevant data subjects within the legally required timeframe, currently interpreted as 72 hours.

9. TRANSFER OF PERSONAL DATA

Personal data may be transferred to:

  • Authorized public institutions and authorities,
  • Service providers supporting Company operations,
  • Legally authorized private individuals (e.g., attorneys),
  • Third parties with adequate safeguards in place.

Cross-border transfers are conducted in accordance with Article 9 of KVKK and require:

  • Explicit consent, or
  • Adequate protection measures approved by the Authority.

All transfers are documented and tracked.

10. RETENTION, DELETION, AND ANONYMIZATION

Personal data is retained only for:

  • The duration necessary for the processing purpose, or
  • The period required by applicable legislation.

At the end of retention periods, personal data is irreversibly disposed of through:

  • Secure deletion,
  • Destruction, or
  • Anonymization.

11. RIGHTS OF DATA SUBJECTS

Under Article 11 of KVKK, data subjects have the right to:

  • Learn whether their data is processed,
  • Request information,
  • Learn processing purposes and compliance,
  • Know third-party transfers,
  • Request correction,
  • Request deletion or destruction,
  • Request notification to third parties,
  • Object to processing outcomes,
  • Seek compensation for damages.

Requests are handled in accordance with the Communiqué on the Principles and Procedures of Application to the Data Controller and are answered within 30 days.

12. EFFECTIVE DATE AND UPDATES

This Policy entered into force on 01.09.2022. It is reviewed annually and updated when necessary in line with legislation, Board decisions, and operational needs.