ADDITIONAL INFORMATION FOR TURKEY (KVKK –
LAW NO. 6698)
This additional section has been prepared to ensure compliance with the Turkish Personal
Data Protection Law No. 6698 (“KVKK”) for users located in the Republic of Türkiye.
In case of any discrepancy, this section shall apply to Turkish data subjects.

Data Controller under KVKK (Veri Sorumlusu)
In accordance with Article 3 of KVKK, the Data Controller (Veri Sorumlusu) is:
ADELENTE GLOBAL AG
Zentralstrasse 44
6003 Luzern, Switzerland
Contact details for KVKK-related requests:
info@serenauziyel.com
 +90 212 511 22 82
ADELENTE GLOBAL AG processes personal data of users located in Türkiye in compliance
with KVKK and related secondary regulations.

Principles Governing the Processing of Personal Data
Personal data is processed in accordance with the following principles, pursuant to Article 4
of KVKK:
● Compliance with the law and rules of good faith.
● Being accurate and up-to-date when necessary.
● Processing for specific, explicit and legitimate purposes.
● Being relevant, limited and proportionate to the purpose for which they are
processed.
● Being retained for the period stipulated in the relevant legislation or necessary for the
purpose for which they are processed.
Legal Grounds for Processing Personal Data (KVKK Madde 5 ve 6)
Personal data is processed in accordance with KVKK Articles 5 and 6 based on the following
legal grounds:
● Explicit consent of the data subject, where required

● Processing is clearly stipulated by law
● It is necessary for the protection of the life or physical integrity of the person who is
unable to give their consent due to factual impossibility or whose consent is not
legally valid, or for the protection of the life or physical integrity of another person
● Processing of the personal data of the contracting parties is necessary for the
establishment or performance of a contract, provided that it is directly related to the
establishment or performance of the contract
● When data processing is necessary for the establishment, exercise, or protection of a
right
● The data is already disclosed to the public by the data subject
● Processing is mandatory for the data controller to fulfill its legal obligations
● Processing is necessary for the legitimate interests of the data controller, provided
that fundamental rights and freedoms of the data subject are not harmed
Personal data relating to a person's race, ethnic origin, political opinion, philosophical belief,
religion, sect or other beliefs, appearance and clothing, membership in associations,
foundations or trade unions, health, sexual life, criminal convictions and security measures,
as well as biometric and genetic data, are considered sensitive personal data. Sensitive
personal data, if any, is processed only in compliance with KVKK and with adequate
administrative and technical safeguards.
Purposes of Processing Your Personal Data
Personal data will be processed for the following purposes:
- To fulfill the contract, you have established with ADELENTE GLOBAL AG,
- To enable ADELENTE GLOBAL AG to provide the services it offers through its website and
if applicable mobile application (product and service sales),
- To obtain and report statistical information on the satisfaction of individuals using
ADELENTE GLOBAL AG’s services, to plan and execute activities, to conduct analysis, to
carry out market research and survey activities, to customize the marketing processes of
products and services according to user preferences, usage habits and needs,
- Using records provided by individuals benefiting from ADELENTE GLOBAL AG’s services
to determine and develop company business and strategies, conduct performance
evaluations of business partners and suppliers, provide audit activities, improve company
operations, and conduct operational efficiency analysis,
- Ensuring the legal, technical, and commercial security of individuals benefiting from
ADELENTE GLOBAL AG’s services, ensuring information security, and establishing
information technology infrastructure,
- Providing information to authorized institutions and organizations as required by legislation,
- Monitoring and completing legal, financial, accounting, marketing, corporate
communication, and logistics tasks, and evaluating the supply chain,
- Establishing and developing the system infrastructure, planning and executing company
audit activities, monitoring contract processes and legal claims,

- Planning and executing employees' access rights to information,
- Planning and executing the access rights and relationships of individuals using ADELENTE
GLOBAL AG’s services, monitoring and managing requests and complaints,
- Ensuring the accuracy and timeliness of data.
Personal Data Being Processed:
Profile information (if applicable, including username and password), name, surname, title,
date of birth, place of birth, nationality, identity number, company number, tax number,
contact information, address information, telephone number, email address, location
information indicated or provided by users of ADELENTE GLOBAL AG’s services,
instructions/requests necessary for platform use, order number, date of last information
change, ratings, comments and notes regarding product or service orders, special requests,
membership date, information on campaigns or coupons used, order-related communication
records (including telephone calls, SMS), email correspondence records if communication is
made via email, IP address information processed for technical, administrative, legal and
commercial security, system login information (log in credentials), user activities (password
reset, password creation, etc.), personal data processed within the scope of legal
obligations, obtaining statistical information within the scope of user relations and
satisfaction (including shopping habits, favorite products and services, order frequency),
usage habits (including average spending amount, financial data), and other relevant
information is processed by ADELENTE GLOBAL AG in accordance with the law, for the
purpose of offering discount campaigns, conducting market research and surveys, and
customizing the marketing processes of products and services according to user
preferences, usage habits, and needs.

Transfer of Personal Data to Third Parties and Abroad
Your personal data may be transferred to third parties and/or abroad in accordance with the
conditions specified in Articles 8 and 9 of the KVKK for the purposes stated above, based on
your explicit consent, provided that adequate protection is ensured and required legal
safeguards are in place. Accordingly, your personal data may be transferred to third parties
and/or abroad for the purposes stated above under the following circumstances:
● Explicit consent of the data subject, where required
● Processing is clearly stipulated by law
● It is necessary for the protection of the life or physical integrity of the person who is
unable to give their consent due to factual impossibility or whose consent is not
legally valid, or for the protection of the life or physical integrity of another person
● Processing of the personal data of the contracting parties is necessary for the
establishment or performance of a contract, provided that it is directly related to the
establishment or performance of the contract
● When data processing is necessary for the establishment, exercise, or protection of a
right
● The data is already disclosed to the public by the data subject

● Processing is mandatory for the data controller to fulfill its legal obligations
● Processing is necessary for the legitimate interests of the data controller, provided
that fundamental rights and freedoms of the data subject are not harmed
Personal data may be transferred abroad if one of the conditions specified in Articles 5 and 6
of KVKK is met and there is an adequacy decision regarding the country, sectors within the
country, or international organizations to which the transfer will be made.
Transfers are conducted in compliance with GDPR and KVKK principles.
Data Subject Rights under KVKK (Madde 11)
Pursuant to Article 11 of KVKK, data subjects located in Türkiye have the right to:
● Learn whether personal data is processed
● Request information if personal data has been processed
● Learn the purpose of processing and whether it is used in accordance with its
purpose
● Know the third parties (located in Türkiye or abroad) to whom personal data is
transferred
● Request correction of incomplete or inaccurate data and to request that the
correction be notified to third parties to whom the personal data has been transferred.
● Even if personal data has been processed in accordance with the law, the right to
request the deletion or destruction of personal data when the reasons requiring its
processing cease to exist, and to request that this action be notified to third parties to
whom the personal data has been transferred.
● Request notification of these operations to third parties
● Object to detrimental results against the data subject arising from analysis by
automated systems
● Claim compensation for damages arising from unlawful processing

You have the right to claim compensation for damages if you suffer harm due to the unlawful
processing of your personal data. However, according to Article 28, paragraph 1 of KVKK,
the rights listed above cannot be asserted in the following cases:
a) Processing of personal data by natural persons solely within the scope of activities related
to themselves or family members living in the same household, provided that the data is not
disclosed to third parties and that obligations regarding data security are complied with.
b) Processing of personal data for purposes such as research, planning, and statistics
through official statistics and anonymization.
c) Processing of personal data for artistic, historical, literary, or scientific purposes, or within
the scope of freedom of expression, provided that it does not violate national defense,

national security, public security, public order, economic security, privacy, or personal rights,
or constitute a crime.
d) Processing of personal data by public institutions and organizations authorized by law to
carry out preventive, protective and intelligence activities aimed at ensuring national
defense, national security, public security, public order or economic security.
e) Processing of personal data by judicial authorities or enforcement agencies in relation to
investigation, prosecution, trial or execution proceedings.
Your personal data is stored for the periods stipulated in the relevant legislation. In cases
where no retention period is stipulated in the law regarding the retention of personal data, it
is processed at data controller’s discretion and in accordance with commercial practices for
as long as necessary. Upon expiration of this period, personal data is deleted, destroyed, or
anonymized.
Personal data whose processing purpose has ended, or which you have requested to be
deleted or anonymized, may be retained for purposes such as serving as evidence in
potential disputes, asserting a right, or establishing a defense, provided that the retention
periods stipulated in the law have also expired.
Even if processed in accordance with the provisions of the legislation, if the reasons
requiring its processing cease to exist, personal data will be deleted, destroyed, or
anonymized upon data controller’s decision or your request.
Requests may be submitted in writing or via registered electronic mail to:
info@serenauziyel.com
Requests will be concluded within 30 (thirty) days in accordance with KVKK. However, if
fulfilling your request incurs additional costs, a fee may be charged in accordance with the
tariff determined by the Personal Data Protection Board.

Marketing Communication & Explicit Consent (Açık Rıza)
Marketing communications (such as e-mail, SMS, promotional campaigns, and commercial
messages) are sent only if explicit consent is obtained from the data subject in
accordance with KVKK.
Data subjects may withdraw their consent at any time without affecting the lawfulness of
prior processing.

Complaints and Supervisory Authority
Data subjects in Türkiye have the right to submit complaints to the Personal Data
Protection Authority of Türkiye (KVKK Kurumu) after exhausting application procedures
with the data controller.