Data Controller
Felya Kozmetik Sanayi ve Tic. A.Ş.
Affiliates / Subsidiaries
As Fiolas, within the scope of our activities arising from Law No. 6698 on the Protection of Personal Data (“KVKK”) and the relevant legislation and legal regulations, we have prepared this Personal Data Processing Information Notice (“Information Notice”) in order to inform data subjects regarding the processing, storage and transfer of your personal data.
In addition, if you visit our website, mobile website and/or mobile application, detailed information regarding cookies and SDKs used is provided in the Cookie Policy. The personal data processed through these means is explained in this Information Notice.
This Information Notice shall be valid as of the date it is published by Fiolas. Fiolas may amend this Information Notice at any time where necessary. Any amendments shall become effective immediately upon publication of the updated Information Notice at https://www.Fiolas.com/kisisel-verilerin-korunmasi.
Data Subjects
Customers
Online Users
Employees / Interns / Shareholders
Job Applicants
Business Partner Representatives and Employees
Supplier Employees
Supplier Representatives
Prospective Business Partner Representative/Employee
Supplier Candidate / Supplier Candidate Employee
Passengers
Retention of Personal Data, Your Rights and Application
Retention and Disposal
Your Rights
Application
Commercial Electronic Messages
Commercial Electronic Message Information Notice
Cookie Policy
As Felya Kozmetik Sanayi ve Tic. A.Ş. (“Fiolas”), within certain areas of our website located at ** ** (“Website”) and our mobile application (collectively referred to as the “Platform”), we use cookies. In addition, within our mobile application, SDKs (Software Development Kits) that have similar functions to the cookies used on the Website are also used. This Cookie Policy (“Policy”) applies to the Platform managed by Fiolas, and cookies and SDKs shall be used as described in this Policy.
Information on Cookies Used on Our Platform
| Cookie Service Provider | Cookie Name | Cookie Description | Cookie Type | Cookie Duration |
|---|---|---|---|---|
| .Fiolas.com | Necessary to identify requests coming from the same browser within a limited session period while navigating the website. | Strictly Necessary | During the session | |
| .Fiolas.com | Used to limit the collection of data on high-traffic websites and reduce request rates. | Performance | 10 minutes | |
| .Fiolas.com | Used to determine the top-level domain for the website user. | Performance | During the session | |
| .Fiolas.com | Used as a unique user identifier. | Performance | 6 months | |
| .Fiolas.com | This cookie, associated with the Tealium data platform, is used for web analytics. | Performance | 1 year | |
| .Fiolas.com | Used to distinguish users by assigning a randomly generated number as a customer identifier. | Performance | 2 years | |
| .Fiolas.com | Used to assign a unique value for each page visited. | Performance | 1 day | |
| .Fiolas.com | Used in the “Feedback Survey Tool” to ensure the survey does not reappear for the user after completion. | Functional | 1 year | |
| .Fiolas.com | Live chat widget cookies; used to identify the device during user visits via the Zopim Live Chat ID. | Functional | 1 year | |
| .Fiolas.com | Used to support Hotjar functionality. | Functional | 1 day | |
| .Fiolas.com | Used to determine which ads are shown to the user. | Targeting | A few seconds | |
| .Fiolas.com | A cookie related to advertisements from which the site owner may generate revenue. | Targeting | 2 years | |
| .Fiolas.com | Used by Facebook to provide a range of advertising products such as real-time bidding from third-party advertisers. | Targeting | 3 months | |
| .Fiolas.com | Used to determine which ads are shown to the user. | Targeting | A few seconds | |
| Targeting | 3 months | |||
| Targeting | 2 years | |||
| .doubleclick.net | May be used to serve targeted advertising or to limit the number of times an ad is shown to a user. | Targeting | 18 months | |
| .doubleclick.net | May be used to serve targeted advertising or to limit the number of times an ad is shown to a user. | Targeting | 2 months | |
| .facebook.com | As a third-party server provider, Facebook collects user data through widgets such as the “Like” button found on many websites. This data is used for targeted advertising. | Targeting | 2 months | |
| .facebook.com | As a third-party server provider, Facebook collects user data through widgets such as the “Like” button found on many websites. This data is used for targeted advertising. | Targeting | 3 months | |
| .facebook.com | As a third-party server provider, Facebook collects user data through widgets such as the “Like” button found on many websites. This data is used for targeted advertising. | Targeting | 2 months | |
| .google.com | Used to provide personalized advertising based on recent searches and previous interactions. | Targeting | 2 months | |
| .google.com | Used to provide personalized advertising based on recent searches and previous interactions. | Targeting | 2 months | |
| .google.com | Used to provide personalized advertising based on recent searches and previous interactions. | Targeting | 6 months | |
| .google.com | Used to provide personalized advertising based on recent searches and previous interactions. | Targeting | 2 months | |
| .google.com | Used to provide personalized advertising based on recent searches and previous interactions. | Targeting | 2 months | |
| .google.com | Used to provide personalized advertising based on recent searches and previous interactions. | Targeting | 2 months |
Purposes of Using Cookies
Cookies are used for the following purposes:
To perform basic functions necessary for the operation of the Platform.
For example, ensuring that items in Fiolas members’ shopping carts are not lost during their visit; enabling logged-in members not to re-enter their password while navigating different pages on the Platform.To analyze the Platform and improve its performance.
For example, integrating different servers on which the Platform operates, determining the number of visitors to adjust performance, and making it easier for visitors to find what they are looking for.To enhance functionality and provide ease of use.
For example, enabling sharing to third-party social media platforms via the Platform; remembering a visitor’s username or search queries on subsequent visits.To carry out personalization, targeting and advertising activities.
For example, showing advertisements related to visitors’ interests based on pages and products they view.
Legal Basis
While technical cookies are processed based on the legal ground under Article 5 of KVKK that “processing of personal data of the parties to a contract is necessary, provided that it is directly related to the establishment or performance of a contract,” other cookies are processed based on (i) the legal ground under Article 5 of KVKK that “processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject,” and/or (ii) your consents within your cookie preferences as managed under this Policy.
Managing Cookies
Browsers generally accept cookies automatically. Cookie use is not mandatory to use our website; however, if you set your browser not to accept cookies, the quality of your user experience may decrease and certain functions of our websites may not work properly.
In particular, technical cookies enable the Platform to perform its basic functions (e.g., ensuring that the product remains visible in your cart when you navigate to another page, enabling you to log in by transmitting your details to Fiolas servers, saving your login details if you choose to do so, etc.). Since technical cookies ensure the Platform functions technically, disabling them may cause some functions not to operate properly.
You may configure your browser to block cookies for all sites or specific sites, to provide alerts when cookies are created, to block third-party cookies, or to treat all cookies as session cookies. You may also delete cookies through your browser or view the list and values of cookies stored in your browser. For detailed information on cookie management features, please refer to your browser’s website via the links below:
Google Chrome
Mozilla
Apple Safari
Opera Safari
Microsoft Explorer
Additionally:
Click to disable cookies managed by Google Analytics.
Click to manage the personalized advertising experience provided by Google.
Preferences for cookies used by many companies for advertising activities can be managed via Your Online Choices.
To manage cookies on mobile devices, the settings menu of the relevant mobile device may be used.
For more detailed information on cookies, you may visit https://www.aboutcookies.org or https://www.youronlinechoices.eu, or use the “Privacy Badger” application (https://www.eff.org/tr/privacybadger).
Fiolas uses cookies within the scope of this Policy as well as the Information Notice, and reserves the right to amend the cookie usage terms and the Cookie Policy.
Consent Text Regarding the Processing of Personal Data
We would like to inform you about the activities carried out through the websites of Felya Kozmetik Sanayi ve Tic. A.Ş. (“Fiolas”; Fiolas is a brand of Felya Kozmetik Sanayi ve Tic. A.Ş.). As an e-commerce platform, Fiolas does not require membership to shop. Therefore, membership is not offered as a condition of service on our platform.
Unlike shopping without membership, the membership option is designed for users who wish to receive a personalized service by tracking and evaluating habits, purchase history, and reviews. In order to provide these personalized benefits, it may be necessary to process certain personal data for the purposes detailed below, to share such data with our contracted professional business partners, and to record such data in our programs and/or systems provided by our technology suppliers.
Some of your personal data that must be processed to ensure customer satisfaction can only be processed based on your explicit consent, as they do not fall under the non-consent-based processing conditions provided in the KVKK. If you do not wish to provide consent, you may shop without becoming a member by selecting the “Continue Without Membership” option.
Subject to your explicit consent:
Personal Data Processed and Collection Methods
Identity information (name, surname, date of birth, nationality, Turkish ID number, gender, passport validity date, passport number) shared by you via online and/or printed forms; contact information (email address, billing and delivery addresses, mobile phone number); customer transaction data collected during your use of the website (request information, order information, invoice information, customer reviews, miles&smiles number, HES code); financial information (credit card information); marketing information (cookie records, shopping history, explicit or implicit user ratings); information security data (IP address, website login-logout logs, username, password, traffic data such as connection time/duration); and location data that may be collected depending on your preferences in your internet browser and/or in our mobile application while using the website, shall be processed.
Purposes and Legal Basis for Processing
If you become a Fiolas member by providing consent, your personal data listed above may be processed based on the legal ground of “explicit consent” under Article 5/1 of KVKK for purposes including: creating personalized advertisements, promotions and campaigns; cross-selling; defining target audiences; tracking customer activities to improve user experience; improving and personalizing the operation of Fiolas’ website and mobile application according to customer needs; conducting direct and indirect marketing, personalized marketing and remarketing activities; personalized segmentation, targeting, analysis and internal reporting; market research; planning and execution of customer satisfaction activities; and planning and execution of customer relationship management processes. Within the same purposes and legal basis, your data may be shared with third parties domestically and with third parties abroad in compliance with Article 9 of KVKK, as well as with our business partners/suppliers.
Transfer of Personal Data Abroad
If you become a Fiolas member by providing consent, your data including identity (name, surname), contact (email address, mobile phone number), HR, legal transaction, professional experience, visual and audio records, customer, business partner transaction, customer transaction (ticket, cargo, membership, order, delivery, review, payment, bank account, card, invoice, amount), marketing (campaign, product, gift voucher) and information security (IP address) may be recorded in our programs and/or systems provided by our foreign cloud service infrastructure suppliers that are established abroad and whose servers are located abroad, in compliance with Article 9 of KVKK and by taking necessary technical and administrative measures. This is due to the absence of domestic alternatives that would ensure the quality and continuity of the services we provide.
Such transfer may occur for purposes including: conducting information security processes, communication activities, business operations and audits, sales processes for goods and services, customer satisfaction activities, customer relationship management processes, marketing activities, retention and archiving activities, and tracking requests and complaints.
The firms selected by Fiolas undertake to provide a security level in line with internationally recognized standards and implement data security measures accordingly. Furthermore, many international regulations, notably the EU General Data Protection Regulation (GDPR), legally ensure that such data is not processed by Data Processors (the infrastructure providers listed above) beyond Fiolas’ requests and purposes. Personal data transferred abroad through the use of software provided by Data Processors is not shared with other third parties abroad for purposes other than those stated above.
Your Rights Regarding the Processed Personal Data
Under Article 11 of KVKK, you have the right to:
learn whether your personal data is processed;
request information if your personal data has been processed;
learn the purpose of processing and whether it is used in accordance with its purpose;
know the third parties to whom your personal data is transferred domestically or abroad;
request correction if your personal data is incomplete or inaccurate;
request deletion or destruction of your personal data under the conditions set out in KVKK;
request notification of correction, deletion or destruction to third parties to whom your personal data has been transferred;
object to any adverse outcome arising from analysis of your data exclusively through automated systems; and
request compensation if you suffer damage due to unlawful processing of your personal data.
By clicking the “Create My Account” button on the membership page, you will be deemed to have freely and explicitly given your consent, without any pressure, to the processing of all your personal data listed above, limited to the stated purposes.
Personal Data Protection Application Form
Personal Data Protection Application Form
Felya Kozmetik Sanayi ve Tic. A.Ş. (“Company”) – APPLICATION FORM
General Explanations
Pursuant to Article 11 of the Law No. 6698 on the Protection of Personal Data (“KVK Law”), data subjects (hereinafter referred to as the “Applicant”) are granted the right to make certain requests regarding the processing of their personal data.
In accordance with Article 13/1 of the KVK Law, applications to our Company, as the data controller, regarding such rights must be submitted in writing or by other methods determined by the Personal Data Protection Board (“Board”).
Within this framework, written applications may be submitted by printing this form and sending it to our Company through:
the Applicant’s personal application in person with a document verifying identity;
via a notary public; or
by sending it to our Company’s registered email address ** .kep.tr** signed with a secure electronic signature as defined in the Electronic Signature Law No. 5070;
by sending an email from the Applicant’s email address previously notified to our Company and registered in our systems.
Below, information is provided on written application channels and how applications should be delivered.
Application Method | Address for Application | Information to be Stated
In-person application (Applicant applies in person with an identity document) | ** ** | “Information Request Within the Scope of the Law on Protection of Personal Data” shall be written on the envelope.
Notification via notary | ** ** | The same phrase shall be written on the notification envelope.
Via Registered Electronic Mail (KEP) signed with secure e-signature | kep.tr | Subject line: “Law on Protection of Personal Data Information Request”
Via email from registered email address | [email protected] | Subject line: “Law on Protection of Personal Data Information Request”
In applications made via email, our Company may request additional information to verify the Applicant’s identity and may take necessary measures. After the Board announces other methods, the Company will also announce how applications will be received via such methods.
Applications submitted to us will be responded to within thirty (30) days from the date they reach us, depending on the nature of the request, in accordance with Article 13/2 of the KVK Law. Responses will be delivered to you in writing or electronically pursuant to Article 13.
A. Applicant Contact Information
A1. For Turkish Citizens:
Name:
Surname:
Turkish ID Number:
Telephone and Fax Number:
Email: (If provided, we can respond faster.)
Residential or Business Address:
A2. For Foreign Nationals:
Name:
Surname:
Nationality:
Passport Number/ID Number:
Telephone and Fax Number:
Email: (If provided, we can respond faster.)
Residential or Business Address:
B. Please indicate your relationship with our Company
(Customer, business partner, job applicant, former employee, third-party company employee, shareholder, etc.)
☐ Customer
☐ Visitor
☐ Business Partner
☐ Other: ……………………………………………………………..
Department you were in contact with within our Company: …………………………………………………
Subject: …………………………………………………………………………………………………………
☐ I am a Former Employee – Years Worked: ………………………………………
☐ Other: ……………………………………………………..
☐ I made a Job Application / Shared my CV – Date: ……………………………
☐ I am an Employee of a Third-Party Company – Please specify your company and position: ……………………………………………………………………………
C. Please detail your request under the KVK Law
……………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………
D. Please choose how you would like to receive our response
☐ I want it sent to my address.
☐ I want it sent to my email address. (This may allow a faster response.)
☐ I want to receive it in person. (If collected by proxy, a notarized power of attorney or authorization document is required.)
This application form has been prepared in order to identify your relationship with our Company, to fully determine your personal data (if any) processed by our Company, and to respond to your application accurately and within the legal timeframe.
To eliminate legal risks arising from unlawful or unfair data sharing and to ensure the security of your personal data, our Company reserves the right to request additional documents and information (e.g., copy of ID card or driver’s license) for identity and authorization verification.
If the information provided in your request is not accurate or up to date, or if the application is unauthorized, our Company does not accept liability for requests arising from incorrect information or unauthorized applications.
Applicant (Data Subject)
Name Surname:
Application Date:
Signature: