Customer Personal Info Protection Policy
KVKK/GDPR Disclaimer
Call Center Privacy Notice
Cookie Policy
Privacy Policy
Terms & Conditions
FAQ
Masterpass

Customer Personal Info Protection Policy

Customer Personal Data Protection Policy (“Policy”) includes information about how Getir Perakende Lojistik A.Ş. (“Getir”) protect customers' personal data (any information that identifies or serves to identify a person), the rules we comply with when processing personal data and our processing processes of personal data.
In the first part of the Policy, we included technical rules such as the principles we comply with when processing personal data and the legal grounds we based on. In the second part, we include explanations about the processing processes of customers’ personal data.
For explanations of the terms we use in the Policy, you may review the last part of this document.
For all your questions regarding the protecting and processing of your personal data, you may contact us at .

1. Rules of Personal Data Processing

Principles of Personal Data Processing

While processing your personal data, we ensure compliance with the data processing principles stated below.
  1. Being in compliance with the law and good faith principle.We conduct our data processing activities in accordance with the legislation and good faith principles.
  2. Being accurate and up-to-date when necessary.We always keep channels open to ensure your personal data is accurate and up-to-date.
  3. Processing for specific, explicit and legitimate purposes.We determine for what purposes the personal data will be processed and present these purposes in a transparent and understandable manner for your information.
  4. Being connected, limited and restrained with processing purposes.We do not process personal data that are not related to processing purposes or needed, and we do not perform personal data processing activities to meet possible needs.
  5. Storing for the period required by the relevant legislation or for the purpose for which they are processed. If there is a period set forth in the legislation for the storage of personal data, we comply with this period; if such a period is not provided, we only store personal data for the time required for processing purposes.

Legal Grounds for Personal Data Processing

We process your personal data based on the legal grounds specified in Articles 5 and 6 of . We explicitly state these legal grounds in the privacy statements we provide them to the data subjects.
The legal grounds we based on when processing our customers' personal data are as follows:
  1. Personal data processing is necessary for the establishment or performance of a contract signed between you and Getir.
  2. Processing personal data for the establishment, execution or protection of a right.
  3. Processing personal data to fulfill our legal obligations.
  4. Personal data processing is mandatory for our legitimate interests.
  5. Explicit consent of the data subject to process her/his personal data.
While making this assessment, we perform balance tests by comparing the fundamental rights and freedoms of the person with the legitimate interest that will arise, based on the criteria specified in .
If there is at least one of the legal grounds specified in the Law so that personal data can be processed, we do not ask for explicit consent of the data subject. We only ask explicit consent in the absence of legal grounds stated in the Law.

Factors Considered When Asking for Explicit Consent

Explicit consent is described in the Law as 'consent on a particular subject, based on the information and disclosed with free will'. When asking the explicit consent of data subject, we consider the following three factors:
  1. Being related to a particular subjectWe ask for the explicit consent of the data subject for specific data processing activity/activities and ensure that the consent letters are understandable.
  2. Information-based We present consent letters and privacy statements together/on the same channel; we support the data subject to understand the results of the data processing activity.
  3. Disclosure with free will While asking for their consent, we avoid misleading statements that may defect their will.

Personal Data Security

We take the necessary technical and organizational measures to ensure the protection of your personal data. For example, we use detection and prevention softwares to detect and prevent potential cyber-attacks; we determine employees' access to personal data and use data loss prevention software.

Rights of the Data Subjects

Article 11 of regulates the rights of the data subjects (natural persons whose personal data are processed). These rights are as follows:
  1. To learn whether Getir processes your personal data,
  2. To request information if your personal data is processed,
  3. To learn the purpose for processing your personal data and whether these are processed in accordance with intended purposes,
  4. To learn whether your personal data has been transferred to third parties; if it is transferred, learning the third parties within the country or outside the country to which it is transferred,
  5. In case your personal data is processed incompletely or inaccurately, to request rectification of these and to request the notification of the transactions made in this respect, if any, to third parties with whom we shared your personal data,
  6. Despite the fact that we have processed your personal data in accordance with the Law and the relevant legislation, to request the deletion or destruction of your personal data in case where the grounds of processing is no longer present and to request the notification of the transactions made in this respect, if any, to third parties which we shared your personal data,
  7. To object to occurrence of any unfavorable consequence for you by means of analysis of the processed personal data exclusively through automated systems,
  8. If you incurred losses due to the unlawful processing of your personal data, to request the compensation of your loss.
You can choose the methods below to exercise your rights and submit your requests to Getir:
  1. You may use the methods specified in Data Subject Rights - Application Form at www.getir.com or on the mobile application.
  2. You may send your requests in written to Etiler Mah. Tanburi Ali Efendi Sok. Maya Residences Sit. T Blok No:13/334 Beşiktaş/İstanbul.
  3. You may use the other methods stated in .

2. Processes of Personal Data Processing

In this part of the Policy, we included sample processes to better express how we process your personal data. In addition, we have specified topics such as which personal data Getir processes, and for what purposes this personal data processes.
TermsDescriptionsPersonal Data
Account RegistrationPerforming membership/registration to benefit from our services, verifying the identity and address of the user.Name-surname, phone number, e-mail address, password information.
Order and PaymentReceiving the payment, confirming order and delivering your products that you orderedto your address.Name-surname, address, order and payment information.
NotificationsSending notifications about products you have purchased/interested in (you can change your notification preferences at any time in the 'Communication Options' section of your account).Personal data about your name, surname, preference, likes, interests and usage habits.
Request/Complaint ManagementIn case you send us your requests/comments/complaints about our products or delivery, following and concluding the request/complaint process.Name-surname, request/complaint information.
Marketing CommunicationInforming you about the most suitable products and opportunities for you in accordance with your communication preferences, examining your preferences, likes, interests, and usage habits.Personal data about your name, surname, preference, likes, interests and usage habits.

Processed Personal Data

As part of the service we offer to our customers, we process your personal data listed below:
Identity &ContactName-surname, customer ID, advertisement ID, gender, age, profile picture, phone number, e-mail, address
FinanceInformation regarding payments and payment methods
Customer TransactionShopping/order history, order information, number of orders, application usage information, invoice information, request/complaint information, comment, rating and review information
LocationYour location information
Transaction SecurityDevice operating system and version, device type, device ID, hardware model, IP address, user transaction records, password information
In addition to this information, we process your personal data regarding your preferences, likes, interests and usage habits and your information obtained as a result of the analysis of your data mentioned above (for example, the most ordered products, the restaurants you order the most).

Collecting Methods of Personal Data

We collect mobile application users' personal data via the Getir mobile application by automatic and partially automatic methods.If you use our services through the website, we collect your personal data via our website by automated and partially automated methods.If you contact us through the following channels, we collect your personal data through these channels:
  1. When you call Getir Customer Service,
  2. When you fill out the contact form on our website,
  3. When you reach us via Getir social media accounts.

Purposes of Personal Data Processing

As Getir, we process your personal data within the country or outside the country for the following purposes:
  1. To conduct the signing up process in order to benefit from our services,
  2. To communicate with our customers and manage relationships with our customers,
  3. To conduct the processes of receiving orders, payments and delivering orders,
  4. To offer the most suitable product options for your preferences, likes, interests, usage habits, and location; for GetirFood users, to provide you with restaurant options that serve in your location; to inform you about the most suitable products and opportunities,
  5. To conduct communication between Getir couriers, GetirFood restaurants and customers (your contact information is not shared with Getir couriers),
  6. To perform analysis for improving our products and services,
  7. To conduct activities for customer satisfaction,
  8. To introduce the products and services offered by Getir; to conduct marketing activities,
  9. To receive and evaluate feedback on the improvement of our products/services,
  10. To follow up and conclude requests/complaints,
  11. To conduct our activities in accordance with the legislation,
  12. Review and audit of our business activities,
  13. To prevent and detect security concerns, fraud and abuse of promos/discounts,
  14. To conduct financial and accounting affairs related to payments.

Transfer of Personal Data

We share your personal data with the following parties within the country or outside the country, for the following purposes:
Getir Distributors, Couriers and GetirFood RestaurantsConducting communication between distributors, couriers, restaurants and customers, conducting customer order transactions, informing the couriers about the address to which the order will be delivered.
Business Partners & SuppliersGetting support from suppliers related to the products and services offered by Getir to its customers, conducting financial and accounting processes, managing business partner and supplier relations.
Authorized Persons, Institutions or OrganizationsProviding information to authorized persons, institutions, or organizations, fulfilling our legal obligations, conducting legal processes and conducting our activities in accordance with the legislation.
Please note that your comments and ratings may be published if deemed appropriate in accordance with our . Within the scope of your comments, we would like to express that your identity or contact information will not be published to protect your privacy.

Terms

Descriptions of the terms we use in the Policy are as follows:
  1. Data Subject: The natural person whose personal data is processed.
  2. Destruction: Deletion, destruction, or anonymization of personal data.
  3. Law: The Law on Protection of Personal Data numbered 6698, dated 24 March 2016.
  4. Personal Data Processing: Any operation performed on personal data such as collection, recording, storage, retention, alteration, re-organization, disclosure, transferring, taking over, making retrievable, classification or preventing the use thereof, fully or partially through automatic means or provided that the process is a part of any data registry system, through non-automatic means.
  5. Board: Personal Data Protection Board.
  6. Authority: Personal Data Protection Authority.
  7. Customer: Potential or existing customers that Getir offers products/services
  8. Data Controller: Natural or legal person who determines who determines the purpose and means of processing personal data and is responsible for establishing and managing the data registry system.
Last Update Date: 04/06/2021