GENERAL EXPLANATIONS

This membership agreement has been prepared by Barbarian Giyim ve Tekstil Ticaret Limited Şirketi to determine the rules and conditions for the use of the barbarianwoman.com website.

Filling out the membership form on our website and logging in means that you accept and undertake to comply with the provisions of the barbarianwoman.com membership agreement. The user is deemed to have undertaken to comply with the membership agreement from the moment the membership procedures are successfully completed. barbarianwoman.com offers its members who approve the agreement various communication services (voting, ordering, sending e-bulletins, being informed about discounts) and online shopping opportunities. barbarianwoman.com reserves the right to make changes to the services it offers without notice.

MEMBERSHIP SYSTEM

The member will have a "password" determined by themselves. The user can change their password at any time. The selection and protection of the password is entirely the user's responsibility. barbarianwoman.com is absolutely not responsible for problems arising from password usage. The e-mail address you provided during registration is specific to the member and allows for only one membership; you cannot have two different memberships with the same e-mail address. The "password" is known only by the user. To connect to services requiring membership, the user must enter the e-mail address and password they provided during registration.

MEMBER'S OBLIGATIONS

The member accepts that during the use of the services, the information in the registration form is accurate, and that they are responsible for any damages that may arise from incorrect or incomplete information in cases where this information is necessary (such as forgetting a password), and that their membership may be terminated in such cases.

The member accepts that the copyright of the services and software provided by barbarianwoman.com belongs to barbarianwoman.com, and that this software cannot be reproduced or distributed in any way. The member accepts that they are responsible for the personal opinions, thoughts, expressions, attached files, and personal information they provide when using the services, and that barbarianwoman.com cannot be held responsible in any way for these files, and that the user will be obliged to compensate for all material and moral damages that may arise as a result of such situations.

The member accepts that barbarianwoman.com will not be responsible for any lost and/or incomplete, misdirected information, messages, and files during the use of the services. The member undertakes not to access the services in a manner other than that determined by barbarianwoman.com and without authorization, not to modify the software in any way, not to use software that has clearly been modified, and to pay all material and moral damages that barbarianwoman.com may incur if these provisions are not complied with.

The member accepts that barbarianwoman.com will not be responsible for damages that may arise from unauthorized reading of their data by unauthorized persons.

SITUATIONS REQUIRING DESTRUCTION OF PERSONAL DATA

Unlawfulness: Barbarian Giyim ve Tekstil Ticaret Limited Şirketi undertakes not to process personal data in violation of the law and relevant legal regulations. Barbarian Giyim ve Tekstil Ticaret Limited Şirketi does not store personal data of individuals without their explicit consent, unless the exceptions specified in Articles 5 and 6 of the Law exist. Barbarian Giyim ve Tekstil Ticaret Limited Şirketi processes special categories of personal data in compliance with relevant legislation when storing such data.

Cessation of Data Processing Conditions: Barbarian Giyim ve Tekstil Ticaret Limited Şirketi is responsible for the currency of data processing conditions and shares this responsibility with all its employees. Employees cannot continue data processing if the data processing conditions cease to exist. The IT Department within Barbarian Giyim ve Tekstil Ticaret Limited Şirketi is obliged to destroy storage media in accordance with this Policy if the data processing conditions cease to exist.

DELETION OF PERSONAL DATA

Secure Deletion from Software: When deleting data processed by fully or partially automated means and stored in digital environments; methods are used to delete the data from the relevant software in a way that it is completely inaccessible and unusable by the Relevant Users. This includes deleting relevant data in a cloud system by issuing a delete command; removing the access rights of the relevant user on a file or directory containing the file on a central server; deleting relevant rows in databases with database commands; or deleting data located in portable media, i.e., flash drives, using appropriate software.

Redaction of Personal Data in Paper Form: This is a method of physically cutting out relevant personal data from a document or rendering it invisible by using permanent ink that cannot be reversed or read with technological solutions, in order to prevent unauthorized use of personal data or to delete data requested to be deleted.

Destruction of Personal Data: Demagnetization: This is a method of rendering data unreadable by subjecting magnetic media to physical change in a high magnetic field.

AUTHORIZED COURTS AND ENFORCEMENT OFFICES

T.C. Courts and Enforcement Offices will be authorized to resolve all disputes that may arise from the implementation of this agreement.

EFFECTIVENESS

This agreement enters into force indefinitely between the parties after the user fills out the registration form and receives a password.

TERMINATION

barbarianwoman.com may unilaterally terminate this agreement at any time.

DATA PROCESSOR AND DATA SUBJECT

Data Processor: Refers to the real or legal person who processes Personal Data on behalf of the Data Controller with authorization from the Data Controller.

Data Subject: Refers to all real persons whose Personal Data are processed by the Company or on behalf of the Company.

CHANGES TO THE POLICY

This Policy may be changed by the Company from time to time. The updated Policy text, with changes visible, is shared with employees via e-mail or made accessible to employees and Data Subjects via the website address below.

Relevant website address: barbarianwoman.com

EFFECTIVE DATE OF THE POLICY

This version of this Policy entered into force on 01.04.2018.

PRINCIPLES OF PERSONAL DATA PROCESSING

1-Personal Data are processed by the Company in compliance with the law and good faith principles and on the basis of proportionality.

2-The Company takes all necessary measures to ensure that Personal Data are complete, accurate, and up-to-date, and updates the relevant Personal Data if the Data Subject requests changes to the Personal Data.

3-Before Personal Data are processed, the Company determines the purpose for which the Personal Data will be processed. In this context, the Data Subject is informed within the scope of GDPR Regulations, and Explicit Consent is obtained where necessary.

4-Personal Data Being Linked, Limited, and Proportional to the Purpose for which They are Processed The Company processes Personal Data only in exceptional cases within the scope of GDPR Regulations (KVKK Article 5.2 and Article 6.3) or for the purpose within the scope of Explicit Consent obtained from the Data Subject (KVKK Article 5.1 and Article 6.2) and in accordance with the principle of proportionality.

5-Retention of Personal Data for as Long as Necessary and Subsequent Deletion

1-The Company retains Personal Data for as long as necessary for the purpose. If the Company wishes to retain Personal Data for a period longer than that stipulated in the GDPR Regulations or required by the purpose of Personal Data Processing, the Company acts in accordance with the obligations specified in the GDPR Regulations.

2-After the period required by the purpose of Personal Data Processing expires, Personal Data are Deleted, Destroyed, or Anonymized. In this case, it is ensured that third parties to whom the Company has transferred Personal Data also Delete, Destroy, or Anonymize the Personal Data.

3-The Company is responsible for operating the Deletion, Destruction, and Anonymization processes.

DATA MANAGEMENT AND SECURITY

1. All employees involved in the relevant process are jointly and severally responsible for protecting Personal Data in accordance with this Policy and GDPR Procedures.

2. Company employees are informed about the protection and lawful processing of Personal Data.

3. Company employees can only access Personal Data within the scope of the authority defined for them and in accordance with the relevant GDPR Procedure. Any access and processing by an employee beyond their authority is unlawful and constitutes a valid reason for the termination of the employment contract.

4. Each person assigned a Company device is responsible for the security of the devices assigned for their own use.

5. Every Company employee or person working within the Company is responsible for the security of the physical files within their area of responsibility.

6. In cases where security measures required by GDPR Regulations for the security of Personal Data or additional security measures are requested, all employees are obliged to comply with these additional security measures and ensure their continuity.

7. Software and hardware, including virus protection systems and firewalls, are installed in the Company in accordance with technological developments to store Personal Data in secure environments.

8. Backup programs are used and adequate security measures are taken in the Company to prevent the loss or damage of Personal Data.

9. All Personal Data processed within the Company are considered "Confidential Information" by the Company.

10. Company employees have been informed that their obligations regarding the security and confidentiality of Personal Data will continue after the termination of the employment relationship, and a commitment has been obtained from Company employees to comply with these rules.

RIGHTS OF DATA SUBJECTS

In situations where Data Subjects wish to exercise their rights and/or believe that the Company is not acting within the scope of this Policy while processing Personal Data, they can submit their requests to the Data Controller at the e-mail address provided below (which may change from time to time) with a secure electronic signature, or they can hand-deliver a wet-signed petition with identity verification documents to the postal address provided below (which may also change from time to time), or send it via a notary public.

Data Controller: Barbarian Giyim ve Tekstil Ticaret Limited Şirketi.

E-mail: info@barbarianwoman.com

Address: Gürsel Mah. Sevilen Sk. No: 61 İç Kapı No: 7 Kağıthane/ İstanbul

If Data Subjects submit their requests regarding the rights listed above to the Company in writing, the Company will finalize the request free of charge within thirty days at the latest, depending on the nature of the request. If there is an additional cost for the Data Controller to finalize the requests, the fees specified in the tariff determined by the Personal Data Protection Board may be requested by the Company. The Company accepts or rejects the request by explaining its reasons and notifies the relevant person of its response in writing or electronically. If the request in the application is accepted, the Company fulfills the requirement. If the application is due to a Company error, the fee collected is refunded to the relevant person.

COMPANY RESPONSIBILITIES

The Company undertakes to act in accordance with this Policy and the procedures to be applied in connection with the Policy regarding the Personal Data within its structure.

PURPOSE OF THE POLICY

The main purpose of this Policy is to determine the principles regarding the methods and processes for the protection of Personal Data by the Company.

SCOPE

1- This Personal Data Storage and Destruction Policy (Policy) covers all activities involved in any process where Barbarian Giyim ve Tekstil Ticaret Limited Şirketi (barbarianwoman.com) processes personal data and applies to these activities.

2- This Policy does not apply to data that are not Personal Data.

3- This Policy covers all storage and destruction processes that Barbarian Giyim ve Tekstil Ticaret Limited Şirketi will apply regarding personal data.

4- This Policy may be changed if required by GDPR Regulations.

DEFINITIONS

Law (KVKK): Law on the Protection of Personal Data No. 6698.

Regulation: Regulation on the Deletion, Destruction or Anonymization of Personal Data.

Communiqué: Communiqué on the Procedures and Principles for Applications to the Data Controller published by the Personal Data Protection Authority in the Official Gazette on 10.03.2018.

Board: Personal Data Protection Board.

Authority: Refers to the Personal Data Protection Authority.

GDPR Regulations: Refers to Law No. 6698 on the Protection of Personal Data and other relevant legislation regarding the protection of Personal Data, binding decisions, principle decisions, provisions, instructions issued by regulatory and supervisory authorities, courts and other official authorities, and applicable international agreements and all other legislation regarding data protection.

Recording Medium: Any medium where personal data processed by partially or fully automated means or non-automated means as part of any data recording system are located.

CHANGES TO THE POLICY

This Policy may be changed from time to time. The updated Policy text, with changes visible, is shared with employees via e-mail or made accessible to employees and Data Subjects via the website address below.

Relevant website address: barbarianwoman.com

EFFECTIVE DATE OF THE POLICY

This version of this Policy entered into force on 01.04.2018.

CONTACT

Data Controller: Barbarian Giyim ve Tekstil Ticaret Limited Şirketi.

E-mail: info@barbarianwoman.com

Address: Gürsel Mah. Sevilen Sk. No: 61 İç Kapı No: 7 Kağıthane/ İstanbul