Basket ( 0 Product)
LOGIN
Privacy Policy
Privacy Policy

Individuals (“User”) who visit and/or use the website (the (“Website”) at the “defacto.com ” address and the “Defacto” mobile application (the “Mobile App”), operated by DEFACTO Egypt for trade. (the “Company”) are required to read this Confidentiality Policy prior to using the Website and the Mobile App.

 

  • Certain personal data (name, age, e-mail address, etc.) are requested at the Website and Mobile App in order to serve the Users better. Such data collected through the Website and Mobile App are used within the Website and Mobile App in order to be able to carry out campaign studies or special promotion activities aimed for the User's account. Apart from the personal data; statistical data of the transactions made through the Website or Mobile App are analyzed and retained.
  • The Company absolutely does not share the data communicated to it by membership forms with third parties, outside of the Users' knowledge or unless they have any instructions on the contrary, and does not use and sell such data for any commercial purposes due to any unrelated reasons.
  • The Re-Marketing & Demography and Field of Interest Reporting features of Google Analytics are used in the contents of the Website. Visual Advertising may be excluded from the scope of Google Analytics and the Google Visual Advertising Network advertisements may be customized using the advertisement settings. The Demographic data provided by Google Analytics are used to customize the Website and the advertisements on the Website, if any, according to the fields of interest of the Users. Such data may be shared with advertisement publishers, together with the data of other Users, while they are being used in target mass studies. Such data do not include any personal data (name, surname, National Identification No., gender, age, etc.) in any ways; they are used to make studies regarding User trends and compile the target mass. The sharing of anonymous data with advertisement publishers for advertisement and promotion purposes is approved upon accepting this Use Agreement.
  • Third party providers, including Google, shall display the Website and Mobile App advertisements in the banner areas they provide at the publisher sites on the internet. First party cookies and third party cookies are collectively used by the Website and third party providers, including Google, to collect information regarding the advertisements, and to optimize and publish the advertisements as based on the past visits of the visitors to the Website and Mobile App.
  • Personal User data shall be disclosed to public authorities solely under circumstances where they are demanded by court order and such disclosure is compulsory as per the mandatory legislation provisions.
  • The User credit card data requested on the payment page are not kept on the servers of the Website and Mobile or third party service provider companies in order to maintain the security of Users who purchase from the Website and/or Mobile App at the highest level. Thus, it is ensured that all transactions aimed for payment are realized between the related bank and the device used by the User, through the Website and Mobile App interface.
  • By approving this Use Agreement, the User confirms that the data he has shared with the Company are his personal data and such data may be shared with other legal entities that are affiliates of the Company in order to be able to carry out sales and marketing activities and provide proper notification to any communication devices.
  • It is always possible to be removed from the e-mail sending list by clicking the "Please click if you do not want to be informed about the campaign announcements." link at the bottom of the e-mails/Whatsapp sent within the scope of Website membership or by leaving the "I would like to be informed about campaigns and opportunities" option blank in the "Update Membership Data" field in "My Account" section on the Website.
  • The Member expressly consents for his personal data to be processed and transmitted to third parties within the scope of the Laws in Egypt and as covered under the Civil Code. Personal data shall continue to be processed as long a membership is continued.
  • The Data Supervisor is DEFACTO Egypt for Trade under the Law and accepts to comply with all its liabilities and obligations in the Law.
  • The personal data of the Member are processed in order to offer a better shopping experience, collect and compile statistical data, improve commercial activities and fulfill the liabilities that the membership agreement encumbers the Company with and similar purposes.
  • The Member accepts, declares and undertakes that he has expressly consented to the transmission of his personal data to third parties to be determined by the User, domestically or abroad, in order for such data to be retained, stored and processed for any purposes.
  • The Personal Data of the Member are collected through this application form or on electronic media, if deemed necessary.
  • At any time, the Member is entitled to apply to the Data Supervisor Company under the Law and find out whether his personal data have been processed or not, request information about his processed personal data – if any, find out about the purpose of processing personal data and whether such data have been use as fit for such purposes or not, know the third parties to whom his personal data have been transmitted, request the correction of errors in his personal data and, if transmitted, request such correction to be demanded from the related third parties, request his data to be deleted, destroyed or anonymized upon the elimination of causes necessitating the processing of personal data and, if transmitted, to ask for this request to be communicated to the third party to whom they have been transmitted, challenge a negative result related with the individual as a result of processed data, claim damages under the laws in case any damages are incurred due to processing of data as contrary to the Law.
Website Terms of Use

General

“DeFacto” and “Defactofashion” are  the registered trademarks of DeFacto Retail Trade Inc. who has the sole ownership of DeFacto Egypt for Trade Limited Liability Company.defacto.com website is the internet store of DeFacto. Access to this Website (defacto.com), the use of this Website and products and services accessed through this Website are subject to the following terms, conditions and notices. You are assumed to have accepted all Service Conditions, which may be revised by us from time to time, by using the services. We would like to recommend you to check this page regularly in order to be informed about any revisions that may have been made in the Service Conditions. Access to the Website has been provided temporarily and we reserve the right to withdraw and modify the services without prior notice. The inability to access the Website at any time and for any reasons, regardless of how long, is not under our responsibility. We may restrict access to certain or all parts of the Website from time to time. DeFacto shall be entitled to correct, remove or revise the Services and/or any pages of this Website, solely at its own discretion, at any time and without prior notice.

Confidentiality Policy

You may find our confidentiality policy explaining how we will use your data in our Confidentiality Policy section. By using this Website, you are deemed to have approved the transactions made here and the accuracy of the data you have provided.

Website

We shall not be held liable for any damages or losses caused by denial of service attacks, viruses or other technologically malicious materials that may contaminate your computer hardware, computer programs, data and your other materials due to your use of the Website or downloading any materials on this Website or any other sites, links to which are provided on this Website.

Intellectual Property, Software and Content

The Intellectual Property Rights of all software and contents offered to you on or through the Website shall remain as DEFACTO property and are protected by copyright laws and treaties worldwide. DEFACTO keeps all such rights reserved. You may only store, print and view the contents provided for your personal use. You may not publish, process, distribute any contents that are offered to you or viewed on this Website or the copies of such contents, or reproduce such in any way and in any format, or use any such contents in relation with any business or commercial establishment.

Sales Conditions

You are deemed to have accepted to purchase the product under and as subject to the following terms and conditions, upon placing an order. The product is required to be available and the order price to be conformed in all orders. The periods to dispatch for distribution vary depending on whether the product is available or not, and any assurances or statements regarding the delivery period are limited to deliveries in Egypt and may be subject to delays due to delays in the mail or force majeure that are beyond our responsibility. Please read the Delivery policy for detailed information. You are required to be above 18 years of age and hold a valid credit card or a debit card issued by a bank that is acceptable for us in order to be able to enter into a contract with DeFacto. Our customers, who do not have a credit card or debit card, may benefit from the 'cash on delivery' option. DeFacto reserves the right to reject any requests from your side. You will be notified by e-mail if your order is approved. You are deemed to undertake that all data you have provided to us while placing your order are true and complete, you are the authorized user of the credit or debit card you have used while generating the order and you have adequate monetary resources to cover the cost of the goods. All prices that are advertised are subject to such changes.

Our Contract

You will receive an approval e-mail confirming the receipt of your order, when you place an order. This e-mail shall solely qualify as a confirmation on that your order has reached us but shall not mean that your order has been accepted.  A contract shall not be generated between you and us until we send you an e-mail confirming that the products you have ordered have been dispatched for distribution. Only the products indicated in the confirmation e-mail sent at the time the products are dispatched for distribution shall be included in the contract.

Pricing and Unavailability

Although we strive for all information, explanations and prices viewed on the Website to be accurate and assure you in this respect, errors may still occur. If we determine an error concerning the price of any product you have ordered, we shall notify you about this circumstance as soon as possible and offer you the option to re-confirm your order over the correct price or cancel the order. We will process the order as canceled if we are unable to reach you. If you cancel your order and have paid the price of the products, the total amount you have paid will be reimbursed to you. The prices include VAT when applicable.

Payment

Upon receiving your order that you have generated with your Credit card or Debit card, we subject the card you have used for the payment to a standard preliminary provision check in order to make sure that you have the adequate funds to perform the transaction. Products are not dispatched for distribution before the preliminary provision check is completed. The cost shall be debited to your card after the order is accepted.

Approval is received by SMS in orders generated with the Cash on Delivery option. You are required to enter the password that will be sent to your cell phone in the related field on our website. SMS approval is obtained in order for the order to be delivered to the correct person safely. The payment shall be collected in cash at the customer's door by the courier company.

Gift Checks

Gift checks may be designated to the account holders. Gift checks are only valid for purchases made through the accounts where they are designated. The gift checks are solely valid in purchases made from this Website, depending on the terms and conditions for use. They are not valid in DeFacto stores.

Discount / Promotion Codes

We also offer promotion codes as applicable for any or certain purchases made through this Website from time to time. The discount codes are solely valid in purchases made from this Website, depending on the terms and conditions for use. They are not valid in DeFacto stores.

Bonus

Bonuses may be defined for account holders. Bonusesare only valid for purchases made through the accounts where they are designated. Bonusesare solely valid in purchases made from this Website, depending on the terms and conditions for use.   If the Customer does not have Defacto membership account(“Guest”) or Registered Buyer(who has a membership account) does not accept the refund payment method as a bonus, the PURCHASER must contact with the Customer Support Service and share her/his bank account information for the money refund purpose. Please see “Distant Sales Agreement” for more detail.

Liability

Our liability for the products you will purchase through our Website is subject to Sales Conditions. All due care has been taken in the preparation of the contents of our website. However, we shall not be liable for errors or shortages or technical problems you may encounter in our website. If we are informed on the presence of an error in the contents of our website, we shall try to correct this as soon as possible. We do not accept any liabilities for any damages and losses (arising from the contract, negligence or any other reasons) that may be incurred by you or a third party in connection with our website or any site that our website provides links to, to the extent permitted the laws. This circumstance does not affect our liability for the Products you have purchased through our website. The Conditions for use do not affect your legal rights.

Invalidity

If any part of the Service Conditions (including provisions where we do not accept any liabilities to you) become unenforceable, any other parts of the Service Conditions shall remain unaffected and the remaining provisions shall fully remain in force. In case it is possible to severe all or a part of any article/item in such a way that the remaining parts shall remain valid, the article shall be interpreted in that way. You are deemed to have accepted that the article shall be corrected in place of that and the article/item shall be interpreted in a way that is similar to the actual meaning to the extent permitted by the laws.

Waiver

If you have violated these conditions and we have not filed suit, we still shall be entitled to exercise our rights and legal remedies in another circumstance where you violate these conditions.

Applicable Law and Jurisdiction

These terms and conditions shall be construed according to the laws of the Republic of Egypt, and in case of any disputes or claims in connection with these conditions, such dispute or claim shall be subject to the exclusive jurisdiction of the Egyptian Courts.

Password and Account Safety

You are required to enter your account and password data (log-in data) in order to access your data recorded on our website. You are responsible to protect the confidentiality of your log-in data and other transactions made under your account. You are required to notify us by promptly by contacting Customer Services, if you have any concerns regarding your log-in data or believe that they are abused. You may deactivate your account at any time you may wish.

Viruses, hacking and other offenses

You should not abuse our website by intentionally spreading viruses, Trojan horses, worms, software bombs, key loggers, spyware, computer software containing advertisements, or malware or other technologically harmful software. You should not attempt any unauthorized access to the website, the server where the website is stored or any other servers or websites linked to the website, any computer or database. You should not attack the website through denial of service attack or distributed denial of service attack. You may have committed a criminal offense as per the Cybercrime law No. 175 of the year 2018 in case you violate this provision. Such violation shall be reported to law enforcement bodies and we shall cooperate with them by disclosing your identity. Your right to use the website shall be terminated promptly in case of such violation.

Complaints

We always aim to satisfy our customers as defacto.com. However, you may contact us through our customer services number in case you are not satisfied with any aspect of our website or the offered services and would like to file a complaint.

 

Cookie Policy

WHAT IS A "COOKIE"?

Cookies are very small text files that are recorded on your computers (or other devices such as smart phones or tablets) through the browsers by the websites you visit and are generally composed of letters and numbers. Cookies do not contain personal data of the visitors, such as name, gender or address.

Cookies are generated by the servers that manage the websites you visit. Thus, the server can understand it when the visitor visits the same site again. Cookies may be compared with identification cards showing that the same visitor has re-visited the web site to the website owners.

DEFACTO Egypt for Trade HOW COOKIES USED?

DEFACTO Egypt for Trade cookies;

  • In order to remember the choices you have made and personalize your use of the website/mobile app/mobile site. Such use involves:
    • Cookies which record your password and ensure that you are logged in to the website/mobile app/mobile site continuously and thus relieve you from entering your password more than once in every visit.
    • Cookies that remember and recognize you during your subsequent visits to the website/mobile app/mobile site.
  • DEFACTO Egypt for Trade uses the cookies in order to determine the way you use the website/mobile app/mobile site, such as where and through which devices you connect to the electronic trade platforms operated by the Club, the contents you view on the website/mobile app/mobile site and the length of your visit.
  • It uses them in order to offer the contents and advertisements that are most compatible with you and your fields of interest, in other words, for targeted advertisement/promotion. DEFACTO Egypt for Trade matches the information obtained through the cookies with your other personal data, offers you more relevant contents, customized campaigns and products and does not offer you any contents or opportunities, which you have previously advised that you are not interested in, again.
  • To perform the fundamental functions which are required for the Site to operate. For example, the ability of the Site members to log in with their membership details.
  • To analyze the Site and enhance the Site performance. For example, to determine the number of those who visit the Site and make performance settings accordingly or facilitate the ability of the visitors to find what they are looking for.
  • To increase the Site functionality and ensure ease of use. For example, to recall the user name or search queries of a visitor, who has visited the Site, in his subsequent visits or to provide links to third party social media activities through the Site.
  • To carry out customization, targeting and advertising activities. For example, displaying advertisements related with the fields of interest of the visitors through the pages and products viewed by the visitors.

HOW DEFACTO Egypt for Trade USE THIRD PARTY COOKIES FOR ADVERTISING AND RE-TARGETING?

DEFACTO Egypt for Trade cookies can also be used for; activating website, mobile application or mobile siteof electronic commerce platforms operated by DEFACTO Egypt for Trade and/or "advertisement technology" to present you the advertisements that you might be interested in when you visited websites where DEFACTO Egypt for Trade gave advertisement. Advertisement technology uses the previous information of your visits to the website/mobile application/mobile site and website/mobile application/mobile sites that DEFACTO Egypt for Trade gave advertisement to offer you customized advertisements. A unique third party cookie may be installed on your browser while offering these advertisements, in order for DEFACTO to be able to recognize you.

DEFACTO Egypt for Trade also uses Google Analytics, which is a web analysis service provided by Google, Inc. ("Google"). Google Analytics uses cookies to analyze the way that the visitors use the website/mobile app/mobile site by statistical data/reports. For further information on the use of Google Analytics (including refusal options), please visit: https://www.google.com/intl/tr/policies/privacy/#infocollect

Furthermore, your e-mail address from your personal data is shared with social media platforms in order to be able to offer the advertisements that might attract your attention also on those media and form a special target mass. Your e-mail address is transferred through secure channels and media offered by these platforms. Social media platforms hash your e-mail address and use it solely for mapping. Your e-mail address is not shared with third parties or other advertisers and is deleted from the systems of the social media platforms as soon as possible after mapping is completed.

For example; Facebook will ensure the confidentiality and security of your e-mail address encrypted by the hash method and the Facebook User Identification collection that forms your "special target mass", which also includes technical and physical security measures developed in order , (a) to protect the safety and integrity of your personal data during the time they are in the Facebook systems and (b) to prevent accidental or unauthorized access to your personal data in Facebook systems and protect your data against accidental or unauthorized use, modification or disclosure. Moreover, Facebook does not provide access or information to third parties or other advertisers, does not add your special target mass data to the information about our users or does not use your special target mass for any purposes other than offering you services, without your permission or unless required by the laws. You may visit: https://www.facebook.com/ads/manage/customaudiences/tos.php?_=_ for Facebook special target mass conditions and https://www.facebook.com/privacy/explanation for Facebook Confidentiality Principles.

Google and Criteo SDK (Software Development Kit) are used in the mobile app instead of cookies.

COOKIE MANAGEMENT

You may obtain information about cookies and exercise your right to permit or reject cookies following the steps given below, depending on the type of your internet browser:

  • Google Chrome: You may permit or block cookies under the "Cookies" tab, by clicking the "lock icon" or the letter "i" in the "address field" of your browser Browser.
  • İnternet Explorer: You may manage the cookies as "permit" or "do not permit" by clicking the "Security" tab in the "Tools" field on the upper right hand corner of your browser.
  • Mozilla Firefox: Click the "open menu" tab on the upper right hand corner of your browser. Click the "Options" image, and select your cookie management using the "Confidentiality and Security" button.
  • For other browsers (such as Opera, Microsoft Edge), you may examine the help and support pages of the related browser.
  • Safari: You may choose the "Safari" tab in the "Settings" section of your phone ad ensure cookie management in the "Confidentiality and Security" field.
  • In addition to the above options; you may visit: https://www.allaboutcookies.org, https://www.youronlinechoices.eu/ for further information on all cookies and cookie management, or use the "Privacy Badger" app (https://www.eff.org/tr/privacybadger)
  • You may follow the directions in the Confidentiality and Security Field of your device for cookie or SDK management in mobile apps or download and use Lumen Privacy Monitor (https://haystack.mobi) on your telephone.

You may continue to use the website, mobile app and mobile site if you reject permanent cookies or session cookies, however you may not be able to access all functions of the website, mobile app and mobile site, or your access may be limited. This may vary in the mobile app.

COOKIE VARIETIES

Cookie varieties based on the period of use: Session cookies and permanent cookies are used in the website, mobile app and mobile site of the electronic trade platforms operated by DEFACTO Egypt for Trade, depending on the period of use. A session cookie expires the moment you close your browser. Meanwhile, a permanent cookie remains for a long time or indefinitely on your hard disk.

Cookie types by cookie owner or cookie placement party: in web sites, mobile application and mobile site of electronic commerce platforms operated by DEFACTO, cookies (first party cookie)” and “third party (third party cookie) cookiess” are used according to the placement party. While DEFACTO cookies are generated by DEFACTO Egypt for Trade, third party cookies are managed by third party firms that we collaborate with.

Cookie varieties depending on the purpose of use: Technical cookies, verification cookies, targeting/advertising cookies, customization cookies and analytical cookies are used in the website, mobile app and mobile site of the electronic trade platforms operated by DEFACTO Egypt for Trade uses these cookies to carry out statistical studies aimed to divide the Members into large groups, and determine their spending habits such as average sending amount, age, gender, shopped categories, mobile use ratio, in order to identify the characteristics that differentiate its Members, and carry out campaigns and advertisements compatible with their preferences and tastes.

Information on the cookies used in the DEFACTO Egypt for Trade web site is provided in the following tables:

 

The Personal Data Retention and Destruction Policy

1. INTRODUCTION

1.1 Purpose

The Personal Data Retention and Destruction Policy (the “Policy”) has been prepared in order to determine the methods and principles regarding the retention and destruction activities performed by DeFacto Retail Trade Inc. (“DeFacto” or the “Company”).

As per the data processing mission and strategies we have determined as DeFacto; processing the data of employees, employee candidates, customers, service providers, visitors and other third parties in compliance with the Constitution of Egypt , international conventions, the Law of combating the crimes of the information technology No. 175 of the year 2018 (the “Law”) and the other related legislation and ensuring that the related parties are able to exercise their rights effectively have been prioritized.

Operations and actions concerning the retention and destruction of personal data are realized in compliance with the Policy that has been prepared by DeFacto accordingly.

1.2 Scope

The personal data belonging to DeFacto employees, employee candidates, customers, service providers, visitors and other third parties are within the scope of this Policy and this Policy is implemented for all recording media, owned or managed by DeFacto, where the personal data are processed, and in the activities aimed for the processing personal data.

1.3 Abbreviations and Definitions

2. RESPONSIBILITY AND DISTRIBUTION OF TASKS

All units and employees of DeFacto provide active support to the units that are responsible to take technical and administrative measures aimed to ensure data security in all media where personal data are processed, in order to make sure that the technical and administrative measures taken by the responsible units within the scope of the Policy are duly implemented, illegal processing of personal data is prevented, illegal access to personal data is prevented and the data are legally stored, by training and increasing the awareness, monitoring and continuously supervising the unit employees.

The distribution, titles, units and job descriptions of those who are assigned in the personal data retention and destruction processes are provided in Table 1.

Table 1: Retention and destruction processes task distribution

3. RECORDING MEDIA

Personal data are securely stored by DeFacto in the media listed in Table 2, in compliance with the law.

Table 2: Personal data retention media

4. STATEMENTS CONCERNING RETENTION AND DESTRUCTION

The personal data of employees, employee candidates, customers, visitors and third parties associated with as service providers are stored and destroyed by DeFacto in compliance with the Law.

The statements concerning retention and destruction within this scope are respectively provided below.

4.1 Statements Concerning Retention

Accordingly, personal data within the scope of DeFacto activities are stored for a period that is set forth in the legislation ( Law No. 175 of the year 2018 )or as compatible with our processing purposes.

4.1.1 Legal Reasons Necessitating Retention

The personal data that are processed by DeFacto within the scope of the activities are stored for the period set forth in this related legislation. Within this scope, personal data are retained for the retention periods set forth in;

  • Law on the Combating the Crimes of Information Technology.
  • Egyptian Civil Code.

4.1.2 Processing Purposes Necessitating Retention

DeFacto retains the personal data it processes within the scope of its activities, in line with the following purposes:

  • To carry out human resources personal affairs, performance and recruitment processes, to carry out in-Company organization processes (trainings, etc.)
  • To provide, price and invoice products and services to the customers; perform and monitor the transactions you have requested regarding products and services that are ordered, purchased and/or used,
  • To promote and market products and services, to contact you regarding these, notifying you on matters such as campaigns, discounts, benefits, conditions, pricing; to offer opportunities such as membership, events and benefit from economic advantages and performing the transactions necessary for the use thereof,
  • Commercial electronic message approval with respect to available customers, in order to perform the Membership Agreement made with the customer; to analyze Customer/Member preferences, tastes and needs and provide special promotions, opportunities and benefits to the Customer/Member,
  • To carry out customer price an product return processes,
  • To resolve customer inquiries and complaints,
  • To make statistical evaluations and market researches,
  • Through the DeFacto E-Commerce website, to process online visitor data as per the related legislation, enable the customer to purchase over this platform, realize membership transactions and improve services offered through the platform, develop new services and make notifications regarding these,
  • To ensure the physical security of DeFacto,
  • To monitor DeFacto Store, Plaza and Warehouse security visually,
  • To monitor personnel inventory,
  • To perform businesses and transactions as a result of signed contracts and protocols,
  • To ensure contact with real / legal entities that have business relations with DeFacto. To ensure corporate reputation management, media communication,
  • To determine and implement the commercial and business strategies of DeFacto,
  • To follow up on accounting and purchasing transactions,
  • To comply with legal processes and legislation,
  • To respond to information demands received from administrative and judicial authorities,
  • To plan in-company reporting and business development activities,
  • To ensure information and transaction security and prevent misuse,
  • To plan and execute operational activities required to ensure that they are carried out in compliance with DeFacto’s strategy determined and policies prepared within the scope of the applicable Egyptian laws.

4.2 Reasons Necessitating Destruction

Regarding Personal Data, in case;

  • The related legislation provisions serving as basis for processing are amended or repealed,
  • The purpose necessitating processing or retention is extinguished,
  • The related person withdraws his open consent, under circumstances where personal data are only processed as pursuant to open consent requirement,
  • The application filed by the related person regarding the deletion and destruction of his personal data as per the applicable Laws is accepted by DeFacto,
  • The related person files a complaint to the Board, under circumstances where DeFacto rejects the application filed by the related person, requesting the deletion, destruction or anonymization of his personal data, finds the given response inadequate or does not respond within the period set forth in the Law, and this request is approved by the Board,
  • The maximum period necessitating the retention of personal data has expired and there are no conditions that would justify the retention of personal data for a longer period,

The Personal data are deleted, destroyed by DeFacto upon the request of the related person, or deleted, destroyed or anonymized ex-officio.

5. TECHNICAL AND ADMINISTRATIVE MEASURES

Technical and administrative measures are taken by DeFacto within the scope of the adequate measures determined and permitted by the applicable laws, for securely retaining personal data, preventing illegal processing and access, and destroying personal data in compliance with the law.

5.1 Technical Measures

The technical measures taken DeFacto concerning the personal data it processes have been listed below:

  • Risks, threats, weaknesses and, if any, gaps aimed for the DeFacto information systems are revealed with penetration tests, and the necessary precautions are taken.
  • Risks and threats that may impact the continuity of the information system are monitored continuously as a result of information security incident management and real-time analyses.
  • Access to the information system and authorization of users are made with the access and authorization matrix through security policies over the active DeFacto directory.
  • Necessary precautions are taken for the physical security of the information systems hardware, software and data of DeFacto.
  • Hardware-oriented (access control system enabling only the authorized personnel to enter the system room, 7/24 employee monitoring system, ensuring the physical security of the side switches forming the local area network, fire extinguishing system, air-conditioning system, etc.) and software-oriented (firewalls, intrusion prevention systems, network access control, systems preventing malware, etc.) precautions are taken in order to ensure the security of the information systems against environmental threats.
  • Risks are identified as aimed to prevent the illegal processing of personal data, it is ensured that measures compatible with such risks are taken and technical controls are made as aimed for the taken measures.
  • Access procedures are established within DeFacto and reporting and analysis studies are made regarding access to personal data.
  • Accesses to the storage areas where the personal data are kept are recorded and illegitimate accesses or access attempts are kept under control.
  • DeFacto takes the necessary precautions in order for the deleted personal data not to be accessible and reusable by the related users.
  • DeFacto has established a compatible system and infrastructure in order to notify the related person and the Board in case personal data are illegally acquired by others.
  • Security gaps are monitored and compatible security patches are installed and the information systems are kept up-to-date.
  • Strong passwords are used in electronic media where personal data are processed. The passwords will be defined and changed at regular intervals as per the Secure Password Guide prepared within this context.
  • Secure logging systems are used in the electronic media where personal data are processed.
  • Data backup systems ensuring the secure retention of personal data are used.
  • Access to data kept on electronic or non-electronic media is restricted according to the access principles.
  • Protection with secure protocol in access to DeFacto web page
  • A different policy has been determined as aimed for the security of sensitive personal data.
  • Trainings on the security of sensitive personal data have been given as aimed for the employees who take part in the sensitive personal data processing processes, confidentiality agreements have been made with such employees and the authorities of the users who are authorized to access data have been defined.
  • Electronic media where sensitive personal data are processed, stored and/or accessed are protected using cryptographic methods, the cryptographic keys are kept in secure environments, all transaction records are logged, the security updates of the media are continuously monitored, the necessary security tests are made/caused to be made regularly, the test results are recorded,
  • Adequate safety precautions are taken for the physical media where sensitive personal data are processed, stored and/or accessed, and unauthorized entries-exits are prevented by ensuring physical security.
  • Personal data and/or sensitive personal data cannot be recorded when external USB storage devices are connected to the computers of the users, If it is necessary to transfer sensitive personal data by e-mail, they are transferred as encrypted using DeFacto e-mail address or KEP account. If they are required to be transferred by media such as flash memory, CD, DVD, they are encrypted with cryptographic methods and the cryptographic key is kept on a different medium. If they are required to be transferred on paper media, necessary precautions are taken against risks such as the theft, loss of the document or document being seen by unauthorized persons, and the document is sent in “classified / confidential” format.
  • Personal data on paper media are kept in locked cabinets and are solely accessed by authorized persons,
  • Physical documents and papers containing personal data used within the organization are destroyed by using a paper shredder,
  • Personal data processed through the cookies of third party service providers are deleted from the systems of the third parties in case membership is terminated.

5.2 Administrative Measures

The administrative measures taken by DeFacto concerning the processed personal data are listed below:

  • Periodical awareness trainings are given to employees as per the Law
  • Employees are caused to sign confidentiality agreements with respect to the activities carried out by DeFacto.
  • The Company policies and procedures have been made compliant with the Law.
  • A discipline procedure has been prepared in order to be applied for employees who fail to comply with the security policies and procedures.
  • The obligation to enlighten the related persons is fulfilled by DeFacto before starting to process personal data.
  • A personal data processing inventory has been prepared.
  • Periodical and random audits are held in DeFacto.
  • Data security trainings are given as aimed for the employees.

6. PERSONAL DATA DESTRUCTION TECHNIQUES

Personal data, which have reached the end of the period set forth in the related legislation or the end of the retention period necessary for the purpose they are processed for, are destroyed by DeFacto, in compliance with the provisions of the related legislation and using the following techniques, either ex-officio or upon the application of the related person.

6.1 Deleting Personal Data

Personal data are deleted using the methods provided in Table-3. Table 3: Deletion of Personal Data

6.2 Destroying Personal Data

Personal data are destroyed by DeFacto using the methods provided in Table-4.

Table 4: Destruction of Personal Data

6.3 Anonymizing personal data

Anonymization of personal data means putting personal data into such a form that it can no longer be associated with a real entity whose identity is known or can be determined under any circumstances, even when it is linked with other data.

Personal data should be made non-associable with a real entity whose identity is known or can be determined, even through the use of suitable techniques with respect to the recording media and the related field of activity, such as reversing and/or matching the data with other data, in order for personal data to be anonymized.

7. RETENTION AND DESTRUCTION PERIODS

Regarding personal data processed by DeFacto within the scope of its activities;

  • Retention periods on personal data basis, concerning all personal data within the scope of the activities carried out in connection with the processes, are provided in the Personal Data Processing Inventory;
  • And the retention periods on process basis are provided in the Personal Data Retention and Destruction Policy.

DeFacto Data Supervisor makes the necessary updates on such retention periods, when necessary.

Ex-officio deletion, destruction or anonymization of personal data, the retention periods of which have expired, is performed by the Data Security and Information Systems Department Presidency or according to the ways indicated under the applicable laws.

8. PERIODICAL DESTRUCTION PERIOD

As per article 2 of the law No 175 year 2018 of the Regulation, DeFacto has determined the periodical destruction period as 6 months. Accordingly, DeFacto performs periodical destruction in June and December every year.

9. ISSUANCE AND RETENTION OF THE POLICY

The Policy is issued in two different media, as wet signed (printed paper) and electronic media, and is disclosed to the public on the web page. The Legal department and the IT Information Security and Governance department each retain one printed copy.

10. POLICY UPDATING PERIOD

The Policy is reviewed when needed and the necessary parts are updated.

11. POLICY ENFORCEMENT AND ABOLITION

The Policy is deemed to have entered into force after it is published on the DeFacto website.

Privacy Policy