Login
Sign Up;%20}%2050%25%20{%20opacity:%200.7;%20transform:%20scale(0.96);%20}%20100%25%20{%20opacity:%201;%20transform:%20scale(1);%20}%20}%20%3c/style%3e%3c/defs%3e%3cg%20class='cls-1'%3e%3cpath%20d='M19.84,19.77l2.75,2.75-4.09,4.09c3.54,2.99,7.99,4.93,12.87,5.34V10.99H10.41c.41,4.88,2.35,9.33,5.34,12.86l4.09-4.09Z'/%3e%3cpath%20d='M0,0v43.02h41.68V0H0ZM35.24,35.91h-1.94c-6.71,0-12.85-2.47-17.56-6.55l-7.88,7.88-2.75-2.75,7.88-7.88c-4.08-4.71-6.55-10.85-6.55-17.56v-1.94h28.8v28.8Z'/%3e%3c/g%3e%3c/svg%3e)
KVKK / GDPR
NOVASKIN KVKK / GDPR PRIVACY NOTICE AND DATA PROTECTION POLICYPreparation Date: May 1, 2026Last Updated: May 1, 2026Website: novaskin.bioBrand: NovaskinData Controller: Zeynep YıldızThis KVKK / GDPR Privacy Notice and Data Protection Policy has been prepared to explain how personal data is collected, processed, stored, transferred and protected by Novaskin in connection with visitors, customers, users, buyers, recipients and other individuals who interact with novaskin.bio.This Policy applies to individuals who visit the Novaskin website, create an account, place an order, purchase products, contact customer support, subscribe to newsletters, give marketing communication permission, submit product-related requests, interact with Novaskin through social media or use any digital services offered by Novaskin.This Policy has been prepared in accordance with the Turkish Personal Data Protection Law No. 6698 — KVKK and, where applicable, the General Data Protection Regulation — GDPR of the European Union.Novaskin processes personal data lawfully, fairly, transparently, for specific and legitimate purposes, in a limited and proportionate manner, and with appropriate technical and administrative security measures.In case of any discrepancy between the Turkish version and this English version, the Turkish version shall prevail.1. Data Controller InformationYour personal data is processed by the following data controller:Legal Name: Zeynep YıldızBrand Name: NovaskinAddress: Güller Pınarı Mah. Ahmet Tokuş Blv. Sezen No: 37 Door No: 10 Alanya / Antalya, TürkiyePhone: +90 530 121 03 69Email: [email protected] Office: AlanyaTax Number: 9651286702Website: novaskin.bioIn this Policy, the terms “Novaskin,” “we,” “us,” “our,” “Data Controller” and “Brand” refer to the Novaskin brand operated by Zeynep Yıldız.2. Scope of This PolicyThis Policy applies to:visitors of novaskin.bio,registered users,customers placing orders,buyers of Novaskin products,delivery recipients,invoice recipients,individuals contacting customer support,users submitting contact forms,individuals giving marketing communication consent,newsletter subscribers,campaign participants,users interacting with Novaskin through social media,website visitors whose data is processed through cookies and similar technologies.This Policy does not replace separate privacy notices that may be prepared for employees, job applicants, suppliers, service providers or business partners.3. Core Data Protection PrinciplesNovaskin aims to process personal data in accordance with the following principles:lawfulness, fairness and transparency,accuracy and keeping data up to date where necessary,processing for specific, explicit and legitimate purposes,data minimisation,processing limited to what is necessary,storage only for as long as required,protection against unauthorised access,protection against unlawful processing and transfer,respect for data subject rights,accountability in data processing activities.4. Categories of Personal Data ProcessedDepending on the nature of the service, transaction or interaction, Novaskin may process the following categories of personal data.4.1. Identity InformationThis may include:first name,last name,invoice identity details,tax number, where a corporate invoice is requested,tax office, where a corporate invoice is requested,company name, where a corporate invoice is requested.4.2. Contact InformationThis may include:email address,phone number,delivery address,billing address,country, city, district and postal code,customer support correspondence.4.3. Customer Transaction InformationThis may include:order number,order date,purchased products,cart details,payment method,delivery preferences,cargo tracking number,invoice records,return and exchange requests,right of withdrawal requests,customer support requests,complaint and request history.4.4. Financial Transaction InformationThis may include:payment amount,payment date,payment method,bank transaction reference,instalment information, if applicable,refund information,bank transfer / EFT payment description,payment approval or failed payment information.Credit card and debit card details are not stored on Novaskin servers. Card information is processed by the relevant bank, payment institution or virtual POS provider for the purpose of completing the payment transaction.4.5. Transaction Security InformationThis may include:IP address,session information,device type,browser information,operating system information,log records,security verification records,transaction time,failed login or payment attempts,suspicious transaction records.4.6. Marketing InformationThis may include:commercial electronic communication consent,newsletter subscription,campaign participation,coupon usage,product interests,shopping preferences,abandoned cart information,marketing preferences,consent and opt-out records.4.7. Digital Behaviour and Analytics DataThis may include:pages visited,click behaviour,product viewing history,internal site search records,campaign interactions,cookie preferences,traffic source,session duration,website performance data.Such data may be processed through cookies and similar technologies. For further details, please review the separate Cookie Policy.4.8. Visual and Document DataIf voluntarily shared by the customer in relation to customer support, damaged delivery, missing product, incorrect product, return, exchange or product safety requests, the following may be processed:product photographs,shipping package photographs,damage photographs,invoice images,cargo damage reports,documents attached to support requests.4.9. Data That May Qualify as Health DataNovaskin is not a healthcare provider and does not aim to collect health data.However, if a customer contacts Novaskin regarding an allergic reaction, redness, irritation, sensitivity, skin reaction or similar issue after using a product, the information shared by the customer may qualify as health data.Such data is processed only when voluntarily provided by the customer and only to the extent necessary for product safety assessment, customer support, request/complaint management or compliance with legal obligations.Customers are advised not to share medical reports, diagnoses, prescriptions, special category personal data or unnecessary sensitive information unless strictly required.5. Methods of Collecting Personal DataPersonal data may be collected through automated or non-automated methods, including:the novaskin.bio website,account registration forms,order and checkout pages,cart and delivery forms,contact forms,customer support emails,phone communications,social media messages and comments,cookies and similar technologies,payment infrastructure providers,cargo and logistics companies,accounting and invoicing systems,campaign and newsletter subscription forms,return and exchange request forms,legal request and application forms.6. Purposes of Processing Personal DataNovaskin may process personal data for the following purposes.6.1. Order and Sales ProcessesPersonal data may be processed for:receiving orders,confirming orders,preparing products,processing payment,issuing invoices,sending order summaries,preparing products for delivery,providing after-sales support.6.2. Payment and Financial ProcessesPersonal data may be processed for:completing payment transactions,ensuring payment security,reducing fraud and unauthorised transaction risks,processing refunds,matching bank transfer / EFT payments,maintaining accounting and financial records.6.3. Delivery and Cargo ProcessesPersonal data may be processed for:processing delivery addresses,transferring delivery information to cargo companies,carrying out cargo tracking processes,resolving delivery problems,evaluating damaged, lost or missing product claims.6.4. Customer Relations and SupportPersonal data may be processed for:receiving customer requests,evaluating complaints,responding to product and order questions,conducting return and exchange processes,improving customer satisfaction,evaluating product safety notifications.6.5. Legal ObligationsPersonal data may be processed for:maintaining tax and accounting records,issuing invoices,responding to requests from public authorities,fulfilling consumer law obligations,resolving disputes,complying with statutory retention periods.6.6. Marketing and Commercial CommunicationWhere explicit consent or legally valid communication permission exists, personal data may be processed for:sending campaign notifications,sending discount and promotion announcements,sending email newsletters,sending commercial messages via email, SMS or other channels,offering product recommendations based on customer preferences,sending abandoned cart reminders.Commercial communication permission may be withdrawn at any time.6.7. Website Security and AnalyticsPersonal data may be processed for:ensuring website security,preventing misuse,detecting bots, spam and attack attempts,measuring website performance,improving user experience,resolving technical errors,managing cookie preferences.6.8. Legal Claims and Dispute ManagementPersonal data may be processed for:evaluating legal requests,resolving disputes,protecting rights,storing evidence,complying with administrative or judicial requests.7. Legal Grounds Under KVKKUnder the Turkish Personal Data Protection Law No. 6698, personal data may be processed based on the following legal grounds:processing is expressly provided by law,processing is necessary for the establishment or performance of a contract,processing is necessary for the data controller to fulfil a legal obligation,personal data has been made public by the data subject,processing is necessary for the establishment, exercise or protection of a right,processing is necessary for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject,explicit consent.For example, order, payment, invoicing and delivery processes are generally based on contract performance, legal obligation and legitimate interest. Marketing communications are generally based on explicit consent or legally valid commercial communication permission.8. Legal Bases Under GDPRWhere GDPR applies, Novaskin may process personal data based on the following legal bases:performance of a contract: order, payment, delivery and customer support processes,legal obligation: tax, accounting, consumer law and public authority requirements,legitimate interests: fraud prevention, website security, improvement of customer support quality and protection of legal rights,consent: marketing communications, optional cookies and newsletter subscriptions,establishment, exercise or defence of legal claims: dispute and evidence management.Where processing is based on consent, consent may be withdrawn at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.9. Parties to Whom Personal Data May Be TransferredPersonal data may be shared with the following parties, limited to the relevant processing purposes.9.1. Cargo and Logistics CompaniesName, surname, address, phone number, order and shipping information may be shared with cargo companies in order to deliver the products.9.2. Payment Institutions and BanksNecessary data may be shared with banks, payment institutions and virtual POS providers for payment processing, payment security, refunds, authorisation and fraud checks.Card details are not stored on Novaskin servers.9.3. Accounting and Financial Service ProvidersNecessary information may be shared with accountants, financial advisors and accounting systems for invoicing, taxation, bookkeeping and statutory record obligations.9.4. Software, Hosting and Technical Infrastructure ProvidersData may be shared with technical service providers for website operation, website security, data backup, email delivery, customer support systems, server hosting, maintenance and security services.9.5. Email, SMS and Marketing Service ProvidersWhere explicit consent or commercial communication permission exists, limited data may be shared with email and SMS service providers for campaign, newsletter, order information or customer communication purposes.9.6. Analytics and Advertising Service ProvidersIf you accept Analytics in the cookie banner, Google Analytics 4 (GA4) may process aggregated usage statistics. If you accept Marketing, the Meta Pixel may be used for conversion measurement and advertising performance measurement. Processing is subject to Google’s and Meta’s own privacy and cookie notices. Optional cookies for these providers are not activated without your consent; strictly necessary site cookies remain outside this scope.9.7. Public Authorities and Judicial BodiesInformation may be shared with courts, enforcement offices, law enforcement authorities, tax offices, consumer arbitration committees, administrative authorities and other competent public institutions where required by law.9.8. Legal and Professional AdvisorsLimited data may be shared with lawyers, consultants and auditors for dispute resolution, protection of rights, contract management and legal compliance.10. International Data TransfersNovaskin prefers, where possible, to process personal data through systems and service providers located in Türkiye. However, certain technical infrastructure, email, analytics, payment, security, cloud, backup or marketing services may be provided through servers or service providers located abroad.In such cases, personal data may be transferred abroad under applicable legal transfer mechanisms, including:transfer mechanisms under KVKK,adequacy decisions, where applicable,appropriate safeguards,standard contractual clauses,explicit consent, where required,exceptional transfer conditions,Standard Contractual Clauses — SCC under GDPR, where applicable,additional technical and administrative security measures.International transfers are carried out only where necessary, limited to the relevant processing purpose and in accordance with applicable law.11. Cookies and Similar TechnologiesNovaskin may use cookies, pixel tags, local storage technologies and similar tracking tools on its website.Cookies may be used for the following purposes:ensuring website functionality,maintaining cart and session information,ensuring security,remembering user preferences,measuring website performance,analytics reporting,marketing and advertising activities,analysing campaign performance.Strictly necessary cookies are required for the operation of the website. Analytics, performance, advertising and marketing cookies may be used depending on the user’s preferences or consent.For further information, please review the separate Cookie Policy.12. Commercial Electronic CommunicationsNovaskin may send commercial electronic communications only in accordance with applicable law and where the required permissions have been obtained.Commercial electronic communications may include:campaign announcements,discount notifications,new product updates,special offers,abandoned cart reminders,newsletters,promotional announcements.Users may withdraw commercial electronic communication permission at any time. Following an opt-out request, commercial marketing communications will be stopped, subject to legally required processing periods.Mandatory notifications regarding orders, delivery, invoicing, returns, security or contractual processes may not be considered commercial marketing communications.13. Retention PeriodsPersonal data is retained for as long as required for the processing purpose and for the statutory retention periods required under applicable law.General retention principles are as follows:Data CategoryRetention PeriodOrder and sales recordsFor the period required under legal obligationsInvoice and accounting recordsFor the period required under tax and commercial legislationCargo and delivery recordsFor the period necessary for delivery and dispute managementCustomer support recordsFor the period necessary for request and dispute managementCommercial communication consent recordsFor as long as the consent is valid and as required for proofCookie recordsAccording to the duration determined by cookie typeSecurity and log recordsFor the period necessary for technical security and legal evidenceReturn and withdrawal recordsFor the period required under consumer law and dispute processesPersonal data whose retention period has expired is deleted, destroyed or anonymised in accordance with applicable law.14. Data SecurityNovaskin takes reasonable technical and administrative measures to protect personal data.These measures may include:access authorisation,strong password policies,SSL/TLS secure connection,secure payment infrastructure,log records,data minimisation,restriction of unauthorised access,data backup,firewall and server security,limitation of employee and service provider access,confidentiality and security obligations with data processors,encryption or masking where necessary,monitoring of security incidents.No transmission of data over the internet can be guaranteed to be absolutely secure. However, Novaskin takes reasonable measures to protect personal data.15. Special Categories of Personal DataNovaskin does not generally aim to process special categories of personal data.Users are requested not to share information such as race, ethnic origin, political opinions, philosophical beliefs, religion, sect, health data, biometric data, criminal conviction data, union membership or similar sensitive data.Information voluntarily shared by a customer after product use, such as skin reaction, allergy, irritation or sensitivity, may qualify as health data. Such information is processed only to the extent necessary for evaluating the relevant request, product safety review, customer support or legal obligations.16. Children’s Personal DataNovaskin products are primarily offered for adult users.Individuals under the age of 18 may require parental or legal guardian consent to place orders, create accounts or share personal data through the website.Novaskin does not knowingly target the collection of personal data from children. If it is believed that a child’s personal data has been processed without proper authorisation, a parent or legal guardian may contact Novaskin.17. Social Media UseNovaskin may operate accounts on Instagram, Facebook, TikTok, LinkedIn, X or similar social media platforms.When users contact Novaskin, send messages, comment or interact through these platforms, the privacy policies of the relevant social media platforms may also apply.Novaskin is not responsible for the independent data processing activities, cookies, algorithms or advertising technologies of social media platforms.Users are advised not to share special category, sensitive or unnecessary personal data through social media channels.18. Third-Party LinksThe Novaskin website may contain links to third-party websites, payment infrastructures, cargo tracking pages, social media platforms or service provider pages.The privacy policies, cookie practices and data processing activities of third-party websites accessed through these links are not controlled by Novaskin.Users are advised to review the privacy policies of third-party websites before using them.19. Your Rights Under KVKKUnder KVKK, data subjects may apply to the data controller and exercise the following rights:to learn whether personal data is being processed,to request information if personal data has been processed,to learn the purpose of processing and whether data is used in accordance with that purpose,to know the third parties to whom personal data has been transferred domestically or abroad,to request correction if personal data has been processed incompletely or inaccurately,to request deletion or destruction of personal data,to request notification of correction, deletion or destruction to third parties to whom personal data has been transferred,to object to any result against the person arising from analysis exclusively through automated systems,to claim compensation if damage is suffered due to unlawful processing of personal data.20. Your Rights Under GDPRWhere GDPR applies, data subjects may have the following rights:right to be informed,right of access,right to rectification,right to erasure,right to restriction of processing,right to data portability,right to object,right to withdraw consent,right to object to automated decision-making and profiling,right to lodge a complaint with a competent supervisory authority.The scope of GDPR rights may vary depending on the processing activity, legal basis and specific circumstances.21. Application MethodYou may submit requests regarding your personal data through the following channels:Email: [email protected]: +90 530 121 03 69Address: Güller Pınarı Mah. Ahmet Tokuş Blv. Sezen No: 37 Door No: 10 Alanya / Antalya, TürkiyeWebsite: novaskin.bioIt is recommended that your request includes:first name and last name,contact information,subject of request,explanation regarding the request,order number, if applicable,reasonable information required for identity verification.Novaskin may request additional information to verify that the request belongs to you. Applications are reviewed and concluded within the periods required by applicable law.22. Responding to ApplicationsApplications under KVKK are concluded as soon as possible and within the statutory period, depending on the nature of the request.Where GDPR applies, applications are assessed within the periods prescribed under GDPR.Applications are generally concluded free of charge. However, if the request requires additional cost, a fee may be requested in accordance with applicable law.Incomplete, inaccurate, unverifiable or abusive requests may be rejected or additional information may be requested.23. Automated Decision-Making and ProfilingNovaskin does not aim to conduct fully automated decision-making processes that produce legal effects or similarly significant effects on customers.However, limited technical analyses may be carried out for:product recommendations,campaign targeting,abandoned cart reminders,personalising website experience,reducing fraud risk,security controls,analytics reporting.Such activities are carried out, where possible, in a manner that does not adversely affect the fundamental rights and freedoms of users.24. Data Processors and Sub-ProcessorsNovaskin may work with third-party service providers for certain data processing activities.These service providers may process data only in accordance with Novaskin’s instructions and for specified purposes.Data processor categories may include:hosting providers,payment infrastructure providers,cargo companies,email delivery services,SMS service providers,customer support software providers,accounting systems,analytics tools,security service providers,backup and cloud infrastructure providers.Novaskin expects data processors to take appropriate measures to protect personal data.25. Processing Activities Requiring Explicit ConsentThe following activities may require explicit consent or separate permission depending on the circumstances:sending commercial electronic communications,use of marketing cookies,advertising and retargeting cookies,optional newsletter subscription,special campaign profiling,international transfer where explicit consent is required,voluntary sharing and assessment of information that may qualify as health data.Where processing is based on explicit consent, consent may be withdrawn at any time.26. Withdrawal of ConsentFor processing activities based on consent, you may withdraw your consent at any time.You may withdraw consent by:using the unsubscribe link in emails,using the SMS opt-out method,changing your preferences through the cookie preference panel,sending a request to [email protected] of consent does not affect the lawfulness of processing carried out based on consent before withdrawal.27. Accuracy of Personal DataUsers acknowledge that the personal data they provide to Novaskin is accurate, complete and up to date.Novaskin shall not be responsible for consequences arising from incorrect or incomplete information, including:failure of delivery,incorrect invoice issuance,delayed refund,extended customer support process,failure of notifications to reach the user.Users should inform Novaskin if their personal data changes.28. Personal Data Breach NotificationIf Novaskin determines that personal data has been unlawfully obtained by third parties or that a data security breach has occurred, it will carry out the notification processes required under applicable law.Where necessary, affected individuals, the Turkish Personal Data Protection Authority or competent supervisory authorities may be notified.29. Changes to This PolicyNovaskin may update this KVKK / GDPR Privacy Notice and Data Protection Policy due to changes in legislation, operational needs, technical infrastructure updates or changes in data processing activities.The updated version becomes effective on the date it is published on novaskin.bio.Where significant changes are made, users may be informed through appropriate communication channels.30. Related Legal DocumentsThis Policy should be read together with other legal documents published on the Novaskin website, including:Distance Sales Agreement,Preliminary Information Form,Payment and Delivery Terms,Return and Hygiene Policy,Product Terms of Use and Disclaimer,Cookie Policy,Commercial Electronic Communication Consent Text,Explicit Consent Text, where required.In case of conflict between this Policy and other website documents regarding the processing of personal data, this Policy shall prevail for data protection matters.
