GDPR-Compliant Data Protection Notice

Olivante Zeytincilik Gıda Sanayi ve Ticaret Ltd. Şti.
This Data Protection Notice (“Notice”) has been prepared in accordance with:

• EU General Data Protection Regulation (GDPR – 2016/679)


• Turkish Personal Data Protection Law (KVKK – No. 6698)


• UK GDPR & Data Protection Act 2018


• California Consumer Privacy Act (CCPA) for U.S. consumers


• International e-commerce and data transfer standards


It applies to all users (“Data Subjects”) who visit, browse, register, make purchases or otherwise interact with www.olivante.com.tr and all related digital services, regardless of location.

1. Data Controller

Olivante Zeytincilik Gıda Sanayi ve Ticaret Ltd. Şti.
MERSIS: 0641079289700001
Commercial Registration No.: 1097753
Address: MASLAK MAH. AOS 55. SK. 42 MASLAK B BLOK SİTESİ NO: 4 İÇ KAPI NO: 542 SARIYER, İSTANBUL
Email: [email protected]
Tel: +90 540 028 00 10

Olivante is responsible for determining the purposes and means of processing your personal data.

2. Categories of Personal Data Processed

Depending on your interaction with the Platform, we process the following data categories:

2.1 Identity Information

Name, surname, customer ID, account information.

2.2 Contact Information

Email, phone number, billing & shipping addresses.

2.3 Transaction & Payment Data

Order history, invoices, payment confirmations.
(Credit card data is NOT stored; processed only by secure payment providers.)

2.4 Website Interaction Data

IP address, device ID, browser type, cookies, pixels, session data, log records.

2.5 Marketing & Preference Data

Newsletter preferences, consent status, analytics, campaign interactions.

2.6 Customer Support Records

Calls, emails, request logs, complaint resolutions.

2.7 Social Media Interaction Data

If you interact via Instagram, Facebook, TikTok, Google etc.

3. Purposes of Data Processing

We process your data for the following purposes:

1. Order processing and contract performance
(purchases, invoicing, cargo delivery)


2. User account creation and authentication


3. Customer service and after-sales support


4. Legal and financial obligations
(tax laws, commercial records, dispute management)


5. Marketing & personalization, including:

• email marketing


• remarketing ads


• product recommendations


• abandoned-cart notifications


6. Website optimization & analytics
via cookies, pixels, analytics tools.


7. Fraud prevention and transaction security


8. Explicit consent-based communication
(promotional SMS/email in TR, GDPR-consent in EU)


4. Legal Basis for Processing (GDPR Art. 6)

4.1 Contract Performance – Art. 6(1)(b)

Processing necessary to fulfill orders, deliver goods, process payments.

4.2 Legitimate Interest – Art. 6(1)(f)

Improving services, preventing fraud, measuring satisfaction.

4.3 Legal Obligation – Art. 6(1)(c)

Tax regulations, e-commerce law, consumer protection laws.

4.4 Explicit Consent – Art. 6(1)(a)

• Marketing emails/SMS


• Cookies and tracking technologies


• Cross-border data transfers where required


4.5 KVKK 5/2 and CCPA equivalencies apply

for processing performed under Turkish law or U.S. jurisdiction.

5. International Data Transfers

Your data may be transferred to:

• Cloud service providers (AWS, Google, Microsoft)


• CRM, email marketing partners


• Payment gateways (İyzico, Stripe, PayPal, PayTR, etc.)


• Logistics and cargo companies


• EU/US-based analytics tools (Google Analytics, Meta Ads, TikTok Ads)


Transfers are made under:

✔ GDPR Standard Contractual Clauses (SCCs)
✔ KVKK Cross-Border Transfer Rules
✔ Adequacy Decision (where applicable)

6. Data Retention Periods

Your personal data is retained only for necessary periods:

• Order & invoice records: 10 years (Turkish Tax Law)


• Customer account: until deletion request


• Marketing records: until withdrawal of consent


• Cookie data: 6–24 months (type-dependent)


• Customer service communications: 3–6 years


Data is securely destroyed after legal retention periods end.

7. Data Sharing With Third Parties

Data may be shared with:

• Cargo/shipping partners


• Payment processors


• Banks & financial institutions


• IT service providers


• Advertising partners (Meta, Google, TikTok)


• Authorized public authorities


• Legal advisors & auditors


We never sell personal data.

8. Your Rights (GDPR Art. 12–23)

As a Data Subject, you have the following rights:

✔ Right to Access

✔ Right to Correction

✔ Right to Deletion (“Right to be Forgotten”)

✔ Right to Restrict Processing

✔ Right to Object to Processing

✔ Right to Data Portability

✔ Right to Withdraw Consent

✔ Right to Not Be Subject to Automated Decisions

✔ Right to Lodge a Complaint with Supervisory Authorities

EU Users → can complain to their local Data Protection Authority (DPA)
Turkish Users → KVKK complaints can be made to KVKK Kurumu.

9. How to Exercise Your Rights

You may submit requests via:

📧 [email protected]
📮 Postal address listed above
📝 Website data request form

Requests are answered:

• GDPR: within 30 days


• KVKK: within 30 days


• CCPA: within 45 days


10. Data Security

We use:

• TLS/SSL encryption


• Tokenized payment processing


• Encrypted data storage


• Role-based access control


• Regular vulnerability scanning


• Secure backup systems


• EU & Turkish data security compliance


We work only with vendors that meet GDPR/KVKK/CCPA standards.

11. Children's Data

Olivante does not knowingly collect data of children under:

• 13 (U.S. COPPA)


• 16 (GDPR)


Parents may request deletion at any time.

12. Updates to This Notice

This Notice may be updated to comply with legislation or operational changes.
Latest version is always available at:
www.olivante.com.tr/data-protection-notice