Personal Data Storage and Destruction Policy

1. Objective

This policy has been prepared to ensure that the processes of determining the retention periods , securely storing , deleting, destroying or anonymizing personal data processed by Sólvia Studio (“the Company”) are managed in accordance with the KVKK (Turkish Personal Data Protection Law) and related secondary regulations.

2. Scope

This policy covers all personal data processed by the Company within the scope of its e-commerce platform, communication channels, order processes, and customer relations. Data relating to customers, potential customers, visitors, business partners, and suppliers are evaluated within this scope.

3. Storage Principles

Personal data processed by the company;

  • The time limits stipulated in the laws,

  • The time periods that are necessary for conducting commercial activities,

  • The period during which contractual obligations are fulfilled,

  • Legitimate interest requirements,

  • Mandatory deadlines arising from financial audit and proof obligations.

It is kept hidden for that long.

Data will be deleted, destroyed, or anonymized using appropriate methods upon the expiration of the specified periods.

4. Storage Times

Categorical storage periods are as follows:

  • Customer Transaction Data (order, invoice, delivery information): 10 years (as required by the Turkish Commercial Code and the Tax Procedure Law)

  • Accounting and Financial Records: 10 years

  • Communication and Support Requests: 3 years

  • Membership/Account Information: Valid while membership is active + 180 days after request.

  • Logs and records relating to cargo deliveries: 3 years

  • Cookie Records: 6 months – 2 years depending on cookie type.

  • Marketing Permission / Commercial Electronic Communication Consent: Until consent is withdrawn.

  • Cancellation – Refund – Complaint Records: 3 years

These timeframes may be updated in accordance with changes in legislation.

5. Storage Methods

Personal data is stored in the following environments:

  • Secure servers

  • Encrypted digital archives

  • Authorized cloud systems

  • Physical archives in cases of legal requirement.

Access to all storage media is protected by role-based authorization, log tracking, strong encryption, and firewalls.

6. Methods of Deletion, Deletion, and Anonymization

6.1. Deletion

Making data unusable involves removing system access, deactivating user accounts, and performing database-level deletion.

6.2. Elimination

Destruction in a way that makes it impossible to recover, whether in physical or electronic form:

  • Destruction of physical documents using a secure destruction machine.

  • Methods of irreversible data trimming from servers or devices

6.3. Anonymization

Completely severing the identity relationship in such a way that the personal data is lost (masking, merging, generalization, etc.).

7. Periodic Destruction Intervals

The company destroys personal data whose retention period has expired in 6-month periods . Extraordinary destruction procedures may be carried out if deemed necessary.

8. Transfer to Third Parties and Storage

Data shared with shipping companies, payment institutions, accounting firms, and technical service providers is subject to the retention policies of the respective parties and is limited only to the extent necessary for the performance of the service.

9. Data Subject Rights

Data owners; within the scope of Article 11 of the KVKK (Law on Protection of Personal Data).

  • requesting information

  • access to data,

  • requesting correction

  • requesting its deletion/deletion,

  • objection to processing activities
     They have rights such as these.

These requests will be answered within 30 days at the latest once they are submitted to the Company .

10. Policy Entry into Force

This policy enters into force on the date of its publication and may be updated by the Company as needed.