Pursuant to the commanding provision 12/5 titled Obligations Regarding Data Security of the Personal Data Protection Law No. 6698 (“Law”), following the situation that the personal data processed by the data controller is seized by third parties unlawfully, as soon as possible by appropriate means and It has an obligation to notify the Board of Directors (“Board”).
Having the title of data controller, Flo Mağazacılık ve Pazarlama A.Ş. Evaluation of the notification made to the Personal Data Protection Authority (“Authority”) as a result of the complaint of the person concerned, on the Authority’s website on September 27, 2022;
- “The personal data of the users of the instreet.com.tr website belonging to the data controller are published on a publicly accessible website,
- The personal data affected by the breach is the name, surname, user name, user password and the first 4 and last 4 digits of the credit card belonging to 380 of these users, and the information showing which bank these credit cards belong to,
- The number of relevant persons affected by the violation may be approximately 3500”.
In the resident sharing, there is also information that, as a result of the notification made, an ex officio investigation is initiated by the Board and an application will be made to the Criminal Judgeship of Peace in order to stop the personal data processing activities on the website where the data controller user information is published.
You can reach the Data Breach Notification Decision via this link:https://www.kvkk.gov.tr/Icerik/7453/Kamuoyu-Duyurusu-Ilgili-Kisi-Sikayeti-Uzerine-Flo-Magazacilik-ve-Pazarlama-A-S-
Pursuant to the commanding provision 12/5 titled Obligations Regarding Data Security of the Personal Data Protection Law No. 6698 (“Law”), following the case of the unlawful seizure of personal data by third parties, It has an obligation to notify the Board of Directors (“Board”).
Having the title of data controller, Flo Mağazacılık ve Pazarlama A.Ş. Evaluation of the notification made to the Personal Data Protection Authority (“Authority”) as a result of the complaint of the person concerned, on the Authority’s website on September 27, 2022;
- “The personal data of the users of the instreet.com.tr website belonging to the data controller are published on a publicly accessible website,
- The personal data affected by the breach is the name, surname, user name, user password and the first 4 and last 4 digits of the credit card belonging to 380 of these users, and the information showing which bank these credit cards belong to,
- The number of relevant persons affected by the violation may be approximately 3500”.
In the resident sharing, there is also information that, as a result of the notification made, an ex officio investigation is initiated by the Board and an application will be made to the Criminal Judgeship of Peace in order to stop the personal data processing activities on the website where the data controller user information is published.
You can reach the Data Breach Notification Decision via this link:https://www.kvkk.gov.tr/Icerik/7453/Kamuoyu-Duyurusu-Ilgili-Kisi-Sikayeti-Uzerine-Flo-Magazacilik-ve-Pazarlama-A-S-
