HOTELS
BOOK NOW
BOOK NOW
HOTELS
ARRIVAL
00 MARCH 0000
DEPARTURE
00 MARCH 0000
ADULTS
1
CHILDREN
0
HOTELS

SELECT LANGUAGE

ENGLISH

WAREHOUSE

ADULTS

-
1
+

ROOMS

-
1
+
BOOK NOW
BOOK NOW

Privacy Policy

DEFINITIONS

Explicit Consent

It is the consent which is related to a certain subject, based on to be informed and explained with free will,

Anonymization

Making personal data unable to be unrelated with a natural person whose identity is certain or can be determined in any way even by matching with other data;

Application Form

The Form presented in herein Politics annex which includes application to be made in order to protect the data owner’s rights in scope of the related legislation,

Internet Site

Internet sites having the domains thestay.com.tr and thestayline.com that belong to the company,

Business Partner

Legal entities or natural persons whom the company established business partnership by itself or with shareholder companies or with group companies with the goals like carrying out several projects and receiving service while Project Company carries out its own commercial activities,

Personal Data

All kinds of information related to natural person whose identity is certain or can be determined,

Processing of Personal Data

All kinds of transactions made on data in order to prevent like gaining in non-automatic ways, recording, storing, conversing, changing, re-arranging, explaining, transferring, taking over, making available, classifying or using provided that personal data partly or fully to be part of automatic or any data recording system,

Special Quality Personal Data

Race, ethnicity, political thought, philosophical belief, religion, sect or other beliefs, costume, association, society or syndicate membership, health, sexual life, criminal conviction, data related to security measures and biometric and genetically data,

Data Owner

Natural person whose personal data is processed,

Data Processor

Natural person or legal entity who processes personal data for the name of the data responsible based on the authority given by data responsible,

Data Responsible

Natural person or legal entity who determines the goals of personal data processing and who manages the place where (data recording system) data are kept systematically

ABBREVIATIONS

KVKK

Protection of Personal Data Law numbered 6698 which is published on the Official Gazette numbered 29677 and dated of April 7th of 2016

KVK Board

Protection of Personal Data Law

Company

Depot Konaklama Hizmetleri Incorporated Company

Politics

Protection of Personal Data and Privacy Policy which is prepared and published by Depot Konaklama Hizmetleri Incorporated Company

PROTECTION OF PERSONAL DATA AND PRIVACIY POLITICS

I.                   INTRODUCTION

As Depot Konaklama Hizmetleri Incorporated Company (“Company”), we attach great importance to the protection of personal data of; all of our customers who requests and take service from the hotels that belong to our company and/or of our customers who buy goods through the internet site that belongs to our Company and named thestayline.com, of our users and members who use and subscribe to the Internet Sites that belong to our Company, of other natural persons who establish contact with us by visiting our hotels, Internet Sites or via our social media accounts or by any other way; persons who establish contact/contract with us personally or as a representator of a company or a corporation; of our business partners, shareholders, staff and staff candidates who applies to our Company.

In this scope, we prepared herein Protection of Personal Data and Privacy Policy (“Policy”) in order to explain our principles related to processing of personal data in scope of KVKK and maintain compliance to Protection of Personal Data Law numbered 6698 and to other legislation.

II.                GOAL AND SCOPE

KVKK was published on Official Gazette numbered 29677 and dated of April 7th of 2016. KVKK is arranged to protect fundamental rights and freedoms including privacy of private life of natural persons whose personal data are processed and to determine the liabilities of natural persons and legal entities that process personal data.

Goal of the herein Politics is; to determine necessary management instructions, procedures and conditions in order to maintain the protection and process compliant to KVKK and generate a technical method by the Company.

This Politics is being applied on the activities directed to the processing and protection of all personal data which the Company holds with the title “Data Responsible” and/or “Data Processor”. Politics is handled and prepared based on other legislation related to the processing and production of personal data and KVKK.

III.            PERSONAL DATA

A.                Personal Data Definition

In scope of article 3/I (d) of KVKK, “personal data” means all kinds of information related to natural persons whose identity is determined or determinable. In this scope, anonymous information, anonymized information and other information which cannot be associated with a certain person cannot be accepted as personal data in scope of herein Politics.

B.                General Principles of Processing Personal Data

In scope of article 3/I(e) of KVKK, all kinds of transactions made on data in order to prevent like gaining in non-automatic ways, recording, storing, conversing, changing, re-arranging, explaining, transferring, taking over, making available, classifying or using provided that personal data partly or fully to be part of automatic or any data recording system is included in “data processing”.

Company is processing personal data in compliance with the following principles:

a.                  To be in compliance with the law and honesty rules

b.                  To be true and actual when necessary

c.                  To process for certain, explicit and legal goals

d.                  To be connected with their process goal, limited and moderated

e.                  To be conserved as much as time projected in related legislation or as the time required for the goal they are processed

In this scope by the Company; Hotels or Internet site but not limited to this written, oral or in electronic media through all kinds of channels; your personal data and/or special quality personal data obtained in scope of KVKK and other legislation; can be obtained, recorded, kept, stored, conserved, changed as projected in KVKK and can be shared with 3. Person natural person or legal entities within the country which are considered to be suitable by the Company in direction of legal and factual reasons of the given service or sale made by the Company with legal and statutory reasons and can be processed with other methods.

A.                 Data Processed by the Company

a.                  In General

Company can process general and special quality personal data without the explicit consent  projected in 5th and 6th articles of KVKK or with explicit consent of data owner.

Personal data can be processed in scope of Consumer Protection Law numbered 6502, Distance Contract Directive enacted within the scope of this law, Law on the Regulation of Electronic Commerce numbered 6563, Directive About Service Provider and Intermediary Service Providers which is prepared based on this law, Labor Law numbered 4857, Social Security and General Health Insurance Law numbered 5510, Turkish Commercial Code numbered 6102, Tax Procedure Law numbered 213, Identification Notification Law numbered 1774 and without limited to said laws all other laws, other legislations, notification and all other legal regulations and provisions stated in the related legislation.

(i)                Data in direction of knowing the data owner like name, surname, occupation, cv, gender, marital status, nationality and other additional data,

(ii)              In case of identification presentation is necessary, data exist in documents related to identification determination like identification, passport, driving license,

(iii)            Contact information like GSM number, fax number, e-mail, telephone, address which belong to home, work place or temporary residence place,

(iv)            Communication records like phone calls made with the Company, e-mail writings and other audial and visual data, complain and request recordings

(v)              Data used to determine the consumer and user habits in order to increase the Service and goods sale standards and Internet Site usage data,

(vi)            Internet protocol (IP) address, device identification, internet page views and statistics related to mobile and other digital applications, incoming and outgoing traffic information, referral URL, internet log info, location info, visited sites and information related to actions and transactions made through our internet sites and advertising and e-mail contents.

b.                  Specially

In scope of other legislation and principles exist in herein Politics, personal data that can be processed by the Company for the Company’s legal interest are as follows:

i.  Data related to Internet Site users and online visitors data: Identification Info, (Name, surname, date of birth, gender, T.R. identity number), Location Info (User, City, region etc where the visitor is), Communication Info (cell phone, e-mail address, address etc.), User Info (Info about membership, User ID number etc.), IP address, Transaction Security Info (Password info etc.), Cookie records, Data and evaluations that show habits and likes of User and/or visitor, Commercial electronic message consent/permission of User and/or Visitor, Membership and User Contract that User and/or Visitor consents, Other written texts exist in Internet Site consented by User and/or Visitor, Recordings about commercial electronic messages, request and complaints process management in scope of the consent given by User and/or Visitor.

ii. Purchaser data who buys the Good presented for sale, data subject to purchasing and person data who will use the purchased Good: Identification data belong to Purchaser, Communication Info, (cell phone, e-mail address, address etc.), invoice and money collection info, type, quantity, price, order date of purchased Good, Data belong to person who purchased the Good, discount coupons used during shopping, campaigns if any; commercial electronic message permission which Purchaser issued in electronic media, Distance Sales Contract that he/she consented and Preliminary Information Form,  Other written texts consented by Purchaser, Commercial messages sent in scope of the consent given by Purchaser, recordings related to the management of request and complaint processes IP address, password, parole info.

iii. Data belong to Hotel Customer: Identification Info, (Name, surname, date of birth, gender, T.R. identity number), Communication Info, (cell phone, e-mail address, address etc.), Written texts consented by Customer, Necessary Data in scope of the measures taken in Covid-19 era, Commercial messages sent in scope of the consent given by Customer, recordings related to the management of request and complaint processes, information about your accommodation and visit, invoice and money collection info, information about good or your service purchasing during accommodation, your payment information, information of persons who accommodate with you, occupation situation information, recordings related to your marketing and communication preferences, your IP address, pages that you displayed on internet sites belongs to hotels, data that introduce your mobile device in case when you visit our site with your mobile device and other all kinds of information that we can obtain which you preferred to give us explicitly and with your consent or we can obtain from third parties with your explicit consent.

iv. Working Staff/ Candidate data who makes Job Application: Identification Info, (Name, surname, date of birth, gender, T.R. identity number), Communication Info, (cell phone, e-mail address, address etc.), past education, work experience and CV information

A.                Process Goals of Personal Data

Company can process personal data with the following goals and can conserve for the time required by legal legislation and for the time that these goals need in any case:

(i)                Fulfillment of all legal and administrative liabilities,

(ii)              Negotiation, installation and performing of signed contracts/contracts to be signed,

(iii)            Accommodation service to be able to be given in hotels,

(iv)            Processing of data related to online visitors in scope of other legislation,

(v)              Membership transactions generation by Site Users through Internet Site, personal account generation and arrangement of Members/Visitors through Internet Site and management of membership transactions through personal account, notification of campaigns and occasions to available Members/Visitors with commercial electronic messaging consent or presenting price, marketing, other possibilities, benefits, offers and information to Members/Visitors,

(vi)            Purchasing transaction related to goods presented for sale through Internet Site can be done,

(vii)          Follow-up of purchasing transactions and accounting processes,

(viii)        Maintaining security of all internet sites that belong to the Company and other electronic systems, social media accounts and physical environment,

(ix)            Promotion and marketing of Company products and presented service and developing them, taking opinion of the data owner via surveys and voting,

(x)              Including to birthday celebration, draw, campaigns and competitions, present giving and realizing of similar events, promotion and campaigns which are in favor of the data owner,

(xi)            Investigation, determination and prevention of contradictions to the law and contract and notification to the related legal authorities,

(xii)          Resolution of present or potential legal conflicts,

(xiii)        Answering requests and questions, evaluating complaints and solving them,

(xiv)        Realization of companies and partners law transactions,

(xv)          Hiring processes to be run in scope of human resources politics,

(xvi)        Evaluation of job applications compliance, finalizing and contacting with candidates who applied for job,

(xvii)      Data processing to be compulsory in order to establish, use or protect a right,

(xviii)    Protecting legitimate interests of the Company provided that not harming the fundamental rights and freedoms of data owner.

B.                Personal Data Transfer

Company, provided that complying the general principles mentioned in KVKK and conditions projected in 8th and 9th articles of KVKK and taking necessary security measures, in direction of the goals stated in herein Politics, can transfer the obtained data to third parties and process and store in servers within the country or in other electronic media. Nonetheless, third parties may change based on the type, quality and similar various factors of relationship (/user/membership relationship, business relationship etc) between data owner and the Company, it is as follows in general: (i) Company Group Companies, (ii) Storing corporations, platform owners, data publishing corporations, infrastructure providers and other business partners, suppliers and subcontractors whom the Company Works with, (iii) all kinds of official authorities and corporations, (iv) banks for Money collection and/or corporations authorized for Money collection and other third parties and corporations which are worked with in order to run the activities related to these goals.

C.                Personal Data Collection Method

Company, in scope of conditions stated in 5th and 6th articles of KVKK, can obtain personal data in written, oral, audial and visual recording and in other physical or electronic forms for  the goals mentioned in herein Politics. In addition, personal data can be collected by; hotels, headquarter and other physical environments, internet sites, mobile applications, electronic transaction platforms, social media and other media open to public or by organized events, sale and marketing units, customer forms, channels like digital marketing, contracts, applications, forms, offers, cookies used in Internet Site visits too.

D.                Personal Data Storage Time

Except the situations which has the requirement or permission for storing for longer time legally, the Company stores personal data which it processed by obtaining in compliance with KVKK and stores in time which is stated in other private laws and in KVKK in direction of goals determined in here in Politics and Personal Data Storage and Destruction Politics.

In case of the goal of personal data processing is ended and expiration of storage time which is determined in compliance with KVKK by the Company with other legislation, personal data is only stored as evidence in potential legal conflicts, to claim and/or establish defense related right connected to personal data or to present when wanted by authorized officials. To determine said times, time out and storage time stated in the legislation is based on in direction of claiming said right. In this case there is no Access to the stored personal data for any other goals and related personal data can be only accessed when it is necessary to use in a legal conflict.

Stated times are meticulously followed-up by the Company and personal data whose storage time are expired erased, destroyed or anonymized by the Company in compliance with KVKK as its details are stated in Personal Data Storage and Destruction Politics.

E.                Audit and Security of Personal Data

In scope of article 12 of KVKK, Company, in order to prevent illegal processing of personal data and illegal access to personal data and maintain conservation of them, takes necessary technical and administrative measures in order to establish suitable security level as “data responsible”. For this goal, (i) activities are run compliant to in-house politics and rules prepared in order to protect personal data, (ii) necessary trainings and responsibilities are issued to the staff about in-house politics and rules which are prepared in direction of personal data protection legislation, (iii) all necessary statements and undertakings are taken from the staff, persons and corporations who process date on behalf of the Company, (iv) necessary data security measures are applied in order to prevent unauthorized Access to the data and maintain the security of personal data in-house and out of the Company, (v) Maintaining of obeying to in-house politics and rules which are generated to protect personal data, (vi) sufficiency of taken measures are controlled and new data security systems are provided according to needs and possibilities and/or present data security is developed, updated and necessary audit is made about this matter.  

F.                  Measures Taken by the Company in Order to Protect and Security of Personal Data

Company;

a.                  Maintains the processing of all collected personal data compliant to the principles stated in 4th article of KVKK and to the conditions stated in 5th and 6th articles.

b.                 In scope of KVKK, fulfills the “Informing and Enlighten Liability” which is included in the liability of data responsible via Enlighten Texts which it publishes through internet environment and other related platforms.

c.                  As Data Responsible, generates necessary infrastructure in order to maintain “explicit consent” to provide and process personal data compliant to KVKK in case it is required by law.

d.                 Generates necessary infrastructure to provide personal data compliant to KVKK for goals of communication, marketing, occasion notification and promotion.

e.                  Takes necessary measures by generating required conditions in order to conserve personal data compliant to KVKK in job applications and hiring processes.

f.                   Personal data which are processed in compliance with KVKK and other related law provisions, upon the request of the related person or ex officio, are erased unrecoverable and unusable in any way, destroyed or anonymized by the Company when the reasons of processing are vanished and in case of expiration of time said in the article titled “Personal Data Storage Time” of herein Politics and of time said in Personal data Storage and Destruction Politics. In order to maintain data security, Company generates limitations compliant to KVKK on in-house data Access authorizations, destroys data which are needed to be destroyed.

g.                  In order to prevent illegal processing of personal data and illegal access to personal data and maintain conservation of them compliant to KVKK, takes necessary technical and administrative measures. To conserve data security and secure conservation develops in-house encryption politics and configures present encryption system.

h.                 In order to prevent data leak, necessary in-house measures are taken with in-house applied applications and outsourced supporting products.

i.                    Determines storage times by law according to the quality of the provided data, develops storage politics in-house application and put into effect.

j.                   Takes measures to prevent unauthorized Access and usage of personal data by natural persons or legal entities that process personal data on the basis of authority issued by the Company or processed or transferred or obtained as a result of transfer personal data processed by different departments of the Company.

k.                 Audits activities of conservation of personal data which is run by natural persons or legal entities on behalf of itself periodically on the basis of authority it issued.

l.                    Although necessary technical and administrative measures are taken related to personal data processing, transferring or conserving; if third parties Access to personal data illegally, takes technical and administrative measures for related persons not to get any harm compliant to related legislation about protection of personal data and KVK Board decisions.

m.               Periodically audits and follows-up data recording system in the Company if it is generated compliant to legislation about KVKK.

G.                Data Owner’s Rights In Scope of KVKK

According to the 11th article of KVKK, data owners have the right of:

a.                  To know if personal data are processed or not,

b.                 If personal data are processed, request information,

c.                  To know the goal of personal data processing and if they are used according to its goal or not,

d.                 To know third parties in domestic and abroad whom personal data are transferred,

e.                  To request correction of personal data if they are processed with deficiency or wrong,

f.                   To request their personal data to be erased or destroyed in scope of the conditions projected in the 7th article of KVKK,

g.                  To request made transactions to be notified to transferred third parties according to (d) and (e) subclauses,

h.                 To object to a result comes up against him/her by analyzing processed data exclusively via automatic systems,

i.                    To request remedy in case of damage occurred by processing his/her personal data illegally,

In case of data owners request to use one of their aforementioned rights, they need to fill and sign the application form that is at the annex of here in Politics and with documents and information which determine their identity apply personally with a copy of the form or transmit by notary to address of the Company Harbiye Mah. Kadırgalar Cad. No:6/3 G-Mall Şişli/İstanbul. In case Personal Data Protection Board decides to transmit in any other way other than the ones mentioned above, they will be announced separately.

Company will evaluate the requests which comes from the data owners in compliance with the methods according to the quality of the request as soon as possible and in any case in scope of article 13 of KVKK maximum in 30 (thirty) days and will conclude.

Although requests of data owners will be concluded free of charge as a rule, if answering of the request needs extra costs, fee can be requested as determined in scope of related legislation..

I.                    COOKIES AND SIMILAR TECHNOLOGIES

Company, while there is an Access to its internet sites, electronic platforms, mobile and digital applications or e-mail messages sent by the Company or during Access to the advertises, can place small data files, which maintains recordings and collection of certain data in order to make online advertising and to show special contents to visitors, to the users’ computers, cell phones, tablets, or other devices which Access is provided/used. These data files placed in computers and other devices can be cookies, pixel tag, flash cookies and web pointers and they can also be similar Technologies in order to collect information (shortly “Cookies”). Personal data collection is also available through cookies, data collected by cookies to the extent that they constitute personal data in scope of Turkish law, their processing can be in question in scope of here in Politics and KVKK. By making  ………………… user can erase cookies or refuse them. When user refuses the cookies he/she can still use the related internet site, but may not Access or have a limited Access to all of the functions of that media. Cookies and detailed information about cookie usage is at thestayline.com Cookie Politics.

II.                SITES, SERVICES AND PRODUCTS BELONG TO THIRD PARTIES

Internet sites, platforms and applications belong to the Company can include links related to internet sites and products belong to third parties. Related links are subject to privacy policies that belong to third parties and third parties and sites belong to third parties are free from the Company and the Company will not be responsible in any way for the privacy applications of the third parties.

III.            AMENDMENTS

Company has the right to make amendments at the Protection of Personal Data and Privacy Policy in different times  in scope of Instruction articles which will be put in effect connected to KVKK and in scope of other legislation but not limited to these or with other reasons. Updated version of the Politics will be published on the internet site of the Company and they will be open to the Access of users and members.

IV.             ENFORCEMENT

Herein Politics will be in effect on the date of its publishing and will be in effect until it is erased from the internet site. 

EK- COMPANY PERSONAL DATA STORAGE AND DESTRUCTIOON POLICY

I.           DEFINITIONS

Related User

Except the person or unit who is responsible for technically storing, protecting and backing up the data, they are persons who process personal data in direction of the instruction they took from data responsible or within the data responsible organization.

Destruction

Means erasing, destruction or anonymization of personal data.

Periodical Destruction

In case of all of the personal data processing conditions are canceled in the Law, it means that erasing, destruction or anonymization of personal data which will be done officially as it is stated in data storage and destruction policy or at repeating intervals.

Erasing of Personal Data

It is the transaction of making personal data inaccessible or un-reusable in any way for the related users.

Destruction of Personal Data

It is making personal data inaccessible, un-restorable or un-reusable in any way for anybody,

Anonymization of Personal Data

Making personal data unable to be unrelated with a natural person whose identity is certain or can be determined in any way even by matching with other data;

I.         GOAL AND SCOPE OF STORING AND DESTROYING POLICY OF PERSONAL DATA

Goal of herein Storing and Destroying Policy is; to maintain processing, storing, protecting the personal data that belong to related persons in compliance with Personal Data Protection Law (“Law” or “KVKK”) and although it is processed compliant to legislations, in case when processing reasons are vanished and legal storing time is expired, they are erased, destroyed or anonymized compliant to Instruction About Erasing and Destroying or Anonymization of Personal Data put in effect by publishing on Official Gazette numbered 30224 and dated of 28.10.2017 which constitutes the secondary arrangement of KVKK. To do this, its goal is to generate management instructions, procedure conditions and a technical policy and to maintain the fulfillment of liabilities that comes from the Instruction.

Herein Storing and Destroying Policy is applied at the activities related to storage and destruction of processed personal data by the Company.

Herein Storage and Destruction Policy, KVKK, is handled and prepared related to “Instruction About Erasing, Destroying and Anonymizing of Personal Data” and based on other legislation related to storage and destruction of personal data.

II.                ERASING, DESTROYING AND ANNONYMIZING OF PERSONAL DATA  RUN IN-HOUSE

Personal data are only conserved within the time limit of time outs stated in related legislation and/or for the time necessary for the goal which they are processed for. Accordingly the  Company primarily determines if there is any time or a time out time about conserving personal data at the related legislation or not and conserves these data suitably within these times. In case there is no time projected in the related legislation, personal data are conserved as much as necessary in compliance with KVKK and for the goal they are processed.

As it is arranged in the 7th article of KVKK the Company, although it is processed compliant to the related legislation, when processing reasons are vanished, and/or legal conserving time is expired, upon the request of the related person or ex officio in compliance with 8th, 9th and 10th articles of “Instruction About Erasing, Destroying and Anonymizing of Personal Data” destroys the personal data by erasing, destroying or anonym zing.

Company, in order to fulfill its liabilities comes from law and Instruction, developed necessary Dynamics about this matter by taking technical and administrative measures; trains related units to obey its liabilities and makes necessary assignments about this matter.

III.            CASES WHICH REQUIRES THE DESTRUCTION OF PERSONAL DATA AND METHODS OF ERASING, DESTROYING AND ANNONIMIZING OF PERSONAL DATA

1.                  Cases Which Requires the Destruction of Personal Data

According to KVKK and Instruction, personal data belong to data owners are erased, destroyed or anonymized upon request or ex officio in below mentioned cases:

i.                    Other legislation provisions which constitute fundamentals for the processing, storing and storing times of personal data are amended in the nature of vanishing the liability of storing personal data and/or repealed,

ii.                 Goal which makes it necessary to process or store the personal data is vanished,

iii.               “Erasing Conditions of Personal Data” stated in the 5th and 6th articles of the Law is vanished,

iv.                In case when personal data is processed with the condition of “explicit consent”, data owner cancels his/her consent,

v.                  In scope of data owner’s rights stated in 1/e-f subclauses of 11th article of KVKK, his/her application of his/her data to be erased, destroyed or anonymized is accepted by data responsible,

vi.                Erasing, destroying or anonymizing of personal data is decided by the Board,

vii.             Following the expiration of maximum time of personal data storage, any condition by law exists which justifies to store the personal data longer,

2.                  Methods of Erasing, Destroying and Anonymizing of Personal Data

For destruction of personal data, Company uses erasing, destroying or anonymizing methods which are compliant to KVKK:

i.                    Erasing Methods: Company uses one or more of the methods of erasing from data base by command and blacking out according to the quality of the personal data and where it exists.

ii.                 Destroying Methods: Company uses one or more of the methods of physical destruction, de-magnetizing, overwriting as for the method according to the quality of the personal data and where it exists.

iii.               Anonymizing Methods: Company uses one or more of the methods of regional hiding, excluding parameters, excluding logs, generalizing, minimal and maximal limit coding, global coding, sampling, data exchanging, adding noise and micro combining, data hash and data corruption according to the size of related data, quality of data, existing structure in physical environments, its variation, benefit requested to get from the data and processing goal in order to anonymize personal data.

3.                  COMPANY PERSONNEL, UNIT TITLE AND TASK DEFINITIONS WHO EXIST IN STORAGE AND DESTRUCTION PROCESS OF PERSONAL DATA

Person(s) in below detailed positions will be responsible for storing, erasing, destroying, anonymizing of personal data from database. Task definitions of these persons are determined by the Company as follows:

Position          : Marketing & Communication Manager

Task Definition Summary: To manage digital channels and maintain different marketing methods to progress in synchronization, to protect and store data coming from web site, to follow-up, back up, store collected data, Access responsibility to data and determination of the conditions by contacting with third parties and companies, protection and follow-up of data and server, search engine marketing, content marketing, follow-up subjects like digital targeting and digital sale and interrupt to communication Works if necessary, making several tests about user experience and making road map according to the results, analyzing data coming from digital channels and present necessary reports to the management.

STORAGE AND DESTRUCTION DURATIONS

Data Categories

Storage Durations

Destruction Durations

Data belong to Customer, Membership and Purchaser and Data subject to Order/Purchasing Transaction

In scope of Turkish Commercial Code numbered 6102, 10 years of after the legal relationship finished; according to Law on the Regulation of Electronic Commerce numbered 6563 and related secondary legislation, 3 years, According to Identification Notification Law Application and related legislation, accommodation documents for one year, 1 year beginning from the year following arranged year; accommodation place registry, 5 years beginning from the calendar year following expired year

At the first periodical destruction following storing time expiration.

All registries related to financial and accounting           

In scope of Turkish Commercial Code numbered 6102, 10 years, in scope of Tax Procedure Law numbered 213, 5 years

At the first periodical destruction following storing time expiration.

Registries related to electronic commerce transactions

3 years beginning from transaction date

At the first periodical destruction following storing time expiration.

Commercial electronic messaging registries

3 years beginning from the taking back of the consent

+

CVs

5 years according to Company policy

CVs that are older than 5 years are destroyed in computer environment. For the physical CVs, this time is 6 months.

1.                 TECHNICAL AND ADMINISTRATIVE MEASURES TAKEN BY THE COMPANY IN ORDER TO STORE PERSONAL DATA IN SECURE AND TO PREVENT ILLEGALY PROCESSING AND ACCESSING

i.                  Necessary technical and administrative measures are taken in order to prevent illegal processing and of personal data and illegal accessing of personal data and in order to store personal data compliant to KVKK.

ii.                 Company limits the Access authorizations of the personnel in order to maintain the data security and to make authorization limitation.

iii.                Company limits personnel Access authorization at main server.

iv.                 Encryption techniques are brought and periodical password change is applied compulsory in order to maintain in-house data security. 

v.                  Company protects all areas in web site or mobile applications with SSL where personal data are taken.

vi.                 Virus protection systems and software including firewalls are installed in-house and at platforms owned by the Company.

SCROLL