Personal Data Protection and Processing Policy

PERSONAL DATA PROTECTION AND PROCESSING POLICY

FIRST SECTION: GENERAL INFORMATION ABOUT THE POLICY

1. Introduction

As Akyön Tesis Yönetim Hizmetleri Anonim Şirketi (“Company”), as the “Data Controller” within the scope of the Law on the Protection of Personal Data No. 6698 (“Law” or ‘’KVKK’’), it is our priority to process the personal data of real persons associated with our Company, including our customers, potential customers, suppliers, visitors, users of our website, company shareholders, company officials, employees, shareholders, officials of the institutions we cooperate with, our employee candidates and employees, in accordance with the Law and related legislation and to ensure that the relevant persons whose data are processed use their rights effectively. We carry out the processing, storage, and transfer of personal data of all data owners with whom we are in contact during our activities in accordance with this Personal Data Protection and Processing Policy (“Policy”). The protection of personal data and the observance of the fundamental rights and freedoms of real persons whose personal data are collected, and the taking of necessary administrative and technical measures for the protection of personal data are the basic principles of this Policy and our Company regarding the processing of personal data.

1. Purpose of the Policy
The main purpose of this Policy is to determine the methods we follow regarding the processing, storage, transfer, and deletion or anonymization of personal data shared by data owners during our commercial and social responsibility and similar activities by our Company, which has the title of “data controller” under the Law, within the framework of the principles mentioned in the Law.
In this context, it is to ensure transparency by informing people whose personal data are processed by Akyön Tesis Yönetim Hizmetleri A.Ş., primarily our customers, potential customers, employee candidates, company shareholders, company officials, visitors, employees, shareholders, officials of the institutions we cooperate with, and third parties.

Scope of the Policy
The personal data of all data owners with whom we are in contact during our activities, including but not limited to our employees, employee candidates, shareholders/partners, visitors, business partners, customers, potential customers, suppliers, users visiting our website of our affiliates, are regulated within the scope of this Policy. This Policy does not apply to data belonging to legal entities.
In case of a discrepancy between the current legislation regarding the processing and protection of personal data and this Policy, the provisions of the legislation in force will apply.

3. Enforcement of the Policy
This Policy has been approved by our Company and entered into force as of 01.06.2020. With the entry into force of this Policy, the Policy previously published on our website has been repealed. If changes are required in the Policy, the relevant articles will be updated accordingly. Explanations regarding the changes made in this Policy are specified in the Eleventh section of this Policy.

SECOND SECTION: DEFINITIONS AND ABBREVIATIONS

1. Definitions

1.1. Explicit Consent Consent based on information regarding a specific subject and expressed with free will.

1.2. Anonymization Making personal data incapable of being associated with an identified or identifiable natural person, even through matching with other data. Example: Making personal data unassociable with a real person using techniques such as masking, aggregation, data corruption, etc.

1.3. Employee: Persons working in the Company in accordance with the employment contract made with the Company

1.4. Employee Candidate: Real persons who have applied for a job to the Company by any means or have opened their resume and related information to the Company's review

1.5. Real Persons and Private Law Legal Entities: Real persons are persons who are alive and born fully and alive according to the Turkish Civil Code. Private Law Legal Entities refer to Commercial Companies defined in the Turkish Commercial Code and associations and foundations defined in the Turkish Civil Code.

1.6. Public: Refers to the group of people that does not constitute any feature, that is, everyone, that is, all people.

1.7. Shareholders: Real or legal persons who own shares in the Data Controller's Company.

1.8. Business Partner: Parties with whom the data controller carries out commercial activities and has a commercial relationship.

1.9. Employees, Shareholders and Officials of Institutions We Cooperate With: Real persons, including employees, shareholders and officials of institutions with which the Company has all kinds of business relations (such as business partners, suppliers, but not limited to these)

1.10. Affiliates and Subsidiaries: Affiliate refers to companies in which the Data Controller has shares in their capital in case of a partnership in the capital of another company. If the Company has more than 50% voting rights of the company it is a partner of, the relationship with the partner company constitutes a subsidiary, if the majority is not in the company, a simple affiliate relationship is in question.

1.11. Processing of Personal Data: Any operation performed upon personal data such as collection, recording, storage, retention, alteration, re-organization, disclosure, transferring, taking over, making retrievable, classification or preventing the use thereof, fully or partially through automatic means or provided that the process is a part of any data registry system, through non-automatic means.

1.12. Personal Data Owner: The real person whose personal data is processed. For example; Customers and employees.

1.13. Personal Data: Any information relating to an identified or identifiable natural person. Processing of information regarding legal entities is not within the scope of the law. For example; name-surname, TR ID, e-mail, address, date of birth, credit card number, etc.

1.14. Customer: Real persons who use or have used the products and services offered by the Company regardless of whether they have any contractual relationship with the Company

1.15. Special Categories of Personal Data: Data relating to race, ethnic origin, political opinion, philosophical belief, religion, sect or other belief, clothing, membership to associations, foundations or trade-unions, health, sexual life, convictions and security measures, and the biometric and genetic data are of special nature.

1.16. Potential Customer: Real persons who have requested or shown interest in using our products and services or who have been evaluated in accordance with commercial custom and honesty rules as having this interest

1.17. Intern: Real persons who have applied for an internship to the Company by any means and aim to put their theoretical knowledge about the profession into practice in the workplace

1.18. Company Shareholder: Real persons who are shareholders of the Company

1.19. Company Official: Company board member and other authorized real persons

1.20. Supplier: Parties that have a business relationship with the Data Controller based on a service contract and/or power of attorney contract for service procurement within the scope of the data controller's commercial activities.

1.21. Group Companies: According to the definition in the Turkish Commercial Code, ''Companies directly or indirectly affiliated with the parent company constitute a group of companies together with it.''

1.22. Third Party: Third party real persons associated with these persons in order to ensure the security of commercial transactions between the Company and the parties mentioned above or to protect the rights of the mentioned persons and to provide benefits (e.g. Family Members and relatives)

1.23. Data Processor: Real or legal person who processes personal data on behalf of the data controller based on the authority given by him. For example, firms or companies holding the Company's data, etc.

1.24. Data Controller: The person who determines the purposes and means of processing personal data, manages the place where the data is kept systematically (data recording system), provides the necessary information to the data owner regarding personal information as a result of the data owner's request / application and makes directions is the data controller.

1.25. Authorized Public Institutions and Organizations: Public institutions and organizations authorized to request information and documents from the data controller with their relevant legislation and to which the Data Controller must transfer in order to fulfill its legal obligations.

1.26. Visitor: Real persons who have entered the physical campuses owned by the Company for various purposes or visited our websites

2. Abbreviations

2.1. KVKK: Law No. 6698 published in the Official Gazette dated April 7, 2016 and numbered 29677, Law on the Protection of Personal Data dated March 24, 2016 and numbered 6698.

2.2. Constitution: Constitution of the Republic of Turkey dated November 7, 1982 and numbered 2709; published in the Official Gazette dated November 9, 1982 and numbered 17863.

2.3. KVK Board: Personal Data Protection Board

2.4. KVK Authority: Personal Data Protection Authority

2.5. Policy: Company Personal Data Protection and Processing Policy

2.6. TBK: Turkish Code of Obligations dated January 11, 2011 and numbered 6098; published in the Official Gazette dated February 4, 2011 and numbered 27836.

2.7. TCK: Turkish Penal Code dated September 26, 2004 and numbered 5237; published in the Official Gazette dated October 12, 2004 and numbered 25611.

2.8. TTK: Turkish Commercial Code dated January 13, 2011 and numbered 6102; published in the Official Gazette dated February 14, 2011 and numbered 27846

THIRD SECTION: DATA SUBJECT PERSON GROUPS AND DATA CATEGORIES

1. Personal Data Categorization

Personal data in the categories specified below are processed within the Company by informing the relevant persons pursuant to Article 10 of the Law. Which data owners regulated under this Policy are associated with the personal data processed in these categories and which type of personal data of the persons in these categories are processed are specified in this section. Processed partially or fully automatically or non-automatically as part of a data recording system, which clearly belongs to an identified or identifiable natural person;

PERSONAL DATA CATEGORIZATION EXPLANATION REGARDING PERSONAL DATA CATEGORIZATION
Identity Information
  • All information contained in documents such as driver's license, identity card, residence, passport, attorney ID, certificate, marriage certificate is identity information.
  • Information belonging to employee candidates, company shareholders, company officials, visitors, employees, shareholders and officials of institutions with which we cooperate processed by our Company.
Contact Information
  • Information such as phone number, address, e-mail is contact information.
  • Information belonging to customers, potential customers, employee candidates, company shareholders, company officials, visitors, employees, shareholders and officials of institutions with which we cooperate processed by our Company.
Location Information
  • Data determining the location of our personal data owner employees while using our Company's vehicles is location data.
  • Information belonging to our employees processed by our Company.
Customer Information
  • Information obtained and produced about the relevant person as a result of our commercial activities and the operations carried out by our business units in this framework.
  • Customer data processed by our Company.
Customer Transaction Information
  • Information such as records regarding the use of our products and services and the instructions and requests required for the customer to use the products and services.
  • Customer data processed by our Company.
Physical Space Security Information
  • Personal data regarding records and documents taken at the entrance to the physical space and during the stay in the physical space.
  • Information belonging to visitors, company officials, customers, employees of institutions with which we cooperate processed by our Company.
Transaction Security Information
  • Your personal data processed to ensure our technical, administrative, legal and commercial security while carrying out our commercial activities.
  • Information belonging to visitors, third parties, company officials, employees, shareholders and officials of institutions with which we cooperate processed by our Company.
Risk Management Information
  • Your personal data processed through methods used in accordance with generally accepted legal, commercial custom and honesty rules in these areas in order to manage our commercial, technical and administrative risks.
  • Data belonging to customers, potential customers, employee candidates, company shareholders, company officials, visitors, employees, shareholders and officials of institutions with which we cooperate, third parties processed by our Company.
Criminal Conviction and Security Measures Information
  • Information regarding criminal convictions and security measures (criminal record) of our employees or real persons who have a working relationship with our company.
Financial Information
  • Personal data processed regarding information, documents and records showing all kinds of financial results created according to the type of legal relationship our Company has established with the personal data owner.
  • Data belonging to customers, employees, company shareholders, company officials, employees, shareholders and officials of institutions with which we cooperate processed by our Company.
Personnel Information
  • Any personal data processed to obtain information that will be the basis for the formation of personnel rights of our employees or real persons who have a working relationship with our Company.
  • Information belonging to employees, employees of institutions with which we cooperate processed by our Company.
Employee Candidate Information
  • Personal data processed regarding individuals who have applied to be an employee of our Company or who have been evaluated as employee candidates in line with the human resources needs of our company due to commercial custom and honesty rules or who have a working relationship with our Company.
  • Information belonging to employee candidates processed by our Company.
Employee Transaction Information
  • Personal data processed regarding any transaction carried out by our employees or real persons who have a working relationship with our company related to work.
  • Information belonging to employees, employees of institutions and dealers with which we cooperate processed by our Company.
Employee Performance and Career Development Information
  • Personal data processed for the purpose of measuring the performance of our employees or real persons who have a working relationship with our Company and planning and executing their career development within the scope of our company's Human Resources Policy.
  • Information belonging to our employees processed by our Company.
Fringe Benefits and Interests Information
  • Your personal data processed for the planning of fringe benefits and interests that we offer and will offer to employees or other real persons who have a working relationship with our Company, determining objective criteria for entitlement to these and tracking entitlements to these.
  • Information belonging to our employees processed by our Company.
Legal Transaction and Compliance Information
  • Your personal data processed within the scope of determination and follow-up of our legal receivables and rights and performance of our debts and compliance with our legal obligations and company policies.
  • Information belonging to customers, potential customers, employee candidates, company shareholders, company officials, visitors, employees, shareholders and officials of institutions with which we cooperate, third parties processed by our Company.
Audit and Inspection Information
  • Your personal data processed within the scope of our Company's legal obligations and compliance with company policies.
  • Information belonging to customers, potential customers, employee candidates, company shareholders, company officials, visitors, employees, shareholders and officials of institutions with which we cooperate, third parties processed by our Company.
Special Categories of Personal Data
  • Your data specified in Article 6 of the Law.
  • Data belonging to employee candidates, employees, company shareholders, company officials, employees of institutions with which we cooperate processed by our Company.
Health Information
  • Data processed to fulfill legal obligations such as information on disability status, blood group information, personal health information and to offer fringe benefits to employees.
  • Health data belonging to our employees are processed by our Company.
Visual and Audio Recordings
  • Visual and audio recordings can be taken during the performance of work and activities.
  • Data belonging to our employees and visitors.
Marketing Information
  • Personal data processed for the marketing of our products and services by customizing them in line with the usage habits, tastes and needs of the personal data owner and reports and evaluations created as a result of this processing
  • Information belonging to customers, potential customers processed by our Company.
Request/Complaint Management Information
  • Your personal data regarding the receipt and evaluation of any request or complaint directed to our Company.
  • Data belonging to customers, potential customers, employee candidates, company shareholders, company officials, visitors, employees, shareholders and officials of institutions with which we cooperate, third parties processed by our Company.

FOURTH SECTION: METHOD AND LEGAL REASON FOR COLLECTING PERSONAL DATA

1. Method and Legal Reason for Collecting Personal Data

Personal Data is collected by our Company through technical and procedural methods carried out in different channels such as our website, e-mails, application form, proposal form, secure electronic transaction, printed forms, registration forms and physical channels, or verbally, in writing or electronically, fully or partially automatically or non-automatically provided that it is part of any data recording system, within the framework of legal reasons arising and executed based on relevant legislation, contract, request, commercial custom and honesty rules that find application at the point of offering our commercial services to you and carrying out our commercial activities in this framework, in order to fulfill our Company's legal responsibilities, to fulfill the requirements of the business relationship we have established with you and to establish, use and protect the rights we mutually have in this direction, and to protect the legitimate interests of our Company by observing the fundamental rights and freedoms of the personal data owners we are in contact with. In this context, the methods of Collecting Personal Data that are of special importance, the purposes of collection and the activities carried out in this direction are as follows:

1.1. Camera Monitoring Activity Carried Out at Building, Facility Entrances and Inside Building Facilities
Within the scope of security camera monitoring activity, our Company aims to increase the quality of the service provided, ensure its reliability, ensure the safety of the company, customers and other people, and protect the interests of customers regarding the service they receive.

1.1.1. Legal Basis of Camera Monitoring Activity
The camera monitoring activity carried out by our Company is carried out in accordance with the Law on Private Security Services and relevant legislation.

Announcement of Camera Monitoring Activity
The personal data owner is informed by our Company in accordance with Article 10 of the KVK Law.
Regarding the camera monitoring activity by our Company; This Policy is published on our Company website (online Policy regulation) and a notification letter stating that monitoring will be done is hung at the entrances of the areas where monitoring is done (on-site lighting).

Purpose of Conducting Camera Monitoring Activity and Limitation to Purpose
The purpose of continuing the video camera monitoring activity by our Company is limited to the purposes listed in this Policy. Monitoring is not subject to areas that may result in interference with the privacy of the person exceeding security purposes (for example, toilets, masjids).

1.1.2. Ensuring the Security of Obtained Data
In accordance with Article 12 of the KVK Law, necessary technical and administrative measures listed in this policy are taken by our Company to ensure the security of personal data obtained as a result of camera monitoring activity.

1.1.3. Who Can Access the Information Obtained as a Result of Monitoring and To Whom This Information Is Transferred
Only a limited number of Company employees have access to the records recorded and stored in digital media. Live camera images can be watched by security guards and administrative affairs department employees within the company. Access by other people is not possible.

2. Tracking of Guest Entries and Exits Carried Out at Building, Facility Entrances and Inside

Personal data processing activity is carried out by our Company for the tracking of guest entries and exits in Company buildings and facilities for the purpose of ensuring security and for the purposes specified in this Policy.
While the names and surnames of people coming to Company buildings as guests and vehicle license plate information are obtained, the personal data owners in question are informed in this context through texts hung within the Company or made available to guests in other ways.

3. Website Visitors

On the websites owned by our Company; internet movements within the site are recorded by technical means (e.g. Cookies) in order to ensure that people visiting these sites perform their visits in accordance with the visit purposes; to show them customized content and to engage in online advertising activities. People visiting our website are presented with our “Cookie Policy” and extensive information is given within the scope of the obligation to inform.

4. Mobile Applications Belonging to Our Company

Our Company can develop mobile applications that our customers use by downloading them to their mobile phones in order to offer the services provided to our customers more easily. Before our customers using our mobile application enter information, extensive information is given within the scope of the obligation to inform and their explicit consent is obtained.

FIFTH SECTION: PROCESSING OF PERSONAL DATA

1. General Principles in Processing Personal Data

Personal data is processed by our Company in accordance with the procedures and principles stipulated in the Law and this Policy. Our Company acts in line with the following principles in KVKK Art. 4 while processing personal data:

1.1. Compliance with the law and honesty rules,
Compliance with the law and honesty rule expresses the obligation to act in accordance with the principles introduced by laws and other legal regulations in the processing of personal data. The honesty rule expresses acting in accordance with the rules of trust and as expected from a reasonable person while exercising rights.

1.2. Being accurate and up-to-date when necessary,
Keeping your personal data accurate and up-to-date is necessary for the protection of fundamental rights and freedoms of individuals. This principle is aimed at the interests of the data controller as well as protecting the rights of the relevant person.

1.3. Processing for specific, clear and legitimate purposes,
This principle requires data controllers to clearly and precisely determine the data processing purpose and this purpose to be legitimate. The legitimacy of the purpose means that the processed data is related to the work done or the service provided and is necessary for them.

1.4. Being connected, limited and measured with the purpose for which they are processed,
The fact that the processed data is suitable for the realization of the determined purposes requires avoiding the processing of personal data that is not related to the realization of the purpose or is not needed. Again, data processing should not be resorted to in order to meet needs that are likely to arise later. The principle of proportionality means establishing a reasonable balance between data processing and the intended purpose.

1.5. Being kept for the period stipulated in the relevant legislation or required for the purpose for which they are processed.
As a requirement of the “limitation to purpose principle”, personal data must be kept in accordance with the period required for the purpose for which they are processed. In case the periods stipulated within the scope of the legislation to which the Data Controller is subject due to Legal obligations and the storage periods determined by themselves are exceeded, personal data must be deleted, destroyed or anonymized.

2. Our Purposes for Processing Personal Data

Personal Data collected by the Company is processed within the scope of personal data processing conditions specified in Articles 5 and 6 of the Law for the purposes listed below. If the processing activity carried out for the mentioned purposes does not meet any of the conditions stipulated within the scope of the Law, the explicit consent of the data owner regarding the relevant processing process is obtained by the Company. Your personal data is processed by our Company for the purposes listed below:

  • Execution of emergency processes,
  • Execution of information security processes,
  • Execution of access authorizations,
  • Ensuring physical space security,
  • Execution of communication activities,
  • Execution of storage and archive activities,
  • Execution of internal audit, investigation and intelligence activities,
  • Execution of risk management processes,
  • Ensuring the security of movable goods and resources,
  • Organization and event management,
  • Execution of management activities,
  • Execution of our commercial and administrative activities,
  • Providing support services to customers and reporting within the scope of the contract and service standards,
  • Determining the preferences and needs of our customers and shaping, updating and developing the services to be provided to our customers in this context,
  • Ensuring the fulfillment of our legal obligations as required or mandated by legal regulations,
  • Conducting campaigns, surveys, promotions,
  • Providing contact with people who have a business relationship with the Company,
  • Advertising and marketing,
  • Compliance management,
  • Vendor / supplier management, programs and services,
  • Legal reporting,
  • Billing,
  • Planning and implementing human resources policies in the best way,
  • Planning, executing and managing commercial partnerships and strategies correctly,
  • Ensuring the legal, commercial and physical security of itself and its business partners,
  • Ensuring corporate functioning, planning and execution of management and communication activities,
  • Ensuring data security at the highest level,
  • Creating databases,
  • Improving the services offered on the website and eliminating errors occurring on the site,
  • Contacting Personal Data Owners who submit their requests and complaints to it and ensuring request and complaint management,
  • Event management,
  • Execution of personnel recruitment processes,
  • Supporting Group Companies in compliance with personnel recruitment processes and relevant legislation,
  • Planning and execution of audit activities to ensure that the activities of Group Companies are carried out in accordance with the relevant legislation,
  • Supporting Group Companies in the realization of company and partnership law transactions,
  • Execution/follow-up of financial reporting and risk management transactions,
  • Execution/follow-up of company legal affairs,
  • Carrying out studies for the protection of reputation,
  • Creating and tracking visitor records,
  • Planning and execution of business activities and business continuity activities,
  • Follow-up of finance and/or accounting affairs,
  • Providing information to authorized institutions arising from legislation and preparation for authorized institution audits,
  • Planning and execution of corporate communication activities,
  • Planning and execution of operation processes,
  • Planning and execution of information access authorizations of business partners and/or suppliers,
  • Planning and execution of customer relationship management processes,
  • Follow-up of customer requests and/or complaints,
  • Follow-up of contract processes and/or legal requests,
  • Planning and execution of market research activities for sales and marketing of services,
  • Sales and after-sales operations and purchasing operations,
  • Planning and/or execution of processes for creating and/or increasing loyalty to products and/or services offered by the Company,
  • For the purpose of ensuring the execution of our Company's human resources policies and evaluating job applications in accordance with human resources policies,
  • Fulfilling obligations and taking necessary measures within the framework of occupational health and safety,
  • Fulfilling obligations arising from employment contracts and/or legislation for Company employees,
  • Performing personnel entry-exit transactions,
  • Evaluation of wage-performance process, management of wages and payrolls,
  • Planning and/or execution of in-company training activities,
  • For the purpose of ensuring the legal and commercial security of our Company and persons in business relations with our Company,
  • Planning and execution of operational activities necessary to ensure that Company activities are carried out in accordance with company procedures and/or relevant legislation,
  • Ensuring the security of Company campuses and/or facilities,
  • Ensuring the security of Company fixtures and/or resources,
  • For the purpose of determining and implementing our Company's commercial and business strategies,
  • Social responsibility activities carried out by our Company,
  • Planning and execution of customs operations processes,
  • Completion of quality processes

3. Legal Reasons for Processing Personal Data

Legal reasons for processing personal data are regulated in Article 5 of the KVKK. The Company does not process personal data without the explicit consent of the data owner. However, in the presence of one of the conditions regulated in Article 5 of the KVKK, personal data may be processed without seeking the explicit consent of the data owner:

3.1. Personal data cannot be processed without the explicit consent of the relevant person.

3.2. In the presence of one of the following conditions, it is possible to process personal data without seeking the explicit consent of the relevant person:

3.2.1. Being clearly stipulated in the laws.

3.2.2. Being mandatory for the protection of life or bodily integrity of the person himself/herself or someone else who is unable to express his/her consent due to actual impossibility or whose consent is not legally valid.

3.2.3. Provided that it is directly related to the establishment or performance of a contract, it is necessary to process the personal data of the parties to the contract.

3.2.4. Being mandatory for the data controller to fulfill his/her legal obligation.

3.2.5. Being made public by the relevant person himself/herself.

3.2.6. Data processing being mandatory for the establishment, exercise or protection of a right.

3.2.7. Provided that it does not harm the fundamental rights and freedoms of the relevant person, data processing being mandatory for the legitimate interests of the data controller

4. Legal Reasons for Processing Special Categories of Personal Data

Legal reasons for processing personal data are regulated in Article 6 of the KVKK.

Processing of special categories of personal data without the explicit consent of the relevant person is prohibited.

  • Special categories of personal data other than health and sexual life may be processed without seeking the explicit consent of the relevant person in cases stipulated in the laws. Personal data regarding health and sexual life may only be processed by persons or authorized institutions and organizations under the obligation of confidentiality for the purposes of protection of public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing, without seeking the explicit consent of the relevant person.

The Company does not process Special Categories of Personal Data without the explicit consent of the relevant person. The Company carries out the necessary procedures regarding taking adequate measures determined by the Board in the processing of Special Categories of Personal Data.

SIXTH SECTION: TRANSFER OF PERSONAL DATA

1. Conditions for Transfer of Personal Data

As a Company, we act in accordance with the decisions and regulations taken by the Board and stipulated in the Law regarding the transfer of Personal Data and take the necessary precautions. Except for exceptional cases in the legislation, personal data and special categories of data are not transferred by us to other real persons or legal entities without the explicit consent of the Relevant Person. However, personal data:

  • In cases explained in Article 3 of the Fifth Section of this Policy,
  • Regarding special categories of personal data, in cases listed in Article 4 of the Fifth Section of this Policy, Data regarding race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, clothing, membership to associations, foundations or trade-unions, criminal convictions and security measures, and biometric and genetic data of persons,
  • Regarding special categories of personal data, in cases listed in Article 4 of the Fifth Section of this Policy, special categories of personal data regarding the health and sexual life of the Relevant Person, provided that measures stipulated by the Board and relevant legislation are taken, only by persons or authorized institutions and organizations under the obligation of confidentiality for the purposes of protection of public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing,

may be transferred without seeking explicit consent.

Media tools used by our company while transferring are intranet, e-mail, hard copy, excel worksheet, VPN, secure file transfer.

2. Conditions for Transfer of Personal Data Abroad

Provided that the explicit consent of the relevant person is present, personal data transfer can be made to countries where there is adequate protection in the presence of the cases specified in the Law. Data transfer to countries where there is no adequate protection can be carried out in cases where the cases specified in the Law exist, in addition to explicit consent, adequate protection is committed in writing and the permission of the Board is present.

3. Our Purposes for Transferring Personal Data and Third Parties to Whom It May Be Transferred

Personal data, with the purposes specified in Article 2 of the Fifth Section of this Policy;

  • To our suppliers,
  • To our business partners and business contacts,
  • To our affiliates and group companies,
  • Özak Global Holding A.Ş.
  • Özak Yenigün Ziylan Adi Ortaklığı
  • Aktay Otel İşletmeleri A.Ş,
  • Özak Gayrimenkul Yatırım Ortaklığı A.Ş,
  • Kamer İnşaat Ticaret ve Sanayi A.Ş.
  • To legally authorized public institutions and organizations,
  • To legally authorized private law persons,
  • To our shareholders,
  • To domestic and foreign server service provider companies from which we receive server service,
  • To audit companies,

can be transferred provided that necessary technical and administrative measures are taken according to the principles and rules explained in this Policy.

4. Personal Data Envisaged to be Transferred to Foreign Countries

Due to our Company having operational processes abroad, personal data transfer can be made, limited to contact information only, with the explicit consent of the data owner persons, limited to cases where operational functioning with our foreign business partners located abroad is mandatory.

SEVENTH SECTION: DELETION, DESTRUCTION AND ANONYMIZATION OF PERSONAL DATA

1. Deletion, Destruction or Anonymization of Personal Data

Without prejudice to the provisions in other laws regarding the deletion, destruction or anonymization of Personal Data, our Company deletes, destroys or anonymizes Personal Data ex officio or upon the request of the data owner in case the reasons requiring processing disappear. With the deletion of Personal Data, these data are destroyed in a way that cannot be used again in any way and cannot be restored. Data destruction operations are carried out by recording them in minutes in periodic destruction periods determined within our Company.

2. Personal Data Retention and Destruction Period

The Company stores Personal Data for the period specified in this legislation if stipulated in the legislation. If a period is not regulated in the legislation regarding how long personal data should be stored, Personal Data is processed for the period requiring processing in accordance with the Company's practices and commercial life customs depending on the activity carried out while processing that data, and then deleted, destroyed or anonymized.

If the purpose of processing personal data has ended, and the storage periods determined by the relevant legislation and the Company have come to an end, personal data can only be stored for the purpose of constituting evidence in possible legal disputes or asserting the relevant right related to personal data or establishing a defense. In the establishment of the periods here, storage periods are determined based on the statute of limitations for asserting the mentioned right and examples in requests directed to the Company on the same issues previously despite the expiration of the statute of limitations. In this case, stored personal data is not accessed for any other purpose and access to relevant personal data is provided only when it is necessary to use it in the relevant legal dispute. Here too, after the mentioned period expires, personal data is deleted, destroyed or anonymized.

EIGHTH SECTION: MEASURES TAKEN REGARDING PERSONAL DATA SECURITY

In accordance with Article 12 of the Law, the Company takes necessary technical and administrative measures to ensure the appropriate security level to prevent unlawful processing of Personal Data it processes, to prevent unlawful access to data and to ensure the preservation of data, and carries out or has carried out necessary audits in this context.

1. Technical Measures Taken Regarding Personal Data Security

To ensure the security and preservation of personal data, including but not limited to;

  • Network security and application security are provided,
  • Closed system network is used in personal data transfers via network,
  • Security measures within the scope of information technology systems supply, development and maintenance are taken,
  • In-company technical organization is made for processing and storing personal data in accordance with legislation,
  • Data masking measure is applied when necessary,
  • Technical infrastructure is created to ensure the security of databases where personal data will be stored,
  • Processes of the created technical infrastructure are followed and audits are made,
  • Procedures regarding reporting of taken technical measures and audit processes are determined,
  • Technical measures are periodically updated and renewed,
  • Risky situations are re-examined and necessary technological solutions are produced,
  • Current anti-virus protection systems, firewalls and similar software or hardware security products are used and security systems suitable for technological developments are established,
  • Applications where personal data are collected are regularly scanned for security vulnerabilities to detect security gaps and found gaps are closed,
  • Backup programs are used lawfully to ensure safe storage of personal data,
  • Access to environments where personal data are kept and/or data is restricted and only authorized persons are allowed to access these data limited to the purpose of storing personal data, log records of accesses to data storage areas where personal data are located are kept and inappropriate accesses or access attempts are instantly transmitted to relevant persons,
  • Log records are regularly examined,
  • Expert employees on technical issues are employed,
  • User account management and authorization control system are applied and these are also tracked,
  • Log records are kept in a way that there is no user intervention,
  • If special categories of personal data are to be sent via e-mail, they are definitely sent encrypted and using KEP or corporate mail account,
  • Secure encryption, cryptographic keys are used for special categories of personal data and managed by different units,
  • Intrusion detection and prevention systems are used,
  • Penetration test is applied,
  • Cyber security measures have been taken and their implementation is constantly monitored,
  • Encryption is done.

2. Administrative Measures Taken Regarding Personal Data Security

To protect personal data, including but not limited to;

  • Corporate policies and procedures regarding access to personal data, information security, use, storage and destruction are created including our group companies and affiliate employees, policies regarding the use of tools and equipment used in databases and applications containing personal data are prepared and implemented,
  • Employees are informed and trained regarding the lawful protection and processing of personal data,
  • Training and awareness studies are carried out periodically for employees on data security.
  • Measures to be taken in cases where personal data are processed unlawfully by our company employees are recorded in contracts made with our employees and/or policies we create,
  • Records imposing obligations not to process, disclose and use personal data in any way contrary to the Law are put in contracts and instructions signed with our employees and awareness is created on this issue and audits are carried out,
  • Disciplinary regulations containing data security are applied for employees,
  • Employees are informed that their obligation not to disclose personal data they have learned to others in violation of the provisions of the Law and not to use it for purposes other than processing will continue after they leave their duties and a commitment is taken from them in this direction,
  • Corporate policies regarding access, information security, use, storage and destruction are prepared and implemented,
  • Provisions stating that persons to whom data are transferred will take necessary security measures for the protection of personal data and ensure compliance with these measures in their own organizations are added to contracts concluded with persons to whom personal data are lawfully transferred by our Company,
  • Access scopes to personal data are determined according to the duties and positions of our employees for the Company and access authorizations are limited, authorizations are regularly reviewed, authorization matrix is created, authorizations in this area of employees who leave or change duties are removed,
  • Developments in the field of information security, privacy of private life and protection of personal data are followed and legal and technical consultancy services are received to take necessary actions,
  • Compliance of data processors and other data controllers we work with with the Law and related legislation is questioned and necessary directions are made and their awareness is ensured,
  • Personal data security problems are reported quickly,
  • Personal data security is monitored,
  • Personal data is reduced as much as possible,
  • Personal data is backed up and the security of backed up personal data is ensured,
  • In-house periodic and/or random audits are made and caused to be made,
  • Existing risks and threats are determined,
  • Protocols and procedures for special categories of personal data security have been determined and implemented,
  • Necessary security measures are taken regarding entries and exits to environments containing personal data,
  • Security of environments containing personal data against external risks (fire, flood, etc.) is ensured,
  • Awareness of data processor service providers regarding data security is ensured.
  • Personnel related to technical issues are employed.
  • A system ensuring that in case personal data are obtained by others through illegal means, this situation is notified to the relevant personal data owner and the KVK Board as soon as possible has been established and implemented.

3. Physical Measures Taken Regarding Personal Data Security

  • Role-based physical access measures are taken for points where personal data are located,
  • Documents and storage-warehousing tools containing personal data are kept in locked cabinets,
  • Card pass systems are applied for working areas,
  • Working areas are monitored with closed circuit camera recording system in a way not to violate the privacy of employees,
  • Documents and storage tools containing personal data are securely destroyed and backed up within the scope of rules determined in KVKK and this Policy to prevent loss.

4. Procedure to be Followed in Case of Unauthorized Disclosure of Personal Data

In accordance with Article 12 of the Law, our Company notifies the relevant data owner and the Board as soon as possible and at the latest within 72 hours from the detection of this situation in case processed Personal Data are obtained by others through illegal means.

5. Audit of Measures Taken Regarding Protection of Personal Data

In accordance with Article 12 of the KVK Law, our Company carries out or has carried out necessary audits within its own structure every 6 months. These audit results are reported to the relevant department within the scope of the Company's internal functioning and necessary activities are carried out to improve the measures taken.

6. Regarding Protection and Processing of Personal Data of Employees

6.1. Increasing Awareness and Audit
Our Company ensures the organization of necessary trainings for existing employees and employees newly included in the business unit in order to increase awareness to prevent unlawful processing of personal data, unlawful access to data and ensure preservation of data. It provides awareness training to its existing employees every 4 months.

NINTH SECTION: OBLIGATIONS OF DATA CONTROLLER

1. Obligation to Inform

Relevant persons are informed by the Company during the acquisition of personal data. The said information includes at least the following issues.

1.1. Identity of the data controller and its representative, if any,

1.2. For what purpose personal data will be processed,

1.3. To whom and for what purpose personal data can be transferred,

1.4. Method and legal reason for collecting personal data,

1.5. Other rights of the relevant person listed in Article 11 of the Law.

2. Obligation to Fulfill Board Decisions

If the Board detects the existence of a violation as a result of the examination it will make on matters falling within its field of duty ex officio upon complaint or upon learning of the violation allegation, it decides that the illegalities be remedied by the Company and notifies the decision to the relevant parties. As stated in detail in the Procedure for Fulfillment of Board Decisions, the Company fulfills this decision without delay and within thirty days at the latest from the notification date.

3. Data Controllers Registry (VERBİS) Registration Obligation

The Company registers to the Data Controllers Registry (VERBİS), which is the registration system where data controllers are obliged to register and declare information regarding data processing activities, as specified in the registration procedure, and updates these records.

TENTH SECTION: RIGHTS OF PERSONAL DATA OWNER

1. Rights of Data Owner

Our Company explains to persons whose personal data are taken pursuant to Article 11 of the Law that they have the rights to;

  • Learn whether personal data is processed,
  • Request information if personal data has been processed,
  • Learn the purpose of processing personal data and whether they are used in accordance with their purpose,
  • Know the third parties to whom personal data is transferred at home or abroad,
  • Request correction of personal data in case of incomplete or incorrect processing,
  • Request deletion or destruction of personal data within the framework of conditions stipulated in Article 7 of the Law,
  • Request notification of transactions made pursuant to subparagraphs (d) and (e) of Article 11 of the Law to third parties to whom personal data is transferred,
  • Object to the occurrence of a result against the person himself/herself by analyzing the processed data exclusively through automated systems,
  • Request compensation for damage in case of damage due to unlawful processing of personal data,

2. Methods of Seeking Rights by Personal Data Owner

Relevant persons have the right to apply to the Company and learn whether personal data related to them are processed, request them if processed, request correction if the content of the data is incomplete or incorrect, request deletion, destruction if unlawful and notification of transactions made accordingly to third parties to whom data are disclosed and request compensation for damages due to unlawful processing of data. The relevant person can use the right of application and complaint as specified in the Relevant Person's Right Seeking Procedure.

a. Application : It is mandatory for relevant persons to first apply to the data controller in order to use their rights. Complaint to the Board cannot be made without exhausting this way.

a.i. You can submit your requests within the scope of Article 11 of the Law regulating the rights of the relevant person in writing according to the “Communiqué on Procedures and Principles of Application to Data Controller” or by using registered electronic mail (KEP) address, secure electronic signature, mobile signature or electronic mail address previously notified by you and registered in our system.

a.ii. Personal data owners can submit their requests regarding their rights listed in this Policy to our Company via our website https://www.fisekhane.com/en/, through the “Application Text” with methods specified on our website and by fulfilling the conditions on this “Application Text”.

b. Complaint : In cases where the application is rejected by our Company, the answer given is found insufficient by the data owner or the application is not answered in time by our Company, the data owner has the right to file a complaint to the Board within thirty days from the date of learning the answer and in any case within sixty days from the application date. It is not possible for relevant persons to go directly to the Board for complaint without applying to the Company.

3. Data Controller's Right to Reject Personal Data Owner's Application

The Company has the right to reject the application made to it by the personal data owner in the presence of certain conditions as stated in this policy. Cases where the Data Controller Company can use its right of rejection regarding the application are listed below.
If the personal data subject to the application of the relevant person;

  • Is processed for purposes such as research, planning and statistics by anonymizing with official statistics,
  • Is processed for artistic, historical, literary or scientific purposes or within the scope of freedom of expression provided that it does not violate national defense, national security, public security, public order, economic security, privacy of private life or personal rights or constitute a crime,
  • Is processed within the scope of preventive, protective and intelligence activities carried out by public institutions and organizations authorized by law to ensure national defense, national security, public security, public order or economic security,
  • Is processed by judicial authorities or execution authorities regarding investigation, prosecution, trial or execution proceedings,
  • Processing is necessary for prevention of crime or criminal investigation,
  • Processing of personal data made public by the owner himself/herself,
  • Processing is necessary for the execution of supervision or regulation duties and disciplinary investigation or prosecution by public institutions and organizations and professional organizations in the nature of public institutions authorized by law,
  • Processing is necessary for the protection of economic and financial interests of the State regarding budget, tax and financial issues,
  • Possibility of the owner's request preventing the rights and freedoms of other persons,
  • Requests requiring disproportionate effort,

In cases where the requested information is public information, the Data Controller Company can use its right of rejection regarding the application.

ELEVENTH SECTION: PERSONNEL RESPONSIBLE FOR COMPLIANCE WITH THE POLICY

A Personal Data Committee has been established within the Company pursuant to the decision of the Company's senior management to manage this Policy and other policies connected and related to this Policy. The Personal Data Committee is authorized and responsible for taking necessary actions for storing and processing the data of Personal Data Owners in accordance with the law, this Policy and other policies connected and related to this Policy. The main duties of this Personal Data Committee are:

  • To prepare basic policies regarding Protection and Processing of Personal Data and submit them to the approval of senior management to put them into effect,
  • To decide how the implementation and audit of policies regarding Protection and Processing of Personal Data will be fulfilled and to submit matters regarding making in-company assignments and ensuring coordination in this framework to the approval of senior management,
  • To determine the issues that need to be done to ensure compliance with the Law on Protection of Personal Data and relevant legislation and to submit what needs to be done to the approval of senior management; to supervise its implementation and ensure coordination,
  • To increase awareness within the Company and before institutions with which the Company cooperates regarding Protection and Processing of Personal Data,
  • To determine risks that may occur in the Company's personal data processing activities and ensure necessary measures are taken; to submit improvement suggestions to the approval of senior management,
  • To design trainings on protection of personal data and implementation of policies and ensure their execution,
  • To decide on applications of personal data owners at the highest level,
  • To coordinate the execution of information and training activities to ensure that personal data owners are informed about personal data processing activities and legal rights,
  • To prepare changes in basic policies regarding Protection and Processing of Personal Data and submit them to the approval of senior management to put them into effect,
  • To follow developments and regulations regarding Protection of Personal Data; to advise senior management on what needs to be done within the Company in accordance with these developments and regulations,
  • To coordinate relations with the Personal Data Protection Board and Authority,
  • To execute other duties given by the Company senior management regarding protection of personal data.

TWELFTH SECTION: UPDATE AND CHANGES

The Company reserves the right to make changes in this Policy and other policies connected and related to this Policy in line with changes made in the Law and related legislation, Board decisions and/or developments in the sector or informatics field. Changes made in this Policy are immediately processed into the text and explanations regarding changes are specified in this section.

01/06/2020 : This Personal Data Processing and Protection Policy has been accepted by our Company and entered into force.

Data Controller Title: Akyön Tesis Yönetim Hizmetleri A.Ş.

Mersis no : 0045030935600001

E-mail address : [email protected]

Registered Electronic Mail Address: [email protected]

Physical Mail address : Kazlıçeşme Mahallesi Kennedy Cad. No: 52 C/4 Zeytinburnu/İstanbul

X

JOIN FISEKHANE EVENT CLUB!

By becoming a member of the Event Club, you can benefit from free participation in theater plays, discounts on concert tickets, special offers at selected restaurants in Fişekhane, and many more privileges.

Join Fişekhane Event Club!

FISEKHANE NEWSLETTER SUBSCRIPTION, ADVERTISING, PROMOTION ACTIVITIES EXPLICIT CONSENT TEXT

This form is presented to you to obtain your explicit consent preferences regarding the Processing and Transfer of your Personal Data following the Clarification Text presented to you by Akyön Tesis Yönetim Hizmetleri Anonim Şirketi (“Company”) as the data controller within the scope of the data controller's obligation to inform regulated in Article 10 of the Law on the Protection of Personal Data No. 6698. Please specify your preference regarding your personal data below, which requires your explicit consent.

Your Name, Surname, E-mail address, phone number, personal data regarding the choices you have made in the Interests section, personal data to be obtained during our communication and interactions with you, subject to your approval under the Law on the Regulation of Electronic Commerce and your explicit consent under Article 5 of the KVKK; 

Your personal data mentioned above will be transferred to our main shareholders, subsidiaries, group and affiliated companies, primarily Özak Ziylan Yenigün Adi Ortaklığı, Özak Global Holding A.Ş., Özak Gayrimenkul Yatırım Ortaklığı A.Ş., Kamer İnşaat Ticaret ve San. A.Ş., Aktay Otel İşletmeleri A.Ş., for the same purposes, to inform you about developments regarding other services and products, to show you special campaigns and advertisements, to personalize the services provided for you, and to send commercial messages in the form of SMS, Calls, and E-mails.

Your personal data is shared with domestic and foreign individuals and organizations that provide data processing, measurement, targeting, and profiling support, advertising and promotion agencies, CRM companies from which services are received due to commercial message sending and advertising promotion transactions; with service providers for sending sms and e-mails; with call centers for making calls; with domestic and foreign software companies, server and service providers to carry out our activities, and with İleti Yönetim Sistemi A.Ş. based on your explicit consent in order to fulfill the purposes and activities mentioned above.

If you have explicit consent, please click the box on the previous screen

FISEKHANE NEWSLETTER SUBSCRIPTION, ADVERTISING, PROMOTION ACTIVITIES PERSONAL DATA PROTECTION CLARIFICATION TEXT

This Clarification Text is provided to you by Akyön Tesis Yönetim Hizmetleri A.Ş. (“Company”) as the data controller regarding your processed personal data within the scope of the “Data Controller's Obligation to Inform” pursuant to Article 10 of the Law on the Protection of Personal Data No. 6698 (“KVKK”).

1 - Purpose and Legal Reason for Processing Your Personal Data;

Your Name, Surname, E-mail address, phone number, personal data regarding the choices you have made in the Interests section, personal data to be obtained during our communication and interactions with you, subject to your approval under the Law on the Regulation of Electronic Commerce and your explicit consent under Article 5 of the KVKK; 

2 - Transfer of Your Personal Data, Purpose and Legal Reason;

2.1 - Your personal data mentioned above will be transferred to our main shareholders, subsidiaries, group and affiliated companies, primarily Özak Ziylan Yenigün Adi Ortaklığı, Özak Global Holding A.Ş., Özak Gayrimenkul Yatırım Ortaklığı A.Ş., Kamer İnşaat Ticaret ve San. A.Ş., Aktay Otel İşletmeleri A.Ş., for the same purposes, to inform you about developments regarding other services and products, to show you special campaigns and advertisements, to personalize the services provided for you, and to send commercial messages in the form of SMS, Calls, and E-mails.

2.2 - Your personal data is shared with domestic and foreign individuals and organizations that provide data processing, measurement, targeting, and profiling support, advertising and promotion agencies, CRM companies from which services are received due to commercial message sending and advertising promotion transactions; with service providers for sending sms and e-mails; with call centers for making calls; with domestic and foreign software companies, server and service providers to carry out our activities, and with İleti Yönetim Sistemi A.Ş. based on your explicit consent in order to fulfill the purposes and activities mentioned above.

2.3 - Your Personal Data; May be shared with ‘’Authorized Public Institutions and Organizations‘’ based on legal reasons such as being clearly stipulated in the Laws pursuant to Article 5/2 of the KVKK and being mandatory for the data controller to fulfill its legal obligation in order to fulfill our obligations regarding information and document sharing arising from the relevant legislation when necessary. 

2.4 - Your Personal Data; Is shared with “Our Group Companies’’, ‘’Our Subsidiaries’’ and “Our Affiliates’’ (primarily Özak Ziylan Yenigün Adi Ortaklığı, Özak Global Holding A.Ş., Özak Gayrimenkul Yatırım Ortaklığı A.Ş., Kamer İnşaat Ticaret ve San. A.Ş., Aktay Otel İşletmeleri A.Ş) based on legal reasons such as the legitimate interest of the data controller pursuant to Article 5/2 of the KVKK, being necessary for the establishment and performance of the contract, and being stipulated in the Laws, in order to fulfill the obligations in the Turkish Commercial Code and the provisions in the contracts made between the companies in the Group of Companies or concerning the Group of Companies and to perform our services.

2.5 - Your Personal Data; Is shared with ‘’Suppliers’’ and “Business Partners” with whom we have a business relationship and from whom we receive services, based on legal reasons such as data processing being mandatory for the legitimate interests of the data controller pursuant to Article 5/2 of the KVKK, data processing being mandatory for the establishment or performance of a contract, the establishment, exercise or protection of a right, and the fulfillment of a legal obligation, for the performance of the contracts we have made for the procurement of necessary external services regarding our activities and limited to this purpose only. For example; Your personal data is shared with the ‘’Software Service Provider’’ from whom we receive software services to improve our systems and increase our service quality, with Lawyers from whom we receive services for the follow-up and execution of legal affairs in case of a legal dispute; with Financial Advisors from whom we receive services due to financial obligations, and with Auditors in audit situations, limited to the purpose necessary for the realization of the transaction.

3 - Method of Collecting Your Personal Data

Your personal data is processed by automatic and non-automatic methods through digital forms on our site, digital marketing technology tools, call center, mobile application, e-mails, social media channels, and our sales and marketing officials through direct communication, targeting, profiling, and online behavioral advertising methods.

4 - Your Rights

4.1 - To the extent that your data is processed by the Company and the Company processes your data as a data controller, you have the following rights regarding your personal data pursuant to Article 11 of the Law on the Protection of Personal Data No. 6698:

4.2 - “To learn whether any of your personal data is processed; to request information regarding the processing activities; to learn the purposes of processing; to learn these persons in case they are transferred to third parties at home or abroad; to request correction if they are processed incompletely or incorrectly; to request the deletion or destruction of personal data if the reasons requiring processing disappear or the Company does not have a legal basis or legitimate interest to process the data in question; to request the Company to ensure that third parties authorized by the Company and processing personal data respect your rights within the scope of this section; to object to adverse results that may arise as a result of processing personal data through automated systems and; to request compensation for this damage if you suffer damage due to unlawful processing.”

5 - Application to Data Controller

5.1 - You can submit your requests within the scope of Article 11 of the Law regulating the rights of the relevant person in writing according to the “Communiqué on the Procedures and Principles of Application to the Data Controller” or by using the registered electronic mail (KEP) address, secure electronic signature, mobile signature, or the electronic mail address previously notified by you and registered in our system.

6 - Data Controller Information

Data Controller Title : Akyön Tesis Yönetim Hizmetleri A.Ş. 
Mersis no : 0045030935600001
E-mail address :  [email protected] 
Registered Electronic Mail Address :   [email protected]    
Physical Mail address : Kazlıçeşme Mahallesi Kennedy Cad. No: 52 C/4 Zeytinburnu/İstanbul  

If you have read and understood the clarification text regarding the processing and transfer of your personal data for the purposes explained above, please check the checkbox on the previous screen.

RENTAL FORM EXPLICIT CONSENT TEXT

This form is presented to you to obtain your explicit consent preferences regarding the Processing and transfer of your Personal Data following the Clarification Text presented to you by Akyön Tesis Yönetim Hizmetleri Anonim Şirketi (“Company”) as the data controller within the scope of the data controller's obligation to inform regulated in Article 10 of the Law on the Protection of Personal Data No. 6698. Please specify your preference regarding your personal data below, which requires your explicit consent.

Your Name, Surname, E-mail address, phone number, your personal data to be obtained during our communication and interactions with you, subject to your approval under the Law on the Regulation of Electronic Commerce and your explicit consent under Article 5 of the KVKK; 

Your personal data mentioned above will be transferred to our main shareholders, subsidiaries, group and affiliated companies, primarily Özak Ziylan Yenigün Adi Ortaklığı, Özak Global Holding A.Ş., Özak Gayrimenkul Yatırım Ortaklığı A.Ş., Kamer İnşaat Ticaret ve San. A.Ş., Aktay Otel İşletmeleri A.Ş., based on your explicit consent, for the same purposes, to inform you about developments regarding other services and products, to show you special campaigns and advertisements, to personalize the services provided for you, and to send commercial messages in the form of SMS, Calls, and E-mails.

Your personal data will be shared with domestic and foreign individuals and organizations that provide data processing, measurement, targeting, and profiling support, advertising and promotion agencies, CRM companies from which services are received due to commercial message sending and advertising promotion transactions; with service providers for sending sms and e-mails; with call centers for making calls; with domestic and foreign software companies, server and service providers to carry out our activities, and with İleti Yönetim Sistemi A.Ş. based on your explicit consent in order to fulfill the purposes and activities mentioned above.

If you have explicit consent, please click the box on the previous screen.

PERSONAL DATA PROTECTION CLARIFICATION TEXT

This Clarification Text is provided to you by Akyön Tesis Yönetim Hizmetleri Anonim Şirketi (“Company”) as the data controller regarding your personal data processed/collected provided that it is part of a data recording system by automatic means via the request form within the scope of the “Data Controller's Obligation to Inform” pursuant to Article 10 of the Law on the Protection of Personal Data No. 6698.

1 - Purpose and Legal Reason for Processing Your Personal Data;

Your Name, Surname, E-mail address, phone number, information you conveyed in your message section for the purpose of creating, examining, and fulfilling your request regarding the rental, subject to your approval under the Law on the Regulation of Electronic Commerce and your explicit consent under Article 5 of the KVKK; 

2 - Purpose and Legal Reason for Processing Your Personal Data;

2.1 - Your personal data mentioned above will be transferred to our main shareholders, subsidiaries, group and affiliated companies, primarily Özak Ziylan Yenigün Adi Ortaklığı, Özak Global Holding A.Ş., Özak Gayrimenkul Yatırım Ortaklığı A.Ş., Kamer İnşaat Ticaret ve San. A.Ş., Aktay Otel İşletmeleri A.Ş., for the same purposes, to inform you about developments regarding other services and products, to show you special campaigns and advertisements, to personalize the services provided for you, and to send commercial messages in the form of SMS, Calls, and E-mails.

2.2 - Your personal data is shared with domestic and foreign individuals and organizations that provide data processing, measurement, targeting, and profiling support, advertising and promotion agencies, CRM companies from which services are received due to commercial message sending and advertising promotion transactions; with service providers for sending sms and e-mails; with call centers for making calls; with domestic and foreign software companies, server and service providers to carry out our activities, and with İleti Yönetim Sistemi A.Ş. based on your explicit consent in order to fulfill the purposes and activities mentioned above.

2.3 - Your Personal Data; May be shared with ‘’Authorized Public Institutions and Organizations‘’ based on legal reasons such as being clearly stipulated in the Laws pursuant to Article 5/2 of the KVKK and being mandatory for the data controller to fulfill its legal obligation in order to fulfill our obligations regarding information and document sharing arising from the relevant legislation when necessary. 

2.4 - Your Personal Data; Is shared with (primarily Özak Ziylan Yenigün Adi Ortaklığı, Özak Global Holding A.Ş., Özak Gayrimenkul Yatırım Ortaklığı A.Ş., Kamer İnşaat Ticaret ve San. A.Ş., Aktay Otel İşletmeleri A.Ş) “Our Group Companies’’ ‘’Our Subsidiaries’’ and “Our Affiliates’’ based on legal reasons such as the legitimate interest of the data controller pursuant to Article 5/2 of the KVKK, being necessary for the establishment and performance of the contract, and being stipulated in the Laws, in order to fulfill the obligations in the Turkish Commercial Code and the provisions in the contracts made between the companies in the Group of Companies or concerning the Group of Companies and to perform our services.

2.5 - Your Personal Data; Is shared with ‘’Suppliers’’ and “Business Partners” with whom we have a business relationship and from whom we receive services, based on legal reasons such as data processing being mandatory for the legitimate interests of the data controller pursuant to Article 5/2 of the KVKK, data processing being mandatory for the establishment or performance of a contract, the establishment, exercise or protection of a right, and the fulfillment of a legal obligation, for the performance of the contracts we have made for the procurement of necessary external services regarding our activities and limited to this purpose only. For example; Your personal data is shared with the ‘’Software Service Provider’’ from whom we receive software services to improve our systems and increase our service quality, with Lawyers from whom we receive services for the follow-up and execution of legal affairs in case of a legal dispute; with Financial Advisors from whom we receive services due to financial obligations, and with Auditors in audit situations, limited to the purpose necessary for the realization of the transaction.

3 - Method of Collecting Your Personal Data

Your personal data is processed by automatic and non-automatic methods through digital forms on our site, digital marketing technology tools, call center, mobile application, e-mails, social media channels, and our sales and marketing officials through direct communication, targeting, profiling, and online behavioral advertising methods.

4 - Your Rights: 

To the extent that your data is processed by the Company and the Company processes your data as a data controller, you have the following rights regarding your personal data pursuant to Article 11 of the Law on the Protection of Personal Data No. 6698:

“To learn whether any of your personal data is processed; to request information regarding the processing activities; to learn the purposes of processing; to learn these persons in case they are transferred to third parties at home or abroad; to request correction if they are processed incompletely or incorrectly; to request the deletion or destruction of personal data if the reasons requiring processing disappear or the Company does not have a legal basis or legitimate interest to process the data in question; to request the Company to ensure that third parties authorized by the Company and processing personal data respect your rights within the scope of this section; to object to adverse results that may arise as a result of processing personal data through automated systems and; to request compensation for this damage if you suffer damage due to unlawful processing.”

5 - Your Obligations

If you provide the personal data of a third party via the Rental Form, you are deemed to have accepted that the person in question has been informed within the scope of the Law on the Protection of Personal Data No. 6698, has consented to the transfer of their information to the Company, and has authorized you in this regard.

6 - Application to Data Controller:

You can submit your requests within the scope of Article 11 of the Law regulating the rights of the relevant person in writing according to the “Communiqué on the Procedures and Principles of Application to the Data Controller” or by using the registered electronic mail (KEP) address, secure electronic signature, mobile signature, or the electronic mail address previously notified by you and registered in our system.

7 - Data Controller Information

Data Controller Title : Akyön Tesis Yönetim Hizmetleri A.Ş. 
Mersis no : 0045030935600001
E-mail address :  [email protected] 
Registered Electronic Mail Address :   [email protected]    
Physical Mail address : Kazlıçeşme Mahallesi Kennedy Cad. No: 52 C/4 Zeytinburnu/İstanbul