TERMS AND CONDITIONS & TURKISH PERSONAL DATA PROTECTION LAW 6698 INFORMATION TEXT (KVKK)

TERMS & CONDITIONS

Those who book a service through SPIRITUAL JOURNEYS TRAVEL are bound to be with the following as this constitutes full acceptance of these general terms and conditions by our company and our esteemed clients/guests.

On our price lists; there are two different rates “regular” and “private”. The main difference between these two is that there might be some other participants as well in a regular tour whereas private tours are made without any others rather than the clients who have booked it. Though private tours are relatively more expensive they are more convenient for the people who are keen on their privacy. On the price lists, the first column refers to “regular” rates while the rest are “private” ones and they are given on per per-person basis depending on the number of participants. On our tours, no breakfast on the first day and no dinner on the last day are served unless otherwise noted.

All the rates that are valid exclusively for those except Turkish citizens are given in American Dollars and valid until further notice or change. The USD buying rate of the Central Bank of Turkey on the tour commencement day is considered on our invoices. All the tour rates include guidance in English, air-conditioned transportation, admission fees, and taxes (Private tours can be carried out in the required language regarding availability).

At regular tours, the latest pick-up time on the tour commencement day is 09h30 and the earliest drop-off time is 18h00. Smoking, eating, and consuming alcoholic beverages are strictly prohibited in the tour vehicles and SPIRITUAL JOURNEYS TRAVEL keeps the right to cast away such behaving participants to keep the harmony of the departing tour.

We give the utmost care to provide our colleagues with the most updated and current hotel rates list. However, on certain periods like New Year’s Eve, Religious and National Festivals, Conventions, International Competitions, Special Anniversaries, etc. almost all the hotels apply a surcharge. Therefore, SPIRITUAL JOURNEYS TRAVEL keeps the right to revise the quoted hotel rates list at the time of booking. However, no further charges are applied once the bookings are confirmed with their specific rates.

While all care has been taken to ensure that all the quoted prices are correct, circumstances beyond the control of SPIRITUAL JOURNEYS TRAVEL may necessitate a change in the prices quoted. SPIRITUAL JOURNEYS TRAVEL reserves the right to adjust the price of any travel arrangements at any time due to increases in the cost of airfares, tours, exchange rate fluctuations, fuel surcharges, value-added tax, etc. However, the quoted prices are guaranteed upon the receipt of full payment. Any further taxes to be imposed by the government further to the release of this website may also cause the rates to change. When the updated website is released the previous versions expire.

All the specific quotes/proposals submitted by our company are valid for 30 days after the release date. Such proposals will be considered void unless converted into a reservation within these 30 days.

Though our guides show the utmost care to follow the itineraries in the same sequence there might be alterations in the sequence of the visits to the scheduled sites and no refund can be demanded for that reason unless any sites or museums are missed. Timings given for the daily tours are approximate ones and they are all subject to change. Pick-up times may vary depending on the number of participants and hotel locations. On our tours, no breakfast on the first day and no dinner on the last day are served unless otherwise noted.

Our rates do not include passport and visa charges, travel and medical health insurance (This is recommended to be obtained in the origin country), excess baggage, all items not specifically mentioned as being included, and all items of personal nature such as laundry, telephone, and other communication costs, all the beverages also including bottled water, tea and coffee, meals not detailed in the itinerary, and gratuities. Tips to the guides and drivers are customary and are left to the discretion of the guests.

Guaranteed departures are valid in case the guests join the tour on the very first day of the tour. Demands for joining these tours at a different stage and location need to be confirmed by us as a private rate will be applied if there become no other participants on these tours. Additionally, further to our confirmation, if the already available participants cancel the tour and consequently no more people join the regular tour then SPIRITUAL JOURNEYS TRAVEL keeps the right to cancel the arrangements for the clients who will join the tour at a different stage rather than the original commencement date or to charge on a private basis. All our regular tours are carried out with a minimum of 4 participants. SPIRITUAL JOURNEYS TRAVEL also keeps the right to cooperate with some other travel companies that have a similar tour, if a necessity arises.

Every participant on our tours is allowed a maximum of 2 bags weighing no more than 30 kg (66 pounds). Extra luggage can be accepted only when there is enough space in our vehicles. However, if there is no sufficient space for the third bag SPIRITUAL JOURNEYS TRAVEL keeps the right to refuse the extra luggage.

If the services are not canceled 48 hours before the commencement date full invoice amount will be charged.

All the payments should be received in full 45 days for individuals and groups of 10 or more before the service commencement date through one of the options stated below. No services are rendered unless full payment is received before the service commencement date and no responsibility is assumed against the travelers. The payments can be made through the following methods:

1- Wire transfer to one of our account numbers the details of which can be obtained on request. All bank charges need to be debited to the sender.

2- By a credit card through VISA or MasterCard. You may be billed in Turkish Lira at the current exchange rate and therefore the USD amount you authorize might be slightly different than quoted by you on your credit card statement report due to fluctuations in the currency rates and the conversion commissions that may be charged by your bank whereas also the amount can be billed directly in USD currency. USD effective selling rate of the Central Bank on the tour commencement day is considered on our invoices. The pre-payments made in Turkish Lira should also reflect the USD effective selling rate of the Central Bank on the payment date.

Regarding the changes; the first change on the requested services is free. However, for each additional change made to the original booking, a service fee of $50 per service will be charged. The related change fees incurred by the hotels and airlines will also be additionally charged.

Last-minute changes just before the service commencement date or at the time of the implementation stage cause a lot of problems and extra expenses for us. However, we always do our best to assist our esteemed clients to comply with their last-minute requests. Any extra costs for such requests should be settled right away while any refunds can only be worked out after the services – 15 days later after the completion of the overall services.

We are asked from time to time whether there is any availability on a certain date at a certain hotel. Unless we make a reservation about this request availability can never be guaranteed. When we ask the hotels about availability and they say the rooms are available this is valid only for that very moment. The rooms can be imminent to any others right away. Therefore, we strongly recommend asking for a reservation to guarantee the room as otherwise, the availability at that moment does not guarantee the room even for the requests to be made in the following few hours.

The hotels cannot confirm the early check-in or late check-out until the very last moment as this opportunity is possible only in cases when the hotels are not fully booked on the night before the check-in date or the night after the check-out date. Therefore it is impossible for us to confirm this well in advance and should be checked through the hotel upon arrival. However, most of the hotels will be helpful on this issue as long as they are convenient while a few of them like Ciragan Hotel, Four Seasons Hotel, and some other deluxe hotels will require some extra payment. For your information, the general check-in and checkout times at the hotels are 14.00 and 11.00/12.00 respectively.

We do not take responsibility for air tickets that are not issued by SPIRITUAL JOURNEYS TRAVEL and any reconfirmations or follow-ups should directly be handled by the guests themselves. We can also not be held responsible for the flight changes/cancellations incurred by the airlines.

We always consider the original departure schedule that is advised to us by our contacts. If the final departure details are different than what is given to us and we are not informed in this regard promptly we do not take responsibility for any inconvenience that may emerge on the airport transfer services.

Due to the delays emerging from lost luggage problems at the planes or passport problems at customs SPIRITUAL JOURNEYS TRAVEL cannot be held responsible and the guests can wait up to a maximum of 30 minutes on the regular tours if some other participants are already waiting for the tour vehicle. However, if no other participants are waiting or it is a private tour then our team will do their best to assist the problem to be settled.

Those who have lost luggage problems sometimes do not get through customs and inform our staff promptly about the case by just waiting inside for quite a while. This could make our staff think that our guests were not on the plane as all the other passengers on the same plane were already out. Therefore we kindly ask our guests to go out of the customs and inform our staff that they are still waiting inside before inquiring about the issue as otherwise our staff can leave the terminal after having waited 30 minutes further to leave the last passenger of the same plane and no refund is given on such a case.

While our team is already waiting at the airport, some guests may have difficulties in spotting them on arrival to the airport due to the extreme crowd despite their names being written on the boards that are held by our staff and also due to the early landings of the planes. If the guests take a taxi to their hotel without extensively looking for our staff and calling our office promptly no refund will be given in case our staff is still at the airport. Similarly, all the guests who arrive at the airport earlier than the scheduled time are supposed to contact our office as our staff arrives at the airport 15 minutes before the scheduled landing time of the planes. For the delayed flights our staff can wait up to a maximum of 2 hours. For further delays, our guests are expected to take a taxi to their hotel without any refund from our side. However, if the delays are advised to us in advance then there is no problem at all as our transfer service will be amended accordingly.

If the guests miss the connected domestic flights due to the late arrival of the international ones no responsibility is taken and all the extra costs are charged to the guests. Therefore short connection intervals between international and domestic flights are a risk to our guests.

Some hotels may claim to have been providing free transfer services on arrival. However, most of these transfer services are valid with the much higher Rack/Internet rates of the hotels and are not applicable with the reservations required from us as our contract prices are generally lower than those released by the hotels.

Since tour rates are based on group participation NO REFUNDS can be made for any services or any part of the program not used, after the start of the tour.

All the participants must have a valid passport for at least three (3) months with the appropriate tourist visa for the destination and/or transit country. It is the responsibility of the passenger to have the necessary documentation in their possession before traveling. Consult the appropriate consulate(s) for information on passport requirements. If the participant is unable to be on the trip or its part due to the absence of the documents required, he/she is obliged to cover any costs involved at his own expense.

SPIRITUAL JOURNEYS TRAVEL assumes no responsibility for the lost and left items at the time of the tours. However, if anything is returned to us by the hotels and the other related parties we can ship these items to the required addresses. Then, the full shipment fee is charged by us before the shipment of the item. For credit card payments, a convenience fee of 5% of the shipment fee is added to the total charges. We regretfully do not accept payments on the destination.

SPIRITUAL JOURNEYS TRAVEL regrets, but cannot be responsible for any damage or injury to participants while touring – unless the shortcoming is caused by our company.

The notice of cancellations by participants should be given in writing, and all such cancellations will be effective on the date the written notification is received.

In the event of cancellation by a participant sharing the same accommodation, the rate charged to the remaining participant will have to be increased to the “Single Occupancy” rate, unless we can arrange for a Shared Accommodation.

Cancellation fees/charges are agreed to be “Liquidated Damages”, and not a penalty. Deposit towards a tour constitutes full acceptance of these “General Terms & Conditions” and the Cancellation Policy.

The Cancellation Fees, in addition to any applicable Airline Penalties, are as follows:

  • If a booking is canceled more than 30 days before the scheduled departure, full payment (less $100 per person cancellation processing fee) shall be refunded upon receipt of the cancellation notice.
  • If canceled 21 to 30 days before departure, the cancellation fee shall be 30% of the total cost
  • If canceled 11 to 20 days before departure, the cancellation fee shall be 50% of the total cost
  • If canceled 2 to 10 days before departure, or thereafter, the cancellation fee shall be 75% of the total cost
  • Since tour rates are based on group participation / or minimum person requirements, NO REFUNDS can be made for any services or any part of the program not used, for the cancellations made within the last 48 hours before the service commencement date.
  • Some hotels may also charge cancellation fees for bookings canceled within the last 30-45 days before the check-in date. If such a remark is noted on our confirmation sheet this hotel fee will also be charged in full regardless of what is standing above.
  • If the cancellations are made due to obligatory reasons like force-majeure situations beyond the control of the participants our company can be flexible on this issue to charge only the expenses imposed on us by the third parties or may waive any of the cancellation charges depending on the situation.

SPIRITUAL JOURNEYS TRAVEL is a handicapped-friendly travel company that carries out specific private services for handicapped people. However, we do not offer regular/seat-in-coach services as such tours are carried out in a speedy tempo and with limited space availability due to the participation of many other guests.

Traveling with a baby is great fun for families and therefore we, as SPIRITUAL JOURNEYS TRAVEL, are available to supply you with a baby seat on our services commencing in Istanbul, Izmir, Ankara, and Cappadocia with a daily rate of $50. However, there may be extra charges at the other locations. Baby seat requests should be made 7 days before the service commencement date otherwise such an extra service cannot be guaranteed.

The museums and historical sites that are under the control of the Ministry of Culture and Tourism are closed during the first morning of the public holidays while shopping malls and other stores can be closed during the entire official holiday. The museums like Green Mausoleum in Bursa that are governed by other institutions rather than the Ministry of Culture and some historical shopping malls like Covered Bazaar and Egyptian Bazaar are closed during the whole public holiday period. Hereafter are the official holiday dates. Please note that we take no responsibility for any kind of inconvenience that may emerge due to the closures.

01 January New Year’s Day
23 April National Independence & Children’s Day
19 May Youth Sports Day
30 August Victory Day
Ramadan Feast
29 October Republic Day (Anniversary of the Declaration of the Turkish Republic)
Feast of Sacrifice (Feast of Adha)

Beyond these specific closures, the routine closure days have been designated in the related itinerary to avoid any potential problems.

For your information, some of the museums/sites and roads may temporarily be closed for restoration purposes or due to the visit of a dignitary, ceremonies concerning the National Days, etc. beyond our knowledge and control. SPIRITUAL JOURNEYS TRAVEL does not assume any responsibility in such a case and accordingly, no refunds are made for any missing visits.

Should the tour participants have any complaints about any of the tour arrangements, these should be immediately brought to our attention, to remedy the problem momentarily. Furthermore, any such complaints about our tours must be submitted to us in writing, within 30 days after the completion of the services.

As SPIRITUAL JOURNEYS TRAVEL, we do not handle any visa issues. Visa handling companies should be contacted directly for such cases.

Neither does SPIRITUAL JOURNEYS TRAVEL accept any liability for lost, stolen, or damaged personal property (including money), losses, or expenses due to delay or changes in schedules, hotel overbooking or defaults, sickness, epidemics, weather conditions, strikes, war, quarantine, force major, acts of God, or any other causes beyond the direct control of SPIRITUAL JOURNEYS TRAVEL, nor carriers´ or hotel owners´ liability is governed by applicable laws or international conventions. In such cases, all additional expenses have to be covered by the participant. If the participant arrives too late at the port of embarkation and the ship has sailed then all consequences and costs that may occur will be borne by the participant.

All rights to this website are reserved. Except for the quotation of short passages for criticism and review, no part of this confidential tariff may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, without the prior permission of SPIRITUAL JOURNEYS TRAVEL which may cause a penalty and subject to a criminal prosecution regarding domestic and international applicable laws.

 

TURKISH PERSONAL DATA PROTECTION LAW 6698 INFORMATION TEXT (KVKK)

INFORMATION TEXT

YTE Turizm Reklamcilik Basin Yayin Halkla Iliskiler Sanayi ve Ticaret Limited Sirketi (“YTE” Spiritual Journeys Travel) obtains various personal data when you visit our website www.sjtturkey.com (“Web Site”). In this regard, YTE bears the title “data controller” by the Turkish Personal Data Protection Law numbered 6698 (the “PDPL”) and we hereby present this Information Text as per Article 10 of the PDPL.

1. Data Controller
Title : YTE Turizm Reklamcilik Basin Yayin Halkla İliskiler Sanayi ve Ticaret Limited Sirketi
Address : Ismet Kaptan Mahallesi Sevket Ozcelik Sokak Guven Ishani No:59 8/806 Alsancak Konak Izmir/TURKEY
MERSIS Number: 0983040826700018

2. Purposes of Personal Data Processing
Your data such as name, surname, e-mail, and telephone number that you submit to us by filling out the offer and contact form within the scope of the Offer Request or Contact Form during your visit to the Web Site are processed only with your explicit consent or in the presence of one of the cases of compliance with the law specified in Article 5/2 of PDPL as further stated below:

• as it is stipulated under the law in Article 5/2/a of PDPL and as we must fulfill our obligations set forth under the Turkish Code of Obligations, Turkish Commercial Code, Turkish Civil Code, Law No. 5651 on the Regulation of Publications on the Internet and Combating Crimes Committed Through These Publications, PDPL, Electronic Commerce Law, the Regulation of Electronic Commerce and their secondary legislation;
• as it is necessary for the establishment, exercise, or protection of a right within the scope of Article 5/2/e of PDPL, to evaluate and resolve requests and complaints received from you;
• as it is necessary for the legitimate interests of the data controller; provided that the fundamental rights and freedoms of the data subject are not harmed within the scope of Article 5/2/f of the PDPL, to carry out the necessary work, including statistics, and to ensure that you benefit from the products and services offered without disclosing your identity and to copy and back-up to prevent data loss.

3. To Whom and For What Purposes the Personal Data May be Transferred
Your collected personal data may be transferred for the abovementioned legal grounds,

• to the relevant official institutions and judicial authorities, when necessary,
• to our financial and legal consultants; and
• to the intermediary service provider companies that it has contracted for the (“YTE” Spiritual Journeys Travel) website, social media platforms, and software, especially the website with the domain name www.sjtturkey.com, and whose servers are located in Turkey and/or abroad.

4. Methods and Legal Grounds for the Collection of Personal Data
Your data processed for the purposes and reasons stated in Article 2 are collected electronically in writing when you contact us by filling out the contact form or Request for Proposal on the Site or verbally when you contact us.

5. Rights of the Data Subject
We would like to indicate that you have the following rights as the data subject:
• To learn whether your data is being processed,
• If your data is being processed, to demand information in this regard,
• To learn the purposes of the processing and whether the personal data is used in line with such purposes,
• To know the recipients to whom the personal data have been or will be disclosed both domestically and abroad,
• To request from the controller rectification of personal data if the personal data have been processed in an incomplete and wrong manner,
• To request deletion or destruction of personal data if the grounds permitting the processing of personal data no longer exist within the scope of Article 7 of the PDPL,
• To request the notification of third parties to whom the personal data are transferred regarding the rectification if the personal data have been processed in an incomplete or wrong manner or the deletion or destruction of the personal data by Article 7 of the PDPL,
• To object to any adverse result that occurs from the analysis of the processed personal data exclusively via automatic systems,
• To claim compensation if any damage is incurred due to unlawful processing of personal data. In case you wish to exercise one of the rights explained above regarding your data granted under Article 11 of the PDPL, you may apply us in writing in the following ways:
• Sending to our postal address via public notary or registered mail with return receipt requested;
• Sending an e-mail to (“YTE” Spiritual Journeys Travel)’s registered e-mail address yteturizm@hs01.kep.tr; or
• Sending an e-mail to (“YTE” Spiritual Journeys Travel)’s e-mail address info@sjtturkey.com with a secure electronic signature or mobile signature, or by using the e-mail address available in our system which has already been notified by the data subject. (“YTE” Spiritual Journeys Travel) will answer your requests within this scope as soon as possible and no later than thirty days free of charge depending on the nature of the request and deliver it to you in writing or electronically. In case our reply requires additional costs, the fee in the price list may be charged at the amount to be determined by the Personal Data Protection Board.

 

KVKK POLICY OF “YTE” Spiritual Journeys Travel

1. INTRODUCTION

1.1 General
Ensuring the confidentiality and security of personal data and compliance with the relevant legal regulations are among the YTE Turizm Reklamcilik Basin Yayin Halkla Iliskiler Sanayi ve Ticaret Limited Sirketi ’s (“Company”) top priorities and utmost care is taken in this regard. In this context, the process managed by this KVKK Policy on the processing and protection of personal data (” Policy ”) and other written policies within the Company and the targeted aim is to process, store, and protect data the personal data of our employees, employee candidates, visitors and other third parties (”Relevant Persons”) is by the law and to reflect our corporate culture.

In the preparation of this Policy, we see the Constitution of Turkey and 6698 numbered Personal Data Protection Act (the ”KVKK”) located regulations, especially in the legal norms relevant to the protection of personal data and the Personal Data Protection Committee of the provisions in the decision as a guide to our company. In this Policy, explanations regarding the following basic principles adopted by our Company for the processing of personal data will be made:

Processing of personal data by the law and good faith,
Keeping personal data accurate and up-to-date when necessary,
Processing of personal data for specific, clear, and legitimate purposes,
Being linked, limited, and measured with the purpose for which personal data are processed,
Keeping personal data for the period stipulated in the relevant legislation or for the purpose for which they are processed,
Enlightening the relevant persons,
Establishing necessary processes for the relevant persons to exercise their rights,
Taking necessary measures in the processing and preservation of personal data,
Transfer of personal data to third parties in line with the requirements of the processing purpose,
Showing the necessary sensitivity in the processing and protection of special quality personal data,
Deletion, destruction, or anonymization of personal data whose processing purpose has been lost.

1.2 Purpose of the Policy
The main purpose of this Policy is to make explanations about the personal data processing activities carried out by our Company by the law and the procedures adopted for the protection of personal data to inform the Relevant Persons in this context and to ensure transparency. In addition, this KVKK Policy and other written policies aim to make our principle of compliance with KVKK and other relevant legal regulations regarding personal data security sustainable.

1.3 Scope of the Policy
The scope of this policy is for real persons whose personal data are processed by our Company automatically or by non-automatic means provided that they are part of any data recording system, and an Internal Directive on the Protection of Personal Data has been created within the scope of this Policy.

1.4 Implementation of the Policy and Relevant Legislation
This Policy has been concretized and organized within the principles set forth by the relevant legislation. Our company undertakes and accepts that in case of inconsistency between the current legislation and this Policy, the applicable legislation will be applied.

1.5 Enforcement of the Policy
This policy enters into force after being approved by the Board of Directors of our Company, is published on the website (https://www.sjtturkey.com/), and is made available to the Related Persons in this way.

2. DEFINITIONS AND ABBREVIATIONS

• Explicit Consent: Consent on a specific subject, based on information and expressed with free will.
• Constitution: TR Constitution dated 1982.
• Anonymization: Making personal data unable to be associated with an identified or identifiable natural person under any circumstances, even by matching other data.
• Employee: Employees of YTE Turizm Reklamcilik Basin Yayin Halkla Iliskiler Sanayi ve Ticaret Limited Sirketi.
• Employee Candidate: Real persons who have applied for a job at our company in any way or who have submitted their curriculum vitae and related information to our Company for review.
• Related Person: The real person whose personal data is processed.
• Personal Data: All kinds of information regarding an identified or identifiable natural person.
• Processing of Personal Data: All kinds of action performed on data such as obtaining, recording, storing, preserving, changing, reorganizing, disclosing, transferring, taking over, making available, classifying, or preventing the use of personal data, which are fully or partially automatic or non-automatic, provided that they are part of any data recording system.
• Committee: Personal Data Protection Committee.
• Board: Personal Data Protection Board.
• Institution: Personal Data Protection Agency.
• KVKK: Law No. 6698 on the Protection of Personal Data.
• Special Quality Personal Data: Data on race, ethnicity, political opinion, philosophical belief, religion, sect or other beliefs, attire, association, foundation or union membership, health, sexual life, criminal conviction, and security measures, and biometric and genetic data.
• Periodic Destruction Process: The deletion, destruction, or anonymization process specified in the personal data storage and disposal policy and will be carried out.
• Policy: KVKK Policy.
• Potential Customer: Persons who have requested to use our services or who have been evaluated by the rules of business practice and honesty.
• Company: YTE Turizm Reklamcilik Basin Yayin Halkla Iliskiler Sanayi ve Ticaret Limited Sirketi / Spiritual Journeys Travel.
• Related Person Application Form: Application form to be used by the relevant persons while using their applications regarding their rights stated in Article 11 of the KVKK.
• Data Processor: The real and legal person who processes personal data on behalf of the data controller based on the authority given by it.
• Data Record System: Registry system, directory where personal data are structured and processed according to certain criteria.
• Data Responsible: A natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system.
• Data Deleting: Making personal data inaccessible and unavailable in any way for relevant users.
• Data Destruction: Making personal data inaccessible, unrecoverable, and reusable in any way.
• Visitor: Real persons who enter the physical premises owned by the institution for various purposes or visit the websites.

3. PRINCIPLES REGARDING THE PROCESSING OF PERSONAL DATA

3.1 Processing of Personal Data in Compliance with the Principles Stipulated in Legislation

3.1.1 Processing in Compliance with Law and Integrity Rules
Our company has adopted the basic principle of complying with the law and the rules of honesty in all kinds of transactions on personal data. In this context, by adopting the principle of transparency, it informs the Related Persons about the purpose of use of the personal data collected through this Policy and other texts.

3.1.2 Ensuring Personal Data is Correct and Updated When Necessary
Our company has a system and process to ensure the accuracy and up-to-date of the personal data it processes while conducting its data processing activity. In this context, Relevant Persons may make it possible to keep their data accurate and up-to-date by applying to our Company.

3.1.3 Processing for Specific, Explicit, and Legitimate Purposes
Our company determines the purpose of processing personal data within legitimate and legal limits, and presents it to the Related Persons, through this Policy and other texts, before the personal data processing activity begins.

3.1.4 Being Connected, Limited, and Measured with the Purposes for which They Are Processed
Our company processes personal data for the purposes required to carry out the activity in a proportionate and related manner to the field of activity. In this context, while carrying out data processing activities, it carefully avoids processing personal data that are not related to the realization of the purpose and are not needed now / in the future.

3.1.5 Retaining for the Period Stipulated in the Relevant Legislation or Required for the Purpose for which they are Processed
Our company preserves personal data only for the period specified in the relevant legislation or for the purpose for which they are processed. In this context, first of all, it is determined whether a period is determined in the relevant legislation for the storage of personal data, if a period is determined, the appropriate action is taken, and if a period is not specified, the time required for processing each personal data is determined and kept for this period.

In this context, our Company prepares and implements a policy and directive for the deletion, destruction, or anonymization of personal data.

3.2 Processing of Personal Data in Compliance with the Personal Data Processing

Conditions specified in Article 5 of the KVKK and Limited to These Conditions
Our company processes personal data only based on the express consent of the Related Person or in cases where express consent is not sought in the KVKK, without express consent, in a manner limited to these conditions and conditions.

3.2.1. Explicit Consent
Explicit consent is the statement made by the Related Person with free will on a specific subject and based on information. Under Article 5/1 of the KVKK, our Company respects and abides by the explicit consent of the Relevant Person, if required in personal data processing.

3.2.2. Cases Where Explicit Consent is Not Required
Article 5/2 of the KVKK, has accepted the processing of personal data in some cases without the explicit consent of the Related Person. Since obtaining explicit consent from the relevant person in the presence of any of the specified conditions will be considered misleading to the relevant person, our Company does not apply for express consent under the conditions below:

Existence of the provision of law,
Cases of actual impossibilities,
It is necessary to process the personal data of the parties to the contract, provided that it is directly related to the establishment or performance of the contract,
The data controller must fulfill his legal obligation,
The personal data of the relevant business have been developed by him/her,
Data processing is mandatory for the establishment, use, or protection of a right,
The obligation of data processing for the legitimate interests of the data controller provided that the fundamental rights and freedoms of the relevant person are not harmed.

3.2.3 Processing Special Quality Personal Data
Our company shows maximum sensitivity in the processing and protection processes of personal data determined as “special quality” by the KVKK due to the risk of causing greater victimization or discrimination when processed, and the principles accepted for special quality personal data are discussed separately in this Policy.
Personal data of a special nature can be processed by our company in the following cases, if the person concerned does not have the express consent of the person concerned, provided that adequate measures are taken by the Board.
Special quality personal data other than the health and sexual life of the person concerned, in cases stipulated by the law,
Special quality personal data regarding the health and sexual life of the person concerned can only be processed without the express consent of the person concerned by persons or authorized institutions and organizations under the obligation of secrecy to protect public health, conducting preventive medicine, medical diagnosis, treatment, and care services, planning and managing health services and financing.
Our Company has determined additional precautions and processes regarding the processing of special quality data and access to these data. In this context, the environments where private personal data are stored are protected by secondary lock and secondary passwords, and can only be processed by authorized persons within the framework of the authorization matrix.

3.2.4 Transfer of Personal Data
Personal data are provided to supervisory institutions within the framework of auditing activities to fulfill the purposes specified in this Policy, to our shareholders for reasons arising from their supervision and partnership rights by the relevant legal regulations, to legally authorized public institutions and organizations, to our domestic and/or abroad suppliers and business partners, to real persons for whom services are provided or to third parties to whom services are provided within the framework of the personal data processing conditions and purposes specified in Article 8 and Article 9 of the KVKK.

4. PRINCIPLES ON THE PROTECTION OF PERSONAL DATA

4.1 Technical and Administrative Measures Taken by Our Company Regarding the Security of Personal Data

4.1.1 Technical Precautions
The main technical measures taken by our company to ensure the legal processing of personal data and to prevent unlawful access to personal data are as follows:

Personal data processing activities carried out within our company are audited by established technical systems.
Knowledgeable and experienced personnel are employed in technical matters.
Departments related to technical issues have been established.
The technical measures taken are periodically reported to the authorized unit/person as per the internal audit mechanism.
To ensure the safe storage of personal data, a legal backup program is used.
New technological developments are followed and technical measures are taken on systems, especially in the field of cyber security, the measures taken are periodically updated and renewed.
Access and authorization technical measures are used within the framework of legal compliance requirements specified in each department within our company.
Access authorizations are restricted, authorizations are regularly reviewed, and former employees’ accounts are closed.
Software and hardware including virus protection systems and firewalls are used.
The use of counterfeit software and hardware is strongly avoided. All of the products we use are original and licensed.
In this context, our Company is constantly working on the following technical measures determined by the Board:

Authorization Matrix
Authority Control
Access Logs
User Account Management
Network Security
Application Security
Encryption
Penetration Test
Intrusion Detection and Prevention Systems
Log Records
Data Masking
Data Loss Prevention Software
Backup
Firewalls
Current Anti-Virus Systems
Deletion, Destruction, or Anonymization
Key Management

4.1.2 Administrative Measures

The main administrative measures taken by our company to ensure the legal processing of personal data and to prevent unlawful access to personal data are as follows:

Our personnel are informed and trained on the law of protection of personal data and the processing of personal data by the law.
Personal data processing activities carried out by the business units of our company; the requirements to be fulfilled to ensure that these activities comply with the data processing conditions specified in the KVKK are examined for each business unit and the activity carried out.
With the agreements and documents that govern the legal relationship between our company and the employees, records imposing the obligation not to process, disclose, and use personal data, except for the Company’s instructions and exceptions imposed by law, are placed and the awareness of employees on this issue is increased.
To meet the legal compliance requirements determined based on our business units, awareness is created and implemented specific to the relevant business units. Necessary administrative measures are implemented through internal policies and training to ensure the supervision of these issues and the continuity of the implementation.
Access to personal data and authorization processes are designed and implemented within our Company by activity-based legal compliance requirements.
It is followed by the Personal Data Protection Committee, which has been established for convenience and compliance in the follow-up of the work and transactions related to the Personal Data Protection Law and related legal regulations.
In the contracts established by our company with third parties to whom personal data are legally transferred, provisions regarding that necessary security measures will be taken to protect the transferred personal data and that these measures will be followed in their organizations.
In this context, our Company is constantly working on the following administrative measures determined by the Board:

Preparation of Personal Data Processing Inventory
Corporate Policies (Access, Information Security, Use, Storage and Destruction, etc.)
Contracts (Between Data Controller – Data Controller, Data Controller – Data Processor)
Confidentiality Commitments
Internal Periodic and/or Random Inspections
Risk Analysis
Labor Contract, Discipline Regulation (Addition of Provisions According to Law)
Corporate Communication (Crisis Management, Informing the Board and Related Person Processes, Reputation Management, etc.)
Training and Awareness Activities (Information Security and Law)
Notification to Data Controllers Registry Information System (VERBİS)

4.2 Raising Awareness and Control of Our Employees in the Field of Personal Data Protection

Our company provides the necessary training and meetings to raise awareness to prevent unlawful processing of personal data, prevent unlawful access to data, and ensure safe storage of data. To increase the awareness of the current employees of our company about the protection of personal data, we work with professional people in case of need.

4.3 Protection of Special Quality Personal Data

Personal data determined by our company as special with KVKK and processed by the law are protected with precision. In this context, the technical and administrative measures taken by our Company for the protection of personal data have been determined based on the relevant legal regulation and the “Adequate Precautions to be Taken by Data Controllers in the Processing of Specially Qualified Personal Data” published by the Personal Data Protection Authority and carefully is implemented.

4.4 The Process to be Followed in Case of Unauthorized Disclosure of Personal Data

Our company will notify the relevant person and the Board within 72 hours if the personal data it processes is illegally obtained by others. If deemed necessary by the Board, this may be announced on the Board’s website or by any other method.

4.5 Personal Data Inventory

Each unit of our company creates an up-to-date personal data processing inventory. The unit manager is responsible for the accuracy, timeliness, and submission of this inventory to the contact person when necessary. Up-to-date developments in keeping the inventories accurate, applying the current Company policy on the protection of personal data, and protecting personal data are always followed.

5. APPLICATION OF RELATED PERSONS TO THE DATA CONTROLLER, OUR COMMUNICATION CHANNELS AND THE EVALUATION PROCESS OF THE APPLICATION

5.1 Subject of the Application

Our company attaches great importance and value to the rights of the relevant people and we provide them with the opportunity and opportunity to exercise these rights. An Application Form for Data Supervisor has been prepared and published on our website by our company, where the relevant persons can easily submit their requests.

By applying to our company, themselves, everybody has the right;

To learn whether personal data is processed or not,
To request information if personal data has been processed,
To learn the purpose of processing personal data and whether they are used appropriately for their purpose,
To know the third parties to whom personal data are transferred domestically or abroad,

To request correction of personal data in case of incomplete or incorrect processing,
To request the deletion or destruction of personal data within the framework of the conditions stipulated in Article 7 of KVKK,
To request notification of the transactions made under subparagraphs (d) and (e) to third parties to whom personal data have been transferred,
To object to the occurrence of a result against the person itself by analyzing the processed data exclusively through automated systems,
In case of damage due to unlawful processing of personal data, demand the compensation of the damage.

5.2 Application Method and Address

Our communication channels and method to use the above rights are as stated in the table below:

Application Method

Application Address

Application Subject Heading

Application by hand (If the applicant applies to us, a document certifying the identity, and a notarized power of attorney must be available in case of an application by proxy.)

“Request for Information within the Scope of the Law on Protection of Personal Data” will be written on the envelope.
Notification through notary

“Request for Information under the Law on Protection of Personal Data” will be written in the notification envelope.
Email via E-signature / Mobile Signature

“Request for Information under the Law on Protection of Personal Data” will be written in the subject part of the e-mail.
Application via Registered Electronic Mail (KEP) address

“Request for Information under the Law on Protection of Personal Data” will be written in the subject part of the e-mail.
E-mail address registered in our systems (Your e-mail address must have previously been matched with your identity in our systems.)

5.3 Post-Application Process

Applications submitted to us are answered within 30 (thirty) days at the latest from the date of receipt of the request to our Company, depending on the nature of the request. Our responses are sent to the Data Supervisor based on the form of notification specified by the applicant in the Application Form.

In case the application is rejected by Article 14 of the KVKK, the response is found to be insufficient or the application is not answered in time; it can make a complaint to the Board within thirty days from the date our company learns its answer and in any case within sixty days from the date of application.

5.4 Application Fee

Applications are made free of charge as a rule. However, if the transaction requested by the relevant persons requires an additional cost, the fee in the tariff determined by the Board will be charged by our Company.

6. ENLIGHTENING AND INFORMING RELATED PERSONS

Our company, by the regulation in Article 10 of the KVKK, enlightens the relevant persons about the process of obtaining personal data through this Policy and the Clarification Text and other texts that are easily accessible on our website. In this context, our Company informs the relevant persons about the identity of the data controller, the purpose for which personal data will be processed, to whom and for what purpose the processed personal data can be transferred, the method and legal reason for collecting personal data and other rights of the person concerned.

An Application Form for Data Supervisor has been created and published on the website of our Company for the relevant person to use his / her rights stated in the KVKK more easily. The relevant section is explained in detail under the title number 5.

7. PROCESSING PURPOSES OF PERSONAL DATA AND STORAGE PERIOD

7.1 Purposes of Processing Personal Data

Our company processes personal data as personal data limited to the purposes and conditions within the personal data processing conditions specified in Articles 5 and 6 of the KVKK. These terms and conditions;

The processing of personal data is stipulated by the law for our Company to engage in relevant activities,
The processing of personal data by our Company is directly related to and necessary to the establishment or performance of a contract,
Processing of personal data is mandatory for our Company to fulfill its legal obligation,
The processing of your data by the Company in a limited way to make you public provided that it has been made public by the person concerned,
Processing of personal data by the Company is mandatory for the establishment, use, or protection of a right of the Company,
It is mandatory to perform personal data processing for the legitimate interests of the Company, provided that the fundamental rights and freedoms of the relevant persons are not damaged,
Our company must process personal data for the protection of the life or body integrity of the relevant persons or another person, and in this case, the persons concerned are unable to disclose their consent due to the actual impossibility or legal invalidity,
Special quality personal data other than the health and sexual life of the relevant persons, in the cases stipulated by the law,
Special quality personal data related to the health and sexual life of the relevant persons are processed by persons or authorized institutions and organizations under the obligation of secrecy to protect public health, conducting preventive medicine, medical diagnosis, treatment, and care services, planning and managing health services and financing.

7.2 Storage Periods of Personal Data

As a company, we keep personal data for the period specified in this legislation if it is stipulated in the relevant legislation. In addition, our obligations arising from the relevant contracts, and our administrative and legal responsibilities/liabilities are also taken into account in determining the retention periods.

When the purpose of processing personal data has expired the retention period determined by the relevant legislation and the company has reached the end, these personal data are deleted and backed up only to provide evidence in possible legal disputes or to assert the relevant right related to personal data. In this case, access to personal data is not provided for any other purpose. Personal data are destroyed or anonymized after the expiration of the periods specified in our Company’s Personal Data Storage and Destruction Policy.

The processed personal data and personal data inventories are reviewed in 6-month periods and the personal data that need to be deleted/destroyed are deleted/destroyed within these 6-month periodic destruction periods and the transaction is recorded.

8. PERSONAL DATA PROCESSING ACTIVITIES CARRIED OUT IN THE WORK AREAS

8.1 Camera Monitoring Activity at the Entrances and Inside of the Work Areas

To ensure the security of the Related Persons and our Company, our company performs personal data processing activities for the place where we serve and where we carry out these services, security camera monitoring activity at the entrance and inside of the work areas, and the tracking of entrances/exits and overtime. In this context, as the Company, we act by KVKK and other relevant legislation.

8.2 Informing About Camera Monitoring Activity

Relevant persons are enlightened by our company by Article 10 of the KVKK; in this way, it is aimed to prevent harm to the fundamental rights and freedoms of the persons concerned and to ensure transparency. For camera surveillance activities, the Company’s website clarifies both this Policy (online Policy) and a notification letter (on-site lighting/layered lighting) that it will be monitored at the entrances of the monitoring areas.

8.3 Purpose and Limitation of Camera Monitoring

As a company, we process personal data in connection with the purpose for which they are processed, in a limited and measured manner by KVKK. The purpose of continuing the video camera recording and monitoring activities by the company is limited to the purposes listed in this Policy.

Accordingly, the monitoring areas of security cameras, their number, and when to be monitored are put into practice as sufficient and limited for this purpose.

8.4 Ensuring the Security of Data Obtained by Camera Monitoring

All necessary technical and administrative measures are taken by the company to ensure the security of personal data obtained through camera recording. Detailed information can be found in technical measures for data protection.

8.5 People to Have Access to the Information Obtained As A Result of Monitoring and Information Transferred

Only authorized persons can access the information and storage environment obtained as a result of monitoring. The live camera images can be watched by the security guards who are employees of the Company or outsourced. A limited number of people who have access to the records declare that they will protect the confidentiality of the data they access with a confidentiality commitment.

8.6 Guest Entry / Exit Tracking Executed at the Entrances and Inside of the Work Areas

Personal data processing activities are carried out by the company and the outsourced company to ensure security and for the purposes specified in this Policy, for tracking guest entry and exit in the Company’s work areas.

While obtaining the names and surnames of the persons who come to our work areas as guests, the relevant persons are enlightened through the texts posted in the relevant areas or made available to the guests in other ways. The data obtained to track guest entry and exit are processed only for this purpose and the relevant personal data are recorded in the data recording system in physical and/or electronic media.

8.7 Recording Information of Electronic Devices at the Entrances of Work Areas

As a company, we record the MAC addresses of computers or similar electronic devices when our guests use their personal computers or similar electronic devices in connection with the care and sensitivity we show to the protection of information security and personal data. The reason for this is to ensure the security of our company and the people whose personal data are within our company.

9. REVIEW

This policy is approved by the Company’s board of directors and becomes effective. Regarding the changes to be made in the policy, the approval of the person (s) to be authorized by the board of directors is obtained. The issues regarding the implementation of this policy within the Company have been systematized with the internal policies, procedures, and internal guidelines. The policy is reviewed every 6 months and, if necessary, revisions are made regarding the approval of the authorized person.

10. PERSONAL DATA PROTECTION COMMITTEE

The company has appointed a contact person within the framework of personal data protection law. A committee of 2 persons was formed among the employees of the company units. The committee is chaired by the Company contact person. The contact person acts with the views and recommendations of the Committee on administrative and technical measures. About administrative and technical measures, the principles determined by the Committee are taken into account. The Committee makes every effort to comply with the Company’s data protection legislation. The contact person supervises the Company units for which he is responsible within the scope of personal data protection law. As a result of these audits, it warns the relevant units when necessary and informs the senior management about the situation. The contact person ensures the coordination of the relevant person applications made to the Company to be answered within the legal terms and by the procedure. The contact person manages the relations of the Company with the Personal Data Protection Authority.

11. ENFORCEMENT

This Policy comes into force as of the date it is accepted and announced by the company’s board of directors / authorized bodies.