PRIVACY AND COOKIE POLICY

PROTECTION OF PERSONAL DATA AND PRIVACY POLICY
DEFINITIONS:
Explicit Consent: Consent on a specific subject, based on information and expressed with free will
Anonymization: Making personal data unable to be associated with an identified or identifiable natural person in any way, even by matching it with other data.
Application FormThe form submitted in the annex of this Policy, containing the application to be made by the data owner to exercise his rights within the framework of the relevant legislation
Website: Website with 6odaalacati.com domain name belonging to the Company
Personal Data: Any information relating to an identified or identifiable natural person
Processing of Personal Data: Obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making available, classifying or preventing the use of personal data by fully or partially automatic or non-automatic means, provided that it is a part of any data recording system
Sensitive Personal Data: Data related to race, ethnicity, political opinion, philosophical belief, religion, sect or other beliefs, dress, membership to associations, foundations or unions, health, sexual life, criminal convictions and security measures, and biometric and genetic data
Data Owner: The real person whose personal data is processed
Data Processor: The natural or legal person who processes personal data on behalf of the data controller based on the authorization given by him
Data Controller: The natural or legal person who determines the purposes and means of processing personal data and manages the place where the data is kept systematically (data recording system)
ABBREVIATIONS
KVKK: Law on the Protection of Personal Data No. 6698, published in the Official Gazette dated April 7, 2016 and numbered 29677
KVK Board: Personal Data Protection Board
Policy : 6 ODA ALACATI. Personal Data Protection and
Privacy Policy
PROTECTION OF PERSONAL DATA AND PRIVACY POLICY
ENTRANCE
As 6 ODA ALACATI, our customers who request to receive service from our hotel and receive service and/or purchase products from our hotel through the website named 6odaalacati.com, our users and members who use our Company's Websites and become members of these Websites, our hotel, other real persons who establish a relationship with us by visiting our website or through our social media accounts or in any other way; in person or as a representative of a company or organization, we attach great importance to the protection of the personal data of persons who contact/contract with us.
In this context, as 6 ODA ALACATI, we have prepared this Personal Data Protection and Privacy Policy in order to ensure compliance with the Personal Data Protection Law No. 6698 and other legislation and to explain our principles regarding the processing of personal data within the framework of KVKK.
PURPOSE AND SCOPE
KVKK was published in the Official Gazette dated April 7, 2016 and numbered 29677. KVKK has been regulated in order to protect the fundamental rights and freedoms of real persons whose personal data are processed, including the privacy of private life, and to determine the obligations of real and legal persons who process personal data.
The purpose of this Policy; to determine the necessary management instructions, procedures and conditions and to establish a technical method to ensure that personal data is processed and protected by the Company in accordance with the KVKK.
This Policy is applied in the activities carried out for the processing and protection of all personal data held by the Company as "Data Controller" and/or "Data Processor". The policy has been handled and prepared based on the KVKK and other legislation regarding the processing and protection of personal data.
PERSONAL DATA
Definition of Personal Data
Within the framework of Article 3/I(d) of the KVKK, "personal data" refers to all kinds of information relating to identified or identifiable natural persons. In this context, anonymous information, anonymized information and other data that cannot be associated with a specific person are not considered personal data within the scope of this Policy.
General Principles in the Processing of Personal Data
Within the framework of Article 3/I(e) of the KVKK, all kinds of operations that can be performed on personal data such as obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making available, classifying or preventing the use of personal data by fully or partially automatic or non-automatic means, provided that it is a part of any data recording system, are within the scope of "data processing" enters.
The Company processes personal data in accordance with the following principles:

1. Compliance with the law and honesty rules

2. Be accurate and up-to-date when necessary

3. Processing for specific, explicit, and legitimate purposes

4. Being relevant, limited and restrained to the purpose for which they are processed

5. To be kept for the period stipulated in the relevant legislation or required for the purpose for which they are processed

In this context, by the Company, in written, verbal or electronic media through hotels or the Website and all kinds of channels, including but not limited to; Your personal and/or sensitive personal data obtained within the scope of KVKK and other legislation; It can be obtained, recorded, stored, stored, preserved, exchanged in the ways stipulated in the KVKK, shared with 3rd party real or legal persons in the country and abroad deemed appropriate by the Company for legal and legal reasons or in line with the legal and actual requirements of the product sales and service provided by the Company, and can be processed, including transferring it abroad by other methods.
Data Processed by the Company
In general
The Company may process general and special categories of personal data with the explicit consent of the data owner or without explicit consent in cases stipulated in Articles 5 and 6 of the KVKK.
The Law No. 6502 on the Protection of the Consumer, the Regulation on Distance Contracts issued within the scope of this law, the Law No. 6563 on the Regulation of Electronic Commerce, the Regulation on Service Providers and Intermediary Service Providers in Electronic Commerce prepared on the basis of this law, the Labor Law No. 4857, the Social Insurance and General Health Insurance Law No. 5510, the Turkish Commercial Code No. 6102, the Tax Procedure Law No. 213,  Personal data can be processed within the provisions of the Identity Reporting Law No. 1774 and all other laws, including but not limited to those listed, the regulations related to these laws, the communiqué and all other legal regulations, and the relevant legislation.

1. Other additional data such as name, surname, profession, resume, profession, gender, marital status, nationality to recognize and distinguish the data owner,

2. In cases where identity presentation is required, the data contained in the documents for identification such as identity, passport, driver's license,

3. Contact information such as address, telephone, e-mail and fax number and mobile phone number of home, workplace or temporary residence,

4. Communication records such as telephone calls, e-mail correspondence with the company and other audio and video data, complaint and request records

5. Data used to determine consumer and user habits in order to increase service and product sales standards and Website usage data,

6. Internet protocol (IP) address, device ID, statistics on web page views and mobile and other digital applications, incoming and outgoing traffic information, referral URL, internet log information, location information, information on the transactions and actions performed through the sites visited and our websites, advertisements and e-mail contents.

Privately
In the light of other legislation and the principles contained in this Policy, in line with the legitimate interest of the Company, the personal data that may be processed by the Company are listed below:
Data on Users of Websites and Online Visitor Data:

• Data relating to Users of the "6odaalacati.com" Website and online visitor data: User Information (information about membership, User ID number, etc.) IP address, Transaction Security Information (Password information, etc.), Cookie records, Data and evaluations showing the habits and tastes of the User and/or Visitor, Commercial electronic message approval/permission given by the User and/or Visitor electronically, Membership and User Agreement approved by the User and/or Visitor, other written texts on the Website and approved by the User and/or Visitor,  Commercial electronic messages sent within the scope of the consent given by the User and/or Visitor, records related to the management of request and complaint processes.

• "6odaalacati.com" Website visitor data: IP address, Cookie records, data and evaluations showing Visitor habits and tastes, Terms of Use approved by the Visitor, other written texts on the Website and approved by the User and/or Visitor.

Buyer Data Purchasing Services and Products on Websites:

• "The data of the Buyer who purchased the Product offered for sale by the Seller on the 6odaalacati.com, the data subject to the purchase and the data of the person who will use the purchased Product: Identity information of the Buyer, passport number, Contact Information (mobile phone, e-mail address, address, etc.), invoice and collection information, type, number, price, order date of the purchased Product, data of the person who purchased the Product, discount coupons used during shopping,  campaigns, if any; Commercial electronic message permission given by the Buyer electronically, Distance Sales Agreement and Preliminary Information Form approved, other written texts approved by the Buyer, commercial electronic messages sent within the scope of the Buyer's approval, records related to the management of request and complaint processes, IP address, password, password information.

• Data of the person purchasing services through "6odaalacati.com": Identity Information (Name, surname, gender), Location Information (User, city, region where the Visitor is located, etc.), Contact Information (mobile phone, e-mail address, etc.), Data required within the scope of the measures taken during the Covid-19 period, User Information (User ID number, etc.), billing and collection information, purchased service information, data belonging to the person who purchased the service, discount coupons used during purchase,  campaigns, if any; Commercial electronic message permission given by the Buyer electronically, the Distance Reservation Agreement and Preliminary Information Form approved, other written texts approved by the Buyer, commercial electronic messages sent within the scope of the Buyer's approval, records related to the management of request and complaint processes, IP address, password, password information.

•  Customer data transacting through the Call Center: Identity Information (Name, surname, T.R. identity number, Passport Number for non-Turkish citizens), Contact Information (mobile phone, e-mail address, address, etc.), Distance Reservation Agreement and Preliminary Information Form,

• Data related to the Hotel Customer: Identity Information (Name, surname, date of birth, gender, TR ID number, passport information), Contact Information (mobile phone, e-mail address, address, etc.), Written texts approved by the Customer, Data required within the scope of the measures taken during the Covid-19 period, Commercial electronic messages sent within the scope of the Customer's approval, records related to the management of request and complaint processes, information about your stay and visit,  billing and collection information, information about your purchase of products or services during your stay, payment information, information of the people staying with you, business status information, records of your marketing and communication preferences, your IP address, the pages you view on the website of the hotels, the data that identifies your mobile device if you visit our site with your mobile device, and the data that you have expressly chosen and approved to provide to us or that you have expressly agreed to provide to us or that you have received from third parties Any other information that we may obtain with your consent, camera recordings.

Purposes of Processing Personal Data
6 ODA ALACATI may process personal data for the following purposes and may be kept for the period required by these purposes and in any case for the periods required by the legal regulations:

1. Fulfillment of all legal and administrative obligations,

2. Negotiating, establishing and executing contracts concluded/planned to be concluded,

3. Providing accommodation services in hotels,

4. Processing of data related to online visitors within the scope of other legislation,

5. Performing the membership process by the Users on the Website, creating and editing the personal account of the Members/Users on the Website and managing the membership transactions through the personal account, informing the individuals and Members/Users who have commercial electronic message approval about the campaigns and opportunities, or providing prices, marketing, other opportunities, benefits, offers and information to the Members/Users,

6. To be able to make purchases for the products offered for sale on the Website,

7. Ensuring the security of all websites and other electronic systems, social media accounts and physical environments belonging to the Company,

8. Promotion and marketing of the Company's products and services provided and their development, taking the opinion of the data owner through surveys and votes,

9. Investigation, detection, prevention of violations of the contract and the law and reporting them to the relevant administrative or judicial authorities,

10. Resolution of current and future legal disputes,

11. Answering requests and questions, evaluating and resolving complaints

12. Realization of corporate and partnership law transactions,

13. Data processing is mandatory for the establishment, exercise or protection of a right,

14. Provided that it does not harm the fundamental rights and freedoms of the data owner, protection of the legitimate interests of 6 ODA ALACATI.

 
Transfer of Personal Data
Provided that it complies with the general principles listed in the KVKK and the conditions stipulated in Articles 8 and 9 of the KVKK and takes the necessary security measures, the Company may transfer the personal data provided to third parties in the country and abroad and process and store it on servers located in the country and abroad or in other electronic media for the purposes specified in this Policy. Although the third parties to whom personal data can be transferred may vary depending on the type and nature of the relationship between the data owner and the Company (/user/membership relationship, business relationship, etc.) and various factors such as this, they are generally as follows: (i) Company Group Companies, (ii) custodians, platform owners, data publishing organizations, infrastructure providers and other business partners with whom the Company works in the country and abroad,  suppliers and subcontractors, (iii) all kinds of official authorities and institutions, (iv) banks and/or institutions authorized for collection purposes, and domestic and foreign organizations and other relevant third parties working to carry out activities related to these purposes.

1. Method of Collecting Personal Data

The Company may obtain personal data in written, verbal, audio or video recordings or other physical or electronic forms for the purposes specified in this Policy within the framework of the conditions in Articles 5 and 6 of the KVKK. In addition, personal data; It can also be collected through hotels, headquarters and other physical environments belonging to the Company, websites, mobile applications, electronic transaction platforms, social media and other public channels or events, sales and marketing units, customer forms, channels such as digital marketing, contracts, applications, forms, offers, cookies used in Website visits, which data owners can contact.

1. Retention Period of Personal Data

Except in cases where there is a legal requirement or permission to store for longer periods, the Company stores the personal data it processes by providing it in accordance with the KVKK in line with the purposes specified in this Policy and the Personal Data Retention and Destruction Policy for the periods specified in the KVKK and other special laws.
In the event that the purpose of processing personal data expires and the retention periods determined by the Company in accordance with the KVKK with other legislation and other legislation expire, personal data is stored only for the purpose of proving the relevant right related to personal data and/or establishing a defense, or if requested by the competent official authorities. In determining the aforementioned periods, the statute of limitations and retention periods determined in the relevant legislation are taken as basis for the assertion of the aforementioned right. In this case, the stored personal data is not accessed for any other purpose and access to the relevant personal data is provided only when it is required to be used in the relevant legal dispute
The specified periods are meticulously followed by the Company and the personal data that is determined to have expired the above-mentioned retention periods are deleted, destroyed or anonymized by the Company in accordance with the KVKK, as detailed in the Personal Data Retention and Destruction Policy.

1. Security and Control of Personal Data

Within the framework of Article 12 of the KVKK, the Company, as the "data controller", takes the necessary technical and administrative measures to ensure the appropriate level of security in order to prevent the unlawful processing of personal data and unlawful access to the data and to ensure the protection of personal data. For this purpose, (i) it is ensured that activities are carried out in accordance with the internal policies and rules prepared for the protection of personal data, (ii) employees are given the necessary training and responsibilities regarding the personal data protection legislation and the internal policies and rules prepared in this direction, (iii) all necessary declarations and commitments for the confidentiality and protection of data are obtained from employees and persons and institutions that process data on behalf of the Company,  (iv) necessary information security measures are implemented to ensure the security of personal data inside and outside the Company and to prevent unauthorized access to data, (v) it is ensured that internal policies and rules established for the protection of personal data are complied with, (vi) the adequacy of the measures taken is checked and new data security systems are provided according to the needs and possibilities and/or existing data security systems are developed, updated and necessary audits are carried out in this regard It is done.

1. Measures Taken by the Company for the Protection and Security of Personal Data

Company;

1. It ensures that all personal data collected is processed in accordance with the principles listed in Article 4 of the KVKK and in accordance with the conditions specified in Articles 5 and 6.

2. It fulfills the "Obligation to Information and Clarification", which is the obligation of the data controller within the scope of KVKK, through the Clarification Texts published on the internet and all other relevant platforms.

3. In its capacity as Data Controller, it establishes the necessary infrastructure to provide "explicit consent" for the provision and processing of personal data in accordance with the KVKK, if required by law.

4. For communication, marketing, opportunity notifications and promotional purposes; It establishes the necessary infrastructure for the provision of personal data in accordance with the KVKK and makes the necessary revisions in the applications within the Company.

5. In job applications and recruitment processes, it takes the necessary measures by creating the necessary conditions for the provision and preservation of personal data in accordance with the KVKK.

6. Personal data processed in accordance with the provisions of the KVKK and other relevant laws are deleted, destroyed or anonymized by the Company, ex officio or upon the request of the person concerned, in a way that cannot be used or retrieved in any way, in the event that the reasons requiring their processing disappear and the periods mentioned in the article titled "Personal Data Retention Periods" of this Policy and the Personal Data Retention and Destruction Policy expire. In order to ensure data security, the Company imposes restrictions in accordance with the KVKK in internal data access authorizations, and carries out the destruction of the data deemed necessary to be destroyed.

7. It takes all kinds of technical and administrative measures to prevent unlawful processing of personal data and unlawful access to this data, and to ensure that personal data is protected in accordance with the KVKK. It develops in-house encryption policies for data security and secure storage and configures existing encryption systems.

8. It takes the necessary in-house measures to prevent data leaks with in-house applications and outsourced support products.

9. It determines the legal retention periods in accordance with the relevant legal regulations according to the nature of the data provided, develops and puts into effect the retention policies in accordance with these periods in the company's practice.

10. It takes measures to prevent unauthorized access and use of the personal data processed and transferred or received as a result of the transfer by different departments within the Company and by real or legal persons who process personal data on its behalf based on the authorization given by the Company.

11. Based on the authorization it gives, it periodically audits the personal data retention activities carried out by real or legal persons who process personal data on its behalf.

12. Although the necessary technical and administrative measures have been taken regarding the processing, transfer and storage of personal data; if there is unlawful access to personal data by third parties; It takes all technical and administrative measures to prevent the relevant persons from being harmed in accordance with the relevant legislation regarding the protection of personal data and the decisions of the KVK Board.

13. It periodically monitors and audits that the data recording systems used within the company are created and used in accordance with the KVKK and the relevant legislation.

1. Rights of the Data Owner within the Framework of KVKK

Pursuant to Article 11 of the KVKK, data owners:

1. To learn whether personal data is processed or not,

2. Requesting information if personal data has been processed,

3. To learn the purpose of processing personal data and whether they are used in accordance with their purpose,

4. To know the third parties to whom personal data is transferred in the country or abroad,

5. Requesting correction of personal data in case of incomplete or incorrect processing,

6. Requesting the deletion or destruction of personal data within the framework of the conditions stipulated in Article 7 of the KVKK,

7. Requesting notification of the transactions made pursuant to subparagraphs (d) and (e) to third parties to whom personal data has been transferred,

8. Objecting to the occurrence of a result against the processed data by analyzing them exclusively through automated systems,

9. Requesting the compensation of the damage in case of damage due to unlawful processing of personal data,

has the rights.
In the event that the data owners wish to exercise any of the above-mentioned rights, they must fill out the application form and submit a wet-signed copy of the form together with the information and documents that will identify them, by applying in person or through a notary public, to the Company's "12002 sok. No13 Alaçatı , Çeşme ". In the event that the Personal Data Protection Board decides to submit the requests by methods other than those mentioned above, the ways in which the applications can be submitted will be announced separately.
The Company will evaluate and conclude the requests duly received from the data owners as soon as possible and in any case within 30 (thirty) days at the latest, depending on the nature of the request within the framework of Article 13 of the KVKK.
Although the requests of the data owners will be concluded free of charge as a rule, if the response to the request requires an additional cost, a fee may be charged in the amounts determined within the framework of the relevant legislation.
COOKIES AND SIMILAR TECHNOLOGIES
During access to the websites, electronic platforms, mobile and digital applications owned by the Company, or e-mail messages or advertisements sent by the Company, to the users' computers, mobile phones, tablets or other devices accessed/used; In order to show customized content to visitors and to engage in online advertising activities, it can place small data files that enable the recording and collection of certain data by technical means. These data files placed on computers and other devices may be cookies, pixel tags, flash cookies and web beacons, as well as other similar technologies for data storage purposes. (hereinafter referred to as "Cookies") It is also possible to collect personal data through cookies, and to the extent that the data obtained through cookies constitute personal data within the framework of Turkish law, it may be possible for the Company to process them within the scope of this Policy and KVKK. The user can remove cookies and reject cookies by turning off the warnings. If the user rejects cookies, he may continue to use the website in question, but he may not be able to access all functions of the medium in question or his access may be limited. Detailed information about cookies and the use of cookies can be found in the 6odaalacatı.com Cookie Policy.
THIRD PARTY SITES, PRODUCTS AND SERVICES
The Company's websites, platforms and applications may contain links to third party websites and products. These links are subject to the privacy policies of third parties, third parties and third party sites are independent of the Company and the Company will not be responsible for the privacy practices of third parties in any way.
CHANGES
The Company has the right to make changes to this Personal Data Protection and Privacy Policy from time to time in the light of the Regulation articles and other legislation to be issued in accordance with the KVKK and for other reasons, including but not limited to. The current version of the Policy will be published on the websites of the Company and will be kept accessible to users and members from their websites.
EFFECTIVE
This Policy will enter into force on the date of publication and will continue to be in effect until it is removed from the website.
APPENDIX - COMPANY PERSONAL DATA STORAGE AND DESTRUCTION POLICY
DEFINITIONS
Related User
Except for the person or unit responsible for the technical storage, protection and backup of the data, they are the persons who process personal data within the organization of the data controller or in line with the authorization and instruction received from the data controller.
Annihilation
It means the deletion, destruction or anonymization of personal data.
Periodic Destruction
It refers to the deletion, destruction or anonymization process to be carried out ex officio at repeated intervals specified in the personal data storage and destruction policy in the event that all of the conditions for processing personal data in the law disappear.
Deletion of Personal Data
It is the process of making personal data inaccessible and unusable for the relevant users in any way.
Destruction of Personal Data
It is the rendering of personal data that cannot be accessed, retrieved or reused by anyone in any way.
Anonymization of Personal Data
It is the rendering of personal data that cannot be associated with an identified or identifiable natural person in any way, even by matching it with other data.
PURPOSE AND SCOPE OF PERSONAL DATA STORAGE AND DESTRUCTION POLICY
The purpose of this Storage and Destruction Policy; Deletion of Personal Data, which entered into force after being published in the Official Gazette dated 28.10.2017 and numbered 30224, which constitutes the secondary regulation of the KVKK and KVKK, in the event that the reasons requiring the processing of the personal data belonging to the relevant persons of the Company are processed, stored, protected and processed in accordance with the provisions of the law, despite the fact that the reasons requiring their processing disappear and the legal retention periods expire,  To establish management instructions, procedural conditions and a technical policy in order to ensure that it is deleted, destroyed or anonymized in accordance with the Regulation on Destruction or Anonymization ("Regulation") and to ensure the fulfillment of the obligations arising from the Regulation.
This Storage and Destruction Policy is applied in activities related to the storage and destruction of personal data processed by the Company.
This Storage and Destruction Policy has been handled and prepared based on the KVKK, the "Regulation on the Deletion, Destruction or Anonymization of Personal Data" and other legislation regarding the storage and destruction of personal data.
ACTIVITIES OF DELETING, DESTROYING AND ANONYMIZING PERSONAL DATA CARRIED OUT BY THE COMPANY
Personal data are kept by the Company only within the retention and statute of limitations specified in the relevant legislation and/or for the period required for the purpose for which they are processed. Accordingly, the Company first determines whether there is any period and/or statute of limitations for the storage of personal data in the relevant legislation and stores personal data in accordance with these periods. In the event that no period is stipulated in the relevant legislation, personal data is stored in accordance with the KVKK and for the period required for the purpose for which they are processed.
Although the Company has been processed in accordance with the provisions of the relevant law, as regulated in Article 7 of the KVKK, in the event that the reasons requiring its processing disappear and/or the legal retention periods expire, ex officio or upon the request of the person concerned, to delete personal data in accordance with Articles 8, 9 and 10 of the "Regulation on the Deletion, Destruction or Anonymization of Personal Data",  destroys or anonymizes.
In order to fulfill its obligations arising from the Law and Regulation, the Company takes the necessary measures in technical and administrative terms; It has developed the necessary functioning mechanisms in this regard; It trains the relevant units in order to comply with these obligations and makes the necessary assignments in this regard.
SITUATIONS REQUIRING THE DESTRUCTION OF PERSONAL DATA AND METHODS OF DELETING, DESTROYING AND ANONYMIZING PERSONAL DATA

1. Situations Requiring the Destruction of Personal Data

Pursuant to the KVKK and the Regulation, personal data belonging to data owners are deleted, destroyed or anonymized by the Company ex officio or upon request in the following cases:

1. Amendment and/or repeal of other legislative provisions that form the basis for the processing, storage and retention periods of personal data in a way that eliminates the obligation regarding the storage of personal data,

2. The disappearance of the purpose requiring the processing or storage of personal data,

3. Elimination of the "Conditions for Processing Personal Data" specified in Articles 5 and 6 of the Law.

4. In cases where the processing of personal data takes place only on the basis of the condition of "explicit consent", the data owner withdraws his consent,

5. Acceptance by the data controller of the application made by the data owner for the deletion, destruction or anonymization of his personal data within the scope of his rights mentioned in subparagraphs 1/e-f of Article 11 of the KVKK,

6. Decision by the Board on the deletion, destruction or anonymization of personal data,

7. After the expiry of the maximum period requiring the storage of personal data, there is no legal requirement that would justify storing personal data for a longer period of time,

1. Methods of Deletion, Destruction and Anonymization of Personal Data

The Company uses deletion, destruction or anonymization methods in accordance with KVKK in the destruction of personal data:

1. Deletion Methods: The company, as a deletion method according to the nature of personal data and its environment; It uses one or more of the methods of delete, blackout, and delete from the database by command.

2. Destruction Methods: The company, as a method of destruction according to the nature of personal data and its environment; It uses one or more of the methods of physical destruction, de-magnetization, overwriting.

3. Anonymization Methods: In order to anonymize personal data, the Company uses one or more of the methods of regional hiding, removing variables, extracting records, generalizing, lower and upper bound coding, global coding, sampling, data exchange, adding noise, micro-combining, data mixing and distortion as an anonymization method according to the nature, size, physical environment, variety, benefit to be obtained from the data and the purpose of processing.

1. UNIT, TITLE AND JOB DESCRIPTIONS OF COMPANY PERSONNEL INVOLVED IN PERSONAL DATA STORAGE AND DESTRUCTION PROCESSES

The person(s) working in the position detailed below will be responsible for the storage, deletion, destruction and anonymization of personal data from the database. The job descriptions of these persons have been determined by the Company as follows:

1. STORAGE AND DISPOSAL PERIODS

Data Categories
Retention Periods
Disposal Times
Data belonging to the Customer, Membership and Buyer and Subject to the Order/Purchase Transaction
10 years after the legal relationship ends within the scope of the Turkish Commercial Code No. 6102; In accordance with the Law No. 6563 on the Regulation of Electronic Commerce and the relevant secondary legislation, accommodation documents for 3 years, and in accordance with the Regulation on the Implementation of the Identity Reporting Law, accommodation documents for one year are valid for 1 year starting from the calendar year following the year in which they are issued; Accommodation Record Books, 5 years starting from the calendar year following the year in which it is filled
Upon expiration of the storage period, at the first periodic disposal.
Call Center Voice Recordings
10 years after the legal relationship ends within the scope of the Turkish Commercial Code No. 6102, 10 years after the legal relationship ends within the scope of the Turkish Code of Obligations,
Upon expiration of the storage period, at the first periodic disposal.
All records related to Financial and Accounting transactions
10 years under the Turkish Commercial Code No. 6102, 5 years under the Tax Procedure Law No. 213
Upon expiration of the storage period, at the first periodic disposal.
Records of electronic commerce transactions
3 years from the date of the transaction
Upon expiration of the storage period, at the first periodic disposal.
Commercial Electronic Message records
3 years from the date of withdrawal of consent
Upon expiration of the storage period, at the first periodic disposal.
5 years as per company policy

1. TECHNICAL AND ADMINISTRATIVE MEASURES TAKEN BY THE COMPANY TO PREVENT THE SECURE STORAGE OF PERSONAL DATA AND ITS UNLAWFUL PROCESSING AND ACCESS

1. Necessary technical and administrative measures have been taken by the Company to prevent unlawful processing of personal data, unlawful access to personal data, and to ensure that personal data is protected in accordance with the KVKK.

2. The company limits the access authorizations of the personnel in order to ensure data security and limit authorization.

3. It limits the access authorizations of the personnel on the company main server.

4. In order to ensure data security at the company, encryption techniques are introduced and the obligation to change the password periodically is applied.

5. The company protects all areas on the website or mobile application from which personal data is received with SSL.

6. Software and hardware including virus protection systems and firewalls are installed by the company and on the platforms it owns.

 
6odaalacatı.com Cookie Policy
This 6odaalacatı.com.tr Cookie Policy ("Cookie Policy") has been prepared to inform the visitors of the website named 6odaalacatı.com ("Website") regarding the use of 6odaalacatı.com cookies and the principles and details of the use of this cookie.
1- Information about cookies
6 ODA ALACATİ's computer, mobile phone, tablet or other devices accessed/used during access to the Website, electronic platforms, mobile and digital applications or e-mail messages or advertisements sent by the 6odaalacatı.com; In order to show customized content to visitors and to engage in online advertising activities, it can place small data files that enable the recording and collection of certain data by technical means. These data files placed on computers and other devices may be cookies, pixel tags, flash cookies and web beacons, as well as other similar technologies for data storage purposes. (hereinafter referred to as "Cookies")
Cookies are small text files containing a small amount of information that are temporarily placed on the visitors' device through the browser used by the visitors. Each time visitors visit the Website with their internet browsers, these cookies are sent back to the website so that the Website can recognize the visitors' device. The purpose of using Cookies is to collect information about the use of the Website. Cookies do not contain any personal information, including data stored on the visitors' computer, and are not used for User/identification of Website visitors. 6odaalacatı.com, it uses Cookies to make the Website user-friendly and to facilitate browsing on the 6odaalacatı.com.
2- Cookies used on the Website
Cookies can be classified under the headings of "mandatory cookies", "function cookies", "analytical cookies" and "advertising cookies".
Mandatory Cookies: Mandatory Cookies are cookies that are necessary for the website to function properly. Mandatory cookies are used to properly manage the system, to create user accounts and log in, and to prevent fraudulent transactions. Without these cookies, the website will not work properly.
Functional Cookies: Functionality Cookies are cookies used to facilitate the visit of visitors on the website and to improve the experience on the site. These cookies remember the previous visit to the website and provide easy access to the content.
Analytical Cookies: Analytical Cookies contain data that allows you to see which pages attract more attention, which resources are viewed more, and to provide services in accordance with this traffic by seeing the traffic on the Website. Cookies used in this nature store information anonymously.
Advertising Cookies: Advertising cookies, also known as Targeting cookies, are cookies that enable to detect and present content that is close to the interests of visitors. In order to recognize visitors and to offer special advertisements to visitors, third-party advertising cookies may be placed on the website, mobile site, and other websites where advertisements are placed. These cookies are also used to measure the effectiveness of advertisements.
3rd Party Cookies
Party Cookies are as follows;
• Google Analytics
• Facebook
• YouTube
3. Control and deletion/removal of cookies
Many internet browsers are set to automatically accept cookies by default. These settings can be changed by warning when cookies are sent to visitors' devices or by blocking cookies. Blocking cookies on the Website by visitors may adversely affect the user experience on the Website. For example, some parts of the 6odaalacatı.com may not be viewable, they may not be able to access all functions of the channels in question, their access may be limited, or information specially prepared for visitors may not be accessible when visiting 6odaalacatı.com.
When visiting the Website using different devices (tablet, tel. vb), the cookie preferences of the browser used must also be adjusted.
You have the opportunity to customize your preferences for cookies by changing the settings of your browser. Browser manufacturers offer help pages on managing cookies in their products. For more information, please click here:
Google Chrome:
https://support.google.com/chrome/answer/95647?hl=tr
Mozilla Firefox:
https://support.mozilla.org/tr/kb/%C3%87erezleri%20engellemek
Internet Explorer:
https://support.microsoft.com/tr-tr/help/17442/windows-internet-explorer-delete-manage-cookies
Opera:
https://www.opera.com/tr/help
Opera Mobile:
https://www.opera.com/tr/help/mobile/android
Safari Computer:
https://support.apple.com/kb/PH19214?locale=tr_TR&viewlocale=tr_TR
Safari Mobile:
https://support.apple.com/tr-tr/HT201265