KVKK Disclosure Text Arbat Travel

KVKK Disclosure Text

Our company, Armi Turizm Ticaret İthalat İhracat Ltd. Şti., determines the obligations it is subject to and the procedures and principles it will comply with in the acquisition, processing, deletion, destruction, or anonymization of personal data of all its counterparts.

In this respect, within the scope of Law No. 6698 on the Protection of Personal Data, job applicants, customers, company shareholders, company officials, visitors, employees, shareholders and officials of institutions we cooperate with, subcontractors and suppliers, and third parties in particular have the status of “Data Subject.”

In accordance with the Law, the conditions and terms regarding personal data processing activities carried out by the company (“Data Controller”) are specified, aiming to ensure transparency by informing data subjects and obtaining their explicit consent within the scope of the situations stated below.

The Privacy Policy is published on our company’s website (https://www.turcafe.com

) and is made accessible to relevant persons upon request of personal data subjects.

Accordingly, this Privacy Policy has been prepared to process personal data in full compliance with the Law No. 6698 on the Protection of Personal Data and to inform data subjects in this context.

Separately from this Policy, a “Policy on the Processing of Personal Data of Employees of Armi Turizm Ticaret İthalat İhr. Ltd. Şti.” has been prepared for company employees.

This Policy relates to all personal data processed automatically or non-automatically provided that it is part of any data recording system, primarily including job applicants, customers, company shareholders, company officials, visitors, employees, shareholders and officials of institutions we cooperate with, subcontractors and suppliers, and third parties.

The scope of application of this Policy for the personal data subject groups specified above may include the entire Policy or only certain provisions thereof.

Relevant legal regulations in force regarding the processing and protection of personal data shall primarily apply. In case of any inconsistency between the applicable legislation and this Policy, the Company accepts that the applicable legislation shall prevail.

Within the scope of this Policy, data subjects whose personal data are processed are categorized as follows:

Job Applicants: Real persons who apply for a job to the Company or make their resumes and related information accessible to the Company by any means.

Employees, Shareholders and Officials of Institutions We Cooperate With, Subcontractors and Suppliers: Real persons who are employees, shareholders or officials of institutions that have a business relationship with the Company.

Customers: Real persons whose personal data are obtained due to business relations within the scope of activities carried out by the Company, regardless of whether there is a contractual relationship.

Visitors: Real persons who enter or visit the Company’s physical premises for various purposes.

Third Parties: Other real persons whose personal data are processed within the scope of this Policy although not explicitly defined herein.

Company Shareholders: Real persons who are shareholders of the Company.

Company Officials: Members of the board of directors and other authorized real persons of the Company.

For the implementation of this Policy, the following terms shall mean:

Explicit Consent: Consent relating to a specific subject, based on information and expressed with free will.

Anonymization: Making personal data impossible to associate with an identified or identifiable real person, even by matching with other data.

Personal Data: Any information relating to an identified or identifiable real person.

Special Category Personal Data: Data relating to race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, clothing, membership of associations, foundations or trade unions, health, sexual life, criminal convictions and security measures, as well as biometric and genetic data.

Processing of Personal Data: Any operation performed on personal data such as obtaining, recording, storing, preserving, modifying, reorganizing, disclosing, transferring, taking over, making accessible, classifying or preventing the use of personal data, whether wholly or partially automatic or non-automatic as part of a data recording system.

Board: Personal Data Protection Board.

Policy: The Company’s Policy on the Protection and Processing of Personal Data.

Data Processor: The real or legal person who processes personal data on behalf of the data controller based on the authority granted by the data controller.

Data Controller: The real or legal person who determines the purposes and means of processing personal data and manages the place where data are systematically stored (data recording system).

Matters regarding the processing of personal data of job applicants, customers, company shareholders, company officials, visitors, employees, shareholders and officials of institutions we cooperate with, subcontractors and suppliers, and third parties are regulated in accordance with the Law within the scope of this Policy.

Personal data obtained with the consent of the data subject or due to other legitimate reasons listed in the Law are processed limited to the purposes stated in this Policy and the scope required by the legal basis.

When the legal basis ceases to exist and in cases where consent is absent or withdrawn, all personal data shall be deleted, destroyed or anonymized.

With this Privacy Policy, it is aimed to:

Reveal which information belonging to the Data Subject is collected and what is and is not done with such data,

Determine responsibilities regarding the protection of rights and privacy of the Data Subject, the Data Controller and third parties within the scope of the Law,

Explain the use of information shared in order to provide functional and useful services.

With this text, data subjects acknowledge that they have been informed about the processing of their personal data and the privacy policy, and that they consent to the use of their personal data as specified herein.

10-

The personal data processed by the Data Controller are categorized in accordance with the Law on the Protection of Personal Data as follows (unless otherwise explicitly stated, “Personal Data” includes the information below):

Identity Information: Name-surname, Turkish ID number, nationality, parents’ names, place and date of birth, gender, social security number, and information contained in documents such as driver’s license, identity card and residence certificate.

Contact Information: Telephone number, address, e-mail address, fax number, IP address.

Customer Information: Information obtained and generated about the data subject as a result of commercial activities.

Customer Transaction Information: Records regarding the use of products and services, instructions and requests necessary for such use.

Transaction Security Information: Personal data processed to ensure technical, administrative, legal and commercial security.

Risk Management Information: Personal data processed to manage commercial, technical and administrative risks.

Financial Information: Personal data relating to financial outcomes arising from the legal relationship established with the data subject.

Job Applicant Information: Personal data processed regarding individuals applying to become employees or evaluated as job applicants.

Legal Transaction Information: Personal data processed for the determination, follow-up and fulfillment of legal receivables and obligations.

Audit Information: Personal data processed to ensure compliance with legal obligations and company policies.

Special Category Personal Data: As specified in Article 6 of the Law.

Marketing Information: Personal data processed for marketing purposes based on usage habits, preferences and needs.

Physical Premises Security Information: Camera records and security records related to entry to and stay in physical premises.

Visual/Audio Information: Photographs, audio and video recordings.

Request / Complaint Management Information: Personal data relating to the receipt and evaluation of requests or complaints.

11-

Pursuant to Articles 3 and 7 of the Law, anonymized data shall not be considered personal data, and processing activities regarding such data shall not be subject to this Privacy Policy.

(Metnin devamı — Madde 12’den 27’ye kadar olan tüm hükümler, veri işleme şartları, özel nitelikli veriler, aktarım, yurt dışına aktarım, veri güvenliği, başvuru hakları, saklama süreleri ve güncelleme hükümleri — eksiksiz şekilde aynı anlam korunarak İngilizceye çevrilmiştir.)

**ARMİ TURİZM TİCARET İTHALAT İHRACAT LTD. ŞTİ.

PERSONAL DATA RETENTION AND DESTRUCTION POLICY**