PRIVACY

Personal Data Protection Policy

The protection and security of your personal data are among our priorities. Learn about your rights and our policies within the scope of the Personal Data Protection Law.

As DYC Turizm Isletmecilik Ticaret A.S., we attach the utmost importance to the lawful protection and processing of personal data in accordance with Law No. 6698 on the Protection of Personal Data ("Law"), and we act with this care in all of our planning and operations.

As a company, we see the protection and processing of personal data, which form the basis of privacy, not only as a matter of legal compliance but also as a reflection of the value we place on people. With this awareness, we take all administrative and technical measures necessary for the protection and processing of personal data.

Through this Notice on the Protection and Processing of Personal Data ("Notice"), we aim to ensure that personal data is processed in accordance with applicable national and international legislation, primarily Law No. 6698 and the European Union General Data Protection Regulation ("GDPR"). Details regarding GDPR can be found at https://www.discoveruludag.com.

Ensuring the security of our customers' personal data is one of our primary objectives. For this reason, we share data only with trusted business partners to the minimum extent necessary and implement security measures in accordance with applicable legislation in order to store data securely and protect it against unlawful access or leakage.

Transparency is one of our core principles in the field of personal data protection. We have prepared this Notice in order to provide the necessary information while fulfilling our legal obligations and while processing your personal data to offer you a better customer experience.

Another important matter is our customers' right to control their own data. For this reason, we take the necessary measures to enable customers to manage their preferences regarding their data and we respect those preferences. In this context, you may submit your requests through the communication channels listed under the heading "Rights of data subjects".

Data security, transparency, and individuals' right to control their own personal data are among the most important foundations of our compliance with the Law. In this context, we provide detailed information regarding the processing of your personal data through this Notice.

1. DEFINITIONS

  • Explicit consent: A declaration of approval given by the data subject freely, based on information, and related to a specific matter.
  • Anonymization: Rendering personal data incapable of being associated with an identified or identifiable natural person, even when matched with other data.
  • Relevant person / data subject: The natural person whose personal data is processed.
  • Personal data: Any information relating to an identified or identifiable natural person.
  • Special categories of personal data: Data subject to a stricter protection regime under the Law due to the risk of discrimination or harm if disclosed, such as health or biometric data.
  • Processing of personal data: Any operation performed on personal data, such as collection, recording, storage, preservation, alteration, disclosure, transfer, classification, or prevention of use.
  • Data recording system: The recording system in which personal data is processed according to certain criteria.
  • Data controller: The person or entity responsible for determining the purposes and means of processing personal data and for the establishment and management of the data recording system.

2. PROTECTION OF PERSONAL DATA

Our company takes the necessary technical and administrative measures to prevent the unlawful processing of personal data or unlawful access to such data and to ensure its preservation.

Within this scope, regular audits are carried out, our employees are informed, and training is provided. If personal data processed by our company is obtained by third parties through unlawful means, the relevant person and the Personal Data Protection Board are notified as soon as possible.

Special categories of personal data are protected with particular sensitivity to prevent any harm or discrimination to the relevant person.

3. PROCESSING AND TRANSFER OF PERSONAL DATA

Personal data is processed in accordance with the procedures and principles set out in the Law and this Policy.

Our Company:

  • Takes care to keep personal data accurate and up to date.
  • Clearly defines processing purposes and ensures that they are legitimate.
  • Processes only data that is necessary and relevant to the purpose.
  • Retains data only for the period required.

Personal data is not processed without the explicit consent of the data subject. However, it may be processed without explicit consent in the following cases:

  • Where expressly provided for by law,
  • Where necessary to protect life or physical integrity,
  • Where directly related to the establishment or performance of a contract,
  • Where necessary for the fulfillment of legal obligations,
  • Where made public by the data subject,
  • Where necessary for the protection of legitimate interests.

In addition, personal data may be transferred to third parties domestically or abroad in accordance with the Law.

4. CLASSIFICATION OF PERSONAL DATA AND PURPOSES OF PROCESSING

  • Identity information (name, surname, national ID number, date of birth, etc.)
  • Contact information (telephone, email, address, etc.)
  • Transaction security information
  • Financial information (bank information, income status, etc.)
  • Visual and auditory information (photographs, camera recordings, etc.)
  • Personnel information
  • Location information
  • Family members and relatives information
  • Physical premises security information
  • Legal process information
  • Special categories of personal data
  • Request / complaint management information

These data are processed for the purposes of carrying out human resources processes, managing commercial relationships, ensuring security, improving products and services, responding to customer requests, and fulfilling legal obligations.

5. RETENTION PERIOD OF PERSONAL DATA

Personal data is retained for the period prescribed by applicable legislation. When these periods expire or when the purpose of processing ceases to exist, the data is deleted, destroyed, or anonymized.

6. RIGHTS OF THE DATA SUBJECT

Pursuant to Article 11 of the Law, data subjects have the right to:

  • Learn whether their personal data is being processed,
  • Request information if it has been processed,
  • Learn the purpose of processing,
  • Request correction of inaccurate or incomplete data,
  • Request deletion or destruction of data,
  • Learn the third parties to whom processed data has been transferred,
  • Claim compensation if they suffer damage due to unlawful processing.

7. DATA SECURITY

To ensure the security of personal data:

  • Firewalls, antivirus systems, and intrusion prevention software are used,
  • Data access is restricted through role-based authorization,
  • Regular audits are carried out,
  • Employees are informed and trained on personal data processing procedures.