This document describes HomegaTurkey’s policies regarding the collection, use, and disclosure of user information. It also explains the privacy rights of users and how they are protected by the law.
The Law on the Protection of Personal Data (KVKK) is part of the Official Gazette of the Republic of Turkey (Resmî Gazete), published on April 7, 2016. As described on the official website, the purpose of the law is to protect the fundamental rights and freedoms of individuals. The law places a huge emphasis on the right to privacy, in particular, with regards to the processing of personal data. The law also sets forth binding principles, procedures, and obligations for any person or entity that collects and processes personal data.
The purpose of this document is to set out a policy for data storage and security, in accordance with the Law on the Protection of Personal Data, which HomegaTurkey abides by in order to protect the personal data of its clients.
The policy in this document covers the visitors, clients, and the team of HomegaTurkey. It encompasses all the activities performed by HomegaTurkey.
This policy document is prepared in accordance with the Law on the Protection of Personal Data and hence, should be agreed upon and abided by all the employees of HomegaTurkey.
3. Roles and Responsibilities
3.1 Data Controller
The term Data Controller refers to the natural or legal person responsible for determining the purpose and tools of data processing as well as for establishing and managing the data filing system.
HomegaTurkey functions as a Data Controller under the KVKK law – it collects certain information of their visitors and customers and also determines what it will be used for.
3.2 Data Processor
Data Processor is the natural or legal person who is authorized by the Data Controller (HomegaTurkey, in this case) and is responsible for processing the personal data collected by the controller.
In case personal data is being processed by a third-party, on behalf of HomegaTurkey (the Data Controller), both HomegaTurkey and the Data Processor are jointly responsible for ensuring that the data is processed in compliance with the principles and procedures laid down by the Turkish Law. As the Data Controller, HomegTurkey is also responsible for ensuring trust between the two parties, i.e., HomgaTurkey and the individuals it is collecting data from (its visitors and customers).
4. Legal Obligations
Under the KVKK Law, HomgaTurkey has certain legal obligations with regards to the safety and processing of Personal Data. These obligations include:
4.1 The Obligation to Inform
HomgaTurkey is legally obliged to inform the following to its visitors and customers prior to Data Collection and Processing:
- The identity of the Data Controller
- The reasons and methods for collecting and storing Personal Data
- The purpose of processing Personal Data
- The purpose of transferring processed personal data and the identity of the person or entity to which it is transferred
- The privacy rights granted by the law to individuals
4.2 Obligations Regarding Data Security
Under Article 12 of the KVKK Law, HomgaTurkey (data controller) is under the obligation to take necessary data security measures to prevent unlawful access and processing of personal data.
4.3 The Obligation to Register with the Data Controllers’ Registry
Article 16 of the KVKK Law makes it mandatory for data controllers and processors to be registered with the Data Controllers’ Registry before they begin to process the data. This applies to HomgaTurkey as well.
5. Processing of Personal Data
5.1 The Principles and Conditions for Data Processing
All the personal data collected by HomegaTurkey is processed according to the principles, conditions, and procedures laid down in the articles 4, 5, and 6 of the KVKK Law.
5.2 The Objectives of Data Processing
HomegaTurkey does not use the personal information of its visitors and customers to send unsolicited information (spam emails).Instead, HomegaTurkey collects data with the aim of processing it for the following objectives (or similar ones):
- An individual’s personal data and contact information is used for enriching website registry and improving communication with them.
- Demographic and browsing data is processed to identify the user’s point of interest. This, in turn, helps us improve our operational activities and services.
- Social web information is used to enhance user experience (on the website).
- In cases where users allow access to location information, the data is collected and used for providing relevant suggestions to the users, such as the nearest office(s) of HomegaTurkey and nearby properties.
The collected personal data may also be used for some other purposes than the ones stated herein. These include, but may not be limited to, marketing and communication.
5.3 Ensuring the Legal Processing of Data
HomegaTurkey takes various technical and legal measures to ensure that processing of personal data on legal grounds. These include, but not limited to, creating safe and sound technical infrastructure and processes for storing and processing personal data, educating our employees about the laws that govern the collection and processing of personal data, and creating and implementing policies to prevent unlawful processing of personal data. HomegaTurkey also inspects the data processing done by third-party processors and HomegaTurkey’s partners.
6. Transfer of Personal Data
6.1 Transfer of Personal Data Inland
Under the obligation of the KVKK Law, HomegaTurkey does not share any personal information of visitors and clients with any third-party without the prior consent of the data subjects.
However, HomegaTurkey may transfer personal data to the government, judiciary, or any other legal body without the consent of the subjects, in cases where it is necessary. This is in compliance with the KVKK and other constitutional laws of Turkey.
6.2 Transfer of Personal Data Abroad
According to the Article 9 of the KVKK Law, all entities that collect and process personal data of their clients are legally bound to take consent of the data subjects before transferring their personal information abroad. However, the law permits the transfer of personal data abroad without the consent of data subjects in certain situations. Even then, the data controller needs to ensure the safety and protection of personal data by the receiving party (Refer to Article 9 of the Law on the Protection of Personal Data (KVKK) for more details about this clause).
6.3 The Receiving Parties of Personal Data
HomegaTurkey is under the legal obligation to share the personal data of their clients and visitors with public statutory bodies if they request it.
The data is also shared with the employees of the customer services department of HomegaTurkey to keep track of the customers and to improve on their services.
7. The Rights of Individuals (Data Subjects)
7.1 The Right to Access Their Personal Data
The Personal Data Protection Law of Turkey has granted individuals the right to access the information collected by a data controller. Data subjects can also seek information regarding the processing of their personal data – they can ask whether their personal data has been processed or not, the purpose of processing their personal data, and if their data is actually used for the stated purpose.
Data subjects also have the right to inquire about the third-parties, within the country or abroad, their data has been shared with.
7.2 The Right to Change or Delete Their Personal Data
Under the KVKK Law, individuals (visitors and customers of HomegaTurkey) are allowed to request for changing or deleting their personal data, without making any payments. Article 11 of the KVKK Law permits data subjects to:
- Request for changing their incomplete or inaccurate persona data
- Request the deletion or destruction of their personal data (under the conditions mentioned in article 7)
- Report any change in their personal data (alteration or deletion) to the third-parties their data was transferred to
- Object the results (generated by the analysis of automatically processed data) that may be against them
- Claim compensation for the damage they may have suffered due to the unlawful processing of their personal data.
The Cookies policy is applicable to all devices and is used by all applications run by HomegaTurkey.
10. Data Security
We have implemented comprehensive security measures, both online and within our organization, to prevent unauthorized access, disclosure, alteration, use, and accidental loss of personal data of our visitors and clients. However, it should be noted that no method of digital data transfer guarantees 100% security. Therefore, HomegaTurkey explicitly denies being under any such obligation.