Company Policies

Learn about the policies of companies within the Uzunyayla Group Companies.

Privacy Policy

Our privacy policy explaining how your personal data is collected, used, and protected on Uzunyayla Group company websites.

Purposes of Processing Personal Data

The Company processes the personal data mentioned below for the following purposes, limited to those specified in the Personal Data Processing Policy shared at www.uzunyaylatugla.com: improving, developing, and providing services offered to Users on the Website; informing Users who submit requests and complaints and establishing communication with Users; providing better and personalized service to Users; informing and communicating with Users for marketing purposes, provided that Users share and consent to such information in the relevant sections of the Website; addressing Website security vulnerabilities as quickly as possible, improving User experience, resolving Website errors, making sense of User data, planning and implementing marketing policies; planning and implementing human resources policies; conducting reporting and business development activities, creating databases; ensuring the implementation of corporate policies. In accordance with Article 5(2) and Article 6(3) of the Law, personal data may be processed by the Company without seeking the explicit consent of the User if one of the required conditions exists.

Transfer of Personal Data

The Company may share personal data with third parties (call centers, law firms, service providers, hosting service providers, etc.) limited to the purposes specified in the Personal Data Processing Policy shared on www.uzunyaylagroup.com, www.uzunyaylatugla.com, www.vitalia.com.tr websites belonging to Uzunyayla Group companies. Limited to the purposes stated above, the User accepts and consents that their personal data may be stored by the Company on servers located anywhere belonging to third parties in accordance with the Law, and that the Company has fulfilled its obligation to inform in this regard.

The Company may transfer personal data to third parties without seeking the User's explicit consent if one of the conditions required under Article 5(2) and Article 6(3) of the Law exists and, when necessary, ensuring compliance with Article 9(2) of the Law.

Processed Personal Data

The Company may process the following User information depending on the User's access to and transactions on the Website:

– Identity Information

– Site Activity Information

– IP Information

– User Information

– Legal Transaction Information

– Contact Information

– Request/Complaint Management Information

and personal data that may be necessary for the Company to operate the Website in accordance with the Personal Data Protection Law.

Cookies

Cookies are information files consisting of small pieces sent to users by servers. In this context, the Company stores certain information on the User's computer, phone, etc., in the form of text files for a specified period and reuses them when necessary.

Personal data related to the transactions performed by the User while browsing the website may be processed by the Company and shared with third parties for the purposes written below. In this context, the Company may track the User's browsing information and usage history on the Website; process information collected from the User and use it together with information obtained from other sources such as third parties to provide personalized service to the User and improve service quality on the Website; improve page content according to the User; enhance User experience; offer promotions and marketing suggestions.

The User explicitly consents to the processing of data that they may share with the Company within the scope specified in this Privacy Policy for the stated purposes. The User can change their browser settings to reject cookies or to be warned when cookies are sent.

Rights of the Data Subject Under Article 11 of the Law

The Company informs the Data Subject of their rights pursuant to Article 10 of the Law; provides guidance on how to exercise these rights; and makes necessary internal, administrative, and technical arrangements for all these purposes.

The Company explains to persons whose personal data is collected that they have the right to:

• learn whether their personal data is being processed,

• request information if their personal data has been processed,

• learn the purpose of processing their personal data and whether it is used in accordance with this purpose,

• know the third parties to whom their personal data is transferred domestically or abroad,

• request correction if their personal data is processed incompletely or inaccurately,

• request deletion or destruction of their personal data within the framework of conditions stipulated in Article 7 of the Law,

• request notification of operations carried out pursuant to subparagraphs (d) and (e) of Article 11 to third parties to whom their personal data has been transferred,

• object to the occurrence of a result against themselves by analyzing their processed data exclusively through automated systems,

• claim compensation if they suffer damage due to unlawful processing of their personal data.

Application to the Company

The Data Subject may submit their requests regarding the implementation of the Law to the Company by filling out the Personal Data Protection Law Data Subject Application Form ('Application Form') available on the Website and submitting it as specified in the Application Form. The Company finalizes the requests in the application free of charge as soon as possible and within thirty days at the latest, depending on the nature of the request. However, if the transaction requires additional costs, a fee may be charged according to the tariff determined by the Board. The Company may respond to these requests in the ways specified in the Application Form.

In cases where the application is rejected, the response is found insufficient, or the application is not responded to within the specified period; the Data Subject may file a complaint with the Board within thirty days from learning the Company's response and in any case within sixty days from the date of application. The complaint procedure cannot be initiated without exhausting the application procedure explained above.

Storage Period of Personal Data; Deletion, Destruction, or Anonymization

If (i) the purposes for processing personal data have been fulfilled and/or expired or the processing purpose has disappeared; and (ii) The storage periods determined by relevant legislation and the Company have expired; personal data is deleted, destroyed, or anonymized by the Company ex officio or upon request of the relevant person.

However, in cases where there is a legal regulation requiring personal data to be stored for longer periods or personal data may be put forward as evidence in a legal dispute, personal data is stored only until such dispute is resolved or until the storage period prescribed by legislation expires.

Method of Collecting Personal Data, Legal Basis, and Data Security

The Company collects personal data based on legal grounds specified in the Law and other relevant legislation; through physical means, website, email, mobile application, and other channels verbally, in writing, or electronically. The Company takes all necessary technical and administrative measures to ensure the security of the personal data it collects; acts in accordance with data privacy policies to prevent unlawful processing and access to data and ensure their protection.

Personal data can only be accessed by authorized personnel through technical and administrative measures, and regular audits are conducted. The Company shows due diligence regarding data security and does not disclose or reveal user information to third parties unlawfully.

Redirecting to Other Sites

The Company provides links to other sites through its website and does not bear any responsibility for the privacy practices and content of other linked sites.

The Company cannot be held responsible for the data security policies and practices of redirected sites.

Updating the Privacy Policy

The Company may update and modify the provisions of this Privacy Policy at any time it deems necessary, provided that it does not conflict with applicable legislation, by publishing it on the Website.

Updates and changes made by the Company to the Privacy Policy become effective on the date they are published on the Website. The User is obligated to follow the changes and updates made to the Privacy Policy.

Last updated: November 1, 2024