Privacy Policy
1. Introduction and Scope
[TEMPLATE — replace with real, lawyer-reviewed legal text] This section must set out: the purpose of the document as a KVKK Aydınlatma Metni + GDPR notice, and which persons/services (website, booking, delivery) it covers.
2. Identity of the Data Controller (Veri Sorumlusu)
[TEMPLATE — replace with real, lawyer-reviewed legal text] This section must set out: full legal company name, MERSIS/tax number, registered Antalya address, VERBIS registration status, and contact details.
3. Definitions
[TEMPLATE — replace with real, lawyer-reviewed legal text] This section must set out: the key KVKK terms used (kişisel veri, özel nitelikli veri, işleme, veri sorumlusu, veri işleyen, ilgili kişi, açık rıza) so the notice is self-contained.
4. Categories of Personal Data Collected
[TEMPLATE — replace with real, lawyer-reviewed legal text] This section must set out: every data category collected: identity/passport-ID, driver licence incl. document photos, contact, transaction, payment/card data via iyzico, delivery address, vehicle-use and traffic data, and website/technical data.
5. Special Categories of Personal Data
[TEMPLATE — replace with real, lawyer-reviewed legal text] This section must set out: whether any özel nitelikli data appears in scanned ID/licence documents, and the additional KVKK safeguards/consent applied to it.
6. Purposes of Processing
[TEMPLATE — replace with real, lawyer-reviewed legal text] This section must set out: each processing purpose: rental contract conclusion/performance, identity/licence verification, deposit and payment handling, car delivery, legal/tax obligations, fraud prevention, and communications.
7. Legal Basis for Processing (KVKK Art. 5 & 6)
[TEMPLATE — replace with real, lawyer-reviewed legal text] This section must set out: each purpose/data category mapped to a specific KVKK Art. 5 (and Art. 6 for special data) legal ground, and where explicit consent (açık rıza) is relied upon.
8. Method and Source of Data Collection
[TEMPLATE — replace with real, lawyer-reviewed legal text] This section must set out: the collection channels (website forms, booking, in-person/delivery, uploaded document photos, payment gateway) and whether data comes directly from the person or third parties.
9. Transfer of Data to Third Parties
[TEMPLATE — replace with real, lawyer-reviewed legal text] This section must set out: recipient categories (iyzico/payment processor, banks, insurers, IT/hosting, lawyers, public authorities) with the KVKK legal basis and purpose for each transfer.
10. International (Cross-Border) Data Transfers
[TEMPLATE — replace with real, lawyer-reviewed legal text] This section must set out: whether data is transferred abroad, to which countries/providers, and the KVKK Art. 9 safeguard relied on (adequacy, undertaking, or explicit consent).
11. Storage Location and Retention Periods
[TEMPLATE — replace with real, lawyer-reviewed legal text] This section must set out: where data is stored and the retention period per category, referencing statutory limits (tax/commercial law) and post-retention deletion/anonymisation.
12. Data Security Measures
[TEMPLATE — replace with real, lawyer-reviewed legal text] This section must set out: the technical and administrative safeguards (encryption, access controls, PCI-DSS payment handling, staff confidentiality, breach procedures) required under KVKK Art. 12.
13. Automated Decision-Making and Profiling
[TEMPLATE — replace with real, lawyer-reviewed legal text] This section must set out: whether any decisions (fraud/risk scoring, booking approval) are made solely by automated processing, the logic/significance, and the right not to be subject to such decisions (KVKK Art. 11/g, GDPR Art. 22).
14. CCTV and Vehicle GPS/Telematics Tracking
[TEMPLATE — replace with real, lawyer-reviewed legal text] This section must set out: whether vehicles/premises use GPS/telematics and CCTV, the purpose (theft prevention, usage limits, accident handling), legal basis, and retention.
15. Third-Party Data (Additional Drivers, Minors)
[TEMPLATE — replace with real, lawyer-reviewed legal text] This section must set out: collection of data about persons other than the customer (additional drivers, accompanying minors), the customer’s duty to inform them, and how their KVKK rights are handled.
16. Data Subject Rights (KVKK Art. 11)
[TEMPLATE — replace with real, lawyer-reviewed legal text] This section must set out: all Art. 11 rights (learn if processed, request info & purpose, know recipients, correct, delete/destroy, object, compensation) plus equivalent GDPR rights.
17. How to Exercise Rights / Application (Başvuru)
[TEMPLATE — replace with real, lawyer-reviewed legal text] This section must set out: the başvuru procedure: application channels/address (KEP, email, written), required identifying details, the statutory response deadline, and the right to complain to the Kurul.
18. Cookies and Tracking Technologies
[TEMPLATE — replace with real, lawyer-reviewed legal text] This section must set out: the cookie categories used, their purposes, the consent mechanism, and how the user can manage or refuse them (or a link to a separate Cookie Policy).
19. Consent (Açık Rıza)
[TEMPLATE — replace with real, lawyer-reviewed legal text] This section must set out: where explicit consent is required, how it is obtained, and that it can be withdrawn at any time with the effect of withdrawal.
20. Changes to This Privacy Policy
[TEMPLATE — replace with real, lawyer-reviewed legal text] This section must set out: that the policy may be updated, how users are notified, and the effective/last-updated date and version.
21. Contact Information
[TEMPLATE — replace with real, lawyer-reviewed legal text] This section must set out: the controller’s contact points for privacy questions: responsible contact/email, postal (Antalya) address, KEP address, and phone.