Privacy and Cookie Policy

Definitions

Explicit Consent: 

Consent based on informed and freely given will regarding a specific subject. Anonymization: The process of rendering personal data in such a way that the identity of a specific or determinable natural person cannot be associated with the data, even by matching it with other data.

Application Form: 

The form provided in conjunction with this Policy for data subjects to exercise their rights in accordance with relevant legislation.

WebSite: 

The internet site with the domain name thelocalhouse.com.tr owned by the LKH OTELCİLİK TURİZM SANAYİ VE TİCARET LİMİTED ŞİRKETİ/ LKH HOSPİTALİTY TOURİSM INDUSTRY AND TRADE LİMİTED COMPANY.

Business Partner: 

Natural or legal persons with whom the Company enters into partnerships for various purposes such as carrying out various projects or obtaining services while conducting its commercial activities, either directly or through its shareholders or group companies.

Personal Data: 

Any information related to an identified or identifiable natural person.

Processing of Personal Data: 

Any operation performed on personal data, either entirely or partially, through automated means or non-automated means, provided that it is part of any data recording system, including but not limited to collecting, recording, storing, preserving, altering, rearranging, disclosing, transferring, taking over, making it obtainable, classifying, or preventing its use.

Sensitive Personal Data: 

Data related to race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, clothing, association, foundation or union membership, health, sexual life, criminal conviction, and security measures, as well as biometric and genetic data.

Data Subject: 

A natural person whose personal data is processed.

Data Processor: 

A natural or legal person who processes personal data on behalf of the data controller, based on the authority granted by the data controller.

Data Controller: 

A natural or legal person who determines the purposes and means of processing personal data and manages the place (data recording system) where the data is systematically kept.

Abbreviations

PDPL: 

Personal Data Protection Law, published in the Official Gazette dated April 7, 2016, and numbered 29677.

DPA Board: 

Data Protection Authority Board.

Company: 

LKH OTELCİLİK TURİZM SANAYİ VE TİCARET LİMİTED ŞİRKETİ/ LKH HOSPİTALİTY TOURİSM INDUSTRY AND TRADE LİMİTED COMPANY.

Policy: 

The Personal Data Protection and Privacy Policy prepared and published by LKH OTELCİLİK TURİZM SANAYİ VE TİCARET LİMİTED ŞİRKETİ/ LKH HOSPİTALİTY TOURİSM INDUSTRY AND TRADE LİMİTED COMPANY.

DATA PROTECTION AND PRIVACY POLICY DEFINITIONS

1. Introduction

LKH OTELCİLİK TURİZM SANAYİ VE TİCARET LİMİTED ŞİRKETİ/ LKH HOSPİTALİTY TOURİSM INDUSTRY AND TRADE LİMİTED COMPANY, (“Company”) places great importance on the protection of personal data of our customers who request services from our hotels, customers who receive services, users and members who use our “thelocalhouse.com.tr” website owned by our Company, individuals who establish contact with us through our hotels, our websites, or our social media accounts, or in any other way, whether directly or as representatives of a company or organization, individuals who communicate with us or enter into contracts, our business partners, shareholders, employees, and job applicants who apply to our Company.

In this context, as a Company, we have prepared this Personal Data Protection and Privacy Policy (“Policy”) to explain our principles regarding compliance with the Personal Data Protection Law No. 6698 and other relevant legislation and to outline the processing of personal data within the framework of KVKK.

2. Purpose and Scope

KVKK was published in the Official Gazette dated April 7, 2016, and numbered 29677. KVKK is enacted to protect the fundamental rights and freedoms of individuals, including the privacy of private life, and to determine the obligations of natural and legal persons who process personal data.

The purpose of this Policy is to establish necessary management instructions, procedures, and conditions to ensure the processing and protection of personal data by the Company in compliance with KVKK, as well as to create a technical method for this purpose.

This Policy is applicable to all activities related to the processing and protection of all personal data held by the Company in its capacity as “Data Controller” and/or “Data Processor.” The Policy has been prepared in accordance with KVKK and other relevant legislation on the processing and protection of personal data.

3. Personal Data

3.1. Definition of Personal Data

In accordance with Article 3/I(d) of the Personal Data Protection Law (KVKK), “personal data” refers to any kind of information related to identified or identifiable real persons. In this context, anonymous information, anonymized data, and other data that cannot be associated with a specific individual are not considered as personal data under this Policy.

3.2. General Principles for Processing Personal Data

Pursuant to Article 3/I(e) of the KVKK, any operation carried out on personal data, whether fully or partially automated, or by non-automated means, as long as it is part of any data recording system, including but not limited to collecting, recording, storing, preserving, altering, rearranging, disclosing, transferring, taking over, making it obtainable, classifying, or preventing its use, falls within the scope of “data processing.”

The Company processes personal data in compliance with the following principles:

  • Compliance with the law and fairness.
  • Accuracy and being up-to-date when necessary.
  • Processing for specific, explicit, and legitimate purposes.
  • Processing that is relevant, limited, and proportionate to the purposes for which they are processed.
  • Retention for the period prescribed by the relevant legislation or for the duration required for the purposes of processing, in accordance with the legal and legitimate interests of the Company.

In this context, personal and/or sensitive personal data obtained within the framework of KVKK and other legislation, whether in writing, verbally, or electronically, through various channels including but not limited to hotels or the Website, can be obtained, recorded, stored, preserved, altered, and processed in accordance with the provisions of KVKK and may be shared with third parties, both within the country and abroad, through methods including but not limited to legal and lawful reasons, and the legal and factual requirements of the product sales and services provided by the Company, including the transfer abroad.

3.3. Data Processed by the Company

In General The Company may process general and sensitive personal data with the explicit consent of the data subject or without explicit consent, as provided in Articles 5 and 6 of KVKK.

Personal data may be processed within the scope of the provisions of the legislation, including but not limited to the Consumer Protection Law No. 6502, Distance Contracts Regulation issued within the framework of this law, Electronic Commerce Regulation, Electronic Service Providers and Intermediary Service Providers Regulation prepared based on this law, Labor Law No. 4857, Social Security and General Health Insurance Law No. 5510, Turkish Commercial Code No. 6102, Tax Procedure Law No. 213, Identity Notification Law No. 1774, and all other laws, regulations, notifications, and other legal regulations related to these laws, within the framework of the provisions specified in the legislation.

The following are examples of personal data processed by the Company:

  1. Additional data such as name, surname, profession, resume, gender, marital status, nationality, and other data for identifying and distinguishing the data subject.
  2. Data for identity verification, such as identity, passport, driver’s license, etc., where identity verification is required.
  3. Contact information, including addresses for home, business, or temporary residence, telephone numbers, email and fax numbers, and mobile phone numbers.
  4. Communication records, such as telephone conversations and email correspondence, as well as other voice and video data, complaint and request records.
  5. Data used for determining consumer and user habits to improve service and product standards, as well as Internet usage data.
  6. Internet protocol (IP) address, device ID, statistics related to internet page views and mobile and other digital application statistics, incoming and outgoing traffic information, referral URL, internet log data, location information, visited websites, and information about transactions and actions carried out through our websites and electronic mail content, among others.

4. Methods of Collecting Personal Data

The Company may collect personal data through the following methods:

  1. Internet Website: Data related to Internet Website Users and online visitor data:
  • User Information (information related to membership, User ID number, etc.)
  • IP address
  • Transaction Security Information (password information, etc.)
  • Cookie records
  • Data and evaluations showing User and/or Visitor habits and preferences
  • Commercial electronic message consent/permission given by the User and/or Visitor electronically
  • Membership and User Agreement approved by the User and/or Visitor
  • Other written texts approved by the User and/or Visitor
  • Commercial electronic messages sent within the scope of the consent given by the User and/or Visitor
  • Records related to request and complaint processes
  1. Buyer Data for Services and Products Purchased through Internet Websites:
  • Buyer data for the Product offered for sale by the Seller through “thelocalhouse.com.tr”
  • Data related to the purchase transaction and the person who will use the purchased Product:
  • Buyer’s identity information
  • Passport number
  • Contact information (mobile phone, email address, address, etc.)
  • Invoice and collection information
  • Type of the purchased Product, quantity, price, order date
  • Data of the person who will use the purchased Product
  • Discount coupons used during the purchase
  • Campaigns, if any
  • Commercial electronic message consent given by the Buyer electronically
  • Distance Sales Agreement and Preliminary Information Form approved by the Buyer
  • Other written texts approved by the Buyer
  • Commercial electronic messages sent within the scope of the consent given by the Buyer
  • Records related to request and complaint processes
  • IP address
  • Password information
  1. Customer Data for Transactions via the Call Center:
  • Identity information (Name, surname, T.C. ID number, Passport number for non-Turkish citizens)
  • Contact information (mobile phone, email address, address, etc.)
  • Distance Reservation Agreement and Preliminary Information Form
  1. Hotel Guest Data:
  • Identity information (Name, surname, date of birth, gender, T.C. ID number, passport information)
  • Contact information (mobile phone, email address, address, etc.)
  • Written texts approved by the Customer
  • Data required during the COVID-19 period
  • Commercial electronic messages sent within the scope of the consent given by the Customer
  • Records related to request and complaint processes
  • Information related to your stay and visit, including invoice and collection information
  • Information related to the products or services you purchase during your stay
  • Payment information
  • Information about individuals staying with you
  • Employment status information
  • Records related to your marketing and communication preferences
  • IP address
  • Pages viewed on hotel websites
  • Data identifying your mobile device when you visit our website on your mobile device
  • Any other information you explicitly choose to provide us with or that we may obtain from third parties with your clear consent.
  1. Customer Data for Transactions via the Mobile Application:
  • Name, surname, mobile phone, email address
  1. Employee / Job Applicant Data:
  • Identity information (Name, surname, date of birth, gender, T.C. ID number)
  • Contact information (mobile phone, email address, address, etc.)
  • Educational history
  • Work history
  • Resume information
  • Criminal record
  • Camera records
  • Any other data required within the scope of the personnel file.

5. Processing Purposes of Personal Data

The Company may process personal data for the following purposes and may retain it for the duration required by the legal regulations and in any case for the periods required by legal regulations:

  1. Fulfillment of all legal and administrative obligations.
  2. Negotiation, establishment, and execution of contracts entered into or to be entered into.
  3. Providing accommodation services in hotels.
  4. -Processing of data regarding online visitors within the scope of other legislation.
  5. Execution of membership processes on the Website, creation and management of personal accounts of Members/Users on the Website, management of membership processes through personal accounts, informing individuals and Members/Users about campaigns and opportunities, price, marketing, other benefits, offers, and information.
  6. Purchasing products offered for sale on the Website.
  7. Monitoring of purchase transactions and accounting processes.
  8. Ensuring the security of all websites, other electronic systems, social media accounts, and physical premises owned by the Company.
  9. Romotion and marketing of Company products and services, improvement of these products and services, conducting surveys and polls, and obtaining the opinions of the data subject.
  10. Inclusion in birthday celebrations, draws, campaigns, or competitions, giving gifts, and other similar activities, promotions, and campaigns for the benefit of the data subject.
  11. Investigation, detection, prevention, and reporting of violations of contracts and the law to the relevant administrative or judicial authorities.
  12. Resolution of current and future legal disputes.
  13. Responding to requests and inquiries, evaluating and resolving complaints.
  14. Execution of transactions related to corporate and partnership law.
  15. Conducting recruitment processes within the framework of human resources policies.
  16. Evaluation and conclusion of job applications, contacting applicants.
  17. Necessity of processing data for the establishment, use, or protection of a right.
  18. Protection of the legitimate interests of the Company without harming the fundamental rights and freedoms of the data subject.

6. Transfer of Personal Data

The Company, in accordance with the general principles specified in the KVKK and the conditions stipulated in Articles 8 and 9 of the KVKK, may transfer the personal data obtained in accordance with the purposes stated in this Policy to third parties both domestically and abroad, provided that necessary security measures are taken and that it complies with the general principles stipulated in the KVKK. The third parties to whom personal data may be transferred may vary depending on the type and nature of the relationship between the data subject and the Company (e.g., user/membership relationship, business relationship) and other factors; however, in general, they are as follows:

  • Company Group Companies,
  • Storage organizations, platform owners, data publishing organizations, infrastructure providers, and other business partners, suppliers, and subcontractors that the Company works with domestically and abroad,
  • All kinds of official authorities and institutions,

Banks for collection purposes and/or authorized institutions for collection, as well as domestic and foreign institutions and other relevant third parties working for the purpose of carrying out collection activities.

7. Method of Collecting Personal Data

The Company may obtain personal data in written, verbal, audio, visual, or other physical or electronic forms for the purposes specified in this Policy, within the framework of the conditions set forth in Articles 5 and 6 of the Personal Data Protection Law (KVKK). Additionally, personal data may be collected through various channels, including but not limited to places where data subjects can establish contact, hotels, the headquarters, and other physical premises of the Company, websites, mobile applications, electronic transaction platforms, social media, and other public forums or organized events, sales and marketing units, customer forms, digital marketing, as well as contracts, applications, forms, proposals, and cookies used during visits to the Website.

8. Kişisel Verilerin Saklanma Süresi

Except for situations where there is a legal requirement or permission for longer storage periods, the Company processes and stores personal data in compliance with the KVKK and other relevant laws for the purposes specified in this Policy and in accordance with the periods determined in the Personal Data Storage and Destruction Policy. When the purpose of processing personal data expires, and upon the expiry of the storage periods determined by the Company in compliance with the KVKK and other special laws, personal data is stored only to be used as evidence in potential legal disputes, to assert the related rights dependent on personal data, and/or to establish a defense when requested by authorized public institutions and authorities. In determining these periods, the periods specified in the relevant legislation regarding the statute of limitations and storage periods for the establishment, exercise, or protection of a right are taken into account. In such cases, access to the relevant personal data is provided only when necessary for use in the relevant legal dispute, and personal data is otherwise protected and not accessed for any other purposes.

9. Security and Control of Personal Data

In accordance with Article 12 of the KVKK, the Company, as the “data controller,” takes the necessary technical and administrative measures to ensure an adequate level of security to prevent the unlawful processing of personal data and unauthorized access to data. For this purpose:

(i) Activities are carried out in accordance with internal policies and rules prepared for the protection of personal data, (ii) Employees are provided with the necessary training and responsibilities related to the protection of personal data in accordance with the legislation on the protection of personal data and internal policies and rules, (iii) Declarations and commitments regarding the confidentiality and protection of data are obtained from employees and persons and institutions processing data on behalf of the Company, (iv) Information security measures are applied to ensure the security of personal data both within and outside the Company, and to prevent unauthorized access to data, (v) Compliance with internal policies and rules created for the protection of personal data is ensured, (vi) The adequacy of the measures taken is regularly reviewed, and new data security systems are provided and/or existing data security systems are developed, updated, and necessary audits are conducted in this regard.

10. Measures Taken by the Company for the Protection and Security of Personal Data

The Company: LKH OTELCİLİK TURİZM SANAYİ VE TİCARET LİMİTED ŞİRKETİ/ LKH HOSPİTALİTY TOURİSM INDUSTRY AND TRADE LİMİTED COMPANY,

Ensures that all collected personal data are processed in compliance with the principles listed in Article 4 of the Personal Data Protection Law (KVKK) and in accordance with the conditions specified in Articles 5 and 6.

Fulfills the obligation of “Informing and Enlightening” as required by the KVKK within the scope of data controller responsibilities by publishing Information Texts on the internet and other relevant platforms.

As a data controller, establishes the necessary infrastructure to obtain “explicit consent” if legally required for the lawful processing of personal data in accordance with the KVKK.

Establishes the required infrastructure for the lawful collection of personal data for communication, marketing, opportunity notifications, and promotional purposes and makes necessary revisions in Company applications.

Takes necessary measures to ensure the lawful collection and preservation of personal data in job applications and recruitment processes.

Processed personal data, which has been processed in compliance with the KVKK and other relevant legal regulations, is deleted, destroyed, or anonymized by the Company, either ex officio or upon the request of the data subject, in a way that it will not be used for any purpose, when the reasons requiring processing have ceased to exist and upon the completion of the periods specified in the “Storage Periods of Personal Data” section of this Policy and in the Personal Data Storage and Destruction Policy. The Company also implements data access restrictions in compliance with the KVKK in internal data access authorizations to ensure data security and conducts data destruction operations for data that needs to be destroyed.

Takes all necessary technical and administrative measures to prevent the unlawful processing of personal data and unauthorized access to such data in order to prevent the unlawful processing of personal data and unauthorized access to such data and to ensure the lawful preservation of personal data. In order to ensure data security and secure storage, the Company develops internal encryption policies and configures existing encryption systems.

Takes necessary internal measures to prevent data breaches, both within the Company and with external support products, to prevent data leaks.

Determines the legal retention periods in compliance with the relevant legislation depending on the nature of the obtained data, develops and enforces storage policies in the Company application in accordance with these periods.

Takes measures to prevent unauthorized access and use of personal data by different departments within the Company and by natural or legal persons processing personal data on behalf of the Company based on its authorization.

Periodically audits the preservation activities of personal data conducted by natural or legal persons processing personal data on its behalf based on its authorization.

Takes all necessary technical and administrative measures regarding the processing, transfer, and preservation of personal data, even if the required technical and administrative measures have been taken, in case third parties have unlawfully accessed personal data in compliance with the relevant legislation and decisions of the Personal Data Protection Board, to ensure that the data subjects do not suffer any harm.

11. Data Subject Rights Under the KVKK Framework

In accordance with Article 11 of the KVKK, data subjects have the following rights:

  1. To learn whether their personal data are processed,
  2. To request information if their personal data have been processed,
  3. To learn the purpose of processing personal data and whether they are used for their purpose,
  4. To know the third parties to whom personal data are transferred, both at home and abroad,
  5. To request the correction of personal data if it is incomplete or incorrect,
  6. Within the framework of Article 7 and Article 11 of the KVKK, to request the deletion or destruction of personal data if the reasons requiring processing have ceased to exist,
  7. To request the notification of the operations carried out as a result of the requests made under (d) and (e) to third parties to whom personal data have been transferred,
  8. To object to the emergence of a result against the person himself by analyzing the processed data exclusively through automated systems,
  9. If personal data is processed unlawfully, to demand the compensation of the damage incurred.

If data subjects wish to exercise any of the above-mentioned rights, they must fill out the application form attached to this Policy and submit the wet-signed copy of the form to the Company either in person or by notary to the address of “Harbiye Mah. Kadırgalar Cad. No:6/3 G-Mall Şişli/İstanbul,” along with the information and documents required for the identification. If the Personal Data Protection Board decides to allow other methods for the transmission of requests other than those mentioned above, it will be announced how the applications can be made in other ways.

The Company will evaluate and conclude requests made by data subjects in accordance with Article 13 of the KVKK within a maximum of 30 (thirty) days depending on the nature of the request. While requests of data subjects are generally concluded free of charge, if answering the request requires an additional cost, a fee may be charged in accordance with the relevant legislation.

12. Cookies and Similar Technologies

In order to display personalized content to users and engage in online advertising activities when accessing the websites, electronic platforms, mobile and digital applications owned by the company or electronic email messages sent by the company, small data files that enable the recording and collection of specific data through technical means may be placed on users’ computers, mobile phones, tablets, or other devices used to access. These data files placed on computers and other devices may be cookies, pixel tags, flash cookies, and web beacons, as well as similar other technologies for data storage purposes (“Cookies”). It is possible to collect personal data through cookies, and to the extent that the data obtained through cookies constitutes personal data within the framework of Turkish law, the company may process them under this Policy and the Law on the Protection of Personal Data (“KVKK”). Users can remove cookies and reject them by disabling notifications. If a user rejects cookies, they can continue to use the website in question, but they may not have access to all the functions of the platform or their access may be limited. Detailed information about cookies and cookie usage can be found in The Local House Cookie Policy at thelocalhouse.com.tr.

13. Third-Party Sites, Products, and Services

Company-owned websites, platforms, and applications may contain links to third-party websites and products. These links are subject to the privacy policies of third parties, and third parties and their websites are independent of the company. The company will not be responsible in any way for the privacy practices of third parties.

14. Changes

The company has the right to make changes to this Personal Data Protection and Privacy Policy for various reasons, including but not limited to the regulations to be issued under the Law on the Protection of Personal Data (KVKK) and other legislation, in light of various reasons at various times. The updated version of the Policy will be published on the company’s websites and will be made accessible to users and members through the websites.

15. Effect

This Policy will come into effect on the date of publication and will remain in effect until it is removed from the website.

16. Appendix - Company Personal Data Storage And Destruction Policy

16.1. Definitions

Relevant User: 

Individuals who process personal data in accordance with the authority and instructions received from the data controller organization within the data controller organization, except for those responsible for the technical storage, protection, and backup of data.

Destruction: 

Refers to the deletion, elimination, or anonymization of personal data.

Periodic Destruction: 

Refers to the deletion, elimination, or anonymization process that will be carried out ex officio at specified intervals as stipulated in the Personal Data Storage and Destruction Policy, when all the processing conditions for personal data specified in the law are no longer valid.

Deletion of Personal Data: 

The process of rendering personal data inaccessible and unrecoverable for relevant users.

Destruction of Personal Data: 

The process of making personal data inaccessible, irretrievable, and unusable by anyone.

Anonymization of Personal Data: 

The process of rendering personal data in such a way that it cannot be associated with any identifiable or identifiable natural person, even when matched with other data.

16.2. Purpose And Scope Of The Personal Data Storage And Destruction Policy

The purpose of this Storage and Destruction Policy is to ensure that the personal data of the relevant individuals processed by the Company are processed, stored, protected, and, when necessary, deleted, destroyed, or anonymized in compliance with the Personal Data Protection Law (“Law” or “KVKK”), and in accordance with the provisions of the law, to establish management instructions, procedural conditions, and technical policies for the deletion, destruction, or anonymization in accordance with the Personal Data Deletion, Destruction, or Anonymization Regulation (“Regulation”), which was published in the Official Gazette dated 28.10.2017 and numbered 30224 and constitutes the secondary regulation of KVKK.

This Storage and Destruction Policy is applied in activities related to the storage and destruction of personal data processed by the Company.

This Storage and Destruction Policy has been prepared based on KVKK, the “Regulation on the Deletion, Destruction, or Anonymization of Personal Data,” and other relevant legislation related to the storage and destruction of personal data.

16.3. Personal Data Deletion, Destruction, And Anonymization Activities Conducted Within The Company

Personal data is retained by the Company only for the periods specified in the relevant legislation, including storage and statutory limitation periods, and/or for the duration necessary for the purposes for which they were processed. Accordingly, the Company first determines whether there is any specific retention period and/or statute of limitations for the storage of personal data in the relevant legislation and stores personal data in compliance with these periods. In the absence of any specific period prescribed by the relevant legislation, personal data is stored in accordance with KVKK and for the duration necessary for the purposes for which they were processed.

In accordance with Article 7 of KVKK, the Company deletes, destroys, or anonymizes personal data in compliance with the 8th, 9th, and 10th articles of the “Regulation on the Deletion, Destruction, or Anonymization of Personal Data” ex officio or upon the request of the data subject, even if they have been processed in compliance with applicable legal provisions, in case the reasons requiring their processing have ceased and/or when the legal retention periods have expired.

In order to fulfill its obligations arising from the Law and the Regulation, the Company takes the necessary technical and administrative measures, develops the required operational mechanisms, trains its relevant units, and makes necessary appointments to comply with these obligations.

16.4. Cases Requiring The Destruction Of Personal Data And Methods Of Deletion, Destruction, And Anonymization Of Personal Data

Cases Requiring the Destruction of Personal Data

In accordance with KVKK and the Regulation, personal data belonging to data subjects are deleted, destroyed, or anonymized by the Company ex officio or upon request in the following cases:

    1. Changes in other regulations that form the basis for the storage of personal data, which would eliminate the obligation to store personal data.
    2. The purpose for which personal data was processed no longer exists.
    3. The conditions specified in Articles 5 and 6 of the Law, which determine the “Conditions for Processing Personal Data,” no longer apply.
    4. In cases where personal data processing is based solely on “explicit consent,” the data subject withdraws their consent.
    5. The data subject’s request for the deletion, destruction, or anonymization of personal data is accepted by the data controller within the scope of the rights specified in Article 11/1(e-f) of KVKK.
    6. The Board decides on the deletion, destruction, or anonymization of personal data.
    7. After the maximum retention period required for personal data storage has expired, there is no legal condition justifying the storage of personal data.

16.5. Methods of Personal Data Deletion, Destruction, and Anonymization

  1. The Company uses deletion, destruction, or anonymization methods in compliance with KVKK for the destruction of personal data:

    1. Deletion Methods: Depending on the nature of personal data and the environment in which it is located, the Company uses one or more of the following deletion methods: command deletion from the database, obfuscation, etc.
    2. Destruction Methods: Depending on the nature of personal data and the environment in which it is located, the Company uses one or more of the following destruction methods: physical destruction, demagnetization, overwriting, etc.
    3. Anonymization Methods: Depending on the nature of the relevant data, its volume, its structure in physical environments, diversity, the benefit to be obtained from the data, and the purpose of processing, the Company uses one or more of the following anonymization methods: regional suppression, removing variables, removing records, generalization, lower and upper bound coding, global coding, sampling, data swapping, adding noise, microaggregation, data hashing, and scrambling methods.

17. Data Retention And Destruction

16.6. Methods of Personal Data Deletion, Destruction, and Anonymization

The individuals responsible for the storage, deletion, destruction, and anonymization of personal data in the database are as follows, and their job descriptions are determined by the Company as follows:

Position: Marketing & Communications Manager

Summary Job Description: Managing digital channels and ensuring the coordinated progress of various marketing methods, protecting and storing data obtained from the website, tracking collected data, backup, storage, responsibility for data access, negotiating terms with third parties and companies regarding this issue, protecting and tracking data and servers, search engine marketing, content marketing, digital targeting, digital sales, intervening in communication studies when necessary, conducting various tests related to user experience, and creating a roadmap based on the results, analyzing data from digital channels, and presenting necessary reports to management.

Data Categories

Retention Periods

Destruction Periods

Customer, Membership, and Buyer Data, Data Related to Orders/Purchases:

10 years after the termination of legal relationship within the scope of Turkish Commercial Code No. 6102; 3 years according to the Law on the Regulation of Electronic Commerce No. 6563 and related secondary legislation; accommodation records for one year according to the Regulation on the Implementation of the Law on Notification of Identity, starting from the calendar year following the year they were issued; accommodation location registration books, starting from the calendar year following the year they were filled, for 5 years 

After the end of the retention period, during the initial periodic destruction.

Call Center Voice Recordings:

10 years after the termination of legal relationship within the scope of Turkish Commercial Code No. 6102; 10 years after the termination of legal relationship within the scope of Turkish Code of Obligations

After the end of the retention period, during the initial periodic destruction.

Records of Financial and Accounting Transactions:

10 years within the scope of Turkish Commercial Code No. 6102; 5 years within the scope of Tax Procedure Law No. 213

After the end of the retention period, during the initial periodic destruction.

Records Related to Electronic Commerce Transactions:

3 years from the transaction date
After the end of the retention period, during the initial periodic destruction.

Commercial Electronic Message Records:

3 years from the date of consent withdrawal

After the end of the retention period, during the initial periodic destruction.

Resumes:

5 years in accordance with Company policy

Resumes exceeding 5 years are destroyed in digital format. For physical resumes, the period is 6 months.

18. Technical And Administrative Measures Taken By The Company To Safely Store Personal Data, Prevent Unlawful Processing, And Unauthorized Access

    1. The Company has taken necessary technical and administrative measures to prevent the unlawful processing of personal data, unauthorized access to personal data, and to ensure the lawful storage of personal data in accordance with KVKK.
    2. The Company restricts personnel access permissions for data security and authorization limitations.
    3. The Company limits personnel access permissions to the main server.
    4. Encryption techniques are implemented by the Company for data security, and periodic password changes are enforced.
    5. SSL is used to secure all areas of the website or mobile application where personal data is collected.
    6. The Company has installed software and hardware, including virus protection systems and security firewalls, on platforms it owns to ensure data security.

19. thelocalhouse.com.tr Cookie Policy

This “Cookie Policy” (“Policy”) has been prepared to inform visitors of thelocalhouse.com.tr website (“Website”) about the use of cookies by thelocalhouse.com.tr, and the main principles and details of this cookie usage.

19.1. Information about Cookies

thelocalhouse.com.tr, the owner of the Website, can place small data files that record and collect certain data through technical means on visitors’ computers, mobile phones, tablets, or other devices during access to the Website, electronic platforms, mobile and digital applications, or electronic messages and advertisements sent by thelocalhouse.com.tr for the purpose of providing personalized content to visitors and conducting online advertising activities. These data files placed on computers and other devices, including but not limited to cookies, pixel tags, flash cookies, and web beacons, can also include other similar technologies for data storage purposes (“Cookies” for short).

Cookies are small text files containing a small amount of information that are temporarily placed on visitors’ devices through the internet browsers they use while visiting websites. When visitors use their internet browsers to visit the Website, these cookies are sent back to the website, allowing the Website to recognize visitors’ devices. The purpose of using Cookies is to collect information about the use of the Website. Cookies do not contain any personal information, including data stored on visitors’ computers, and are not used for User/identity identification. thelocalhouse.com.tr uses Cookies to make the Website user-friendly and facilitate browsing on thelocalhouse.com.tr.

19.2. Cookies Used on the Website

Cookies can be classified under the headings “mandatory cookies,” “functional cookies,” “analytical cookies,” and “advertising cookies.”

19.3. Mandatory Cookies

Mandatory Cookies are cookies necessary for the proper functioning of the website. Mandatory cookies are used to ensure the proper management of the system, create user accounts, and enable users to log in. Mandatory cookies are used to prevent fraudulent transactions. Without these cookies, the website may not function properly.

19.4. Functional Cookies

Functional Cookies are cookies used to facilitate visitors’ visits to the website and improve their experience on the site. These cookies provide easy access to content by remembering the previous visit to the website.

19.5. Analytical Cookies

Analytical Cookies contain data that allows the viewing of which pages are more popular and which resources are viewed more. These cookies include data that allows for the provision of services tailored to this traffic by viewing the traffic on the Website.

19.6. Advertising Cookies

Advertising or Targeting cookies are cookies that allow the determination and presentation of content close to the interests of visitors. Third-party advertising cookies can be placed on the website, on the mobile site, and on other websites to identify visitors and provide personalized advertisements to visitors. These cookies are also used to measure the effectiveness of advertisements.

19.7. Third-Party Cookies

Third-party cookies include, but are not limited to:

  • Google Analytics
  • Facebook
  • YouTube

Control and Deletion/Removal of Cookies

Many internet browsers are set to automatically accept cookies by default. These settings can be changed by notifying or blocking cookies when cookies are sent to visitors’ devices through internet browsers. Blocking the cookies on the Website may negatively affect the user experience. For example, some parts of thelocalhouse.com.tr may not be viewed, all functions of such platforms may not be accessible, access may be restricted, or custom information may not be accessible to visitors when visiting thelocalhouse.com.tr.

When visiting the Website using different devices (tablet, phone, etc.), the cookie preferences of the browser used must also be adjusted.

You have the option to personalize your cookie preferences by changing your browser settings. Browser manufacturers provide help pages for managing cookies in their products. For more information, please visit the following links:

Google Chrome: https://support.google.com/chrome/answer/95647?hl=tr

Mozilla Firefox: https://support.mozilla.org/tr/kb/%C3%87erezleri%20engellemek

Internet Explorer: https://support.microsoft.com/tr-tr/help/17442/windows-internet-explorer-delete-manage-cookies

Opera: https://www.opera.com/tr/help

Opera Mobile: https://www.opera.com/tr/help/mobile/android

Safari Desktop: https://support.apple.com/kb/PH19214?locale=tr_TR&viewlocale=tr_TR

Safari Mobile: https://support.apple.com/tr-tr/HT201265

Whatsapp
1
Welcome to The Local House
How Can We Help You?