Consent based on informed and freely given will regarding a specific subject. Anonymization: The process of rendering personal data in such a way that the identity of a specific or determinable natural person cannot be associated with the data, even by matching it with other data.
The form provided in conjunction with this Policy for data subjects to exercise their rights in accordance with relevant legislation.
The internet site with the domain name thelocalhouse.com.tr owned by the LKH OTELCİLİK TURİZM SANAYİ VE TİCARET LİMİTED ŞİRKETİ/ LKH HOSPİTALİTY TOURİSM INDUSTRY AND TRADE LİMİTED COMPANY.
Natural or legal persons with whom the Company enters into partnerships for various purposes such as carrying out various projects or obtaining services while conducting its commercial activities, either directly or through its shareholders or group companies.
Any information related to an identified or identifiable natural person.
Processing of Personal Data:
Any operation performed on personal data, either entirely or partially, through automated means or non-automated means, provided that it is part of any data recording system, including but not limited to collecting, recording, storing, preserving, altering, rearranging, disclosing, transferring, taking over, making it obtainable, classifying, or preventing its use.
Sensitive Personal Data:
Data related to race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, clothing, association, foundation or union membership, health, sexual life, criminal conviction, and security measures, as well as biometric and genetic data.
A natural person whose personal data is processed.
A natural or legal person who processes personal data on behalf of the data controller, based on the authority granted by the data controller.
A natural or legal person who determines the purposes and means of processing personal data and manages the place (data recording system) where the data is systematically kept.
Personal Data Protection Law, published in the Official Gazette dated April 7, 2016, and numbered 29677.
Data Protection Authority Board.
LKH OTELCİLİK TURİZM SANAYİ VE TİCARET LİMİTED ŞİRKETİ/ LKH HOSPİTALİTY TOURİSM INDUSTRY AND TRADE LİMİTED COMPANY.
LKH OTELCİLİK TURİZM SANAYİ VE TİCARET LİMİTED ŞİRKETİ/ LKH HOSPİTALİTY TOURİSM INDUSTRY AND TRADE LİMİTED COMPANY, (“Company”) places great importance on the protection of personal data of our customers who request services from our hotels, customers who receive services, users and members who use our “thelocalhouse.com.tr” website owned by our Company, individuals who establish contact with us through our hotels, our websites, or our social media accounts, or in any other way, whether directly or as representatives of a company or organization, individuals who communicate with us or enter into contracts, our business partners, shareholders, employees, and job applicants who apply to our Company.
KVKK was published in the Official Gazette dated April 7, 2016, and numbered 29677. KVKK is enacted to protect the fundamental rights and freedoms of individuals, including the privacy of private life, and to determine the obligations of natural and legal persons who process personal data.
The purpose of this Policy is to establish necessary management instructions, procedures, and conditions to ensure the processing and protection of personal data by the Company in compliance with KVKK, as well as to create a technical method for this purpose.
This Policy is applicable to all activities related to the processing and protection of all personal data held by the Company in its capacity as “Data Controller” and/or “Data Processor.” The Policy has been prepared in accordance with KVKK and other relevant legislation on the processing and protection of personal data.
In accordance with Article 3/I(d) of the Personal Data Protection Law (KVKK), “personal data” refers to any kind of information related to identified or identifiable real persons. In this context, anonymous information, anonymized data, and other data that cannot be associated with a specific individual are not considered as personal data under this Policy.
Pursuant to Article 3/I(e) of the KVKK, any operation carried out on personal data, whether fully or partially automated, or by non-automated means, as long as it is part of any data recording system, including but not limited to collecting, recording, storing, preserving, altering, rearranging, disclosing, transferring, taking over, making it obtainable, classifying, or preventing its use, falls within the scope of “data processing.”
The Company processes personal data in compliance with the following principles:
In this context, personal and/or sensitive personal data obtained within the framework of KVKK and other legislation, whether in writing, verbally, or electronically, through various channels including but not limited to hotels or the Website, can be obtained, recorded, stored, preserved, altered, and processed in accordance with the provisions of KVKK and may be shared with third parties, both within the country and abroad, through methods including but not limited to legal and lawful reasons, and the legal and factual requirements of the product sales and services provided by the Company, including the transfer abroad.
In General The Company may process general and sensitive personal data with the explicit consent of the data subject or without explicit consent, as provided in Articles 5 and 6 of KVKK.
Personal data may be processed within the scope of the provisions of the legislation, including but not limited to the Consumer Protection Law No. 6502, Distance Contracts Regulation issued within the framework of this law, Electronic Commerce Regulation, Electronic Service Providers and Intermediary Service Providers Regulation prepared based on this law, Labor Law No. 4857, Social Security and General Health Insurance Law No. 5510, Turkish Commercial Code No. 6102, Tax Procedure Law No. 213, Identity Notification Law No. 1774, and all other laws, regulations, notifications, and other legal regulations related to these laws, within the framework of the provisions specified in the legislation.
The following are examples of personal data processed by the Company:
The Company may collect personal data through the following methods:
The Company may process personal data for the following purposes and may retain it for the duration required by the legal regulations and in any case for the periods required by legal regulations:
The Company, in accordance with the general principles specified in the KVKK and the conditions stipulated in Articles 8 and 9 of the KVKK, may transfer the personal data obtained in accordance with the purposes stated in this Policy to third parties both domestically and abroad, provided that necessary security measures are taken and that it complies with the general principles stipulated in the KVKK. The third parties to whom personal data may be transferred may vary depending on the type and nature of the relationship between the data subject and the Company (e.g., user/membership relationship, business relationship) and other factors; however, in general, they are as follows:
Banks for collection purposes and/or authorized institutions for collection, as well as domestic and foreign institutions and other relevant third parties working for the purpose of carrying out collection activities.
The Company may obtain personal data in written, verbal, audio, visual, or other physical or electronic forms for the purposes specified in this Policy, within the framework of the conditions set forth in Articles 5 and 6 of the Personal Data Protection Law (KVKK). Additionally, personal data may be collected through various channels, including but not limited to places where data subjects can establish contact, hotels, the headquarters, and other physical premises of the Company, websites, mobile applications, electronic transaction platforms, social media, and other public forums or organized events, sales and marketing units, customer forms, digital marketing, as well as contracts, applications, forms, proposals, and cookies used during visits to the Website.
Except for situations where there is a legal requirement or permission for longer storage periods, the Company processes and stores personal data in compliance with the KVKK and other relevant laws for the purposes specified in this Policy and in accordance with the periods determined in the Personal Data Storage and Destruction Policy. When the purpose of processing personal data expires, and upon the expiry of the storage periods determined by the Company in compliance with the KVKK and other special laws, personal data is stored only to be used as evidence in potential legal disputes, to assert the related rights dependent on personal data, and/or to establish a defense when requested by authorized public institutions and authorities. In determining these periods, the periods specified in the relevant legislation regarding the statute of limitations and storage periods for the establishment, exercise, or protection of a right are taken into account. In such cases, access to the relevant personal data is provided only when necessary for use in the relevant legal dispute, and personal data is otherwise protected and not accessed for any other purposes.
In accordance with Article 12 of the KVKK, the Company, as the “data controller,” takes the necessary technical and administrative measures to ensure an adequate level of security to prevent the unlawful processing of personal data and unauthorized access to data. For this purpose:
(i) Activities are carried out in accordance with internal policies and rules prepared for the protection of personal data, (ii) Employees are provided with the necessary training and responsibilities related to the protection of personal data in accordance with the legislation on the protection of personal data and internal policies and rules, (iii) Declarations and commitments regarding the confidentiality and protection of data are obtained from employees and persons and institutions processing data on behalf of the Company, (iv) Information security measures are applied to ensure the security of personal data both within and outside the Company, and to prevent unauthorized access to data, (v) Compliance with internal policies and rules created for the protection of personal data is ensured, (vi) The adequacy of the measures taken is regularly reviewed, and new data security systems are provided and/or existing data security systems are developed, updated, and necessary audits are conducted in this regard.
The Company: LKH OTELCİLİK TURİZM SANAYİ VE TİCARET LİMİTED ŞİRKETİ/ LKH HOSPİTALİTY TOURİSM INDUSTRY AND TRADE LİMİTED COMPANY,
Ensures that all collected personal data are processed in compliance with the principles listed in Article 4 of the Personal Data Protection Law (KVKK) and in accordance with the conditions specified in Articles 5 and 6.
Fulfills the obligation of “Informing and Enlightening” as required by the KVKK within the scope of data controller responsibilities by publishing Information Texts on the internet and other relevant platforms.
As a data controller, establishes the necessary infrastructure to obtain “explicit consent” if legally required for the lawful processing of personal data in accordance with the KVKK.
Establishes the required infrastructure for the lawful collection of personal data for communication, marketing, opportunity notifications, and promotional purposes and makes necessary revisions in Company applications.
Takes necessary measures to ensure the lawful collection and preservation of personal data in job applications and recruitment processes.
Processed personal data, which has been processed in compliance with the KVKK and other relevant legal regulations, is deleted, destroyed, or anonymized by the Company, either ex officio or upon the request of the data subject, in a way that it will not be used for any purpose, when the reasons requiring processing have ceased to exist and upon the completion of the periods specified in the “Storage Periods of Personal Data” section of this Policy and in the Personal Data Storage and Destruction Policy. The Company also implements data access restrictions in compliance with the KVKK in internal data access authorizations to ensure data security and conducts data destruction operations for data that needs to be destroyed.
Takes all necessary technical and administrative measures to prevent the unlawful processing of personal data and unauthorized access to such data in order to prevent the unlawful processing of personal data and unauthorized access to such data and to ensure the lawful preservation of personal data. In order to ensure data security and secure storage, the Company develops internal encryption policies and configures existing encryption systems.
Takes necessary internal measures to prevent data breaches, both within the Company and with external support products, to prevent data leaks.
Determines the legal retention periods in compliance with the relevant legislation depending on the nature of the obtained data, develops and enforces storage policies in the Company application in accordance with these periods.
Takes measures to prevent unauthorized access and use of personal data by different departments within the Company and by natural or legal persons processing personal data on behalf of the Company based on its authorization.
Periodically audits the preservation activities of personal data conducted by natural or legal persons processing personal data on its behalf based on its authorization.
Takes all necessary technical and administrative measures regarding the processing, transfer, and preservation of personal data, even if the required technical and administrative measures have been taken, in case third parties have unlawfully accessed personal data in compliance with the relevant legislation and decisions of the Personal Data Protection Board, to ensure that the data subjects do not suffer any harm.
In accordance with Article 11 of the KVKK, data subjects have the following rights:
If data subjects wish to exercise any of the above-mentioned rights, they must fill out the application form attached to this Policy and submit the wet-signed copy of the form to the Company either in person or by notary to the address of “Harbiye Mah. Kadırgalar Cad. No:6/3 G-Mall Şişli/İstanbul,” along with the information and documents required for the identification. If the Personal Data Protection Board decides to allow other methods for the transmission of requests other than those mentioned above, it will be announced how the applications can be made in other ways.
The Company will evaluate and conclude requests made by data subjects in accordance with Article 13 of the KVKK within a maximum of 30 (thirty) days depending on the nature of the request. While requests of data subjects are generally concluded free of charge, if answering the request requires an additional cost, a fee may be charged in accordance with the relevant legislation.
Company-owned websites, platforms, and applications may contain links to third-party websites and products. These links are subject to the privacy policies of third parties, and third parties and their websites are independent of the company. The company will not be responsible in any way for the privacy practices of third parties.
This Policy will come into effect on the date of publication and will remain in effect until it is removed from the website.
Individuals who process personal data in accordance with the authority and instructions received from the data controller organization within the data controller organization, except for those responsible for the technical storage, protection, and backup of data.
Refers to the deletion, elimination, or anonymization of personal data.
Refers to the deletion, elimination, or anonymization process that will be carried out ex officio at specified intervals as stipulated in the Personal Data Storage and Destruction Policy, when all the processing conditions for personal data specified in the law are no longer valid.
Deletion of Personal Data:
The process of rendering personal data inaccessible and unrecoverable for relevant users.
Destruction of Personal Data:
The process of making personal data inaccessible, irretrievable, and unusable by anyone.
Anonymization of Personal Data:
The process of rendering personal data in such a way that it cannot be associated with any identifiable or identifiable natural person, even when matched with other data.
The purpose of this Storage and Destruction Policy is to ensure that the personal data of the relevant individuals processed by the Company are processed, stored, protected, and, when necessary, deleted, destroyed, or anonymized in compliance with the Personal Data Protection Law (“Law” or “KVKK”), and in accordance with the provisions of the law, to establish management instructions, procedural conditions, and technical policies for the deletion, destruction, or anonymization in accordance with the Personal Data Deletion, Destruction, or Anonymization Regulation (“Regulation”), which was published in the Official Gazette dated 28.10.2017 and numbered 30224 and constitutes the secondary regulation of KVKK.
This Storage and Destruction Policy is applied in activities related to the storage and destruction of personal data processed by the Company.
This Storage and Destruction Policy has been prepared based on KVKK, the “Regulation on the Deletion, Destruction, or Anonymization of Personal Data,” and other relevant legislation related to the storage and destruction of personal data.
Personal data is retained by the Company only for the periods specified in the relevant legislation, including storage and statutory limitation periods, and/or for the duration necessary for the purposes for which they were processed. Accordingly, the Company first determines whether there is any specific retention period and/or statute of limitations for the storage of personal data in the relevant legislation and stores personal data in compliance with these periods. In the absence of any specific period prescribed by the relevant legislation, personal data is stored in accordance with KVKK and for the duration necessary for the purposes for which they were processed.
In accordance with Article 7 of KVKK, the Company deletes, destroys, or anonymizes personal data in compliance with the 8th, 9th, and 10th articles of the “Regulation on the Deletion, Destruction, or Anonymization of Personal Data” ex officio or upon the request of the data subject, even if they have been processed in compliance with applicable legal provisions, in case the reasons requiring their processing have ceased and/or when the legal retention periods have expired.
In order to fulfill its obligations arising from the Law and the Regulation, the Company takes the necessary technical and administrative measures, develops the required operational mechanisms, trains its relevant units, and makes necessary appointments to comply with these obligations.
Cases Requiring the Destruction of Personal Data
In accordance with KVKK and the Regulation, personal data belonging to data subjects are deleted, destroyed, or anonymized by the Company ex officio or upon request in the following cases:
The Company uses deletion, destruction, or anonymization methods in compliance with KVKK for the destruction of personal data:
The individuals responsible for the storage, deletion, destruction, and anonymization of personal data in the database are as follows, and their job descriptions are determined by the Company as follows:
Position: Marketing & Communications Manager
Summary Job Description: Managing digital channels and ensuring the coordinated progress of various marketing methods, protecting and storing data obtained from the website, tracking collected data, backup, storage, responsibility for data access, negotiating terms with third parties and companies regarding this issue, protecting and tracking data and servers, search engine marketing, content marketing, digital targeting, digital sales, intervening in communication studies when necessary, conducting various tests related to user experience, and creating a roadmap based on the results, analyzing data from digital channels, and presenting necessary reports to management.
Customer, Membership, and Buyer Data, Data Related to Orders/Purchases:
10 years after the termination of legal relationship within the scope of Turkish Commercial Code No. 6102; 3 years according to the Law on the Regulation of Electronic Commerce No. 6563 and related secondary legislation; accommodation records for one year according to the Regulation on the Implementation of the Law on Notification of Identity, starting from the calendar year following the year they were issued; accommodation location registration books, starting from the calendar year following the year they were filled, for 5 years
After the end of the retention period, during the initial periodic destruction.
Call Center Voice Recordings:
10 years after the termination of legal relationship within the scope of Turkish Commercial Code No. 6102; 10 years after the termination of legal relationship within the scope of Turkish Code of Obligations
Records of Financial and Accounting Transactions:
10 years within the scope of Turkish Commercial Code No. 6102; 5 years within the scope of Tax Procedure Law No. 213
After the end of the retention period, during the initial periodic destruction.
Records Related to Electronic Commerce Transactions:
Commercial Electronic Message Records:
3 years from the date of consent withdrawal
5 years in accordance with Company policy
thelocalhouse.com.tr, the owner of the Website, can place small data files that record and collect certain data through technical means on visitors’ computers, mobile phones, tablets, or other devices during access to the Website, electronic platforms, mobile and digital applications, or electronic messages and advertisements sent by thelocalhouse.com.tr for the purpose of providing personalized content to visitors and conducting online advertising activities. These data files placed on computers and other devices, including but not limited to cookies, pixel tags, flash cookies, and web beacons, can also include other similar technologies for data storage purposes (“Cookies” for short).
Cookies can be classified under the headings “mandatory cookies,” “functional cookies,” “analytical cookies,” and “advertising cookies.”
Mandatory Cookies are cookies necessary for the proper functioning of the website. Mandatory cookies are used to ensure the proper management of the system, create user accounts, and enable users to log in. Mandatory cookies are used to prevent fraudulent transactions. Without these cookies, the website may not function properly.
Functional Cookies are cookies used to facilitate visitors’ visits to the website and improve their experience on the site. These cookies provide easy access to content by remembering the previous visit to the website.
Analytical Cookies contain data that allows the viewing of which pages are more popular and which resources are viewed more. These cookies include data that allows for the provision of services tailored to this traffic by viewing the traffic on the Website.
Advertising or Targeting cookies are cookies that allow the determination and presentation of content close to the interests of visitors. Third-party advertising cookies can be placed on the website, on the mobile site, and on other websites to identify visitors and provide personalized advertisements to visitors. These cookies are also used to measure the effectiveness of advertisements.
Third-party cookies include, but are not limited to:
Control and Deletion/Removal of Cookies
Many internet browsers are set to automatically accept cookies by default. These settings can be changed by notifying or blocking cookies when cookies are sent to visitors’ devices through internet browsers. Blocking the cookies on the Website may negatively affect the user experience. For example, some parts of thelocalhouse.com.tr may not be viewed, all functions of such platforms may not be accessible, access may be restricted, or custom information may not be accessible to visitors when visiting thelocalhouse.com.tr.
When visiting the Website using different devices (tablet, phone, etc.), the cookie preferences of the browser used must also be adjusted.
You have the option to personalize your cookie preferences by changing your browser settings. Browser manufacturers provide help pages for managing cookies in their products. For more information, please visit the following links:
Google Chrome: https://support.google.com/chrome/answer/95647?hl=tr
Mozilla Firefox: https://support.mozilla.org/tr/kb/%C3%87erezleri%20engellemek
Opera Mobile: https://www.opera.com/tr/help/mobile/android
Safari Mobile: https://support.apple.com/tr-tr/HT201265