Turkish Law on the Protection of Personal Data (shortly “KVKK Law”) is published in the Official Gazette of 7th April 2020. This law is to protect the rights and freedoms of individuals, the privacy of personal life, and to set obligations against any wrongful act in Turkey.
The purpose is to create a policy of data security and storage by the Law on the Protection of Personal Data. Byblish® creates and controls this policy for protecting and preserving personal data.
The scope of this policy covers the visitors of Byblish.com as well as the Byblish® team. Byblish® is a registered brand of Byblish® , which is an overseas information company. Byblish.com is owned by Byblish® Organization. The policy is in use on all activities created and executed by Byblish®.
This policy is prepared in accordance with the KVKK Law and it should be agreed upon by all employees of Byblish®.
Byblish® wants all of its customers, visitors, and employees to learn and act according to this policy. The company gives proper information about this policy and provides the relevant materials to its employees.
3. GLOSSARY OF TERMS
Byblish® is one of the brands of the international overseas property company whose legal name is Byblish Organization.
3.2. Explicit Consent
Limited consent is given for processing the Data. It is based on free will and presented with the aim of information.
The way of rendering the personal data impossible to link with an identified or identifiable person even though matching them with another data.
The Byblish® Team.
3.5. Service Provider
The staff of the third-party company from whom Byblish® Gets Services.
3.6. Individual / Customer / Visitor
The person whose personal information is held and processed by Byblish®.
3.7. Personal Information / Personal Data
Information about individuals/customers/visitors enables them to be identified. In this case, the e-mail address and telephone number.
3.8. Processing of Personal Data
The operations of collecting, amending, storing, saving, editing, or disclosing personal information fully or partially automatically.
3.9. Data Controller
The people who decide what personal information Byblish® will hold and how it will be held and used.
3.10. Data Processor
The natural or legal people who process the data under the authority of the Data Controller.
3.11. KVKK Board
The Board of Protection of Personal Data. (KVKK is shortly Protection of Personal Data in Turkish)
3.12. KVKK Corporation
The Corporation for the Protection of Personal Data
3.13. Law of KVKK
Turkish Law on the Protection of Personal Data published on the number 29677 edition of the Official Gazette.
Byblish® Policy of Protection and Processing of Personal Data
4. ROLES AND RESPONSIBILITIES
4.1. Data Controller
The processing of Personal Data means the operations of collecting, amending, storing, saving, editing or disclosing personal information fully or partially automatically under the conditions of the Turkish Law on the Protection of Personal Data.
Byblish® needs to collect and use certain types of information about the visitors or customers in order to carry on our work. Byblish® is the Data Controller under the Law and determines what the data will be used for.
4.2. Data Controller Agent
When Data Controllers Registry is established there will be a need to have a Data Controller Agent. This agent should be an expert in the area of keeping the data private, processing it, and taking the necessary security steps.
4.3. Data Processor
Data processors are the natural or legal people that process Personal Data. The processor should be working under the authorization of Byblish®.
In case of data being processed by natural or legal people, Byblish® and the Data Processors are obliged to take precautions. As the Data Controllers, Byblish® inspects the process of trust between two parties; Byblish® and individuals.
5. LEGAL OBLIGATIONS
Byblish® have legal obligations about the safety and process of Personal Data in accordance with the KVKK Law. The obligations are;
5.1. The Obligation to Clarify
Byblish® is obliged to clarify its visitors and customers during the Data Process about the following elements;
• The identity of the Data Controller,
• The reasons for preserving the Personal Data,
• The legal reasons for keeping the Personal Data,
• The rights of individuals.
5.2. The Obligation to Inform
In accordance with the 13th article of KVKK Law, Byblish® is obliged to inform individuals. It is also needed to fulfill the requests for information through firstname.lastname@example.org
Those specific requests should be written by those individuals manually or with any other medium that KVKK Board determines.
5.3. The Obligation to Provide Personal Data Security
As Data Controllers, Byblish® is obliged to provide the necessary security services in accordance with the 12th article of the KVKK Law.
5.4. The Obligation to Enlist in the Data Controllers Registry
Byblish® is obliged to enlist into the Data Controllers Registry in accordance with the 16th article of the KVKK Law.
6. CLASSIFYING THE PERSONAL DATA
6.1. Personal Data
An individual’s name, surname, date, place of birth, identity, social security number, telephone number, e-mail address, address, visual, payment information, and such other information are assumed as Personal Data.
Due to membership clauses, Byblish® preserves some of these Data such as name, surname, telephone number, and e-mail address.
6.2. Private Personal Data
An individual’s race, ethnic roots, political opinion, philosophical beliefs, religion, sect or any other beliefs, rigs, membership to any foundation or establishment, health issues, sexual life, convictions, security measures, biometric and genetic data are assumed as Private Personal Data. It is strictly forbidden to preserve such Data without an individual’s consent according to the 6th article of the Turkish KVKK Law.
As a Data Controller, Byblish® never asks for such Private Personal Data unless it is stated in legal laws.
7. THE POLICY OF PERSONAL DATA PROCESSING
7.1. The Principals for Data Processing
All of the collected data must be processed properly to the 4th article and in accordance with the 5th and 6th articles of the KVKK Law.
• Byblish® should process the data by abiding by the KVKK Law and other legal regulations.
• Byblish® should be transparent, follow the obligations to clarify, and inform by abiding by the code of honesty.
• Byblish® should process the data in only rightful causes. The causes should be legal and indicated in the KVKK Law or other legal regulations.
• The data should be in connection with its aim and only limited to this purpose.
• Byblish® should process the data on the necessary scale. The code of proportion must be obliged and only the necessary bit of the data should be processed.
• Byblish® should preserve the data only in the needed period (See the 9th section) and should not preserve the data if the necessary period has passed anonymously.
7.2. The Objectives of Data Processing
Byblish® does not collect and save any personal information from any customers for sending any unwanted and unsolicited information (spam). Byblish® aims to process the data with some objectives like the following:
• Personal and communication data such as name, surname, telephone number, and e-mail address are processed for website registry and better quality communication.
• Demographic site or application browsing data are processed for analyzing and gathering the user’s points of interest. These data are used with the aim of improving business and operational activities such as remarketing, retargeting, and communication.
• Social Web information is used for granting a better and easier experience on the website. Some social websites such as Facebook, Twitter, Linkedin, and Google Plus can be used only for the purpose of registering the Antalya Homes website.
• The location data is used if the user allows it from their mobile phones while browsing. Byblish® processes the location data for suggesting properties and shows the nearest offices according to the location.
The data is processed with some other aims in addition to the objectives that are previously stated;
• Byblish® sends properties and hot offers through e-mail addresses in a newsletter format.
• Byblish® deals with each customer individually by answering any questions and needs that are provided by the communication data.
• Byblish® gives information about the new services.
• Byblish® does direct marketing.
• Byblish® can directly communicate with individuals if needed.
7.3. Ensuring the Data to be Processed on Legal Grounds
Byblish® takes the following technical precautions for processing personal data on legal grounds;
• Arranging an intercorporate institution for processing and storing Personal Data in accordance with the Law,
• Creating a technical infrastructure for the database that will store all the Personal Data,
• Inspecting the created technical infrastructure and process,
• Designating the necessary procedures for reporting the technical procedures and inspection periods.
Byblish® takes the following legal precautions for processing personal data on legal grounds;
• Educating and informing the Byblish® employees about processing personal data on legal grounds,
• Putting the precautions against any unlawful acts of processing the personal data on the contracts, legal files, and policies,
• Inspecting the personal data processing of the third-party processors and partners.
8. THE POLICY OF TRANSFERRING THE PERSONAL DATA
8.1. Transferring the Personal Data Inland
Byblish® is obliged to act in accordance with the KVKK Law and the regulations designated by the KVKK Board.
As the Data Controllers, Byblish® is obliged to go by the KVKK Law. Byblish® never shares any personal data or information with third-party companies without the consent of the individual.
However, in case of obligations from the KVKK Law and other Constitutional Laws, Byblish® can transfer the data to the related judicial, governmental, or legal bodies.
8.2. Transferring Personal Data Abroad
Byblish® can also transfer the data abroad for processing and preservation. The country which will receive the Personal Data must have the necessary safety precautions. The precautions must be checked by the KVKK Board. If the necessary precautions are not enough, the Data Controllers from both Turkey and the receiving country must make a written commitment and the KVKK Board must approve it.
8.3. Which Person / Organization Receives the Personal Data?
Authorized institutions and organizations: Public statutory bodies can receive the Data as they request according to article number 8.1.
The customer program of Byblish®, receives Personal Data, preserves it, and keeps track of the customers.
Some third-party software and tools such as Bing, Google AdWords, Google Analytics, Yandex Metrica, Yandex Direct, Whatsapp, Facebook, Twitter, Instagram, and JivoChat receive Personal Data from the cookies to make your browsing experience easier.
8.4. The Precautions for Transferring the Personal Data
• Byblish® is obliged to take the necessary technical precautions for any unauthorized access to and usage of the Personal Data by any data processor person or company even though these data processors are authorized by Byblish®.
• Byblish® created inner policies about how and for what purpose the data should be transferred. Antalya Homes also determine the parties to whom the data should be transferred.
9. THE POLICY OF THE PERSONAL DATA PRESERVATION
9.1. Preserving the Data for a Specific Amount of Time
According to the KVKK Law, every piece of information related to known or findable individuals is personal data. All the information such as e-mail addresses and telephone numbers is saved and preserved safely by Byblish®.
In this regard, Byblish® is obliged to act in accordance with the laws while obtaining and keeping the data. The data will be kept until the aim of preservation (see 7.2) is finished. According to governmental obligations, the data should be kept for an average of 2 years.
This period changed from law to law. For example, according to the Tax Procedure Law, the registries and credentials must be kept for 5 years.
9.2. The Precautions for Processing the Personal Data
• Byblish® takes precautions for keeping personal data safe and secure. The needed systems and control mechanisms are created as technical precautions.
• Byblish® also creates awareness for and education about preserving Personal Data among its employees.
• Byblish® is responsible for inspecting these precautions for preserving personal data.
10. SAFETY POLICY OF THE PERSONAL DATA
10.1. Responsibilities of Antalya Homes regarding the Safety of Data
Byblish® has the responsibility to keep Personal Data safe according to the 12th Article of Law on the Protection of Personal Data. Byblish® is responsible for;
• preventing Personal Data to be processed against any law,
• inspecting the precautions regularly,
• Provide enough technical equipment for stopping any infiltration to Personal Data,
• informing authorized bodies in any case of infiltration.
10.2. Precautions for Keeping Personal Data Safe
Byblish® takes the necessary precautions in times of security risk with the aim of keeping Personal Data safe and secure. These precautions are as follows;
Technical and Executive Precautions
The technical and executive precautions of the Personal Data process, transfer, and safety are stated in the related articles. If the Personal Data is still infiltrated and reached by third parties unlawfully, Byblish® is obliged to take precautions for the protection of the individuals by the Law.
Precautions and Inspection for Safety of the Personal Data
Byblish® prepares a report about the Data recorder’s suitability to the KVKK Law. The recorder is inspected periodically and the report is presented to the authorized person or board.
Precautions in Case of Disclosure without Authorization
Byblish® is obliged to hinder all disclosure activities, take the necessary precautions, and create an inner policy. In any case of the disclosure without authorization, Byblish® is obliged to inform the disclosed individual and the KVKK Board.
11. THE RIGHTS OF INDIVIDUALS
11.1. Right to Access Own Personal Data
Individuals, customers, and visitors have the right to access their personal data without making any payment. Individuals can;
• learn about if their Data are processed or not,
• request information about the operation of the Data are processed,
• question the aim of processing and learning if the Data is used for its purpose.
11.2. Right to Change or Delete Own Personal Data
Individuals, customers, and visitors can change or delete their personal data without making any payment. Individuals can;
• request the Data be corrected in any case of wrong or missing information,
• request the Data to be deleted if the purpose of keeping the Data is no longer active,
• request those procedures to be informed to third party processors,
• object to any unfavorable result that appears with the analysis of the processed Data by automatic systems.
11.3. Updating Own Personal Data
In any case of demand to access, change or delete your own Personal Data, you can contact us;
11.4. Application of Individuals and Evaluation
Individuals can demand to reach their processed data and usage of their rights which are stated in this policy. Byblish® creates those communication opportunities. The applications are all answered in a short amount of time, not more than the KVKK Law foresees.
Those individuals should consult with the representatives which will be clarified by Byblish® and declared by the Data Controllers Registry. Data Controller Representative will conclude those applications in a short amount of time and not more than 30 days, without a fee or with a payment that KVKK Board determines.
In order to start this process, individuals should send their applications to the Data Controller Representative byways of the KVKK Board determines. The applications should be written as a letter until the Board determines another way to do so. The individual should express their applications clearly and send the formal letter as a registered and reply paid letter to Byblish® Organization.
The application is accepted or declined by Data Controller Representatives and answered in a written or electronic format. If the application is accepted, the request will be performed by Byblish® Organization. If the error belongs to Byblish®, the payment would be repaid to the individuals.
If the application is declined, the answer is not sufficient enough or it is not answered in the given time, the individual can write a complaint letter within 30 days if it is answered within 60 days.
Visitors are assumed as accepted Cookies as long as they do not block or limit Cookies.
13. PUBLISHING AND PRESERVING THE POLICY
14. THE PERIOD OF UPDATING THE POLICY
This policy will be valid as soon as it is published until it is removed from the mobile or website.
We have put in place technical and organizational security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way, altered, or disclosed. However, no method of transmission over the Internet or via the mobile device, or method of electronic storage, is 100% secure. Byblish® expressly disclaims any such obligation.
17. INTERNATIONAL DATA TRANSFER
* This document has been updated on April 5, 2023.