Law on the Protection of Personal Data

Protection of Personal Data and Privacy Policy

Website Confidentiality Agreement

How we use and protect the information we obtain about you and the services you request while you visit this website and use our services we provide through this website are subject to the conditions set forth in this "Privacy Policy". By visiting this website and requesting to benefit from the services we offer through this website, you accept the terms set forth in this "Privacy Policy".

I. Purpose of personal data protection and processing policy

Due to the sensitivity of the works we have been dealing with as ELYA, the data received from our customers or prospective customers have been kept confidential and have never been shared with third parties. Protection of personal data is the staple policy of our company. Even before there was any legal regulation, our companies and subsidiaries attached great importance to the privacy of personal data and adopted this as a working principle and gave their employees instructions in line with this principle. As ELYA, we undertake to comply with all responsibilities brought by the Law on the Protection of Personal Data. Our company's principles regarding the protection of personal data also cover our subsidiaries.

II. Scope and modification of the personal data protection and processing policy

This Policy, prepared by our company, has been prepared in accordance with the Law on the Protection of Personal Data No. 6698. The law has entered into force with all its provisions as of today. The data obtained from you with your consent or in accordance with other laws listed in the Law will be used to improve the quality of the services we provide, to improve the services offered to you and our quality policy. Some of the data we have is depersonalized and anonymized. These data are data used for statistical purposes and are not subject to Law and our Policy. ELYA's Personal Data Protection and Processing Policy aims to protect the automatically obtained data of our customers, prospective customers, employees and companies working in solution partnership with us, their employees or other persons, and includes regulations regarding these.

Our company has the right to change our policy and our Regulation, provided that it is in compliance with the law and that personal data is better protected.

III. Basic rules regarding the processing of personal data

a) Compliance with the law and the rules of honesty: ELYA questions the source of the data it collects or receives from other companies and attaches importance to obtaining them in accordance with the law and within the framework of honesty rules. In this framework, it makes necessary warnings and notifications to third parties (including agencies and other intermediary firms) that sell the services offered by ELYA in order to protect personal data.

b) Being accurate and up to date when necessary: ELYA attaches importance to the fact that all data within the organization are correct and do not contain false information, and finally, if there is a change in personal data, they are updated if it is informed.

c) Processing for specific, explicit and legitimate purposes: ELYA processes data only for the purposes it provides and for which it receives approval from individuals during service. It does not process, use and make use of data other than for business purposes.

d) Being connected, limited and measured for the purpose for which they are processed: ELYA only uses the data for the purpose for which they are processed and to the extent required by the service.

e) Retention for the period stipulated in the relevant legislation or required for the purpose for which they are processed: ELYA retains the contractual data as long as the conflict periods of the Law and the requirements of commercial and tax law. However, when these purposes disappear, it deletes or anonymizes the data.

It should be emphasized that, whether ELYA has collected or processed the data with consent or in accordance with the law, these principles listed above still apply.

According to article 11 of the Personal Data Protection Law, you have the following rights. In order to facilitate these rights, an application form has also been prepared by ELYA for you..

Persons whose personal data are processed have the following rights regarding their own data by applying to the contact person announced on our website by ELYA;

a) Inquiring whether your personal data is processed or not,

b) If personal data has been processed, requesting information about it,

c) Learning the purpose of processing personal data and whether they are used in accordance with its purpose,

ç) To know the third parties to whom personal data is transferred within the country or abroad,

d) Requesting correction of personal data in case of incomplete or incorrect processing,

e) Requesting the deletion or destruction of personal data within the framework of the conditions stipulated in the law,

f) Requesting notification of the transactions made pursuant to subparagraphs (d) and (e) to third parties to whom personal data has been transferred,

g) Objecting to the emergence of a result against the person himself by analyzing the processed data exclusively through automated systems,

ğ) To request the compensation of the damage in case of loss due to unlawful processing of personal data,

As ELYA, we respect these rights.

Maximum Savings Policy/Stinginess Policy

According to this principle, which is called the maximum savings policy or stinginess policy, the data reaching ELYA is processed into the system only as necessary. Therefore, which data we collect is determined by the purpose. Unnecessary data will not be collected. Other data transmitted to our company are transferred to company information systems in the same way. Redundant data is not recorded in the system, it gets deleted or anonymized. These data can be used for statistical purposes. Health data from sensitive data is taken only in order to better serve customers and protect their health. Again, limited to the same purpose, depending on the type of service preferred by the customer, it is transferred to the relevant foreign agency of the hotel, airline and supplier companies residing in the country or abroad, and kept in the system with care.

Deletion of Personal Data

Personal data is deleted, destroyed or anonymized by our company, automatically or upon the request of the person concerned, when the periods required to be kept by law, the completion of the judicial processes or other requirements are eliminated.

Accuracy and data up to dateness

As a rule, the data within ELYA are processed as declared by the relevant persons. ELYA is not obliged to investigate the accuracy of the data declared by customers or people who contact ELYA, and this is not done legally and due to our working principles. The declared data is considered correct. The principle of accuracy and timeliness of personal data has also been adopted by ELYA. It updates the personal data that our company has processed from the official documents it receives or upon the request of the person concerned. It takes the necessary measures for this.

Confidentiality and Data Safety

Personal data is confidential and ELYA complies with this confidentiality. Only authorized persons can access personal data within the company. All necessary technical and administrative measures are taken to protect the personal data collected by ELYA, to prevent it from falling into the hands of unauthorized persons and to prevent our customers and prospective customers from becoming victims. In this framework, it is ensured that the software complies with the standards, that the third parties are carefully selected and that the data protection policy is complied with within the company.

Additional health data may be requested or collected from our employees due to Covid-19 and epidemic diseases, and the collected data may be shared with the relevant official authorities.

IV. Data processing purposes

The collection and processing of personal data of ELYA will be carried out in line with the purposes specified in the clarification text. Data is collected and processed for the purpose of establishing the contract and providing better service to customers.

V. Customer, prospective customer and business and solution partners data

Collection and processing of data for contractual relationship

If a contractual relationship is established with our customers and prospective customers, the collected personal data can be used without the customer's consent. However, this use takes place in line with the purpose of the contract. The data is used to the extent of better execution of the contract and the requirements of the service and is updated when necessary, by contacting the customers. On the other hand, the data left by our prospective customer to us are processed in order to provide them with an easier and higher quality service afterwards. If this data has not turned into a contractual relationship upon request, it will be deleted.

Business and Solution Partners Data

ELYA adopts the principle of acting in accordance with the law when sharing data with both business and solution partners. Data is shared with business and solution partners with the commitment of data confidentiality and only as much as the service requires, and these parties are compelled to take measures to ensure data security.

Data processing for advertising purposes

In accordance with the Law on the Regulation of E-Commerce and the Regulation on Commercial Communications and Commercial Electronic Messages, e-mails for advertising purposes can only be sent to persons with prior approval. The explicit consent of the person to whom the advertisement is sent is required. Again, ELYA complies with the details of the "approval" determined in accordance with the same legislation. In order to send electronic messages, personal data is transferred to service providers and to Ileti Yönetim Sistemleri A.Ş. in accordance with the Regulation on Commercial Electronic Messages.

Data transactions made due to the legal obligation of the company or expressly stipulated in the law

Personal data may be processed without further approval in order to clearly state the processing in the relevant legislation or to fulfill a legal obligation determined by the legislation. The type and scope of data processing must be necessary for legally permitted data processing and must comply with relevant legal provisions.

Data processing of the company

Personal data may be processed in line with the service offered by the company and its legitimate purposes. However, the data cannot be used for illegal services in any way.

Processing of special data

ELYA can only process data of special nature for the purpose for which they were collected, with the consent of individuals, in order to provide better services. The facility you have booked through us may request some personal data from the guests, including special personal data such as health data of themselves and their relatives, in accordance with the circular and legal regulations within the scope of Covid-19. This personal data can be shared with official authorities and health institutions when necessary.

Data obtained through membership process

If you become a member of ELYA, your personal data that you share with us for the membership process is processed in our systems. If you become a member of our system via Facebook, Google, or other social media tools; Information provided to the partners of the relevant social media tool, such as your name, surname, profile picture and e-mail address, is accessed and this information is transferred to ELYA systems.

Data processed by automated systems

ELYA acts in accordance with the Law regarding data processed through automatic systems. The information obtained from these data cannot be used against the person without the explicit consent of the people. However, ELYA can make decisions about the people it will process using the data in its own system.

Cookie Policy

As with many websites, ELYA technologies like cookies, etc., in order to improve the visiting experience of website users and increase service quality. ELYA Cookie Policy has been prepared to inform website users about cookies and the types of cookies used and to guide them on how to manage their cookie preferences.

If you do not approve of the use of cookies, we request that you do not continue with this website or change your cookie preferences as shown in this Policy. We would like to remind you that some features of the website may lose their functionality if cookies are not allowed.

What are Cookies?

Cookies are small text files that are stored on your computer or mobile device when you visit a website. These files stores data which contains your IP address, login information, pages you accessed, etc. Thanks to cookies, your website preferences can be remembered, your session can be kept open, or you can be presented with the content you are interested in. For detailed information about cookies, you can visit www.aboutcookies.org and www.allaboutcookies.org.

Types of Cookies

Cookies are divided into different types according to criteria such as their storage time on mobile devices and by whom they are placed. The basic distinction within the scope of these criteria is as follows:

Session Cookies: Session cookies are temporary cookies and are deleted from the device after the browser is closed. The main function of these cookies is to ensure that the website functions properly.

Persistent Cookies: Persistent cookies remain on the device even after the browser is closed and until they are deleted by the user or expire.

First-Party Cookies: First-party cookies are cookies placed on the device by the operator of the visited website.

Third-Party Cookies: Third-party cookies are cookies placed on the device and controlled by people other than the operator of the visited website.

In case of collection, processing, and use of personal data on websites and other systems or applications of ELYA, the relevant persons are informed about the privacy statement and, if necessary, about cookies. People are informed about our practices on web pages. Personal data will be processed in accordance with the law.

When you visit our website, we present the following information to your attention regarding the cookies we use/will use on our page.

Google(analytics, doubleclick)
Facebook
Adjust
Hotjar
Third party companies (criteo, rtbhouse)

Types of Cookies

Functional and Analytical Cookies
Commercial Cookies

Çerezlerin Kullanım Amacı

Measurement
Advertising
Website optimization

Cookies used on the ELYA website

ELYA uses different types of cookies in accordance with its Privacy Policy.

Mandatory Cookies: These are technical cookies that enable the website to function correctly and allow you to use its features. They are under the session cookies category. If these cookies are blocked, it will result in the inability to use the website features. Your consent is not required for the use of mandatory cookies.

Analytical Cookies: Analytical cookies are used to improve your website experience. Analytical cookies allow us to understand how you use the website (e.g., which pages you visit, duration of visit etc.). This way, we can improve the content we offer or change the website design.

Functionality Cookies: It allows that when you visit the website again, your language preferences, region selection, etc. to be remembered.

Targeting/Advertising Cookies: ELYA uses different first-party and third-party cookies for targeting and advertising purposes on the website. It is possible to block these cookies by changing your browser settings or by changing your cookie preferences as shown in this Policy.

How Can You Change Your Cookie Preferences?

It is possible to customize or completely block cookies by changing the settings of the browser you use. You can find detailed information on the steps to be followed for different browsers from the links below:

Domestic and International Transfer of Personal Data

Your personal data may also be shared with domestic and foreign supplier companies and the relevant foreign agency in order to provide you with the service you request and with other electronic platforms in the country and abroad in accordance with the purpose of the service.

Your Rights Regarding Your Personal Data

By applying to ELYA as a data owner;

Requesting correction of your personal data in case of incomplete or incorrect processing and requesting notification of the transactions made within this scope to the third parties to whom your personal data has been transferred,

Requesting the deletion or destruction of your personal data in the event that the reasons requiring it to be processed disappear, although it has been processed in accordance with the provisions of the Law No. 6698 and other relevant laws, and to notify the third parties to whom your personal data has been transferred,

Objecting to the emergence of a result against you by analyzing your processed data exclusively through automated systems,

You have the right to demand the compensation of the damage in case you suffer damage due to unlawful processing of your personal data.

If you submit your requests regarding your rights listed above to our Company in accordance with the application procedures stipulated in the Notification on Application Procedures and Principles to the Data Controller, ELYA will finalize your request free of charge as soon as possible within 60 days. However, if the transaction requires an additional cost, ELYA may charge the fee in the tariff determined by the Personal Data Protection Board.

Functional and Analytical

Cookies contain data about remembering your preferences, using the website effectively, optimizing the site to respond to user requests, and how visitors use the site. Due to their nature, these types of cookies may contain your personal information such as your username.

Third-Party Cookies

ELYA websites/mobile applications/mobile websites work with reliable and well-known third-party advertising providers. Third party service providers place their own cookies in order to serve you specific advertisements. Cookies placed by third parties collect and process the browsing information of visitors on websites and analyze how they are used.

Commercial Cookies

In line with your interests and choices, it serves to increase your user experience by presenting the products/content that you’ve been targeted and offering a more advanced, personalized advertising portfolio. The above-mentioned session, permanent, functional, and analytical and commercial cookies are kept in the background for approximately 2 (two) months, and the necessary adjustments can be made in the personal internet browser settings. The removal process from these settings may vary based on the internet browser.

How can I delete cookies?

Many internet browsers are set to automatically accept and use cookies from the time they are first installed on your computer. By using the help or settings menus of your internet browser, you can prevent cookies or receive a warning when cookies are sent to your device. You can use your browser's instruction or help options screen to learn about the different ways to manage cookies and to get detailed information on how to adjust the settings of the browser you are using.

VI. Data of our employees

Processing of data for business relationship

Personal data of our employees can be processed without consent as far as necessary in terms of business relations and health insurance. However, ELYA ensures the confidentiality and protection of the data of its employees.

Processing Due to Legal Obligations

ELYA may process the personal data of its employees without obtaining separate approval for the purpose of expressly stating the processing in the relevant legislation or fulfilling a legal obligation determined by the legislation. This issue is limited to the obligations arising from the law.

Processing for the Benefit of Employees

ELYA may process personal data without obtaining approval for transactions that benefit company employees, such as private health insurances. For disputes arising from business relations, ELYA may process employee data.

Processing of special natured data

According to the Law, data related to the race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, appearance, membership to associations, foundations or unions, health, sexual life, criminal convictions and security measures, and biometric and genetic data is personal data of special nature. ELYA also takes adequate measures determined by the Board in the processing of sensitive personal data. ELYA also takes adequate measures determined by the Board in the processing of sensitive personal data. Special categories of personal data can be processed without the consent of the person, but only in relation to the cases permitted by the Law and in a limited manner. In order for our employees to benefit from insurance and health services, the qualified data obtained from them is used only for the purpose.

Data processed by automated systems

Data processed by automated systems regarding employees can be used in internal promotions and performance evaluations. Our employees have the right to object to the result against them, and they do so by following internal procedures. The objections of the employees are also evaluated within the company.

Telecommunications and internet

Computers, telephones, e-mails, and other applications allocated to employees within the company are allocated to employees for business purposes only. The employee cannot use any of these means allocated to him/her by the company for his/her private purposes and communication. The company can control and audit all data on these devices. The employee undertakes that he/she will not keep any other data or information other than work on the computers, phones or other tools allocated to him from the moment he/she starts the job.

VII. Transfer of personal data in and out of the country

Personal data may be shared with business and solution partners and ELYA affiliates so that ELYA can complete the service.

ELYA will be able to transfer personal data to the following individuals and institutions for certain purposes;

» ELYA's business partners in order to ensure the fulfillment of the purposes of the establishment of the business partnership,

» To Elya's suppliers, on a limited basis, in order to ensure that the services that our company outsources from the supplier and that are necessary to carry out our company's commercial activities are provided to our Company,

» Solution partners of ELYA limited to ensuring the execution of commercial activities of our company that require the participation of affiliates,

» To ELYA's affiliates

ELYA has the authority to transfer personal data within the scope of the conditions determined by the law, in accordance with the other conditions in the Law and subject to the consent of the person, within the country and abroad.

VIII. Rights of the relevant person

ELYA accepts that within the scope of the Law, the data subject has the right to obtain his/her consent before the data is processed, and that he/she has the right to determine the fate of the data after the data is processed.

ELYA tarafından web sayfamızda duyurulan ilgilimize başvurarak kişisel verilerle ilgili olarak;