“DOĞUŞ PERAKENDE SATIŞ GİYİM VE AKSESUAR TİC. A.Ş.”

                         PROTECTION OF PERSONAL DATA PROTECTION POLICY

This policy explains the principles governing the processing of personal data that users of the website www.quadran.com.tr owned by Doğuş Perakende Satış Giyim ve Aksesuar Tic. A.Ş. (“Company”), should be aware of.

As a Company, the protection of personal data is one of our top priorities in the course of our business activities. Within the scope of this Personal Data Protection and Processing Policy (“Policy”), the principles adopted by our Company in carrying out personal data processing activities and the fundamental principles ensuring compliance with the regulations set forth in Law No. 6698 on the Protection of Personal Data (“KVK Law” or “Law”) are explained. Furthermore, comprehensive information regarding all personal data processing activities conducted by our Company is provided, ensuring that relevant individuals are informed and transparency is maintained. With full awareness of our responsibility in this regard, your personal data is processed and protected in accordance with this Policy.

This Policy applies to all personal data processed by the Company through automated means or non-automated means, provided that the data forms part of a data recording system, excluding the personal data of our employees.

I. Definitions

Within the scope of this Policy;

  • Explicit Consent: Consent that is related to a specific subject, based on information, and freely given.
  • Anonymization: The process of making personal data incapable of being associated with an identified or identifiable natural person, even when matched with other data.
  • Doğuş Hospitality: Refers to Doğuş Perakende Satış Giyim ve Aksesuar Ticaret A.Ş., the owner of the website.
  • Data Subject: The natural person whose personal data is processed.
  • Recording Medium: Any environment in which personal data is processed, whether wholly or partially automated, or processed by non-automated means as part of a data recording system.
  • Personal Data: Any information relating to an identified or identifiable natural person. Therefore, information concerning legal entities is not covered under the Law.
  • Sensitive Personal Data: Data relating to race, ethnic origin, political opinions, philosophical beliefs, religion, sect, or other beliefs, clothing, membership in associations, foundations, or trade unions, health, sexual life, criminal convictions, and security measures, as well as biometric and genetic data.
  • Processing of Personal Data: Any operation performed on personal data, whether wholly or partially automated or by non-automated means as part of a data recording system, including but not limited to collection, recording, storage, retention, alteration, reorganization, disclosure, transfer, acquisition, making available, classification, or prevention of use.
  • Board: The Personal Data Protection Board.
  • Authority: The Personal Data Protection Authority.
  • Website: Refers to the website located at www.quadran.com.tr
  • Data Processor: A natural or legal person who processes personal data on behalf of the data controller based on its authorization.
  • Data Controller: A natural or legal person who determines the purposes and means of processing personal data and is responsible for establishing and managing the data recording system.
  • Law No. 5651: The Law on the Regulation of Publications on the Internet and the Fight Against Crimes Committed Through These Publications.
  • Law No. 6698 / KVKK: The Personal Data Protection Law.

II. Scope and Purpose of the Privacy and Personal Data Protection Policy

This Privacy and Personal Data Protection Policy explains:

  1. Methods and legal grounds for collecting personal data,
  2. Categories of individuals whose personal data is processed (Data Subject Group Categorization),
  3. Categories of personal data processed for these data subject groups (Data Categories) and examples of data types,
  4. The business processes in which these personal data are used and their purposes
  5. The technical and administrative measures taken to ensure the security of personal data,
  6. The recipients and purposes of personal data transfers,
  7. The retention periods of personal data,
  8. The rights of Data Subjects over their personal data and how they can exercise these rights,
  9. How Data Subjects can modify their preferences regarding receiving electronic commercial communications.

III. Matters Related to the Protection of Personal Data

ENSURING THE SECURITY OF PERSONAL DATA

In accordance with Article 12 of the Law, our Company takes the necessary measures in line with the nature of personal data to prevent unlawful processing, access, transfer, or any other security vulnerabilities, and to ensure its safekeeping. In this regard, our Company implements administrative measures and conducts or commissions audits to ensure the appropriate level of security, in compliance with the guidelines published by the Board.

PROTECTION OF SENSITIVE PERSONAL DATA

Personal data that carries a higher risk of causing harm or discrimination if processed unlawfully is granted special importance under the Law. Pursuant to Article 6 of the Law, sensitive personal data include:

  • Race,
  • Ethnic origin,
  • Political opinions,
  • Philosophical beliefs,
  • Religion, sect, or other beliefs,
  • Appearance and attire,
  • Membership in associations, foundations, or trade unions,
  • Criminal convictions and security measures,
  • Biometric and genetic data,
  • Health and sexual life data.

Our Company ensures that the technical and administrative measures adopted for the protection of personal data comply with the adequate precautions outlined in the Board’s Decision No. 2018/10 dated 31/01/2018 regarding the Processing and Security of Sensitive Personal Data. The implementation of these measures is monitored and audited within our Company.

Detailed information regarding the processing of sensitive personal data is provided in Section 3.3 of this Policy.

INCREASING AWARENESS AND AUDITING OF BUSINESS UNITS REGARDING THE PROTECTION AND PROCESSING OF PERSONAL DATA

Our Company organizes the necessary training programs for business units to raise awareness of preventing the unlawful processing of personal data, unauthorized access, and ensuring data security. These training and awareness activities are structured in accordance with the "Personal Data Security Guide" published by the Board on its official website.

Through these training programs and awareness activities, our Company aims to ensure that personal data processing activities carried out by employees in the course of their duties comply with the Law and secondary regulations.

To establish and maintain awareness of personal data protection among both existing and newly recruited employees, our Company implements the necessary systems and, if needed, consults with external experts. In this regard, our Company evaluates participation in relevant training programs, seminars, and information sessions and organizes new training programs in line with updates in the applicable legislation.

 

IV. Matters Related to the Processing of Personal Data

PROCESSING OF PERSONAL DATA IN COMPLIANCE WITH PRINCIPLES SET FORTH IN THE LEGISLATION

  • Processing in Compliance with the Law and the Principle of Good Faith
    Personal data is processed in a manner that does not infringe on individuals' fundamental rights and freedoms, adhering to the general principle of trust and good faith. In this context, personal data is processed to the extent necessary for our Company's business activities and limited to such purposes.

  • Ensuring the Accuracy and Updating of Personal Data When Necessary
    Our Company takes the necessary measures to ensure that personal data remains accurate and up-to-date throughout the processing period. Mechanisms are established to periodically verify and maintain the accuracy and currency of personal data.

  • Processing for Specific, Explicit, and Legitimate Purposes
    Our Company clearly defines the purposes for which personal data is processed and processes such data only within the scope of legitimate purposes related to its business activities.

  • Processing Data in a Manner that is Relevant, Limited, and Proportionate to the Purpose
    Our Company collects personal data only to the extent necessary for its business activities and processes it strictly for the designated purposes.
  • Retention for the Period Prescribed in Relevant Legislation or Required for Processing Purposes
    Our Company retains personal data for the duration necessary for processing purposes and for the minimum period prescribed by applicable laws and regulations. Accordingly, our Company first determines whether a retention period is specified in the relevant legislation and, if so, complies with that period. If no legal retention period is stipulated, personal data is stored only for as long as necessary for processing purposes. Once the retention period expires, personal data is securely destroyed at the end of the designated periodic destruction intervals or upon the request of the data subject, using applicable data destruction methods (deletion, destruction, or anonymization).

CONDITIONS FOR PROCESSING PERSONAL DATA

Apart from obtaining the explicit consent of the data subject, the legal basis for processing personal data may be based on one or more of the conditions specified below. If the processed data qualifies as sensitive personal data, the conditions outlined in Section 3.3 ("Processing of Sensitive Personal Data") of this Policy shall apply.

(i) Presence of the Data Subject's Explicit Consent

One of the conditions for processing personal data is obtaining the explicit consent of the data subject. The explicit consent of the data subject must be provided for a specific matter, be based on adequate information, and be given freely.

 

In the presence of the following conditions for processing personal data, personal data may be processed without the explicit consent of the data subject.

(ii) Explicitly Prescribed by Law

If the processing of personal data is explicitly prescribed by law, meaning that there is a clear provision in the relevant legislation regarding the processing of personal data, this condition shall be deemed to exist.

(iii) Impossibility of Obtaining the Data Subject’s Consent Due to Actual Impossibility

If obtaining the explicit consent of the data subject is not possible due to actual impossibility—such as when the data subject is unable to express consent or when consent cannot be legally recognized—and processing is necessary to protect the life or physical integrity of the data subject or another person, personal data may be processed.

(iv) Necessity for the Establishment or Performance of a Contract

If the processing of personal data is necessary for the conclusion or performance of a contract to which the data subject is a party, this condition shall be deemed fulfilled.

(v) Compliance with Legal Obligations of the Company

If the processing of personal data is mandatory for the Company to fulfill its legal obligations, personal data may be processed.

(vi) Publicization of Personal Data by the Data Subject

If the data subject has made their personal data public, such data may be processed only for the purpose for which it was made public.

(vii) Necessity for the Establishment, Exercise, or Protection of a Right

If processing personal data is necessary for the establishment, exercise, or protection of a legal right, the data may be processed.

(viii) Necessity for Processing in Pursuit of the Company’s Legitimate Interests

If personal data processing is necessary for the legitimate interests of the Company, provided that such processing does not harm the fundamental rights and freedoms of the data subject, the data may be processed.

PROCESSING OF SENSITIVE PERSONAL DATA

Sensitive personal data are processed by our Company in accordance with the principles set forth in this Policy, with the necessary administrative and technical measures taken, and under the following conditions:

(i) Presence of the Data Subject's Explicit Consent

One of the conditions for processing sensitive personal data is obtaining the explicit consent of the data subject. The explicit consent must be given for a specific matter, based on adequate information, and provided freely.

(ii) Explicitly Prescribed by Law

If the processing of sensitive personal data is explicitly prescribed by law, meaning that there is a clear provision in the relevant legislation regarding the processing of such data, this condition shall be deemed fulfilled.

(iii) Impossibility of Obtaining the Data Subject’s Consent Due to Actual Impossibility

If obtaining the explicit consent of the data subject is not possible due to actual impossibility—such as when the data subject is unable to express consent or when consent cannot be legally recognized—and processing is necessary to protect the life or physical integrity of the data subject or another person, sensitive personal data may be processed.

 

(iv) Publicization of Sensitive Personal Data by the Data Subject

If the data subject has made their sensitive personal data public, such data may be processed only for the purpose for which it was made public.

(v) Necessity for the Establishment, Exercise, or Protection of a Right

If processing sensitive personal data is necessary for the establishment, exercise, or protection of a legal right, the data may be processed.

(vi) Necessity for the Protection of Public Health

If processing is necessary for the protection of public health, preventive medicine, medical diagnosis, treatment, and care services, as well as the planning, management, and financing of healthcare services, sensitive personal data may be processed by persons or authorized institutions and organizations under an obligation of confidentiality.

(vii) Necessity for Compliance with Legal Obligations

If processing is necessary for fulfilling legal obligations in the areas of employment, occupational health and safety, social security, social services, and social assistance, sensitive personal data may be processed.

(viii) Processing by Foundations, Associations, and Other Non-Profit Organizations

If sensitive personal data are processed by foundations, associations, or other non-profit organizations established for political, philosophical, religious, or trade union purposes—provided that it is in compliance with the relevant legislation, limited to their field of activity, and not disclosed to third parties—such data may be processed in relation to their existing or former members, affiliates, or persons who regularly engage with these organizations.

INFORMATION OF THE DATA SUBJECT

Our company informs the data subjects in accordance with Article 11 of the Law and secondary regulations, regarding who processes their personal data as the data controller, for what purposes it is processed, with whom it is shared for those purposes, the methods used to collect it, its legal basis, and the rights that data subjects have in relation to the processing of their personal data.

V. Collection and Processing of Your Personal Data

  1. Processing of Personal Data of Website Users (Online Visitors) and Call Center Users

1.1. Processing of Personal Data of Website Users (Online Visitors)
Users of the website may provide their personal information, such as first name, last name, email address, phone number, gender, date of birth, address, message, industry, and the subject of the form, by filling out the form available on the “Contact” page at the following link: www.quadran.com.tr
Users acknowledge that they are providing these personal data voluntarily and for the purpose of submitting requests or suggestions. They agree that these data are collected solely for the purpose of evaluating the requests and suggestions they submit.
Additionally, traffic data of users visiting the website are processed in accordance with Law No. 5651.

1.2. Processing of Personal Data of Call Center Users
Doğuş Hospitality collects and stores the personal data of users calling the call center, which is handled by the call center company with whom Doğuş Hospitality has a contractual relationship. The call center company shares the same legal and technical responsibilities as Doğuş Hospitality regarding data protection and security,and adheres to the relevant legal regulations.

Personal data, such as the caller's first name, last name, phone number, and email address, are collected during the call. These data are processed for purposes such as providing the products and services offered by our company, customizing and recommending products and services based on the users' preferences, usage habits, and needs, planning and executing necessary activities for the promotion and customization of products and services, carrying out the required tasks for the relevant business units involved in the company’s commercial activities, ensuring the security of the company’s and its business partners’ legal, strategic, and commercial interests.
The personal data shared during the call are collected for the purpose of processing requests, suggestions, and complaints, providing information about the outcome of these processes, and improving the services and products offered, and are stored by the call center company.

VI. Data Categories and Sample Data Types

  1. Online Visitors
    • Transaction Security Information: IP address information, website login/logout information.
    • Legal Transaction and Compliance Information: Start and end time of the service provided, type of service utilized, amount of data transferred.
  2. Website Users
    • Identity Information: First name, last name.
    • Contact Information: Email address.
    • Marketing Information: Information obtained through advertisements, promotions, surveys, and campaign activities.

VII. Security, Transfer, and Exercise of Rights Regarding Your Personal Data

Doğuş Hospitality is committed to taking all necessary technical and administrative measures to ensure the confidentiality, integrity, and security of your personal data and to exercising due diligence.Doğuş Hospitality takes necessary measures to prevent unauthorized access, misuse, unlawful processing, disclosure, alteration, or destruction of personal data. When processing personal data, Doğuş Hospitality uses commonly accepted security technology standards, such as firewalls and Secure Socket Layer (SSL) encryption. Furthermore, when submitting your personal data to Doğuş Hospitality via the website, mobile application, or mobile site, these data are transmitted using SSL encryption.

In relation to the prevention of unlawful access to personal data, unlawful processing of personal data, and ensuring the preservation of personal data, Doğuş Hospitality ensures the following:

  • All areas of the website from which personal data is collected are protected by SSL.
  • Access authorization and control matrices are created and implemented for employees to prevent the unlawful processing of personal data collected from the website.
  • Personal data in paper format is stored in locked cabinets and can only be accessed by authorized individuals.
  • Personal data processed through cookies from third-party services are managed and protected according to the rules defined in the cookie policy.
  • Although Doğuş Hospitality takes necessary information security measures, in the event of an attack on the platforms operated by Doğuş Hospitality or its systems, resulting in personal data being damaged or accessed by unauthorized third parties, Doğuş Hospitality will immediately notify you and the Personal Data Protection Authority (KVKK) and take necessary corrective actions.

Rights of Data Subjects Under Article 11 of the Personal Data Protection Law (KVK Law)
The rights of the data subjects regarding their personal data processed by Doğuş Hospitality, as per Article 11 of the Personal Data Protection Law (KVK Law), are as follows:

  • To learn whether personal data is processed,
  • To request information regarding the personal data if it has been processed,
  • To learn the purpose of processing personal data and whether it is used for its intended purpose,
  • To know the third parties, both domestic and international, to whom personal data has been transferred,
  • To request the correction of personal data if it is incomplete or inaccurate,
  • To request the deletion or destruction of personal data under the conditions specified in Article 7 of the KVK Law,
  • To request the notification of the actions taken pursuant to (d) and (e) to third parties to whom personal data has been transferred,
  • To object to a result arising from the analysis of processed data exclusively through automated systems, if it has a negative impact on the individual,
  • To request compensation for damages caused by the unlawful processing of personal data.

To exercise your rights over your personal data, you can submit your request and exercise your rights by using the "Application Form" regulated under Article 13 of the KVK Law, available on the website or mobile application of the electronic commerce platform operated by Doğuş Hospitality.

VIII. Transfer of Personal Data to Third Parties and the Purpose of Such Transfers

Our company, in accordance with the lawful purposes of processing personal data, takes the necessary security measures and may transfer the personal data and sensitive personal data of the data subject to third parties (third-party companies, group companies, third-party individuals). In doing so, our company acts in compliance with the provisions set forth in Article 8 of the Law.

Transfer of Personal Data to Third Parties Located Within Turkey

Even without the data subject’s consent, personal data may be transferred to third parties if one or more of the following data processing conditions ("Data Processing Conditions") apply, ensuring that all necessary security measures, including those prescribed by the Personal Data Protection Authority (KVKK), are taken:

  • The relevant activities related to the transfer of personal data are explicitly foreseen in the laws.
  • The transfer of personal data is directly related and necessary for the establishment or performance of a contract.
  • The transfer of personal data is necessary for our company to fulfill its legal obligations.
  • Personal data that has been made public by the data subject may be transferred by our company for the purpose of such publication, provided that the transfer is limited to that purpose.
  • The transfer of personal data by our company is necessary for the establishment, exercise, or protection of legal rights of our company, the data subject, or third parties.
  • The transfer of personal data by our company is necessary for our legitimate interests, provided that it does not harm the fundamental rights and freedoms of the data subject.
  • In the case of physical impossibility, where the data subject cannot express consent, or when consent is legally invalid, the transfer is necessary for the protection of the life or physical integrity of the data subject or another person.

Transfer of Personal Data to Third Parties Located Outside Turkey

The transfer of personal data by our company to a foreign country will be carried out in accordance with whether the country of transfer is one of the secure countries designated by the Personal Data Protection Authority (KVKK) or not, as described below.

In the case that the country of transfer is not one of the secure countries with adequate protection as declared by the Authority, personal data may be transferred to third parties abroad if at least one of the Data Processing Conditions exists, and if the data subject has the opportunity to exercise their rights and access effective legal remedies in the destination country, as well as providing one of the following adequate safeguards in compliance with the fundamental principles outlined in Article 4 of the Law:

 

  • The existence of an international agreement (that is not a formal treaty) between public institutions and organizations or international organizations abroad and public institutions or professional organizations in Turkey, and permission granted by the Authority for the transfer.
  • The existence of binding corporate rules approved by the Authority, containing provisions related to the protection of personal data, which companies within an economic enterprise group are obliged to comply with.
  • The existence of a standard contract declared by the Authority, which contains information on data categories, the purposes of the data transfer, recipients, technical and administrative measures to be taken by the data recipient, and additional measures for sensitive personal data.
  • The existence of a written undertaking containing provisions ensuring adequate protection, with the transfer being allowed by the Authority.

If the country of transfer is one of the secure countries with adequate protection as declared by the Authority, personal data can be transferred if any of the Data Processing Conditions exist.

Transfer of Sensitive Personal Data

Sensitive personal data may be transferred by our company in accordance with the principles outlined in this Policy and with the necessary administrative and technical measures in place, provided that the following conditions are met:

  • The explicit consent of the data subject for the transfer of personal data.
  • The relevant activities related to the transfer of personal data are explicitly foreseen in the laws.
  • The transfer of personal data is necessary for the protection of the life or physical integrity of the data subject or another person, in the case where the data subject is unable to express consent due to physical impossibility, or where their consent is not legally valid.
  • The transfer of personal data by our company is limited to the purpose of making the data public by the data subject.
  • The transfer of personal data by our company is necessary for the establishment, use, or protection of the rights of our company, the data subject, or third parties.
  • The transfer of personal data is necessary for persons or authorized institutions and organizations under confidentiality obligations, for the protection of public health, preventive medicine, medical diagnosis, treatment, and care services, as well as the planning, management, and financing of health services.
  • The transfer of personal data is necessary to fulfill legal obligations in the fields of employment, occupational health and safety, social security, social services, and social assistance.
  • The transfer of personal data is related to foundations, associations, or other non-profit organizations formed for political, philosophical, religious, or union purposes, provided it is in accordance with their relevant regulations and purposes, limited to their activities, and not disclosed to third parties. This transfer can concern current or former members and individuals regularly in contact with these organizations.

Doğuş Hospitality, in compliance with lawful personal data processing purposes, will transfer personal data to third parties as outlined in this Privacy and Personal Data Protection Policy and in accordance with Articles 8 and 9 of the Law on the Protection of Personal Data.

The collected personal data may be transferred to:

  • Relevant departments of Doğuş Hospitality for reporting purposes.
  • Relevant departments of Doğuş Information Technology and Technology Services Inc. for data collection and analysis purposes.
  • Doğuş Holding Inc., its subsidiaries and affiliates, and third parties within Turkey and/or abroad with whom we have a contractual relationship.
  • To member businesses, who are our program partners, for necessary reservations.
  • For customer satisfaction and loyalty enhancement purposes, customer data may be shared with market research companies.
  • If you give consent for the processing purposes outlined in the “Personal Data Processing Consent Form,” data will be transferred to Doğuş Tourism Group brands.
  • Furthermore, your reservation information will also be shared with Doğuş Information Technology and Technology Services Inc. by the member businesses where you make reservations after registration.

For more information about Doğuş Information Technology and Technology Services Inc., visit “https://www.d-teknoloji.com.tr/” and for Doğuş Holding Inc., all subsidiaries, and affiliates, visit “www.dogusgrubu.com.tr.”

The personal data transferred, both within Turkey and abroad, is legally protected through the data protection clauses in our contracts, ensuring security through technical measures, and considering whether the other party to the legal relationship is a data controller or processor.

When sharing information as mentioned above, while transferring personal data to countries outside of Turkey, the transfer is carried out in accordance with this policy and within the limits permitted by the applicable data protection laws.

IX. Ensuring the Accuracy and Currency of Your Personal Data

The individuals whose personal data we process, including those who share data via the Website and/or directly provide personal data through contractual relationships, acknowledge and declare that they are aware of the importance of ensuring the accuracy and currency of their personal data, in accordance with the Law on the Protection of Personal Data (KVKK). They also accept full responsibility for any consequences arising from providing incorrect information. This is essential for individuals to exercise their rights over their personal data as stipulated under KVKK and other relevant regulations.

X. How Individuals Can Change Their Preferences Regarding Receiving Commercial Electronic Messages

The customer's consent for receiving Commercial Electronic Messages is obtained through an information form available on [website link]. The commercial messages are sent under the name of "Doğuş Hospitality."

When becoming a member of the website operated by Doğuş Hospitality [website link], or at any time thereafter, you can modify or update your preferences regarding receiving commercial electronic messages, whether positive or negative, through the website.

XI. Retention Period of Personal Data

Our company retains personal data for the period required by the purpose of processing and the minimum duration stipulated by relevant legal regulations. Our company first determines whether there is a specified retention period for personal data under applicable regulations. If such a period exists, we comply with it. If no legal period is prescribed, personal data is retained for the duration necessary to fulfill the purpose of processing.

Doğuş Hospitality retains personal data in compliance with the Law on the Protection of Personal Data (KVKK) for the period prescribed by the applicable regulations or as required by the purpose of processing. The retention periods for personal data are approximately as outlined in our Personal Data Retention and Destruction Policy.

 

All records related to accounting and

financial transactions

10 years

Turkish Commercial Code No. 6102, Tax Procedure Law No. 213

Commercial electronic communication consent records

1 year from the date the consent is revoked

Law No. 6563 and relevant secondary legislation

Traffic information related to online visitors

2 years

Law No 5651

Personal data of customers

10 years after the termination of the legal relationship; 3 years in accordance with Law No. 6563 and relevant secondary legislation; 90 days for CCTV recordings

aw No. 6563, Turkish Commercial Code No. 6102, Code of Obligations No. 6098, Tax Procedure Law No. 213, Consumer Protection Law No. 6502

 

 

XII. Deletion, Destruction, or Anonymization of Your Personal Data

The website [www.quadran.com.tr] retains personal data processed in accordance with Articles 7, 17 of the Law on the Protection of Personal Data (KVKK) and Article 138 of the Turkish Penal Code, for the durations prescribed by the relevant laws and/or the necessary duration for processing purposes. Once these periods expire, the personal data will be deleted, destroyed, or anonymized in accordance with the relevant regulations on the Deletion, Destruction, or Anonymization of Personal Data.

The deletion of personal data by Doğuş Hospitality means making the personal data inaccessible and unusable for any purpose by the relevant users. To achieve this, Doğuş Hospitality creates and implements an access rights and control matrix at the user level and takes necessary precautions to perform the deletion operation in the database.

The destruction of personal data by Doğuş Hospitality means rendering the personal data inaccessible, irretrievable, and unusable by anyone, in any way.

Anonymization of personal data by Doğuş Hospitality means ensuring that the personal data can no longer be associated with any identifiable or identifiable real person, even if matched with other data.

Doğuş Hospitality explains the methods and technical and administrative measures it takes for deletion, destruction, and anonymization in its Personal Data Retention and Destruction Policy, which was prepared in accordance with the Regulation on the Deletion, Destruction, or Anonymization of Personal Data. This policy also specifies that the periodic destruction, as required by the regulation, will be performed every 6 months.

XIII. Changes and Updates to the Policy

Doğuş Hospitality may make changes or updates to this Policy in line with legal regulations and Company Policy. These changes take effect immediately upon publication of the updated policy. Relevant individuals will be informed of these changes and updates via the website.

 

cultureSettings.RegionId: 0 cultureSettings.LanguageCode: EN