top of page
0001_edited_edited.png

Privacy Policy

Personal Data Protection Policy

General Information on the Law on the Protection of Personal Data The Turkish Law on the Protection of Personal Data No. 6698 (hereinafter referred to as the “KVKK”) was adopted on March 24, 2016 and published in the Official Gazette dated April 7, 2016 and numbered 29677. Certain provisions of the KVKK entered into force on the date of publication, while the remaining provisions entered into force on October 7, 2016.

 

Information Provided in the Capacity of Data Controller

Pursuant to Law No. 6698 and in the capacity of Data Controller, your personal data may be recorded, stored, retained, updated, disclosed to or transferred to third parties where permitted by applicable legislation, classified, and processed in the manners set forth under the KVKK, within the framework explained on this page.

Methods of Processing Personal Data

In accordance with Law No. 6698, personal data shared with our Company may be processed by us, wholly or partially, through automatic means or non-automatic means provided that such processing forms part of a data recording system. Such processing includes, but is not limited to, the collection, recording, storage, modification, reorganization, and any other operation performed on personal data. Under the KVKK, all operations performed on personal data are deemed to constitute “processing of personal data.”

Purposes and Legal Grounds for Processing Personal Data

The personal data you share may be processed:

  • In order to duly perform the requirements of the services we provide to our customers in accordance with contractual and technological necessities, and to improve our products and services;

  • For the purpose of recording identity, address, and other necessary information to identify transaction owners, pursuant to Law No. 6563 on the Regulation of Electronic Commerce, Law No. 6502 on the Protection of Consumers, the Regulation on Service Providers and Intermediary Service Providers in Electronic Commerce published in the Official Gazette dated August 26, 2015 and numbered 29457, the Regulation on Distance Contracts published in the Official Gazette dated November 27, 2014 and numbered 29188, and other applicable legislation;

  • In order to prepare all records and documents that form the basis of transactions, whether in electronic or physical form, and to comply with information retention, reporting, and disclosure obligations required by legislation and relevant authorities in the fields of banking and electronic payment systems;

  • To provide information to public prosecutors’ offices, courts, and authorized public officials upon request and as required by law, in matters relating to public security and legal disputes;

in compliance with Law No. 6698 and relevant secondary legislation.

Information on Third Parties to Whom Personal Data May Be Transferred

For the purposes stated above, personal data shared with our Company may be transferred to individuals or organizations such as suppliers, cargo and logistics companies, and other parties related to the services provided; program partner organizations with whom we cooperate and/or from whom we receive services as Data Processors; domestic and/or foreign entities; and other third parties.

Methods of Collection of Personal Data

Your personal data may be collected and processed through the following means:

  • Via forms on our Company’s website and mobile applications, including information such as name, surname, Turkish ID number, address, telephone number, business or personal email address; user preferences on pages accessed via username and password; IP records of performed transactions; cookie data collected by the browser; browsing duration and details; and location data;

  • Through verbal, written, or electronic means via our sales and marketing personnel, branches, suppliers, other sales channels, printed forms, business cards, digital marketing tools, and call centers;

  • From individuals who share their personal data for purposes such as establishing a commercial relationship with our Company, submitting job applications, or making offers, through business cards, résumés (CVs), proposals, and similar methods, whether in physical or digital environments, face-to-face or remotely, verbally, in writing, or electronically;

  • Additionally, from indirect sources such as websites, blogs, competitions, surveys, games, campaigns, and similar (micro) websites, as well as social media platforms; newsletter reading or click activities; data provided by publicly available databases; and publicly shared profile information on social media platforms.

 

Storage and Protection of Personal Data

Your personal data shall be stored confidentially in databases and systems maintained by our Company in accordance with Article 12 of the KVKK, and shall not be shared with third parties except as required by legal obligations and the provisions set forth herein. Our Company is obliged, pursuant to Article 12 of the KVKK, to take all necessary technical and administrative measures to prevent unlawful processing of personal data, prevent unauthorized access, and ensure data security, including access management, software-based safeguards, and physical security measures. In the event that personal data is obtained by third parties through unlawful means, such incident shall be promptly reported in writing to the Personal Data Protection Authority in accordance with applicable legislation.

 

Accuracy and Currency of Personal Data

Pursuant to Article 4 of the KVKK, our Company is obliged to keep personal data accurate and up to date. In this context, customers are required to share accurate and current data with our Company or update such data through our website or mobile applications, so that we may fulfill our legal obligations arising from applicable legislation.

 

Rights of the Personal Data Subject under Law No. 6698

Article 11 of Law No. 6698 entered into force on October 7, 2016. In accordance with this article, Personal Data Subjects have the following rights:

Personal Data Subjects may apply to our Company (as Data Controller) to:

  • Learn whether their personal data is being processed;

  • Request information if their personal data has been processed;

  • Learn the purpose of processing personal data and whether such data is used in accordance with that purpose;

  • Know the third parties to whom personal data is transferred domestically or abroad;

  • Request correction of personal data if it is incomplete or inaccurately processed;

  • Request the deletion or destruction of personal data within the framework of the conditions set forth in Article 7 of the KVKK;

  • Request notification of correction, deletion, or destruction operations to third parties to whom personal data has been transferred;

  • Object to the occurrence of a result against the individual arising from the analysis of processed data exclusively through automated systems;

  • Request compensation for damages incurred due to unlawful processing of personal data.

Information Notice

Personal Data Protection and Processing Information Notice

This Personal Data Protection and Processing Information Notice (the “Information Notice”) has been prepared by Öyler Ahşap İnşaat AŞ (“Öyler” or the “Company”), acting as the Data Controller, in accordance with Article 10 of the Turkish Law on the Protection of Personal Data No. 6698 (the “Law”) and the Communiqué on the Procedures and Principles to Be Followed in Fulfillment of the Obligation to Inform, published in the Official Gazette dated March 10, 2018 and numbered 30356. Within this scope, we aim to inform and enlighten you in the most transparent manner, as the Data Controller, regarding the methods of collection of your personal data, the purposes of processing, the legal grounds for processing, and your rights.

1. Data Controller

Your personal data may be processed by the Company, acting as the Data Controller, within the scope described below, and domiciled at 75.Yıl OSB Neighborhood, 3rd Street No:10, Odunpazarı, 26250 Eskişehir, Türkiye.

 

2. Your Personal Data

Within the scope of your legal and/or contractual relationship with the Company, the following categories of personal data may be processed:

  • Identity Information (name, surname, date of birth, place of birth, Turkish ID number, etc.)

  • Contact Information (address, email address, correspondence address, telephone number, etc.)

  • Transaction Security Information (IP address data, website login and logout records, password and credential information, etc.)

  • Financial Information (credit card details, bank account information, asset information, etc.)

  • Other Information (cookie records, data obtained through surveys and campaign activities, etc.)

 

3. Purposes of Processing Your Personal Data

Your personal data may be processed by the Company or persons authorized by the Company, in accordance with the fundamental principles set forth in the Law and within the scope of the personal data processing conditions and purposes specified in Articles 5 and 6 of the Law, for the purposes listed below and, where required, subject to your explicit consent:

  • Informing you about the Company’s activities and operations;

  • Informing you about the Company’s campaigns;

  • Enabling the provision of the Company’s services;

  • Inviting you for promotional purposes of the Company;

  • Maintaining records required for the fulfillment of legal obligations and requests of authorized administrative institutions;

  • Conducting management activities;

  • Providing information to authorized persons, institutions, and organizations;

  • Managing contractual processes;

  • Carrying out storage and archiving activities;

  • Organization and event management;

  • Ensuring business continuity;

  • Receiving and evaluating suggestions for the improvement of business processes;

  • Conducting and auditing business activities;

  • Carrying out communication activities;

  • Monitoring and conducting legal affairs;

  • Conducting finance and accounting operations;

  • Ensuring compliance of activities with applicable legislation;

  • Managing access authorizations;

  • Conducting training activities;

  • Conducting audit and ethics activities; and

  • Managing information security processes.

The Company takes all necessary technical and administrative measures to prevent unlawful processing of personal data, prevent unlawful access to personal data, and ensure that your personal data is securely stored.

 

4. Parties to Whom Personal Data Is Transferred and Purposes of Transfer

In the transfer of personal data, the Company acts in compliance with the conditions for transfer of personal data regulated under Articles 8 and 9 of the Law. Your personal data may be transferred by the Company, including but not limited to the purposes listed below:

Within Türkiye:

  • If you choose to make payments via virtual POS, you will be redirected to the licensed payment service infrastructure with which the Company has agreements. Such service providers process personal data within the scope of their own policies and operations. Information regarding the relevant payment provider can be accessed on the payment screen.

  • Your contact information may be transferred to service providers that deliver electronic notifications and SMS communication services.

  • For the purpose of ensuring participation in events and announcements and/or planning communications, personal data may be transferred to third parties organizing such events and to service and infrastructure providers facilitating relationship management processes.

In addition, your personal data may be transferred to judicial authorities or relevant law enforcement agencies upon request, for the resolution of legal disputes or where required by applicable legislation. All necessary security measures are taken in cases where personal data is shared.

 

5. Method and Legal Basis of Collection of Personal Data

Your personal data may be collected verbally, in writing, or electronically by the Company or persons authorized by the Company, through automatic or non-automatic means, for the non-exhaustive purposes specified in this Information Notice. Personal data collected through these methods may be processed and transferred for the purposes stated herein, in accordance with the personal data processing conditions set forth in Articles 5 and 6 of the Law. In cases not covered under Article 5 and where transfer abroad is involved, personal data may only be transferred with your explicit consent.

Personal data shall be processed in accordance with the following principles:

  • In compliance with law and good faith principles;

  • Accurate and, where necessary, kept up to date;

  • For specific, explicit, and legitimate purposes;

  • Relevant, limited, and proportionate to the purposes for which they are processed; and

  • Retained for the period stipulated in relevant legislation or required for the purpose of processing.

The Company prioritizes processing personal data in compliance with the Constitution of the Republic of Türkiye, international conventions, the Law, and other applicable legislation, and ensuring that data subjects can effectively exercise their rights.

 

6. Use of Website Cookies

The Company’s website uses Google Analytics, a web analytics service provided by Google. This service tracks users’ visit dates, times, and on-site movements. The Company uses this information to improve website performance, identify peak usage times, and determine which areas of the website receive the most interest. Google Analytics uses cookies. Cookies are small data files stored on your computer by our website. Information generated by cookies is stored by Google. Google uses this information to monitor how you use our website and to compile reports on website activities. The Company also uses cookies to customize certain features according to user preferences, facilitate comments by registered users, enable form completion without re-entering data, and improve the experience of regular visitors. For more information on Google Analytics usage (including opt-out options), please visit:
http://www.google.com/intl/tr/policies/privacy/#infocollect

You may allow or refuse cookies using the following methods:

  • Google Chrome: Click the “lock” icon in the address bar and manage cookies under the “Cookies” tab.

  • Internet Explorer: Use the “Tools” menu and the “Security” tab to allow or block cookies.

  • Mozilla Firefox: Open the menu, select “Options,” and manage cookies under “Privacy & Security.”

  • Opera: Select “Advanced” under “Preferences” and manage cookies in the “Cookies” section.

  • Safari: From your device’s “Settings,” select “Safari” and manage cookies under “Privacy & Security.”

Additionally, for general information and cookie management, you may visit:
https://www.allaboutcookies.org
https://www.youronlinechoices.eu
or use the “Privacy Badger” application: https://www.eff.org/tr/privacybadger

If you refuse persistent or session cookies, you may continue to use the website; however, access to certain features may be limited.

7. Credit Card Security

Credit card security is ensured through SSL encryption technology. A lock icon will appear in your browser on pages where you enter credit card information, indicating a 128-bit SSL Certificate provided by GlobalSign. Additionally, during payment processes, the website address will change from “http” to “https.” Through SSL technology, once the payment process begins, an encrypted connection is established directly between the user’s computer and the bank, independent of the website, and no information transmitted through your browser can be viewed by Company employees or third parties.

All information entered during credit card transactions is protected by secure database systems. The Company undertakes not to disclose, share, or misuse personal and sensitive data collected from users without user consent, except as required by law.

8. Retention Period of Personal Data

Your personal data is retained for the period required by the purposes specified in this Information Notice and applicable legislation. Additionally, in the event of any dispute arising between the Company and the data subject, personal data may be retained for the duration of the applicable statute of limitations, limited to what is necessary to exercise legal defenses.

 

9. Data Security Measures and Commitments

The Company undertakes to take all necessary technical and administrative measures and conduct necessary audits to ensure an appropriate level of security in order to:

  • Prevent unlawful processing of personal data;

  • Prevent unlawful access to personal data; and

  • Prevent unlawful retention of personal data.

The Company shall not disclose personal data obtained in violation of this Information Notice or applicable legislation, nor use such data for purposes other than those for which it is processed.

 

10. Your Rights Under the Law

Pursuant to Article 11 of the Law, as a personal data subject, you have the right to:

  • Learn whether your personal data is processed;

  • Request information if your personal data has been processed;

  • Learn the purpose of processing and whether personal data is used in accordance with that purpose;

  • Know the third parties to whom your personal data is transferred domestically or abroad;

  • Request correction of incomplete or inaccurate personal data and request notification of such correction to third parties to whom personal data has been transferred;

  • Request deletion or destruction of personal data where the reasons for processing no longer exist, even if processed in compliance with the Law, and request notification of such actions to third parties;

  • Object to any outcome against you arising from the analysis of personal data exclusively through automated systems; and

  • Request compensation for damages incurred due to unlawful processing of personal data.

Requests regarding your rights may be submitted in accordance with the Law and the Communiqué on the Procedures and Principles of Application to the Data Controller (“Application Communiqué”) via email to info@oyler.world. Your application will be evaluated and finalized by the Company within a maximum of 30 (thirty) days, as stipulated by the Law. While applications are processed free of charge as a rule, fees may be charged in accordance with the tariff determined by the Personal Data Protection Board if the process incurs additional costs. For your application to be valid, it must include the following information pursuant to Article 5(2) of the Application Communiqué:

  • Name and surname, and signature if the application is in writing;

  • Turkish ID number for citizens of the Republic of Türkiye; nationality and passport number or ID number for foreigners;

  • Residential or business address for notification purposes;

  • If available, email address, telephone number, and fax number for notification; and

  • Subject of the request.

11. Amendments to the Text

The Company reserves the right to amend this Information Notice at any time by publishing such amendments. Amendments shall enter into force as of the date of publication.

This Information Notice has been prepared to inform data subjects regarding the processing of their personal data.

bottom of page