(Publication Date: 01.07.2025)
Protection of personal data is among our company’s top priorities. We process personal data in accordance with the following principles:
Lawfulness, fairness and transparency,
Accuracy and, where necessary, keeping data up to date,
Processing for specific, explicit and legitimate purposes,
Being relevant, limited and proportionate to the purposes for which data are processed,
Storing data for as long as required by relevant legislation or for the period necessary for the purposes of processing, ensuring secure retention.
In accordance with Article 10 of Law No. 6698 on the Protection of Personal Data (“KVKK”), we, as the data controller, “K YAPI GAYRİMENKUL GELİŞTİRME İNŞAAT SANAYİ VE DIŞ TİCARET ANONİM ŞİRKETİ,” located at Atatürk Mahallesi Atapark Caddesi No: 4/7 Ataşehir, İstanbul, hereby provide this information within the scope of our obligation to inform data subjects.
In all our personal data processing activities, we act in compliance with KVKK and other applicable legislation and take all necessary technical and administrative measures to prevent unlawful processing of personal data, unauthorized access, and to ensure their safe storage.
Even if personal data have been processed in accordance with the law, when the reasons requiring processing cease to exist, they will be deleted, destroyed, or anonymized by our company either ex officio or upon the request of the data subject.
Details regarding deletion, destruction, or anonymization of personal data are provided in our Personal Data Protection Policy, also available on our website.
Identity information: Name, surname, etc.
Contact information: E-mail address, phone number, etc.
Transaction security information: IP address, website access logs, etc.
Cookies and similar records
Other: Any information, request text, or message content voluntarily provided by you.
Your personal data may be processed in accordance with Law No. 6698 for the following purposes:
Compliance with obligations regarding logging internet access and usage under Law No. 5651,
Prevention of unauthorized access to the internet,
Execution of information security processes,
Handling of requests and complaints,
Conducting communication activities (receiving, evaluating, and responding to your communication requests),
Execution of customer relationship management processes,
Conducting internal audit/investigation/intelligence activities,
Ensuring the security of data controller operations,
Creation and monitoring of visitor records,
Carrying out company processes in compliance with legislation, fulfilling legal obligations, recording and retaining personal data obtained under the law, and providing information to authorized institutions and organizations,
Improving the website, ensuring its proper operation, managing customer registration processes, and — with your consent — providing personalized advertisements through tracking and marketing cookies.
Your personal data are processed on the legal bases set forth in Article 5 of the Law, namely:
With your explicit consent,
Where explicitly stipulated by law,
Where processing is necessary for the establishment, exercise, or protection of a right,
Where processing is necessary for the performance of a contract to which you are a party,
Where processing is required for compliance with a legal obligation,
Where processing is necessary for the legitimate interests of the data controller, provided that it does not harm your fundamental rights and freedoms.
Personal data may be collected automatically, semi-automatically, or non-automatically and thus become part of the data recording system.
Your personal data may be shared with our contracted internet service provider.
Personal data cannot be transferred without the explicit consent of the data subject. However, as per Article 5(2) and Article 6(3) of the Law, personal data may be transferred without explicit consent if one of the conditions specified therein is met and appropriate safeguards are in place.
Our company may share such data, when necessary, with the security and camera system management company, police, gendarmerie, other security authorities, administrative bodies, and judicial authorities, limited to and proportionate with the purposes stated under “Purposes of Processing Personal Data.”
Personal data may be transferred abroad if one of the conditions specified in Articles 5 and 6 of the Law exists and there is an adequacy decision for the country, sector, or international organization concerned.
If no adequacy decision exists and no appropriate safeguards as per paragraph four of the same article are provided, personal data may only be transferred abroad on an occasional basis, provided that one of the situations under paragraph six (a–f) applies.
Our company may share such data, when necessary, with the security and camera system management company, law enforcement authorities, and judicial or administrative authorities, limited to and proportionate with the purposes specified above.
Personal data processed by our company are retained in accordance with the following principles, unless otherwise stipulated in relevant legislation:
Identity information (name, surname, etc.): Retained as long as the legal relationship continues and for the statutory limitation periods.
Contact information (e-mail, phone number, etc.): Retained as long as communication is ongoing; deleted, destroyed, or anonymized within a maximum of 2 years after communication ends or upon request.
Transaction security information (IP address, log data, etc.): Retained for at least 2 years pursuant to Law No. 5651.
Cookies: Session cookies are deleted when the browser is closed; persistent cookies are retained for up to 2 years (see “KVKK.12 Website Cookie Policy”).
Other data (information voluntarily provided by the user, message/request contents, etc.): Retained for up to 3 years following the conclusion of the relevant request or inquiry.
After these periods, personal data are destroyed by our company in accordance with the Regulation on the Deletion, Destruction, or Anonymization of Personal Data.
Pursuant to Article 11 of the Law, you may apply to our company at any time and request the following regarding your personal data:
To learn whether your personal data are processed,
To request information if your data have been processed,
To learn the purpose of processing and whether they are used in accordance with that purpose,
To know the third parties to whom data are transferred domestically or abroad,
To request correction of incomplete or inaccurate data,
To request deletion or destruction of data,
To request notification of rectification or deletion to third parties to whom data have been transferred,
To object to any result arising against you through analysis of data solely by automated systems,
To demand compensation if you suffer damage due to unlawful processing of your data.
Individuals wishing to obtain information or submit requests regarding their personal data may apply by filling out the “Personal Data Owner Application Form” in accordance with the “Communiqué on the Procedures and Principles of Application to the Data Controller.”
Note: Methods and details of application are described in the document titled “KVKK.05 PERSONAL DATA OWNER APPLICATION FORM.”
This Privacy Notice may be updated from time to time to comply with changing conditions and legal regulations.
Any updates will be announced via our company’s website.
Respectfully submitted for your information.
