privacy policy

INTRODUCTION

Within the content of the Personal Data Protection Law, we attach importance to the protection of

your personal data. We show sensitivity about keeping of all your personal data and/or personal

data of special nature transferred to our company through various ways. In this context, as

ANTLINK TURIZM TICARET A.S., we have taken all technical and administrative measures

in order to comply with the provisions of the Turkish Republic Constitution and other legislation,

especially the Personal Data Protection Law Number 6698. Also we would like to specify that we

will protect your rights guaranteed by the laws. In this context, you can safely share your

personal data with our company and transmit your suggestions, complaints and hesitations to us.

Herewith we share with you the particularly important for the protection of your personal data

Privacy Policy, brought into force by our company.

ANTLINK TURIZM TICARET A.S.

1. PURPOSE OF PRIVACY POLICY

Protecting personal data and complying with the law are our basic principles. Our company has

always shown the necessary sensitivity regarding the protection of personal data. Personal data

we, ANTLINK TURIZM TICARET A.S. (hereinafter referred to as ‘the company’), received

from you have been kept confidential and haven’t been shared with the third persons. In

accordance with the Personal Data Protection Law Number 6698, our in-company regulations

have been revised; all technical and administrative measures have been taken. In the ongoing

process we agree, declare and undertake to comply with all responsibilities brought by the laws.

2. SCOPE OF PRIVACY POLICY

Our Privacy Policy has been prepared in accordance Personal Data Protection Law Number 6698.

Your personal data is obtained by your consent or within the context of legislation disposition.

Your data is used for the following purposes;

- Providing the company security,

- Submitting you a complete service,

- Carrying out our commercial activities,

- Solving your problems quickly,

- Increasing our quality.

Some personal data received from you are anonymized to become personally-unidentified in

accordance with the procedures foreseen by the law. The data used for statistical purposes are

currently not included in the regulation of the law and the content of our policy. As a company,

we have the right to make changes in order to protect personal data within the content of

compliance in accordance with our data policy, regulation and directive. The privacy policy aims

to protect the data obtained by any methods from the customers, employees and all other natural

and legal people with whom the company is a cooperation partner. In this context, it includes

various regulations in order to achieve the intended target.

3. BASIC PRINCIPLES OF PROCESSING PERSONAL DATA AND/OR PERSONAL

DATA OF SPECIAL NATURE

Our basic principles regarding the processing of personal data and/or personal data of special

nature are as below. In this context, these principles will also apply to the data that the company

collects or processes based on consent or in accordance with the law. In this context, these

principles will also eligible on to the data that the company collects or processes based on

consent or in accordance with the law.

- Lawfulness: The company examines the source and legality of the personal data and/or

personal data of special nature received from natural and legal persons and collected through

various ways. In this context, it is important for the company to obtain the data in accordance

with the law.

- Fairness: The company examines the source of personal data and/or personal data of special

nature it receives from natural and legal persons and collects through various ways. In this

context, it is important for the company to obtain the data within the framework of honesty rules.

- Being limited, measured and relevant to the purpose for which they are processed: The

company uses the personal data and/or personal data of special nature obtained by various ways

in accordance with the purpose for which they are processed, limited and measured for the

purpose of processing and in necessary amounts for carrying out the services.

- Accuracy: The company makes a point of the fact that the personal data and/or personal data of

special nature received from natural and legal persons and collected through various ways should

not contain false information but be correct.

- Being up to date: If there has been a change in the personal data obtained in various ways, the

company attaches importance to the transmission of the mentioned changes to the company and

updating the data if it is transmitted.

- Processing for specified and legal purposes: The company processes the data within the

framework of consent given by the data owner in order to carry out the commercial activity and

to provide the performance of the work. For other purposes but commercial activity providing the

performance of the work, personal data could not be processed or used. It’s not allowed for the

third people to use and process it.

- Being stored for the period laid down by relevant legislation or the period required for the

purpose for which the personal data are processed: The company keeps the personal data

and/or personal data of special nature for a period of time foreseen in the law. In this context, if

the dispute arises due to the lapse of time of personal data, as written in the law, with the period

of contract, the data could be kept under responsibility by requirements of commercial,

obligations and tax law.

. When the mentioned purposes are over, the data are to be anonymized, destroyed or erased.

These data are deleted and destroyed in accordance with ‘ERASURE, DESTRUCTION AND

ANONYMIZING OF PERSONAL DATA POLICY’.

4. RIGHTS OF THE DATA SUBJECT TO REQUEST INFORMATION ACCORDING

TO ARTICLE 11 OF PERSONAL DATA PROTECTION LAW.

The rights of the data owner are ensured in Article 11 of the Personal Data Protection Law

Number 6698. The data owner is considered to be the data subject in the law; his rights to make

certain requests regarding the processing of data is foreseen. According to this article, the rights

to claim of the concerned person are as below:

a) to learn whether his personal data are processed or not,

b) to request information if his personal data are processed,

c) to learn the purpose of his data processing and whether this data is used for intended purposes,

d) to know the third parties to whom his personal data is transferred at home or abroad,

e) to request the rectification of the incomplete or inaccurate data, if any,

f) to request the erasure or destruction or anonymizing of his personal data under the conditions

laid down in Article 7,

g) to request notification of the operations carried out in compliance with subparagraphs (e) and

(f) to third parties to whom his personal data has been transferred,

h) to object to the processing, exclusively by automatic means, of his personal data, which leads

to an unfavorable consequence for the data subject,

i) to request compensation for the damage arising from the unlawful processing of his personal

data.

‘Information Request Form On the Law Number 6698”, providing a possibility for you to use

the above-mentioned rights regarding the application process has been prepared by the company

and has been uploaded to its website. You can exercise your above-mentioned rights by following

the application procedures and principles on our website.

5. ERASURE, DESTRUCTION OR ANONYMIZING OF PERSONAL DATA

Your personal data and/or personal data of special nature shall be deleted, destroyed or

anonymized when the statute of limitations and storage periods foreseen in the law expires, the

judicial processes are completed or other relevant requirements are terminated. Mentioned data

are deleted and destroyed in accordance with ‘ERASURE, DESTRUCTION AND

ANONYMIZING OF PERSONAL DATA POLICY’. Deletion, destruction and

anonymization processes are carried out at the request of the relevant data owner or ex officio

(spontaneously) by the company.

6. MISERLINESS PRINCIPLE

The principle of miserliness is also known as the principle of maximum disposal. Personal data

received by various methods are transferred to our company's system. In accordance with the

mentioned principle, the data is processed into the system only as much as necessary.

The data to be collected by the company is determined in accordance with the purpose and could

vary. In this context, data are collected in accordance with the purpose and data that are not

parallel to the purpose are not collected. Unnecessary excessive data aren’t recorded in the

company system, they are deleted or anonymized. However, these data can be used for statistical

purposes.

7. PRIVACY AND SECURITY OF DATA

As a company, we put emphasis on the confidentiality of your personal data and/or private data.

In this context, your personal data and/or personal data of special nature that reached our

company by any methods are confidential. The company respects the confidentiality of the

mentioned data at every stage of its commercial activities. In this context, we fully comply with

the company’s privacy policy. Necessary technical and administrative precautions are taken to

ensure that personal data and/or personal data of special nature collected through various ways

aren’t don’t come into possession of unauthorized people, that the rights of the data subjects

aren’t harmed and they don’t suffer from it, and that the data is protected. In addition, data

protection is requested from companies with whom we share personal data within the framework

of legality. Again, our software programs are updated and permanently renewed. In order to

provide protection on a high level, all technological necessities are fulfilled and compliance with

standards is provided.

8. DATA UPDATE

The principle of up-to-dateness is essential within the company. Likewise personal data obtained

by various methods and/or personal data of special nature are processed and updated upon

request. Necessary precautions in this regard are also taken by the company.

9. CORRECTNESS OF DATA

The principle of correctness of declared personal data and/or personal data of special nature has

been adopted by ANTLINK TURIZM TICARET A.S. The company is not obliged to

investigate the correctness of personal data and/or personal data of special nature declared by its

customers or real and legal persons with whom it is in contact, being that this is not legally

possible and not in line with our working principles. In this context, all operations are performed

out with the belief that the declared data is correct.

10. PURPOSE OF PROCESSING PERSONAL DATA AND/OR PERSONAL DATA OF

SPECIAL NATURE

The processing of personal data and/or personal data of special nature will be carried out in line

with the purposes in the company's clarification text. You can reach the clarification text on the

company's website or directly at the company’s office.

11. PROCESSING PERSONAL DATA AND/OR PERSONAL DATA OF SPECIAL

NATURE

The company may process your personal data and/or personal data of special nature in order to

carry out its commercial activities, to provide the performance of the service and to fulfill its

legal purposes. The mentioned data is never used for unlawful services and illegal reasons.

Sensitivity is also shown for the processing of special categories of personal data. Our company

complies with ‘’Policy on the protection and processing of personal data of special nature’

regarding the processing of special quality personal data. In addition, all necessary and adequate

precautions determined by the board are taken while processing the sensitive personal data.

12. PROCESSING PERSONAL DATA AND/OR PERSONAL DATA OF SPECIAL

NATURE FOR ADVERTISING PURPOSES

Electronic messages sent for advertising purposes must be approved by the recipient. In this

context, e-mails for advertising purposes can only be sent to people with the prior approval. The

subject in question is also clearly regulated in ‘’Law on the Regulation of Electronic Commerce’

and ‘Regulation on Commercial Communication and Commercial Electronic Message’. The

company complies with the provisions of the law mentioned above when sending electronic

commercial messages for advertising purposes. It also complies with the approval and the details

of the approval in accordance with the law. The mentioned approval can be obtained by all types

of electronic communication or in written form in the physical environment. The basis for the

approval is the existence of a positive declaration of the recipient to accept the sending of the

commercial electronic message, the existence of the electronic communication address and

name-surname. Approval from the recipient should contain all commercial electronic messages

sent to electronic communication addresses in order to increase and provide its recognition with

the contents such as marketing, promoting the company’s goods and services, promoting its

business, celebration, wishes, congratulation, etc.

13. DATA OPERATIONS DUE TO THE COMPANY'S LEGAL OBLIGATION AND

CLEARLY FORESEEN IN THE LAW

Personal data may be processed without approval, only for the purposes of processing, clearly

defined in the relevant law and/or fulfilling a legal obligation determined in the law. The type and

content of the processed data must be necessary for the data processing activity permitted by law.

Compliance with the provisions of the relevant law is essential in all circumstances.

14. COLLECTION AND PROCESSING OF PERSONAL DATA WITHIN THE

CONTRACT RELATIONSHIP

If a contractual relationship is established with a client or probable customers, the data collected

pursuant to the contract may be used by the company without obtaining approval. The personal

data are used within the framework of the service performance, the execution of the contract, the

execution of the commercial activity and as necessary. Data can be updated by contacting

customers.

15. PERSONAL DATA SHARED WITH BUSINESS SOLUTION PARTNERS AND

TRADE PARTNERS

The company has made it a principle to act in accordance with the law regarding sharing of

personal data. In this context, it acts in accordance with the provisions of the relevant law while

sharing data with business solution partners and commercial partners. With its commitment to

data privacy, the company shares only as much personal data as necessary for the performance of

the service, the execution of the business and the permanence of the commercial activity with its

business solution partners and commercial partners. Whilst sharing the data, business solution

partners and commercial partners are requested to take the necessary administrative and technical

measures to provide data security.

16. PERSONAL DATA AND/OR SPECIAL DATA PROCESSED BY AUTOMATIC

SYSTEMS

Data obtained by automated systems without the explicit permission of data subjects can’t be

used against them. The company can only make decisions about the people whom it will deal

with using the data in its system. With all this mentioned, the company complies with all relevant

legislation provisions regarding personal data and/or special categories of personal data processed

by automatic systems.

17. PERSONAL DATA OF THE COMPANY'S EMPLOYEES AND/OR PERSONAL

DATA OF SPECIAL NATURE

PROCESSING WITHIN THE FRAMEWORK OF LEGAL OBLIGATIONS: Personal Data

of Employees may be processed by the company without obtaining the consent in order to clearly

find a provision in the relevant law on data processing or to fulfill the obligation foreseen by the

law. The processing of the mentioned data is limited to the fulfillment of the obligations caused

by the law.

PROCESSING OF PERSONAL DATA IN ACCORDANCE WITH EMPLOYMENT

CONTRACT AND WORK RELATIONSHIP: The personal data of the employees may be

processed without the consent of the employees within the framework of moderation, as much as

necessary in order to provide the business relationship between the company and the employees.

The company commits to protect privacy of employee data under all conditions and to take all

kinds of precautions in this subject.

PROCESSING OF EMPLOYEES’ PERSONAL DATA OF SPECIAL NATURE: In

accordance with the Personal Data Protection Law Number 6698, for processing of personal data

of special nature the explicit consent of data subject and also the necessary precautions foreseen

by the Board are needed. The company both gets the approval of the relevant person and takes

the necessary precautions determined by the Board while processing personal data within the

framework of compliance with the Law and the Principles of the Board. But personal data of

special nature may be processed in exceptional situations mentioned in the Law, without the

consent of the relevant person, provided that it is limited and measured.

PERSONAL DATA PROCESSED BY AUTOMATIC SYSTEMS: Some personal data of

employees may be processed by automatic systems. The above-mentioned data is used in the

performance evaluation of the employees, keeping the statistical data, promotions and in point

scoring system inside the company. Employees have the right of objection to unfavorable results.

The objection must be made in accordance with the company's internal rules and procedures. The

mentioned objection is evaluated within the company.

PROCESSING PERSONAL DATA IN EMPLOYEES' FAVOUR: Personal data belonging to

the employees may be processed by the company for operations in favour of the employee

without getting his consent. Again, the company may process the personal data of the employees

in disagreements regarding the business relationship.

INTERNAL TELECOMMUNICATION, INTERNET AND COMMUNICATION:

Computers, telephones, cars, applications, software and e-mail addresses can be assigned by the

company to the employees in order to facilitate the performance of the work. The company can

control and check the personal data on the vehicles it has assigned. The employee cannot use the

vehicles assigned to him for private aims. It is obligatory to use it only for the purpose of

providing the performance of the work. Again, the employee agrees, declares and commits that

from the beginning of the working relationship with the company he will not keep any data or

information anywhere but inside the devices he received from the company and in the limits

necessary for his work.

18. TRANSFER OF PERSONAL DATA DOMESTICALLY AND ABROAD

The company may share personal data with business cooperation partners, commercial partners

and controlling shareholders in order to perform the service and carry out commercial activities.

Again, the company will be able to transfer personal data to its suppliers on a limited and

measured basis in order to ensure that the necessary service is provided for undertaking of the

commercial activity, which is outsourced from the supplier. In this context, the company has the

authority to transfer personal data within the country and abroad in accordance with the

conditions foreseen in the Law and within the framework of the principles determined by the

Board, with consent of the relevant person.

19. RIGHTS OF THE DATA SUBJECT TO REQUEST INFORMATION

The rights of the data owner are reserved in Article 11 of the Personal Data Protection Law

Number 6698. In accordance with the Law, the company accepts that the consent of the data

subject must be obtained before the data is processed, and that the data subject has the right to

request information about the data to be updated, deleted, destroyed and anonymized after the

data is processed. The relevant people have the rights regarding their personal data by accessing

the "Information Request Form On Law No. 6698" from the company's website.

a) to learn whether his personal data are processed or not,

b) to request information if his personal data are processed,

c) to learn the purpose of his data processing and whether this data is used for intended purposes,

d) to know the third parties to whom his personal data is transferred at home or abroad,

e) to request the rectification of the incomplete or inaccurate data, if any,

f) to request the erasure or destruction or anonymizing of his personal data under the conditions

laid down in Article 7,

g) to request notification of the operations carried out in compliance with subparagraphs (e) and

(f) to third parties to whom his personal data has been transferred,

h) to object to the processing, exclusively by automatic means, of his personal data, which leads

to an unfavorable consequence for the data subject,

i) to request compensation for the damage arising from the unlawful processing of his personal

data.

Applications for the requests mentioned above should be done through the company's website

www.antlink.com.tr or by filling in the application form obtained from the company. The

application form can be signed with a wet-ink signature and the form with a copy of the identity

card should be sent to the officially registered email address registered antlink@hs01.kep.tr or via

a notary by the post service or registered mail with return receipt requested should be sent to the

company’s address as follows: Altındag Mah. 100.Yıl Bulvari 12/202 Muratpaşa Antalya,

Turkey. Application must belong to the relevant person. An application can’t be made for an

information request regarding the personal data of another person. In addition, information

requests that were made by someone else won’t be answered by the company. If it is determined

by the company that the application was made on behalf of another person in the information

request, the company reserves the right to file any lawsuits and claims. The requests data subject

will be answered within thirty days at latest from the date they reach the company. If the

company decides that it is necessary, the company may request other information and documents

from the applicant. The relevant person has no right request about anonymized personal data

within the company.

20. PRIVACY PRINCIPLE

All personal data and/or personal data of special nature of employees or other persons which

reached the company by various ways are confidential. No one can use, reproduce, transfer or

copy personal data and/or personal data of special nature outside the content of the contract,

business purposes and reasons of compliance with the law.

21. AUDIT AND OPERATION SECURITY

Necessary technical and administrative precautions are taken to ensure that personal data and/or

personal data of special nature collected through various ways aren’t captured by unauthorized

people, that the rights of the data subjects aren’t harmed and they don’t suffer from it, and that

the data is protected. In addition, data protection is requested from companies with whom we

share personal data within the framework of Legal Compliance. Again, our software programs

are updated, permanently renewed and developed. In order to provide protection on a high level,

all technological necessities are fulfilled and compliance with standards is provided. In parallel

with all these, the company has all internal and external inspections enforced in order to protect

personal data and/or personal data of special nature.

22. NOTIFICATION OF PERSONAL DATA BREACHES

In case of any breach related to personal data, the company takes immediate action to eliminate

the breaches which were reported to the company. It also takes all necessary precautions to

minimize the harm of the relevant person. In this context, the company minimizes the damage

and compensates it.

In case when personal data and/or personal data of special nature are captured by unauthorized

third person, the company notifies the mentioned subject to the Personal Data Protection Board

directly. You can apply for notification of breaches according to the procedures specified on our

company's website or by obtaining the information request and application form from the

company.