CARRIER
Privacy Policy and Personal Data Processing Policy
In accordance with the Law on the Protection of Personal Data No. 6698 and the European Union General Data Protection Regulation (GDPR) Disclosure Text
Data Controller and Contact Information
The party acting as the data controller under this Privacy Policy and Personal Data Processing Policy ("Policy") is as follows:
Commercial Title: Okito
Email: support@okito.com
Website: okito.com
Introduction and Scope
This Policy has been prepared to inform data subjects regarding personal data processing activities carried out by Okito ("Company", "we", "our") in accordance with the Law on the Protection of Personal Data No. 6698 ("KVKK"), the European Union General Data Protection Regulation (EU 2016/679 "GDPR"), and relevant secondary legislation.
This Policy regulates the processes of processing, protection, storage, transmission, and disposal of personal data of individuals ("Data Subject") who visit our website (okito.com), use our services, or engage in a commercial relationship with our Company.
Scope of the Policy
Website visitors
Registered users and customers
Employees of business partners and suppliers
Individuals who contact us
Internet users whose data is collected through cookies
Purposes and Legal Grounds for Personal Data Processing
3.1 Categories of Processed Personal Data
The categories of personal data processed by our Company are as follows:
Data Category | Data Type | Examples |
Identification Information | Non-Sensitive Data | Name, surname, date of birth, national ID number (if legally required) |
Contact Information | Non-Sensitive Data | Email address, phone number, postal address |
Customer Transaction Information | Non-Sensitive Data | Order history, transaction records, payment information |
Financial Information | Non-Sensitive Data | Bank account details (IBAN), invoice information |
Marketing Information | Non-Sensitive Data | Cookie records, advertisement interaction data, preferences, and interests |
Transaction Security Information | Non-Sensitive Data | IP address, log records, device information, browser information |
Location Data | Non-Sensitive Data | Geographical location information (IP-based), country/city information |
3.2 Purposes of Personal Data Processing
Your personal data is processed for the following purposes:
a) Fulfillment of Contractual Obligations
Execution of service contracts
Product/service delivery and billing
Providing customer support services
User account management
b) Fulfillment of Legal Obligations
Document and record retention requirements under tax law
Bookkeeping and storage in accordance with the Turkish Commercial Code and relevant legislation
Fulfillment of requests from public institutions and organizations
Execution of court decisions and legal proceedings
c) Legitimate Interests
Ensuring platform security and preventing misuse
Improving service quality
Internal audits and risk management activities
Business development and strategic planning
d) Explicit Consent
Marketing and promotional activities
Personalized advertisement display
User behavior analysis via analytics cookies
Third-party integrations
3.3 Legal Grounds for Processing Personal Data (KVKK Article 5 and Article 6)
Your personal data is processed based on one or more of the following legal grounds as stated in Articles 5 and 6 of KVKK:
Explicitly Foreseen in Laws (KVKK Art. 5/2-a)
Contract Formation or Fulfillment (KVKK Art. 5/2-c)
Fulfillment of Legal Obligation (KVKK Art. 5/2-ç)
Data Subject's Explicit Consent (KVKK Art. 5/1)
Legitimate Interest (KVKK Art. 5/2-f)
Establishment, Use, or Protection of a Legal Right (KVKK Art. 5/2-e)
Cookie Policy and Purposes of Use
We use the following types of cookies on our website:
Google Analytics
We use Google Analytics to analyze website usage. These cookies collect anonymous data and are used to improve website performance.
Rights of Data Subjects (KVKK Article 11)
In accordance with Article 11 of KVKK and Articles 15-22 of the GDPR, as data subjects, you have the following rights:
5.1 Right to Information (KVKK Art. 11/1-a-b)
You have the right to learn whether your personal data is being processed and, if so, to request information about it. In this regard, you can learn:
The purpose of processing your personal data
What personal data has been collected
To whom and for what purposes the data is transferred
The legal basis for the data processing
5.2 Right to Access and Request Copies (GDPR Art. 15)
You can request a copy of the personal data being processed. The first request is free of charge. A reasonable fee may be charged for subsequent requests.
5.3 Right to Rectification (KVKK Art. 11/1-c)
You have the right to request the correction of inaccurate or incomplete personal data and to have the correction notified to third parties to whom the data has been transferred.
5.4 Right to Erasure (Right to be Forgotten) (KVKK Art. 11/1-d, GDPR Art. 17)
You may request the erasure of your personal data under the following circumstances:
The personal data is no longer necessary for the purposes for which it was collected
You have withdrawn your consent and there is no other legal ground for processing
The personal data has been processed unlawfully
The personal data must be erased to comply with a legal obligation
Note: If legal retention periods have not expired and there is a legal obligation, erasure requests may not be fulfilled.
5.5 Right to Data Portability (GDPR Art. 20)
You can request that personal data processed automatically and collected based on your consent or a contract be provided in a structured, commonly used, and machine-readable format.
If technically feasible, you can request the transfer of your data to another data controller.
5.6 Right to Object (KVKK Art. 11/1-f, GDPR Art. 21)
You can object to the processing of your personal data based on legitimate interests. If we determine that your objection is justified, we will cease processing your data.
You have the right to object to direct marketing activities at any time.
5.7 Right to Object to Automated Decision-Making (GDPR Art. 22)
You can request not to be subjected to decisions based solely on automated processing, which have legal effects concerning you or similarly significantly affect you.
5.8 Procedure for Exercising Your Rights
To exercise your rights mentioned above, you can send an email to support@okito.com or submit a written request to our address.
Application Conditions:
Information to verify your identity (e.g., National ID number, name, surname)
The subject and reasoning of your request
Any supporting documents for your request
Response Time:
Your application will be processed free of charge within 30 (thirty) days. If the process requires a fee, it will be charged according to the rate determined by the Personal Data Protection Authority.
Data Retention Periods and Disposal Policy
Your personal data will be retained for the duration required for the processing purpose and in accordance with legal retention periods:
Data Category | Retention Period | Legal Basis |
Invoice and Accounting Records | 10 years | Tax Procedure Law |
Employment Contracts and Personnel Files | 10 years | Labor Law, SGK Legislation |
Commercial Books and Records | 10 years | Turkish Commercial Code |
Marketing Consent Records | Until consent is withdrawn + 1 year | KVKK, Communication Management System |
Website Log Records | 1 year | Legitimate Interest |
Customer Communication Records | 2 years | Legitimate Interest, Contract |
Cookie Data | As specified in Cookie Policy | Explicit Consent/Legitimate Interes |
Disposal Procedure:
Personal data that exceeds the retention period will be deleted, destroyed, or anonymized by our Company in accordance with KVKK and related regulations. Disposal is performed periodically (at least once a year).
Data Security and Technical-Administrative Measures
Our Company takes appropriate technical and administrative measures to prevent unlawful processing, unlawful access, and ensure the safe storage of personal data in accordance with KVKK Art. 12 and GDPR Art. 32:
Technical Measures:
256-bit SSL/TLS encryption for data transmission security
Regular security scans and penetration tests (at least twice a year)
Up-to-date firewall and anti-malware systems
Database encryption and access-log records
Secure backup systems (encrypted backup)
Two-factor authentication (2FA) support
DDoS protection and rate limiting
Administrative Measures:
KVKK and data security training for personnel
Confidentiality agreements and access authorization
Data processing inventory and record system
Regular risk assessments
Data breach procedure and intervention plan
Data processing contracts with third-party suppliers
Data Transfers
8.1 Transfers Within Turkey
Your personal data may be transferred to the following parties for processing purposes:
Service Providers: Hosting, cloud storage, email services
Payment Institutions: Banks and payment systems (for transaction security)
Legal Advisors: Lawyers, financial advisors (for legal obligations)
Public Authorities: When required by law (court decisions, administrative requests)
8.2 International Transfers
Your personal data may be transferred abroad under the following circumstances:
EU/EEA Countries: Adequate protection level under GDPR.
Third Countries:
Google Analytics, Google Tag Manager (USA - Standard Contractual Clauses)
International transfers are carried out based on your explicit consent or on countries/Standard Contractual Clauses with adequate protection as specified under KVKK Art. 9.
Application and Complaint Procedure
If you believe your rights as a data subject have been violated, you can use the following application methods:
9.1 Application to the Data Controller
Email: contact@example.com
Response Time: Within 30 days
9.2 Complaint to the Personal Data Protection Authority
If your application to the data controller is rejected, or the response is insufficient, you may file a complaint with the authority:
Website: https://www.kvkk.gov.tr
Time: 60 days from the date you learn of the response
Address: Personal Data Protection Authority, Nasuh Akar Mahallesi, Ziyabey Caddesi No:6, 06520 Balgat/Ankara
Policy Updates and Enforceability
This Policy was enacted on April 16, 2026. Our Company reserves the right to update this Policy due to changes in legal regulations or business processes.
Important Changes: Will be communicated via email, website notification, or SMS.
Current Version: Accessible at: okito.com/privacy-policy/
Contact Information
Email: support@okito.com
Website: okito.com
Türkçe
English