Loading
HOME / CARRIER

CARRIER

London General Application To apply to join our team, please complete the form below.

Privacy Policy and Personal Data Processing Policy

In accordance with the Law on the Protection of Personal Data No. 6698 and the European Union General Data Protection Regulation (GDPR) Disclosure Text

  1. Data Controller and Contact Information

The party acting as the data controller under this Privacy Policy and Personal Data Processing Policy ("Policy") is as follows:

Commercial Title: Okito
Email: support@okito.com
Website: okito.com

  1. Introduction and Scope

This Policy has been prepared to inform data subjects regarding personal data processing activities carried out by Okito ("Company", "we", "our") in accordance with the Law on the Protection of Personal Data No. 6698 ("KVKK"), the European Union General Data Protection Regulation (EU 2016/679 "GDPR"), and relevant secondary legislation.

This Policy regulates the processes of processing, protection, storage, transmission, and disposal of personal data of individuals ("Data Subject") who visit our website (okito.com), use our services, or engage in a commercial relationship with our Company.

Scope of the Policy

  1. Website visitors

  2. Registered users and customers

  3. Employees of business partners and suppliers

  4. Individuals who contact us

  5. Internet users whose data is collected through cookies

  6. Purposes and Legal Grounds for Personal Data Processing

3.1 Categories of Processed Personal Data

The categories of personal data processed by our Company are as follows:

Data Category

Data Type

Examples

Identification Information

Non-Sensitive Data

Name, surname, date of birth, national ID number (if legally required)

Contact Information

Non-Sensitive Data

Email address, phone number, postal address

Customer Transaction Information

Non-Sensitive Data

Order history, transaction records, payment information

Financial Information

Non-Sensitive Data

Bank account details (IBAN), invoice information

Marketing Information

Non-Sensitive Data

Cookie records, advertisement interaction data, preferences, and interests

Transaction Security Information

Non-Sensitive Data

IP address, log records, device information, browser information

Location Data

Non-Sensitive Data

Geographical location information (IP-based), country/city information

3.2 Purposes of Personal Data Processing

Your personal data is processed for the following purposes:

a) Fulfillment of Contractual Obligations

  1. Execution of service contracts

  2. Product/service delivery and billing

  3. Providing customer support services

  4. User account management

b) Fulfillment of Legal Obligations

  1. Document and record retention requirements under tax law

  2. Bookkeeping and storage in accordance with the Turkish Commercial Code and relevant legislation

  3. Fulfillment of requests from public institutions and organizations

  4. Execution of court decisions and legal proceedings

c) Legitimate Interests

  1. Ensuring platform security and preventing misuse

  2. Improving service quality

  3. Internal audits and risk management activities

  4. Business development and strategic planning

d) Explicit Consent

  1. Marketing and promotional activities

  2. Personalized advertisement display

  3. User behavior analysis via analytics cookies

  4. Third-party integrations

3.3 Legal Grounds for Processing Personal Data (KVKK Article 5 and Article 6)

Your personal data is processed based on one or more of the following legal grounds as stated in Articles 5 and 6 of KVKK:

  1. Explicitly Foreseen in Laws (KVKK Art. 5/2-a)

  2. Contract Formation or Fulfillment (KVKK Art. 5/2-c)

  3. Fulfillment of Legal Obligation (KVKK Art. 5/2-ç)

  4. Data Subject's Explicit Consent (KVKK Art. 5/1)

  5. Legitimate Interest (KVKK Art. 5/2-f)

  6. Establishment, Use, or Protection of a Legal Right (KVKK Art. 5/2-e)

  7. Cookie Policy and Purposes of Use

We use the following types of cookies on our website:

Google Analytics
We use Google Analytics to analyze website usage. These cookies collect anonymous data and are used to improve website performance.

  1. Rights of Data Subjects (KVKK Article 11)

In accordance with Article 11 of KVKK and Articles 15-22 of the GDPR, as data subjects, you have the following rights:

5.1 Right to Information (KVKK Art. 11/1-a-b)
You have the right to learn whether your personal data is being processed and, if so, to request information about it. In this regard, you can learn:

  1. The purpose of processing your personal data

  2. What personal data has been collected

  3. To whom and for what purposes the data is transferred

  4. The legal basis for the data processing

5.2 Right to Access and Request Copies (GDPR Art. 15)
You can request a copy of the personal data being processed. The first request is free of charge. A reasonable fee may be charged for subsequent requests.

5.3 Right to Rectification (KVKK Art. 11/1-c)
You have the right to request the correction of inaccurate or incomplete personal data and to have the correction notified to third parties to whom the data has been transferred.

5.4 Right to Erasure (Right to be Forgotten) (KVKK Art. 11/1-d, GDPR Art. 17)
You may request the erasure of your personal data under the following circumstances:

  1. The personal data is no longer necessary for the purposes for which it was collected

  2. You have withdrawn your consent and there is no other legal ground for processing

  3. The personal data has been processed unlawfully

  4. The personal data must be erased to comply with a legal obligation

Note: If legal retention periods have not expired and there is a legal obligation, erasure requests may not be fulfilled.

5.5 Right to Data Portability (GDPR Art. 20)
You can request that personal data processed automatically and collected based on your consent or a contract be provided in a structured, commonly used, and machine-readable format.
If technically feasible, you can request the transfer of your data to another data controller.

5.6 Right to Object (KVKK Art. 11/1-f, GDPR Art. 21)
You can object to the processing of your personal data based on legitimate interests. If we determine that your objection is justified, we will cease processing your data.

You have the right to object to direct marketing activities at any time.

5.7 Right to Object to Automated Decision-Making (GDPR Art. 22)
You can request not to be subjected to decisions based solely on automated processing, which have legal effects concerning you or similarly significantly affect you.

5.8 Procedure for Exercising Your Rights

To exercise your rights mentioned above, you can send an email to support@okito.com or submit a written request to our address.

Application Conditions:

  1. Information to verify your identity (e.g., National ID number, name, surname)

  2. The subject and reasoning of your request

  3. Any supporting documents for your request

Response Time:
Your application will be processed free of charge within 30 (thirty) days. If the process requires a fee, it will be charged according to the rate determined by the Personal Data Protection Authority.

  1. Data Retention Periods and Disposal Policy

Your personal data will be retained for the duration required for the processing purpose and in accordance with legal retention periods:

Data Category

Retention Period

Legal Basis

Invoice and Accounting Records

10 years

Tax Procedure Law

Employment Contracts and Personnel Files

10 years

Labor Law, SGK Legislation

Commercial Books and Records

10 years

Turkish Commercial Code

Marketing Consent Records

Until consent is withdrawn + 1 year

KVKK, Communication Management System

Website Log Records

1 year

Legitimate Interest

Customer Communication Records

2 years

Legitimate Interest, Contract

Cookie Data

As specified in Cookie Policy

Explicit Consent/Legitimate Interes

Disposal Procedure:
Personal data that exceeds the retention period will be deleted, destroyed, or anonymized by our Company in accordance with KVKK and related regulations. Disposal is performed periodically (at least once a year).

  1. Data Security and Technical-Administrative Measures

Our Company takes appropriate technical and administrative measures to prevent unlawful processing, unlawful access, and ensure the safe storage of personal data in accordance with KVKK Art. 12 and GDPR Art. 32:

Technical Measures:

  1. 256-bit SSL/TLS encryption for data transmission security

  2. Regular security scans and penetration tests (at least twice a year)

  3. Up-to-date firewall and anti-malware systems

  4. Database encryption and access-log records

  5. Secure backup systems (encrypted backup)

  6. Two-factor authentication (2FA) support

  7. DDoS protection and rate limiting

Administrative Measures:

  1. KVKK and data security training for personnel

  2. Confidentiality agreements and access authorization

  3. Data processing inventory and record system

  4. Regular risk assessments

  5. Data breach procedure and intervention plan

  6. Data processing contracts with third-party suppliers

  7. Data Transfers

8.1 Transfers Within Turkey

Your personal data may be transferred to the following parties for processing purposes:

  1. Service Providers: Hosting, cloud storage, email services

  2. Payment Institutions: Banks and payment systems (for transaction security)

  3. Legal Advisors: Lawyers, financial advisors (for legal obligations)

  4. Public Authorities: When required by law (court decisions, administrative requests)

8.2 International Transfers

Your personal data may be transferred abroad under the following circumstances:

EU/EEA Countries: Adequate protection level under GDPR.
Third Countries:

  1. Google Analytics, Google Tag Manager (USA - Standard Contractual Clauses)

International transfers are carried out based on your explicit consent or on countries/Standard Contractual Clauses with adequate protection as specified under KVKK Art. 9.

  1. Application and Complaint Procedure

If you believe your rights as a data subject have been violated, you can use the following application methods:

9.1 Application to the Data Controller
Email: contact@example.com

Response Time: Within 30 days

9.2 Complaint to the Personal Data Protection Authority

If your application to the data controller is rejected, or the response is insufficient, you may file a complaint with the authority:
Website: https://www.kvkk.gov.tr
Time: 60 days from the date you learn of the response
Address: Personal Data Protection Authority, Nasuh Akar Mahallesi, Ziyabey Caddesi No:6, 06520 Balgat/Ankara

  1. Policy Updates and Enforceability

This Policy was enacted on April 16, 2026. Our Company reserves the right to update this Policy due to changes in legal regulations or business processes.

Important Changes: Will be communicated via email, website notification, or SMS.
Current Version: Accessible at: okito.com/privacy-policy/

Contact Information
Email: support@okito.com
Website: okito.com

Application Form
No file selected Select a file or drag and drop it here Maximum 5 Mb -.PDF -.JPG