Website Confidentiality Agreement
I. Purpose of personal data protection and processing policy
Until today, data and information of our customers or potential customers are kept confidential and have never been shared with third parties by virtue of the sensitivity of our business as ODAMAX. Personal data protection is our essential policy. Even before any legal regulation, our company and subsidiaries had attached a great importance to the confidentiality of personal data, adopted as a working principle and gave working instructions to the employees in compliance with this principle. As ODAMAX, we undertake to adhere to all responsibilities of Law on Personal Data Protection. The principle of our company to protect personal data also covers our subsidiaries.
II. Scope and change of personal data protection and implementation policy
This Policy prepared by our Company has been regulated in accordance with “Law on Personal Data Protection” no. 6698 (“KVKK”). The Law has entered into force with all of its provisions as of today. The data received with your consent or pursuant to the other regulations as per to the Law shall be used to make our service more quality and to improve our services and quality policy. Again, some of the data we obtain are removed from the scope of personal data and anonymised. These data are used for statistical purposes and not subject to the enforcement of Law and our Policy. Personal Data Protection and Processing Policy of ODAMAX aims and regulates the protection of the data which are automatically obtained from our customers, potential customers, employees and the customers and employees of the companies in cooperation with us for solution partnership and the other parties. Our company reserves the right to change our Policy and Regulation – provided to comply with the Law and protect the personal data in a better way.
III. General principles on processing of the personal data
a) Being in compliance with the law and good faith: ODAMAX questions the source of the data it collects or sent by other companies and attaches importance to handling these in compliance with the law and good faith. Within this framework, it warns and notifies the third parties (agencies and other intermediary firms) that sell the services provided by ODAMAX to protect the personal data.
b) Being accurate and up to date, if necessary: ODAMAX attaches importance to the accuracy of all of the data kept within the organization, to the fact that they don’t include any misinformation and that personal data are updated only if the changes are notified.
c) Being processed for specified, explicit, and legitimate purposes: ODAMAX processes the data limited to the services and purposes for which consent of the persons are taken during the services. It shall not process, use and make use of the data out of business purposes.
d) Being relevant, limited and proportionate to the purposes for which data are processed: ODAMAX uses the data only for processing purposes and to the extent what the service requires..
e) Being stored only for the time designated by relevant legislation or necessitated by the purpose for which data are collected: ODAMAX keeps the contractual data as long as it’s required by the commercial and taxation law as well as the periods of conflicts of law. Nevertheless, it shall delete or anonymise the data in case the reasons necessitating their processing cease to exist.
It’s crucial to state that whether ODAMAX collects or processes the data by one’s will or in compliance with the law, the abovementioned provisions shall apply anyhow.
You shall have the following rights pursuant to Article 11 of Law on Personal Data Protection. A separate application form has been prepared by ODAMAX for you to facilitate your related rights. The persons whose personal data have been processed may apply to our official announced on our website by ODAMAX and shall be entitled to;
a) Learn whether or not your personal data have been processed,
b) Request information as to processing if your data have been processed,
c) Learn the purpose of processing of the personal data and whether data are used in accordance with their purpose,
ç) Know the third parties in the country or abroad to whom personal data have been transferred,
d) Request rectification in case personal data are processed incompletely or inaccurately,
e) Request deletion or destruction of personal data within the framework of the conditions set forth under the Law,
f) Request notification of the operations made as per clauses (d) and (e) to third parties to whom personal data have been transferred,
g) Object to occurrence of any result that is to your detriment by means of analysis of personal data exclusively through automated systems,
ğ) Request compensation for the damages in case the person incurs damages due to unlawful processing of personal data. As ODAMAX, we respect to these rights.
Maximum Savings Policy/Scrimping Policy
Pursuant to our policy called as maximum savings policy or scrimping policy, the data received by ODAMAX are processed into the system as required. Thus, which data we will collect shall be determined according to the purpose. Unnecessary data shall not be collected. Other data submitted to our company are transferred to the information system of the company in the same way. Redundant information is not stored in the system; they are deleted or anonymised. These data may be used for statistical purposes. Health data among the special quality data are only kept in the system to provide better service to the customers and to protect their health.
Deletion of Personal Data
When the retention period necessitated by the Law expires, judicial procedures are completed or other requirements no longer exists, these data shall be deleted, removed or anonymised automatically, by the company or upon the request of the relevant person.
Accuracy and Currency of Data
The data within the body of ODAMAX are processed as declared by the relevant persons as a rule. ODAMAX is not obliged to check up on the accuracy of the data declared by the customers or the persons in touch with ODAMAX and it’s also contrary to the Laws and our working principles. The declared data are regarded as correct and accurate. The principle of accuracy and currency of personal data has also been adopted by ODAMAX. The personal data processed upon the request of the relevant person or from official documents that are submitted to our company are updated. Necessary precautions are taken for this purpose.
Confidentiality and data security
Personal data are confidential and ODAMAX obeys the rule of confidentiality. Only authorized persons shall access the personal data. All necessary technical and administrative measures are taken to protect the personal data collected by ODAMAX and to prevent the damage on our customers and potential customers. Within this framework, it shall be ensured that the software complies with the standards, third parties are selected with caution and data protection policy is observed within the company.
IV. Purpose of data processing
Collection and processing of personal data by ODAMAX shall be executed in line with the purposes stipulated in the letter of clarification. The data are collected and processed to draw up contracts and provide better services to the customers.
V. Data of customer, potential customer and business and solution partners
Collection and processing of data for contractual relationship
In case of a contractual relationship with our customers and potential customers, the collected personal data may be used without the approval of the customers. However, this use shall be for the purpose of the contract. The data shall be used for better execution of the contract and as required by the services and updated, if necessary, by contacting the customers. Nevertheless, the data provided to us by our potential customers shall be processed to easier and more quality services later. These data shall be deleted upon requests in case of lack of any contractual relationship.
Data of Business and Solution Partners
ODAMAX adopts as a principle to act in compliance with the laws when exchanging the data both with business and solution partners. The data are shared with the business and solution partners with the understanding of data confidentiality and as required by the services and it’s definitely ensured that these parties take measures regarding the data security.
Data processing for advertisement purposes
Electronic messages for advertisement purposes can only be sent to the persons with prior consent in compliance with the Law on the Regulation of E-Commerce and the Regulation on Commercial Communications and Commercial Electronic Messages. An explicit consent of the person is required to send advertisements. ODAMAX complies with the details of ‘’the consent’’ specified in the same legislation. In order to send electronic messages, personal data are transferred to service providers and Message Management System Inc. as per the Regulation on Commercial Electronic Messages.
Data processing due to legal obligations of the company or being stipulated explicitly in the Law
Personal data may be processed without prior consent when it’s stipulated explicitly in the relevant legislation or to fulfil a legal obligation specified in the legislation. Type and scope of the data processes are required for data processing activity that is permitted by the Laws and they should comply with the relevant legal provisions.
Data processing of the company
Personal data may be processed pursuant to the legal purposes and the services of the company. However, the data shall not be used for services contrary to the laws under any circumstances.
Processing of personal data of special nature
According to the relevant laws, the following are considered personal data of a special nature: race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, attire and dress, association, foundation or union membership, health, sexual life, criminal conviction and security measures, biometric and genetic data. ODAMAX takes the adequate measures determined by the Commission.
Data obtained via membership process
In case you become the member of ODAMAX, the personal data given during sign up transaction are processed on our systems. If you become member via Facebook, Google or other social media channels, your information provided by related social media channel to its partners such as your name, surname, your profile picture and e-mail address are accessed and conveyed to ODAMAX systems.
Data processed with automatic systems
ODAMAX acts in compliance with the Law for data processed with automatic systems. The information obtained from these data without the explicit consent of the persons shall not be used against the person. However, ODAMAX may take decisions regarding the persons that it will perform process by using the data within the system.
As in many websites, ODAMAX uses technologies such as cookies etc. to improve the visit experience of website users and to increase the quality of service. ODAMAX Cookies Policy has been prepared in order to inform website users about cookies and the types of cookies used and to guide how cookie preferences can be managed.
What are Cookies?
Cookies are text files, installed by your web browser when you visit the website, in your computer or mobile phone. In these files, your IP address, session information, the pages you access etc. are stored. Your website preferences can be remembered, your session can be kept open or content for your interest can be shown thanks to the cookies. For detailed information on cookies, you can visit www.aboutcookies.org and www.allaboutcookies.org.
Types of Cookies
Cookies are divided into different types according to criteria such as their storage time on mobile devices and by whom they are placed. The basic distinction within the scope of these criteria is as follows:
Session Cookies: Session cookies are temporary cookies that are deleted from the device after closing the browser. The main function of these cookies is to maintain the website running properly.
Persistent Cookies: Persistent cookies remain on the device even after the browser is closed, until they are deleted by the user or expired.
First Party Cookies: First-party cookies are cookies placed on the device by the website operator visited.
Third Party Cookies: Third-party cookies are cookies placed on the device and controlled by people other than the website operator visited.
In case the personal data are collected, processed and used at the web sites and other systems or applications of ODAMAX, the relevant persons shall be informed of the cookies if necessary with confidentiality notification. The persons shall be notified about our practices on the web pages. The personal data shall be processed in compliance with the Law.
Following are submitted to your information regarding the cookies we use/will use on our website when you visit.
Intended Purpose of Cookies
Functional and analytical cookies
Functional and analytical cookies,
Functional and analytical cookies,
3rd party companies (criteo, rtbhouse)
Functional and analytical cookies
Cookies Used on ODAMAX Website
Strictly Necessary Cookies: These are technical cookies that allow the website to run properly and allow you to use its features. They are in the session cookies category. In case these cookies are blocked, features of the website cannot be used. Your approval isn’t required for the use of strictly necessary cookies.
Analytical Cookies: Analytical cookies are used to improve your experience on the website. Analytical cookies ensure that we understand how you use the website (for example: which websites you visit, visit duration etc.). Thus, we can develop the contents we provide or change the website design.
Functionality Cookies: They ensure that your language preferences, region selection etc. are remembered when you visit the website again.
Targeting/Advertising Cookies: ODAMAX uses different first-party and third-party cookies for targeting and advertising purposes on the website. You can block these cookies by changing the settings of your browser or changing the cookies preferences as shown in this Policy.
How Can You Change Your Cookies Preferences?
It’s possible to customize or block complete the cookies by changing the settings of your browser. You can access the detailed information regarding the steps to follow for different browsers from the following links:
You can check out the help or support page of the relevant browser to manage the cookies preferences on other browsers.
Transferring of the Personal Data Domestically and Internationally
Odamax.com shares your personal data with domestic and foreign contracted hotels and airline companies for your accommodation and/or travel purposes. Your personal data may also be shared with other domestic and foreign electronic platforms so that you can search, book and stay in hotels that do not have a contract with Odamax.com.
Your rights regarding your personal data
By applying to ODAMAX as data owner, you will be entitled to:
In case you send your requests regarding the above-mentioned rights to our Company in compliance with the principles stipulated in Communiqué on Application Procedures and Principles to Data Supervisor, ETS will conclude your request as soon as possible and within 30 (thirty) days at the latest for free according to the type of your request. However, if the process requires an extra charge, ETS may request the fee in the tariff determined by Personal Data Protection Board.
Functionality and Analytical
Contain data to remember your preferences, use the website efficiently, optimize the website to respond the requests of the user and provides information on how the visitors use the website. Naturally, this kind of cookies would contain your personal information like your username etc.
Third Party Cookies
ODAMAX websites/mobile applications/mobile websites work with reliable, recognized third party advertisement providers. Third party service providers place their own cookies to present advertisements special to you. Cookies placed by third parties collect, process and analyse visitors’ navigation information on the websites.
These are used to offer similar products/contents to your intended ones in line with your fields of interest and preferences and to increase your user experience by offering a more advanced and customized advertisement portfolio. Retention time for the abovementioned session, permanent, functional and analytical and commercial cookies in the background is about 2 (two) months and this could be adjusted from web browser settings. This process to remove from the settings may vary according to the web browsers.
How to Delete Cookies?
Most of the web browsers are set to accept and use automatically the cookies since the first installation in your computer. Using help or setting menu on your web browser, you can block cookies or get warning when cookies are sent to your device. You can refer to screens for instructions or help options of your web browsers to learn different ways of managing the cookies and get detailed information on how to adjust the settings of your browser.
VI. Data of our employees
Processing of the data for business relations
Personal data of the employees may be processed without obtaining consent to the extent of requirements of health insurance and business relations. However, ODAMAX hereby undertakes the protection and confidentiality of the data of the employees.
Processing as per Legal Obligations
ODAMAX may also processes the personal data of the employees without obtaining a separate consent to fulfil a legal obligation stipulated in the legislation or in case it’s explicitly specified in the legislation. This case is limited to the obligations arising from the Law.
Processing in Favour of the Employees
ODAMAX may process the personal data without obtaining the consent for the procedures in favour of company employees like private health insurances. For the disputes arising from the business relations, ODAMAX may also process the data of the employees.
Processing of special quality data
Pursuant to the Law, race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, clothes, membership of association, foundation or union, health, sexual choice, juridical sentence and data regarding safety measures and biometric and genetic data are among the special quality data. Besides the consent of the relevant person, ODAMAX also takes adequate measures determined by the Board for the processing of special quality data. Special quality data may be processed limited to and related to the cases permitted by the Law without the consent of the person. The quality data obtained from the employees shall only be used for the corresponding purpose to allow them to benefit from the insurance and health services.
Data processed with automatic systems
The data processed regarding the employees with automatic systems may be used for in-house promotions and performance assessments. The employees reserve the right to appeal to the results against them and they should perform this process in compliance with the internal procedures. Appeals of the employees shall be evaluated again within the company.
Telecommunication and internet
The computers, telephone, e-mail and other applications allocated to the employees within the company shall only be used for business purposes. The employee cannot use any of these means allocated to himself/herself by the company for private purposes or communication. The company may control and monitor the data on these means. The employee undertakes not to keep any data or information apart from the business purposes on the computer, telephones or other means allocated to himself/herself as of his/her employment date.
VII. Transferring of the personal data domestically and internationally
Personal data may be shared with business and solution partners and ODAMAX subsidiaries for the purpose of providing the services by ODAMAX.
ODAMAX will be entitled to transfer the personal data for certain purposes to the following person and institutions;
» Business partners of ODAMAX limited to the purpose of execution of the aims of the establishment of the business partnership,
» The suppliers of ODAMAX to the extent of providing the necessary services by our company to fulfil its commercial activities and procured by the supplier as external sources,
» Solution partners of ODAMAX limited to ensuring the execution of the commercial activities which require the participation of the affiliates of the company,
» Subsidiaries of ODAMAX.
ODAMAX is authorized to transfer the personal data domestically and internationally within the conditions determined by the Board and in compliance with the other provisions in the Law and depending on the consent of the person.
VIII. Rights of the relevant person
ODAMAX hereby agrees that the relevant person must provide his/her consent before processing the data within the scope of the Law and he/she reserves the right to determine the destiny of the data after the data is processed.
Regarding the personal data, the relevant persons holds the right to do the following by applying to our official announced on the web page by ODAMAX;
a) To be informed whether his/her personal data are processed or not,
b) To request information if the personal data are processed,
c) To learn the purpose of processing the personal data and whether the data are used for the corresponding purposes,
ç) To get information on the third parties to whom the personal data are transferred in the country and abroad,
d) In case the personal data are processed incompletely or inaccurately, to request the correction,
e) To request that personal data are deleted or removed within the framework of the conditions stipulated in article 7,
f) To request that the processes performed asper clause (d) and (e) are notified to the third parties to whom the personal data are transferred,
g) To appeal to the negative results against himself/herself arising from the analysis of the data processed exclusively through the automatic systems,
ğ) In case the personal data are damaged due to the processing of the data contrary to the Law, to request that the damages are indemnified.
Nevertheless, the persons don’t reserve any right on the anonymized data within the company. ODAMAX may share the personal data as required by a juridical function or governmental authority as per the business and contractual relationship.
The owners of the personal data shall submit their requests regarding the above-mentioned rights to the contact address Merdivenköy Mh. Nur Sk. No:1/8 C Blok Kadikoy - ISTANBUL by completely filling out and putting their wet signatures on the application form given at www.odamax.com, the official website of the company, through registered letter with return receipt with the copies of their identity cards (only front page for birth certificate). The applications shall be replied within the shortest time according to the content of the application within 30 days at the latest after the delivery to the company. You need to apply with registered letter with return receipt. Besides, only the questions about you shall be replied and any applications made regarding your spouse, relative or friends shall not be accepted. ODAMAX can only request information and document from the application holders.
IX. Confidentiality Principle
The data of the employees and other persons within ODAMAX are confidential. Nobody can use, copy, reproduce, transfer these data for any other purposes, except for business purposes, without compliance with the contract or the law.
X. Process security
All necessary technical and administrative measures are taken to protect the personal data received by ODAMAX and to prevent the retention of them by unauthorized persons and to prevent the damage on our customers and potential customers. Within this framework, it’s ensured that the software complies with the standards, third parties are selected with care and data protection policy is followed within the company. Security-related measures are constantly updated and improved.
XI. Protection of Credit Card and Payment Information
Payment and credit card information received from you due to the service we provide is transmitted to a third-party service provider serving in line with PCI DSS security standards ((Payment Card Industry Data Security Standards) and they’re encrypted and stored until the date the service fees are collected. Security standards under the name of PCI DSS are created by a council consisting of leading payment card service providers such as American Express, Discover, JCB International, Mastercard and Visa Inc. companies to provide secure payment solutions and ensure that merchants, service providers, financial organizations and institutions secure their own payment systems and implement new security policies and technologies in order to prevent possible breaches and card frauds. Credit card and other payment information you’ve shared with Odamax are sent to a third party secure service provider with Level 1 security certificate in line with the relevant standards and will be stored until the service fees are collected by the suppliers as mentioned above. After this date, information will continue to be stored for a certain period of time in order to ensure transaction security. In case you receive service through Odamax.com, you acknowledge that you have explicitly consented to the storage of credit card and other payment information in the systems described above within the specified scope. Your credit card information is safe in Ets Ersoy Turistik Servisleri A.S. or Etsgroup companies. However, you can face some risks if you keep your credit card information and passwords on other websites such as Chrome, password managers apart from our systems. Our company isn’t responsible for these risks.
ODAMAX carries out the internal and external inspections for protection of the personal data.
XIII. Notification of Violations
ODAMAX shall immediately act to remedy the violations in case a violation of personal data is notified. It shall mitigate or indemnify the damage of the relevant person. In case the personal data are obtained by the unauthorized persons, this case should be immediately notified to the Board of Personal Data Protection.
Regarding the notification of the violations, you can also make an application as per the procedures provided at http://odamax.com.
For your questions and requests regarding the confidentiality agreement, after printing out and filling out the form below, you can send a registered letter with return receipt to the address below.
Data Controller: Ets Ersoy Turistik Servisleri A.S.
Address: Merdivenköy Mh. Nur Sk. No:1/8 C Blok Kadikoy - ISTANBUL
Last Update: September 2, 2022 Rev.1