IC GAYRİMENKUL YATIRIM ORTAKLIĞI ANONİM ŞİRKETİ
COOKIE POLICY
INTRODUCTION
This Cookie Policy has been prepared for the purpose of informing the visitors of the website consisting of the domain name https://www.icgyo.com.tr and the sub-domains connected to this domain (“Website”), which is owned and operated by IC Gayrimenkul Yatırım Ortaklığı Anonim Şirketi (“IC GYO”), located at Maslak Mahallesi, Büyükdere Caddesi No:255 İç Kapı No:103, Sarıyer/İstanbul and registered under tax identification number 4651509871. The Policy aims to provide information, in accordance with the Constitution of the Republic of Türkiye, the international human rights conventions to which Türkiye is a party, and in particular the Personal Data Protection Law No. 6698 (“PDPL”) and the relevant legislation, regarding the methods through which cookies are collected, the purposes and legal grounds for processing personal data via cookies, and the principles applicable to any transfer of personal data, as well as to ensure that data subjects whose personal data are processed are able to exercise their rights effectively. All personal data shared with IC GYO shall be processed lawfully and in accordance with the purposes of IC GYO’s activities and services, and in a manner that is relevant and proportionate.
Definitions
In this Policy:
Cookie : Small text files stored on your device or network server by websites you visit through browsers.
Personal Data : Any information relating to an identified or identifiable natural person.
Processing of Personal Data : Any operation performed on personal data, whether wholly or partially by automatic means or by non-automatic means provided that it forms part of a data recording system, including the collection, recording, storage, retention, alteration, reorganization, disclosure, transfer, acquisition, making available, classification, or restriction of use.
Data Subject : The natural person whose personal data are processed.
PDPL : The Personal Data Protection Law No.6698, which entered into force upon its publication in the Official Gazette on 7 April 2016.
Website : The website available at https://www.icgyo.com.tr.
Data Controller : The natural or legal person who determines the purposes and means of processing personal data and is responsible for establishing and managing the data recording system.
Principles of the Processing of Personal Data
Pursuant to Article 4 of the PDPL, personal data belonging to the data subject shall be processed by IC GYO, as the data controller, in accordance with the principles of lawfulness and fairness; accuracy and, where necessary, being up to date; being processed for specific, explicit and legitimate purposes; being relevant, limited and proportionate to the purposes for which they are processed; and being retained for the period stipulated in the relevant legislation or required for the purposes for which they are processed. IC GYO processes personal data in line with these principles and for the purposes set out below.
Purpose of Processing Personal Data
When the Website is visited, cookies are used for the purposes of determining how visitors use the Website, enhancing website security, improving the web services provided to users, increasing the functionality and performance of the Website, improving the services offered to you, ensuring the legal and commercial security of the Website, and keeping log records of internet access (which are recorded pursuant to Law No. 5651 on the Regulation of Publications on the Internet and Combating Crimes Committed through Such Publications and the related legislation, and may be shared with judicial and/or administrative authorities/institutions/organizations upon request).
Method and Legal Basis for Collecting Personal Data
Personal Data are processed based on the legal grounds that data processing is necessary for the legitimate interests of the data controller, provided that it does not prejudice the fundamental rights and freedoms of the data subject, and that data processing is necessary for the data controller to comply with its legal obligations. Within the scope of your visit to the Website, personal data are collected through cookies in electronic form, in accordance with the fundamental principles set forth under the PDPL.
Transfer of Personal Data
Records stored and maintained in digital environments may be accessed by authorized persons. Information stored and maintained in digital environments may be shared, in accordance with the procedures and principles stipulated in the laws, with judicial authorities, public institutions and organizations legally authorized to receive such data, domestic third-party service providers, and the cookies specified in Article 8 of this Policy.
Ensuring Data Security
In accordance with Article 12 of the PDPL, IC GYO undertakes to take the necessary technical and administrative measures and to carry out the necessary audits to ensure an appropriate level of security for the purposes of preventing the unlawful processing of personal data, preventing unlawful access to personal data, and ensuring the secure retention of personal data.
Personal data obtained through the Website are stored by IC GYO for the periods specified in Article 8 of this Policy.
What Is a Cookie?
A cookie is a small text file that may be used to access information regarding visitor activities on the Website, conduct analysis, and collect data to ensure the proper functioning of the Website. It is important to note that cookies do not collect information regarding files stored on visitors’ devices. Cookies placed on the visitor’s device may be used if the visitor accepts cookies, or if the visitor has previously visited the Website or consented to such cookies, in accordance with this Cookie Policy. The use of cookies is not mandatory for accessing the Website; visitors may block and/or customize cookies through their browser settings. However, if cookies are blocked, visitors may not be able to benefit from certain features of the Website. Depending on browser settings, cookies may not be deleted automatically; therefore, as detailed in this Cookie Policy, it is important for visitors to check their browser settings to determine where cookies are stored and how they may be deleted.
In addition to cookies, certain technologies with similar purposes are also used on the Website. These include pixel tags, which are transparent graphic images placed on a website to indicate that a page has been viewed; mobile device identifiers, such as IDFA or advertising ID, which allow information regarding the use of a mobile device to be stored in third-party environments; and segmentation/reporting tools, which operate through certain embedded codes added to the Website or mobile devices and enable programs and/or products to report, analyse, interpret, and store user activities on the Website or mobile devices.
- Types of Cookies and Their Purposes of Use
- Mandatory Cookies : These cookies are necessary for the proper functioning of the Website. They are essential to ensure that the Website continues to operate and remains functional without causing errors. Mandatory cookies do not collect data for marketing purposes, do not remember the visitor’s online location, and are not used for tracking visitors. Since the data collected through these cookies must be used and retained for the functioning of the Website, disabling mandatory cookies is not possible. Mandatory cookies do not have the capability to collect identity information. If the use of mandatory cookies is not accepted, certain essential parts of the Website may not function properly, and the performance of the Website may be adversely affected.
- Analytical Cookies : These cookies allow visitors to be identified, counted for analytical purposes, and enable the determination of how visitors navigate and behave while using the Website. Such cookies help improve the operation of the Website and assist visitors in finding what they are looking for more easily. Analytical cookies do not have access to identity information. All data obtained through analytical cookies are collected anonymously and aggregated.
- Functional Cookies : These cookies are used to recognize the visitor when the Website is revisited. They allow the Website to be personalized for each visitor and help remember the visitor's preferences. Functional cookies may access personal data containing identity elements, such as profile pictures or usernames, if the visitor becomes a member of the Website. If the use of functional cookies is not permitted, the performance of the Website may decrease and access to certain content may be restricted for visitors.
- Marketing Cookies : These cookies may be used to provide visitors with content and campaigns that align with their interests and may serve to deliver targeted advertisements or limit the number of times advertisements outside the visitor’s interests are displayed. Marketing cookies are considered “third-party cookies,” and many types of these cookies can track visitors through their IP addresses and collect identity-related information. The information collected through these cookies may be accessible to third parties that advertise on the Website for marketing and advertising purposes.
Comprehensive information regarding the cookies used within the Website and their purposes of use is presented in the table below;
|
Cookie Type |
Cookie Name |
Source |
Purpose |
Retention Period |
|
|
|
|
This cookie is used by Google Analytics to assess the purpose of a visitor’s visit and to generate reports on website activity for Website administrators, aiming to improve the visitor experience. |
|
|
|
|
|
This cookie is used to verify visitor authenticity, prevent fraudulent use of login data, and protect visitor information against unauthorized access. |
2 Years |
|
|
|
|
This cookie helps track the movements of a specific user (anonymously) on the Website and associates actions performed during a particular user session. |
|
|
|
|
|
Used to anonymously track and analyze user behavior on the Website. Enables monitoring of site traffic, user interactions, and session data. |
|
|
|
|
|
Used by Google to store information regarding how visitors use the Website. |
|
|
|
|
Google Analytics |
Used to anonymously track and analyze visitors’ behavior on the Website. Collects statistical data on user sessions, page views, and navigation habits. |
|
|
|
|
|
Used to maintain the user's connection with the server throughout the session. Ensures that the user is associated with the same session during each page request. Without this cookie, the ASP.NET application cannot recognize the user during the session. |
|
Disabling and Deleting Cookies
Visitors may disable all or some cookies by activating the settings available in their browsers. However, if visitors disable all cookies— including those that are strictly necessary— they may not be able to access all or certain parts of the Website. It should be emphasized that disabling a cookie or a cookie category does not delete that cookie from the visitor’s device; such deletion must be performed separately through the visitor’s browser.
Since cookie settings may vary depending on the device used, visitors may need to customize cookie settings separately for each device through which they access the Website.
To prevent the use of cookies, you must disable the “cookie functionality” in your browser and delete all cookies stored in relation to this Website.
Visitors who wish to modify cookie settings must review the “options” or “preferences” section of their browsers. For further information, it is highly important to consult the “help” sections of commonly used browsers such as Internet Explorer, Firefox, Chrome, Android, Safari, and iOS.
Transfer of Your Personal Data
IC GYO acts in full compliance with the regulations set forth under the PDPL regarding the transfer of personal data. Except for the cases stipulated in the legislation or the exceptions listed below, personal data and special categories of personal data are not transferred to any other natural or legal persons without the explicit consent of the Data Subject. In exceptional circumstances permitted under the KVKK and other applicable legislation, the transfer of personal data to authorized administrative or judicial authorities or private entities is carried out with utmost care and strictly in accordance with the procedures and limitations prescribed by law.
Your personal data may be transferred to;
- Official authorities and institutions, as well as private persons authorized by law, for the purpose of fulfilling legal obligations;
- relevant judicial authorities, including attorneys, for the conduct or follow-up of judicial processes, provided that such transfers are carried out within the procedures and principles set forth in the applicable legislation and in accordance with the personal data transfer conditions and purposes stipulated under Articles 8 and 9 of the PDPL.
Method and Legal Basis for Collecting Personal Data / Sensitive Personal Data
Personal data may be obtained automatically when you access the Website. The legal grounds for the processing of such personal data by IC GYO are the situations falling within the exceptions to explicit consent, as set out in Articles 5/2(a), 5/2(c), 5/2(ç), 5/2(e), and 5/2(f), as well as Article 6/3 of the PDPL. Personal data are collected by IC GYO on the basis of these legal grounds and in compliance with all applicable legislation in force.
Security of Your Personal Data
IC GYO attaches great importance to the security of the information belonging to visitors and third parties whose data are processed, and utilizes state-of-the-art technological tools to ensure such security. All necessary physical, electronic, and administrative measures have been taken in secure environments to ensure the security of the Website. All information is stored and backed up on secure servers located within Türkiye.
To enhance awareness regarding personal data and data protection laws, privacy and information security e-trainings are provided. Information security responsibilities are undertaken in writing. If any non-compliance with policies and procedures is identified, disciplinary processes are implemented. Infrastructure systems are in place to detect potential data breaches. At the application and service level, data security is ensured through encrypted protocol usage, firewalls, and access control mechanisms. Data are classified and labelled accordingly. Physical security measures have been implemented to protect against external and environmental threats. Changes made within information systems are logged. Personal data are backed up in accordance with the data backup policy to prevent data loss. Information systems are regularly subjected to security vulnerability assessments, and identified vulnerabilities are promptly addressed.
IC GYO takes all necessary measures to ensure that its employees and all contracted institutions and organizations maintain the required sensitivity and possess adequate awareness with respect to information security.
Rights of the Data Subject
The data subject may apply to IC GYO, acting as the data controller, and request information regarding whether their personal data have been processed, and if so, obtain information about such processing; learn the purpose of the processing of their personal data and whether they are used in accordance with such purpose; be informed about third parties to whom their personal data are transferred, whether domestically or abroad; request the correction of their personal data if they have been processed incompletely or inaccurately; request the deletion or destruction of their personal data within the framework of the conditions set out under Article 7 of the PDPL; request that the transactions carried out pursuant to Articles 11(d) and 11(e) of the PDPL be notified to third parties to whom their personal data have been transferred; object to the emergence of a result against themselves through the exclusive analysis of processed data by automated systems; and request compensation for damages in the event that they suffer harm due to the unlawful processing of their personal data.
Pursuant to the Communiqué on the Principles and Procedures for the Request to the Data Controller, applications submitted by you must include your name and surname, signature if the application is in writing, e-signature or mobile signature if it is electronic, Turkish Identification Number, residential address or workplace address for notification purposes, and, if available, an email address for notification, telephone number, and information concerning the subject of the request. The data subject is responsible for clearly and understandably stating the matter requested in applications made for exercising the aforementioned rights and for attaching the relevant information and documents to the application.
Such applications may be submitted;
- In person to IC GYO at the address “Maslak Mahallesi, Büyükdere Caddesi No:255 İç Kapı No:103 Sarıyer/İstanbul”, by delivering a written and signed hard-copy application by hand,
- By sending a written request through a notary public to IC GYO’s address, “Maslak Mahallesi, Büyükdere Caddesi No:255 İç Kapı No:103 Sarıyer/İstanbul”,
- By registered electronic mail (REM), using your registered e-mail address, to icgayrimenkul@hs01.kep.tr.
If a request is to be submitted by a third party on behalf of the data subject, the individual making the request must hold a notarized power of attorney issued specifically for such purpose by the data subject. In addition, the application must include identity and address information, and documents verifying the identity of the applicant must be attached. Requests submitted by unauthorized third parties on behalf of someone else will not be taken into consideration. The data subject must clearly and understandably specify the matter requested in any application submitted for the exercise of the above-mentioned rights and must include the relevant explanations regarding the right being exercised. All information and documents relating to the application must be attached to the request.
Within this scope, any requests duly submitted to IC GYO will be finalized within no later than thirty days. If fulfilling your request requires an additional cost, IC GYO may charge the applicant a fee in accordance with the tariff determined by the Personal Data Protection Board (“Board”). If IC GYO provides its response via a recording medium such as a CD or flash drive, a fee not exceeding the cost of the recording medium may be requested. IC GYO may request the necessary information and documents from you to verify that you are the actual owner of the personal data that is the subject of the request, and may direct questions to you in order to clarify issues stated in your application.
IC GYO will notify you of its response to your request in writing or electronically. Pursuant to Article 14 of the PDPL, in cases where your application is rejected, you find IC GYO’s response insufficient, or your application is not answered within the statutory period, you may file a complaint with the Board within 30 (thirty) days from the date on which you learn of IC GYO’s response, or, if no response is provided, within 30 (thirty) days following the expiry of the response period,, and in any event within 60 (sixty) days from the date of your application.