Privacy and Personal Data Protection Policy

1. Purpose and Scope

This policy (“Policy”) describes the principles adopted by the Homeyday brand and the authorized personnel/institutions acting on behalf of Homeyday (“Homeyday” or “Company”) regarding the protection of personal data. The Policy covers the principles regarding the processing, storage, transfer, and destruction of personal data belonging to Visitors, Online Visitors, Customers, Potential Customers, Job Candidates, Suppliers/Business Partners, and Third Parties (“Person Groups”). Homeyday offers management services for tourism-related housing/villas and associated operational services.

2. Principles Regarding the Processing of Personal Data

Homeyday processes personal data in accordance with the Law on Protection of Personal Data No. 6698 (“KVKK”) and relevant legislation;

• Lawful and in accordance with honesty rules,

• Accurate and updated when necessary,

• For specific, clear, and legitimate purposes,

• Relevant, limited, and measured in relation to the purpose,

• For as long as necessary for the purpose for which it is processed or as specified in the relevant legislation
  and applies the necessary technical/administrative measures in accordance with these principles.

3. Conditions for Processing Personal Data

Homeyday processes personal data when one of the following legal reasons exists:

• Explicitly provided for by laws,

• Cases of impossibility (necessity for the protection of life/body integrity),

• Directly related to the establishment/performance of a contract,

• Fulfillment of a legal obligation by the data controller,

• Publicly disclosed by the data subject,

• Establishment, use, or protection of a right,

• Legitimate interests (provided it does not harm your fundamental rights and freedoms),

• Explicit consent (in cases where other conditions do not exist).

4. Data Categories and Person Groups

The processed data may be collected under the following categories depending on the nature of our activities (the examples are not exhaustive):

• Identity (name-surname, T.R. identity number*, signature*, camera recording*),

• Contact (address, email, phone),

• Financial (bank/IBAN*, invoice information*),

• Transaction Security (IP, log records, session/password information*),

• Resume (job candidate – CV content),

• Marketing and Request/Complaint Management (campaign interaction, feedback).
  *When required by the relevant process and legislation.

Person Groups: Customer, Potential Customer, Visitor/Online Visitor, Job Candidate, Supplier/Business Partner, Third Party.

5. Purposes of Processing (By Group)

5.1 Customer

Conducting reservation, accommodation, and property management processes; contract and accounting transactions; guest communication and satisfaction management; fulfilling legal obligations; information security, auditing, and reporting.

5.2 Potential Customer

Promotion and personalization of products/services; pricing; planning of commercial/operational processes; marketing analytics within the limits of consent/legitimate interest.

5.3 Visitor / Online Visitor

Facility and asset security (CCTV); maintaining internet/application logs; obligations arising from Law No. 5651 and relevant legislation; request/complaint processes.

5.4 Job Candidate

Execution of HR processes; application evaluation; legal obligations arising from legislation; recruitment communication.

5.5 Supplier / Business Partner

Contract and procurement management; invoicing/payments; operational security; fulfilling legal obligations.

5.6 Third Party

Fulfillment of obligations arising from contractual relationships; establishment/protection of rights; request/complaint management.

6. Transfer of Personal Data

Data may be transferred to the suppliers, business partners, independent auditors, legal/financial consultants we work with; IT, hosting, security, and marketing service providers; authorized public institutions and organizations, and if necessary, abroad under the conditions specified in KVKK m.8-9 and relevant secondary regulations, limited to purpose.

7. Collection Method and Legal Reason

Data is obtained through direct means from the relevant person, in contractual and pre-contractual processes, digital channels (website, mobile, contact forms), call/messaging records, camera systems during facility visits, supplier and platform integrations (e.g., reservation/payment platforms) via automated or semi-automated methods; based on the legal reasons specified in KVKK m.5-6 that are applicable. Homeyday conducts its reservation/revenue-related activities with professional management and software support.

8. Data Security Measures

• Technical measures: network/application security, access authorization, logging, encryption, backup, penetration tests.

• Administrative measures: policy/procedure sets, authorization matrix, confidentiality commitments, employee/supplier awareness training, regular audits.

• Breach management: impact analysis conducted in potential breach cases; notification processes in accordance with KVKK are implemented.

9. Third Party Data

It is assumed that the third-party data you share with Homeyday (e.g., guest lists) has been informed of KVKK and that necessary consents have been obtained. In the absence of such, the party legally responsible for any claims arising is the person/institution sharing the data.

10. Retention Periods and Destruction

Data is retained for the durations specified in the relevant legislation or for as long as required by the purpose of processing; upon the expiration of the duration or the termination of the purpose, it is deleted, destroyed, or anonymized in accordance with our periodic destruction processes.

11. Rights of the Relevant Person (KVKK m.11)

By applying to us;

• To learn whether your personal data is processed,

• If processed, to request information about it,

• To learn whether it is used in accordance with its purpose,

• To know the third parties to whom it is transferred, domestically/internationally,

• To request correction if processed incompletely/incorrectly,

• To request deletion/destruction in accordance with the relevant legislation,

• To request notification of the transactions to third parties to whom the transactions are transferred,

• To object to a conclusion reached against you solely on the basis of automated systems,

• To request compensation for damages incurred due to unlawful processing
  you have the rights.

12. Application Procedure

You can submit your requests regarding your rights through the following channels, together with documents verifying your identity:

• Email: info@homeyday.com.tr

• Address: Kemerağzı Mah. Yaşar Sobutay Bulvarı, 5. Hacı Gebizli Sitesi No:31, D Blok, Kat 2, Daire 20, Aksu/Antalya

• Phone (for information purposes): +90 536 794 0739, +90 555 888 45 30

• Web: www.homeyday.com.tr
  Homeyday will conclude your application as soon as possible depending on its nature and at the latest within 30 days; if the transaction requires a cost, the fee specified in the Board’s tariff may be charged.

13. Cookies and Similar Technologies

Our website may use mandatory, functional, and performance/analytical cookies. The types of cookies used, their purposes, and your management preferences are explained in the “Cookie Clarification Text” and/or in the cookie management panel.

14. International Transfers

Infrastructure providers (hosting/cloud), reservation, and communication platforms may sometimes be located abroad. In such cases, the transfer is made through KVKK compliant mechanisms such as adequacy decisions announced by the Board or declarations/contracts.

15. Effectiveness and Updates of the Policy

This Policy enters into force on the date of publication and is updated when necessary. The most up-to-date version is published on our website.