Privacy Policy

Last updated:

Data Controller: Seha Otomotiv A.Ş.
Website: www.sehaotomotiv.com
Contact: info@sehaotomotiv.com

1. Introduction

This Privacy Policy and Personal Data Protection Notice has been prepared by our Company, acting as the data controller, within the scope of the Turkish Personal Data Protection Law No. 6698 (“KVKK”) and the European Union General Data Protection Regulation (“GDPR”). This text explains our practices regarding the processing, storage, transfer, and protection of your personal data.

When you visit the Website, use our services, or contact us via our communication forms, certain personal data may be processed. This Policy explains in detail for which purposes, by which methods, and on which legal grounds such processing activities are carried out.

2. Identity of the Data Controller

Pursuant to Articles 3 and 10 of the KVKK, the data controller is the natural or legal person who determines the purposes and means of processing personal data and is responsible for establishing and managing the data recording system. With regard to personal data collected through the Website, the data controller is our Company.

3. Categories of Processed Personal Data

The following categories of personal data may be processed on the Website:

3.1. Identity Information

  • Name, surname
  • Username (if applicable)

3.2. Contact Information

  • Email address
  • Phone number (if a form is completed)
  • Postal address (when necessary)

3.3. Transaction Security Information

  • IP address
  • Website login and logout information
  • Password and credential information (for membership systems)
  • Session records (log records)
  • Security questions and answers (if applicable)

3.4. Transaction Information

  • Request or complaint content
  • Form submission date and time
  • On-site movements and interactions

3.5. Marketing Information

  • Cookie data
  • Preference and interest information
  • Advertising interaction data

3.6. Technical Information

  • Browser type and version
  • Operating system information
  • Device type and screen resolution
  • Language preference
  • Visited pages
  • Time spent on the Website
  • Referral source

4. Methods of Collecting Personal Data

4.1. Contact Forms

When you fill out contact, quotation, information request, or support forms on the Website, the information you provide (name, email, phone number, message content, etc.) is recorded by us. These data are provided entirely on a voluntary basis and directly by you.

4.2. Analytics Services

Third-party analytics services are used on the Website to improve user experience, evaluate site performance, and analyze visitor behavior. Through these services, anonymous or pseudonymized data (page views, average session duration, geographic location data, device information, browser type) may be collected.

4.3. Security Systems

Automated security systems are used to ensure Website security, prevent unauthorized access attempts, and detect malicious activities. These systems automatically record data such as IP address, access time, access frequency, and failed login attempts.

4.4. Cookies and Similar Technologies

Cookies, pixel tags, and similar tracking technologies are used on the Website. For detailed information, please review our Cookie Policy.

4.5. Third-Party Integrations

The Website may include social media sharing buttons, map services, and services provided by other third-party content providers. These services are subject to their own privacy policies, and data may also be collected by the relevant platforms.

5. Purposes and Legal Grounds for Processing Personal Data

5.1. Service Provision and Communication

Purpose: Providing products and services, responding to inquiries, and fulfilling requests.

Legal Basis: KVKK Art. 5/2(c); KVKK Art. 5/2(f).

Processed Data: Identity information, contact information, transaction information.

5.2. Security and Prevention of Unauthorized Access

Purpose: Ensuring Website security, detecting and preventing cyberattacks and unauthorized access, fulfilling legal obligations.

Legal Basis: KVKK Art. 5/2(ç); KVKK Art. 5/2(f).

Processed Data: IP address, security logs, access time, session data.

5.3. Analysis and Improvement

Purpose: Monitoring Website performance, improving user experience, optimizing content and services, conducting statistical analyses.

Legal Basis: KVKK Art. 5/2(f); Consent (for marketing cookies).

5.4. Marketing and Personalization

Purpose: Providing content tailored to your interests, conducting marketing activities, displaying targeted advertisements, delivering campaigns and announcements.

Legal Basis: KVKK Art. 5/1; KVKK Art. 5/2(f).

5.5. Fulfillment of Legal Obligations

Purpose: Compliance with legal retention obligations, responding to requests from authorized authorities, managing legal disputes.

Legal Basis: KVKK Art. 5/2(ç).

6. Transfer of Personal Data

6.1. Service Providers

We work with domestic and international service providers for hosting, maintenance, and technical support services. Data processing agreements are executed, and data are processed solely for specified purposes.

6.2. Legal Obligations

Personal data may be transferred to authorized public institutions and authorities in case of legal obligation.

6.3. Business Partners

Personal data may be shared with business partners when necessary for service provision, in compliance with legal grounds and security measures.

6.4. International Data Transfer

Personal data may be processed on servers located abroad, in compliance with Article 9 of the KVKK and applicable safeguards.

7. Retention Periods of Personal Data

7.1. Contact Form Data

Stored for a maximum of 2 years after request fulfillment, unless legal obligations require longer retention.

7.2. Security and Log Records

Stored for 12 months for security purposes, unless extended due to legal processes.

7.3. Analytics Data

Anonymous analytics data may be stored indefinitely; identifiable analytics data are stored for up to 24 months.

7.4. Marketing Data

Processed as long as consent is valid; deleted or anonymized within 6 months after withdrawal.

7.5. Cookie Data

Retention periods vary by cookie type. Please review our Cookie Policy.

8. Security of Personal Data

Technical and administrative measures are implemented in accordance with Article 12 of the KVKK.

8.1. Technical Measures

  • SSL/TLS encryption
  • Firewall and intrusion detection systems
  • Regular security updates
  • Strong password policies
  • Data backup and recovery
  • Encrypted data storage

8.2. Administrative Measures

  • Restricted access authorization
  • Employee awareness training
  • Confidentiality agreements
  • Regular security audits
  • Data breach response plans

9. Rights of the Data Subject (KVKK Article 11)

You have the right to request information, correction, deletion, objection, and compensation, and to object to automated processing.

10. Exercising Your Rights

You may submit your requests in writing or electronically. Requests will be finalized within 30 days.

11. Children’s Privacy

The Website is not intended for individuals under 18 years of age, and personal data of minors are not knowingly collected.

12. Changes to the Policy

This Policy may be updated in line with legal or operational changes. Updates will be published on the Website.

13. Contact

If you have any questions regarding this Privacy Policy or personal data processing practices, please contact us.