personal-data-protection

KVKK Policy
POLICY ON THE PROTECTION AND PROCESSING OF PERSONAL DATA


 


1-INTRODUCTION


 


Pursuant to the Law No. 6698 on the Protection of Personal Data (“Law No. 6698”), as MAIN RENT A CAR (“COMPANY, MAIN”), in the capacity of data controller, we, our employees, customers, potential customers, employee candidates, visitors and third parties and in relation We process the personal data of other natural persons that we are part of, under the basic principles set forth below.


With this Policy; We aim to legally process and protect the personal data of you, our potential customers, employees, employee candidates, visitors and third parties, as notified to us and by preserving the most up-to-date version.


 


2-DEFINITIONS


 


Explicit Consent: It refers to the consent that is based on information and freely expressed regarding a certain subject.


Anonymization: It means making personal data not to be associated with an identified or identifiable natural person in any way, even if it is matched with other data.


Application Form: It means the "Application Form Regarding the Applications to be Made by the Data Subject (Personal Data Owner) to the Data Controller in accordance with the Law on Protection of Personal Data No. 6698", which includes the application to be made by the personal data owners to exercise their rights.


Employee Candidate: Refers to real persons who have applied for a job or given their CV and relevant information to MAIN by any means.


Employees of Collaborating Institutions,


Shareholders and Authorities: It refers to real persons, including the shareholders and officials of these institutions, who work in the institutions with which MAIN has all kinds of business relations.


Business Partner: It refers to the parties with which MAIN has established business partnerships for the purposes of carrying out various projects and receiving services, either personally or together with the Group Companies.


Processing of Personal Data: Obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making available personal data by fully or partially automatic or non-automatic means provided that it is a part of any data recording system, It refers to all kinds of operations performed on data such as classification or prevention of use.


Personal Data Owner: Refers to the real person whose personal data is processed.


Personal Data: It means all kinds of information related to an identified or identifiable natural person.


Customer: refers to the real persons who benefit from the products and services offered by the Company.


Special Qualified Personal Data: Data on race, ethnicity, political thought, philosophical belief, religion, sect or other beliefs, clothing, membership in associations, foundations or trade unions, health, sexual life, criminal convictions and security measures, and biometric and genetic data. represents the data.


Policy: It refers to the basic rules for the processing of personal data, which are declared with the Personal Data Processing and Protection Policy of MAIN RENT A CAR.


Potential Customer: Refers to real persons who show interest in using the products and services offered by the Company and have the potential to become a customer.


Supplier : It refers to the parties that provide services to MAIN on a contractual basis while carrying out MAIN's commercial activities.


Third Party: Refers to the natural persons whose personal data are processed within the scope of the policy, who are not defined differently within the scope of the policy.


Data Processor: It refers to natural and legal persons who process personal data on behalf of the data controller, based on the authority given by the data controller.


Data Controller: It refers to the person who determines the purposes and means of processing personal data and manages the place where the data is kept systematically (data recording system). Within the scope of this policy, MAIN RENT A CAR is the data controller.


Deletion of Data: It refers to the process of making personal data inaccessible and unusable for the relevant users in any way.


Destruction of Data: It refers to the process of making personal data inaccessible, unrecoverable and unusable by anyone in any way.


Visitor

: Real persons who have entered the company, store, office, dealer, service and website owned by NAIN for various purposes.


 


3- PURPOSE OF THE POLICY


 


The main purpose of this Policy is;


It is to make explanations about the personal data processing activity carried out by MAIN in accordance with the law and the principles adopted for the protection of personal data.


 


4-SCOPE OF THE POLICY


 


This Policy; by our customers, employees, employee candidates, visitors, shareholders and employees of the institutions we cooperate with, and third parties, dealers, authorized services, branches, call centers, agencies, offices and our affiliated companies; camera recording system, e-mail correspondence, training attendance records, forms, contracts, petitions, crime scene information, minutes, authorized institutions, mobile applications and similar means or through our websites and social media pages and/or systems that are not limited to these. It relates to all personal data processed by non-automatic means, in writing, verbally or electronically and through similar technologies, provided that it is a part of any data recording system.


This Policy is published on our websites (www.mainrentacar.com) and made available to the relevant persons upon the request of personal data owners.


In case of inconsistency between the current legislation and the Policy, the provisions of the legislation will be applied with priority.


 


5-GENERAL PRINCIPLES IN PROCESSING PERSONAL DATA


 


MAIN enlightens the data owners in accordance with Article 10 of the KVK Law and requests the consent of the data owners in cases where consent is required.


In accordance with the Law and the Rule of Integrity, keeping all communication channels open in order to ensure that personal data is accurate and up-to-date when necessary, processing for specific, clear and legitimate purposes, ensuring that it is linked, limited and proportionate to the purpose for which it is processed, for the period stipulated in the relevant legislation or required for the purpose for which it is processed. It works by preserving it.


 


6-RULES ON THE PROTECTION OF PERSONAL DATA


 


MAIN, in accordance with Article 20 of the Constitution and Article 4 of the KVK Law, regarding the processing of personal data; carries out personal data processing activities in a limited and measured manner in accordance with the law and honesty rules, accurately and, when necessary, for up-to-date, specific, clear and legitimate purposes.


MAIN retains personal data for as long as required by law or for the purpose of processing personal data.


Personal information of MAIN, its customers, employee candidates, employees, shareholders and employees of the institutions it cooperates with, visitors, supplier company employees and third parties; identification information (name, surname, TR identity number, gender, age, date of birth), contact information (e-mail address, telephone number, address information, IP address), vehicle characteristics, license information, chassis information, preference on the vehicle, taste and user habits, occupational data, visual and audio data, education data, family members data, health data.


While processing this data, the personal data processing conditions and purposes specified in Articles 5 and 6 of the Law No. 6698, and the Identification Law No. 1774, the Highway Traffic Law No. 2918, the Insurance Law No. 5684, the Law No. 6502 on the Protection of the Consumer and the obligations arising from the Tax legislation, Personal data of personal data owners, within the framework of, but not limited to, the regulations of supervisory and regulatory institutions and organizations and the cases required by other authorized public authorities, the follow-up and execution of legal processes and the provisions of other legislation; In addition to the above-mentioned obligations, in order to establish and conduct sales, service, car rental and insurance services and to serve you better;


Fulfilling the requirements of dealership, service, agency contracts and other contracts,


Confirming your identity before our sales, service, car rental and insurance services, contacting potential customers and thus identifying potential consumers and informing them about campaigns, conducting the offer preparation process, conducting vehicle test drives and preparing for vehicle delivery, Sharing the contract with you in order to establish the contract,


Creation of records of sales service, service, car rental service and insurance business and transactions in the system, completion of contract processes,


For the purpose of measuring vehicle / service / service satisfaction, communication after purchase / service, updating customer contact information, technical and vehicle or vehicle or vehicle information regarding your vehicle / rented vehicle.

Providing information that will be beneficial to you, customizing, updating, marketing and promoting the products and services offered by our company according to the tastes, usage habits and needs of the customers, sales and marketing of vehicles and spare parts, informing about the changes that may occur in our terms of service, requests and meeting and following up on your complaints, providing after-sales support services, establishing service appointments, notifying and reminding of maintenance and inspection dates, fulfillment of warranty obligations, monitoring of motor insurance and insurance processes, determination of value with damage or accident processes, execution and follow-up of value loss and other processes including sales and service-related billing and crediting; executing financial and financial transactions, executing risk management, executing operations related to your security and emergencies, informing you before the contract expiry date,


Planning and executing the work carried out with our business partners, credit providers, authorized dealers, authorized services and suppliers for the realization of the commercial activities carried out by our company, performing the necessary studies and carrying out the related works and transactions,


It is processed within the scope of getting to know you when you visit the site and thus making your visit more efficient by personalizing the site, planning information security processes, creating and managing information technology infrastructure, and is stored securely in physical or electronic environment for an appropriate period of time for processing.


MAIN enlightens the data owners in accordance with Article 10 of the KVK Law and requests the consent of the data owners in cases where consent is required, and processes these personal data on the basis of the following criteria.


6.1. Processing in Compliance with Law and Integrity


MAIN acts in accordance with the principles brought by legal regulations and the general rule of trust and honesty in the processing of personal data.


6.2. Ensuring Personal Data Are Accurate and Up-to-Date When Necessary


All communication channels of MAIN are open in order to keep the information of the data owner accurate and up-to-date.


6.3. Processing for Specific, Explicit, and Legitimate Purposes


MAIN clearly and precisely determines the purpose of processing personal data, which is legitimate and lawful. MAIN processes personal data in connection with the commercial activity it carries out and as necessary for these.


6.4. Being Related to the Purpose for which they are Processed, Limited and Measured


MAIN processes personal data within the scope of the purposes related to its field of activity and necessary for the conduct of its business. It avoids the processing of personal data that is not related to the realization of the purpose or that is not needed.


6.5. Retention for as Long as Required for the Purpose of Processing or Envisioned in the Relevant Legislation


MAIN retains personal data only for as long as required by the relevant legislation or for the purpose for which they are processed. In this context; First of all, MAIN determines whether a period is foreseen for the storage of personal data in the relevant legislation, if a period is determined, it acts in accordance with this period. At the end of these periods, personal data is deleted, destroyed or anonymized according to the nature of the data and the purpose of use, within the framework of the obligations under the Law.


 


7- ENSURING THE SECURITY OF PERSONAL DATA


 


MAIN; In accordance with Article 12 of the KVK Law, it takes the necessary technical and administrative measures to ensure the appropriate level of security in order to prevent the unlawful processing of the personal data it processes, to prevent unlawful access to the data and to ensure the preservation of the data, and in this context, it makes or has the necessary inspections made. .


The technical measures taken in this context are listed here, including but not limited to;
Personal data processing activities carried out within MAIN are controlled by established technical systems.
Technical departments have been established and specialized personnel are employed.
New technological developments are followed and technical measures are taken on systems, especially in the field of cyber security, and the measures taken are periodically updated and renewed.
Access and authorization technical solutions are implemented within the framework of legal compliance requirements determined for each department within MAIN.
Access authorizations are limited and authorizations are reviewed regularly. Access restrictions are applied to ex-employees and accounts are closed.
The technical measures taken in accordance with the functioning of the MAIN are reported to the relevant users, the risky issues are re-evaluated and the necessary technological solution is produced.
virus protection Software and hardware are installed, including requests, data vulnerability vulnerabilities, and firewalls.
All information systems, including the applications where personal data are collected, are regularly subjected to external impact tests to detect security vulnerabilities, and the gaps found according to the results of this test are closed.
Administrative measures taken are listed here, but not limited to:
MAIN employees, dealers and authorized service personnel are informed and trained on the law of protection of personal data and the processing of personal data in accordance with the law.
MAIN employees, dealers and authorized service employees; They were informed verbally and in writing about not using the personal data they learned within the scope of the activity in violation of the provisions of the KVK Law. Additional protocols are signed with the employees that these obligations will continue after they leave their positions.
All personal data processing activities carried out by MAIN; It is carried out in accordance with the personal data inventory and its annexes, created by analyzing all business units in detail.
Personal data processing activities carried out by the relevant departments within MAIN; The obligations to be fulfilled in order to ensure that these activities comply with the personal data processing requirements sought by the KVKK, are bound to the written policies and procedures by MAIN, and each department has been informed about this issue and the points to be considered specific to the activity it carries out have been determined.
With the persons to whom personal data is transferred by MAIN in accordance with the law; Additional agreements are made that contain provisions that the persons to whom personal data are transferred will take the necessary security measures for the protection of personal data and ensure that these measures are complied with in their own organizations.
In case the processed personal data is obtained by others illegally, MAIN will notify the person concerned and the Board as soon as possible.
 
8-PROTECTION OF PRIVATE PERSONAL DATA


 


With the KVK Law, special importance is attached to certain personal data due to the risk of causing victimization or discrimination when processed unlawfully. These data are; Data related to race, ethnicity, political thought, philosophical belief, religion, sect or other beliefs, clothing, association, foundation or union membership, health, sexual life, criminal conviction and security measures, and biometric and genetic data.


MAIN acts sensitively in the protection of special quality personal data, which is determined as "special quality" by the KVK Law and processed in accordance with the law. In this context, technical and administrative measures taken by MAIN for the protection of personal data within the scope of the Law and within the scope of the Board's principle decisions are meticulously implemented in terms of special quality personal data, and necessary audits are provided within MAIN.


 


9-INFORMING AND INFORMING PERSONAL DATA OWNERS


 


MAIN; In accordance with Article 10 of the KVK Law and the Communiqué on the Procedures and Principles to be Complied with in Fulfilling the Obligation of Clarification, it enlightens the personal data owners during the acquisition of personal data. In this context, Clarification Texts have been placed in areas that can be easily seen by employees, employee candidates, customers, visitors, shareholders and employees of the institutions we cooperate with, and third parties in dealers, authorized services, branches, agencies and offices. Clarification texts, cookie policy and application form are also published on www.mainrentacar.com addresses together with this policy.


 


10-TRANSFER OF PERSONAL DATA


 


MAIN can transfer the personal data and special quality personal data of the personal data owner to third parties, by taking the necessary security measures, in line with the purposes of personal data processing in accordance with the law. Personal data can be transferred by MAIN to foreign countries that are declared to have sufficient protection by the KVK Board or, in the absence of sufficient protection, to foreign countries where the data controllers in Turkey and the relevant foreign country undertake an adequate protection in writing and where the permission of the KVK Board is available. The reasons for the transfer are explained below:


If there is a clear regulation in the law regarding the transfer of personal data,
If it is necessary to transfer the personal data of the parties to the contract, provided that it is directly related to the establishment or performance of a contract,
If personal data transfer is necessary for MAIN to fulfill its legal obligation,
If personal data transfer is necessary for the establishment, exercise or protection of a right,
If personal data transfer is necessary for the legitimate interests of MAIN, provided that it does not harm the fundamental rights and freedoms of the personal data owner.
 
11- STORAGE TIMES OF PERSONAL DATA


 


If MAIN is stipulated in the relevant laws and regulations,

It stores personal data for the period specified in these legislations.


If a period of time is not regulated in the legislation regarding how long personal data should be stored, Personal data is kept for the period that requires it to be kept depending on the activity carried out by MAIN while processing that data, then it is deleted, destroyed or anonymized in accordance with the relevant policy created by MAIN in accordance with the nature of the data. is being made.


If the purpose of processing personal data has ended and the storage periods determined by the relevant legislation and MAIN have expired, personal data can be stored only to provide evidence in possible legal disputes or to assert the relevant right related to personal data or to establish a defense. Despite the expiry of the statute of limitations and the statute of limitations for the right to assert the aforementioned right in the establishment of the periods herein, the retention periods are determined based on the examples in the requests previously submitted to MAIN on the same issues. In this case, the stored personal data is not accessed for any other purpose, and only when necessary to use it in the relevant legal dispute, access to the relevant personal data is provided. Here, too, personal data is deleted, destroyed or anonymized after the aforementioned period expires.


 


12-RIGHTS AND REQUESTS OF THE PERSONAL DATA OWNER


 


You have the following rights regarding your personal data by applying to our Company in accordance with the procedure stipulated in accordance with Article 11 of the Law No. 6698.


Find out if it's processed
Requesting information if processed
Learning the purpose of processing and whether it is used in accordance with its purpose
Knowing the third parties to whom personal data is transferred at home or abroad
Requesting correction of personal data if it is incomplete or incorrectly processed
Requesting the deletion or destruction of personal data in case the reasons for the processing of personal data disappear
In cases where personal data are requested to be corrected if they are incomplete or incorrectly processed and the personal data is requested to be deleted or destroyed if the reasons requiring the processing of personal data disappear; Requesting notification of these transactions made to third parties to whom personal data is transferred
Objecting to the emergence of a result against you due to the analysis of the processed data exclusively with automated systems
Requesting the compensation of the damage in case you suffer damage due to unlawful processing of personal data
Personal data owners can submit their requests regarding their rights specified in Article 11 of the Law No. 6698 in writing in accordance with the "Communiqué on Application Procedures and Principles to the Data Controller" or by a registered electronic mail (KEP) address, secure electronic signature, mobile signature or the data controller by the person concerned. using the e-mail address previously notified and registered in the system of the data controller, or by adding the relevant information and documents to the data controller by means of a software or application developed for the purpose of application.


In the application; name, surname and signature if the application is written, for citizens of the Republic of Turkey T.C. identification number, nationality for foreigners, passport number or identification number, if any, place of residence or workplace address for notification, e-mail address for notification, telephone and fax number, if any, and the subject of the request.


Applications made via registered mail or notary public should be sent to the address of “Havacılar Caddesi Başbey site A block 3/B GAZİEMİR/İZMİR”.


Our company concludes the requests in the application as soon as possible and within 30 (thirty days) at the latest, according to the nature of the request and in accordance with the legislation.


In case the request of the person concerned is accepted, the request is fulfilled by our Company as soon as possible and the person concerned is informed.


 


13-CONDITIONS WHERE THE PERSONAL DATA OWNER CANNOT AGREE THEIR RIGHTS


 


Personal data owners, in accordance with Article 28 of the KVK Law, the following cases are excluded from the scope of the KVK Law:


a) Processing of personal data by real persons within the scope of activities related to themselves or their family members living in the same residence, provided that they are not given to third parties and that the obligations regarding data security are complied with.


b) Processing personal data for purposes such as research, planning and statistics by making them anonymous with official statistics.


c) Processing personal data for art, history, literature or scientific purposes or within the scope of freedom of expression, provided that they do not violate national defense, national security, public security, public order, economic security, privacy of private life or personal rights or constitute a crime.


ç) Personal data shall be scanned by public institutions and organizations that have been authorized by law to ensure national defense, national security, public security, public order or economic security.

processing within the scope of preventive, protective and intelligence activities carried out by


d) Processing of personal data by judicial authorities or execution authorities in relation to investigation, prosecution, trial or execution proceedings.


 


14-DELETE, DESTROY AND ANONYMIZATION OF PERSONAL DATA


 


In accordance with the legislation and the "Regulation on the Deletion, Destruction and Anonymization of Personal Data" issued by the Board, although it has been processed in accordance with the provisions of the relevant law, personal data is deleted in line with MAIN's own decision or upon the request of the personal data owner, in case the reasons requiring processing are eliminated, destroyed or anonymized.


This Policy has been prepared within the framework of the Law on the Protection of Personal Data and the legislation in force, and is made available to the relevant persons by being published on our website.


In case of inconsistency between the current legislation and the Policy, the provisions of the legislation will be applied with priority.


Click here to access the KVKK Request FormSoftware and hardware are installed, including requests, data vulnerability vulnerabilities, and firewalls.
All information systems, including the applications where personal data are collected, are regularly subjected to external impact tests to detect security vulnerabilities, and the gaps found according to the results of this test are closed.
Administrative measures taken are listed here, but not limited to:
MAIN employees, dealers and authorized service personnel are informed and trained on the law of protection of personal data and the processing of personal data in accordance with the law.
MAIN employees, dealers and authorized service employees; They were informed verbally and in writing about not using the personal data they learned within the scope of the activity in violation of the provisions of the KVK Law. Additional protocols are signed with the employees that these obligations will continue after they leave their positions.
All personal data processing activities carried out by MAIN; It is carried out in accordance with the personal data inventory and its annexes, created by analyzing all business units in detail.
Personal data processing activities carried out by the relevant departments within MAIN; The obligations to be fulfilled in order to ensure that these activities comply with the personal data processing requirements sought by the KVKK, are bound to the written policies and procedures by MAIN, and each department has been informed about this issue and the points to be considered specific to the activity it carries out have been determined.
With the persons to whom personal data is transferred by MAIN in accordance with the law; Additional agreements are made that contain provisions that the persons to whom personal data are transferred will take the necessary security measures for the protection of personal data and ensure that these measures are complied with in their own organizations.
In case the processed personal data is obtained by others illegally, MAIN will notify the person concerned and the Board as soon as possible.
 
8-PROTECTION OF PRIVATE PERSONAL DATA


 


With the KVK Law, special importance is attached to certain personal data due to the risk of causing victimization or discrimination when processed unlawfully. These data are; Data related to race, ethnicity, political thought, philosophical belief, religion, sect or other beliefs, clothing, association, foundation or union membership, health, sexual life, criminal conviction and security measures, and biometric and genetic data.


MAIN acts sensitively in the protection of special quality personal data, which is determined as "special quality" by the KVK Law and processed in accordance with the law. In this context, technical and administrative measures taken by MAIN for the protection of personal data within the scope of the Law and within the scope of the Board's principle decisions are meticulously implemented in terms of special quality personal data, and necessary audits are provided within MAIN.


 


9-INFORMING AND INFORMING PERSONAL DATA OWNERS


 


MAIN; In accordance with Article 10 of the KVK Law and the Communiqué on the Procedures and Principles to be Complied with in Fulfilling the Obligation of Clarification, it enlightens the personal data owners during the acquisition of personal data. In this context, Clarification Texts have been placed in areas that can be easily seen by employees, employee candidates, customers, visitors, shareholders and employees of the institutions we cooperate with, and third parties in dealers, authorized services, branches, agencies and offices. Clarification texts, cookie policy and application form are also published on www.mainrentacar.com addresses together with this policy.


 


10-TRANSFER OF PERSONAL DATA


 


MAIN can transfer the personal data and special quality personal data of the personal data owner to third parties, by taking the necessary security measures, in line with the purposes of personal data processing in accordance with the law. Personal data can be transferred by MAIN to foreign countries that are declared to have sufficient protection by the KVK Board or, in the absence of sufficient protection, to foreign countries where the data controllers in Turkey and the relevant foreign country undertake an adequate protection in writing and where the permission of the KVK Board is available. The reasons for the transfer are explained below:


If there is a clear regulation in the law regarding the transfer of personal data,
If it is necessary to transfer the personal data of the parties to the contract, provided that it is directly related to the establishment or performance of a contract,
If personal data transfer is necessary for MAIN to fulfill its legal obligation,
If personal data transfer is necessary for the establishment, exercise or protection of a right,
If personal data transfer is necessary for the legitimate interests of MAIN, provided that it does not harm the fundamental rights and freedoms of the personal data owner.
 
11- STORAGE TIMES OF PERSONAL DATA


 


If MAIN is stipulated in the relevant laws and regulations,Software and hardware are installed, including requests, data vulnerability vulnerabilities, and firewalls.
All information systems, including the applications where personal data are collected, are regularly subjected to external impact tests to detect security vulnerabilities, and the gaps found according to the results of this test are closed.
Administrative measures taken are listed here, but not limited to:
MAIN employees, dealers and authorized service personnel are informed and trained on the law of protection of personal data and the processing of personal data in accordance with the law.
MAIN employees, dealers and authorized service employees; They were informed verbally and in writing about not using the personal data they learned within the scope of the activity in violation of the provisions of the KVK Law. Additional protocols are signed with the employees that these obligations will continue after they leave their positions.
All personal data processing activities carried out by MAIN; It is carried out in accordance with the personal data inventory and its annexes, created by analyzing all business units in detail.
Personal data processing activities carried out by the relevant departments within MAIN; The obligations to be fulfilled in order to ensure that these activities comply with the personal data processing requirements sought by the KVKK, are bound to the written policies and procedures by MAIN, and each department has been informed about this issue and the points to be considered specific to the activity it carries out have been determined.
With the persons to whom personal data is transferred by MAIN in accordance with the law; Additional agreements are made that contain provisions that the persons to whom personal data are transferred will take the necessary security measures for the protection of personal data and ensure that these measures are complied with in their own organizations.
In case the processed personal data is obtained by others illegally, MAIN will notify the person concerned and the Board as soon as possible.
 
8-PROTECTION OF PRIVATE PERSONAL DATA


 


With the KVK Law, special importance is attached to certain personal data due to the risk of causing victimization or discrimination when processed unlawfully. These data are; Data related to race, ethnicity, political thought, philosophical belief, religion, sect or other beliefs, clothing, association, foundation or union membership, health, sexual life, criminal conviction and security measures, and biometric and genetic data.


MAIN acts sensitively in the protection of special quality personal data, which is determined as "special quality" by the KVK Law and processed in accordance with the law. In this context, technical and administrative measures taken by MAIN for the protection of personal data within the scope of the Law and within the scope of the Board's principle decisions are meticulously implemented in terms of special quality personal data, and necessary audits are provided within MAIN.


 


9-INFORMING AND INFORMING PERSONAL DATA OWNERS


 


MAIN; In accordance with Article 10 of the KVK Law and the Communiqué on the Procedures and Principles to be Complied with in Fulfilling the Obligation of Clarification, it enlightens the personal data owners during the acquisition of personal data. In this context, Clarification Texts have been placed in areas that can be easily seen by employees, employee candidates, customers, visitors, shareholders and employees of the institutions we cooperate with, and third parties in dealers, authorized services, branches, agencies and offices. Clarification texts, cookie policy and application form are also published on www.mainrentacar.com addresses together with this policy.


 


10-TRANSFER OF PERSONAL DATA


 


MAIN can transfer the personal data and special quality personal data of the personal data owner to third parties, by taking the necessary security measures, in line with the purposes of personal data processing in accordance with the law. Personal data can be transferred by MAIN to foreign countries that are declared to have sufficient protection by the KVK Board or, in the absence of sufficient protection, to foreign countries where the data controllers in Turkey and the relevant foreign country undertake an adequate protection in writing and where the permission of the KVK Board is available. The reasons for the transfer are explained below:


If there is a clear regulation in the law regarding the transfer of personal data,
If it is necessary to transfer the personal data of the parties to the contract, provided that it is directly related to the establishment or performance of a contract,
If personal data transfer is necessary for MAIN to fulfill its legal obligation,
If personal data transfer is necessary for the establishment, exercise or protection of a right,
If personal data transfer is necessary for the legitimate interests of MAIN, provided that it does not harm the fundamental rights and freedoms of the personal data owner.
 
11- STORAGE TIMES OF PERSONAL DATA


 


If MAIN is stipulated in the relevant laws and regulations,
Whatsapp Telefon