Cozy App Application
Privacy Policy
Effective Date: October 4, 2025
This Privacy Policy applies to the processing and protection of personal data in transactions conducted through the Çayağzı Facilities reservation website and/or mobile application (“Platform”) operated by RMA YAPCO OTEL İŞLETMELERİ ANONIM SIRKETI[Title] (“Company”) through the Çayağzı Facilities reservation website and/or mobile application (“Platform”) in accordance with the Personal Data Protection Law No. 6698 (“KVKK”) and secondary legislation.
1. Data Controller and Contact Information
- The data controller in accordance with the KVKK is: RMA YAPCO OTEL İŞLETMELERİ ANONIM SIRKETI [Company Name]. Address: [ Siteler Mah. Necmettin Giritlioğlu Cad. No:23 Aliağa/İzmir ] | MERSIS: [0332100520500001] | Phone: [90 232 966 83 83] | E-posta: info@rmaholding.com.tr [kvkk@rmaholding.com.tr]
You can submit your requests under the KVKK using the “KVKK Application Form” via the above communication channels.
2. Scope and Principles
The Policy covers the personal data of all individuals (“Data Subjects”) who visit the Platform, make reservations, or use the communication/call center channels. The Company complies with the principles of processing in accordance with the law and rules of good faith, keeping accurate and up-to-date, processing for specific/clear/legitimate purposes, being relevant, limited, and proportionate to the purpose, and retaining for the period required by the relevant legislation or necessary for the purpose for which they are processed.
3. Personal Data Collected
The following personal data may be processed on the Platform:
• Identity and Contact: First and last name, phone number, email address.
• Transaction Information: Reservation date/time, number of people, facility/table/area preference, request notes.
• Transaction Security and Usage: IP address, device/cookie information, session logs, log records, campaign/communication preferences.
• Customer Relations: Feedback, complaint/call center records, survey responses.
• Payment (if applicable): Payment method, authorization/transaction references (your credit card information is not retained by the Company; it is processed by the payment institution/provider).
4. Processing Purposes and Legal Grounds
• Execution of reservation processes, confirmation, cancellation/change management, informing you (KVKK m.5/2‑c: establishment or performance of the contract).
• Execution of customer relations and support processes; request/complaint management (KVKK m.5/2-e: establishment, exercise, or protection of a right; m.5/2-f: legitimate interest).
• Ensuring platform security, preventing fraud, keeping log records (KVKK m.5/2-f: legitimate interest; Law No. 5651 and related legislation).
• Finance and accounting operations, invoicing, and auditing (KVKK m.5/2‑ç: legal obligation; VUK/TTK).
• Marketing/personalization/segmentation activities, sending commercial electronic communications (only with your explicit consent and/or approval under Law No. 6563).
5. Collection Method
Your personal data is obtained electronically or physically through forms on the Platform, cookies and similar technologies, call centers, SMS/e-mail channels, physical forms, business/contractual relationships, and records from our suppliers and business partners.
6. Transfers and Recipient Groups
• IT/infrastructure, hosting, maintenance-support, and cybersecurity suppliers (data processors).
• SMS/email providers, call center service providers (data processors).
• Payment institutions (if any), banks, accounting/finance and independent audit firms.
• Lawyers, mediators, and authorized institutions and organizations in the event of legal disputes.
• Group companies and business partners (only when necessary and limited to the purpose).
Your personal data may be transferred within the country under Article 8 of the KVKK and abroad under Article 9 of the KVKK when protection commitments/transfer mechanisms in accordance with the KVKK and the Board’s decisions are provided.
7. Retention Periods
Personal data is retained for the period required by applicable legislation or necessary for the purposes of processing. Example periods:
• Reservation and customer relationship records: 10 years (Turkish Commercial Code (TTK) Article 82 and related regulations).
• Financial/accounting documents: 10 years (Tax Procedure Law/Turkish Commercial Code).
• Transaction security and log records: at least 2 years (Law No. 5651 and related regulations).
• Marketing data: until explicit consent is withdrawn or for a maximum of 3 years; upon withdrawal, it is deleted/anonymized.
• Complaint/call center records: 3 years.
At the end of the period, data is deleted, destroyed, or anonymized in accordance with the Law.
8. Cookies and Similar Technologies
The Platform may use essential cookies, performance/analytics cookies, and optional cookies. You can manage your cookie preferences in your browser settings; you can give/withdraw consent for optional cookies via the consent interface. For details, see the Cookie Disclosure Text.
9. Data Subject Rights (KVKK Art. 11)
• Learning whether your personal data is being processed and requesting information,
• To learn the purpose of processing and whether it is being used for that purpose,
• To know the third parties to whom your personal data has been transferred within or outside the country,
• Requesting the correction of incomplete or incorrect processing,
• Requesting their deletion/destruction in accordance with the provisions of the KVKK and related legislation,
• Request notification of these actions to third parties to whom the data has been transferred,
• Objecting to any adverse outcome resulting from analysis conducted through automated systems,
• Request compensation for any material damage incurred.
You may submit your requests to the Company in writing, along with documents proving your identity, or via your registered email address. Your requests will be resolved within the time limits specified in the KVKK.
10. Commercial Electronic Communications
SMS/e-mail messages for promotional and campaign purposes are sent only with your consent. You may withdraw your consent at any time; in this case, promotional messages will not be sent (transaction/reservation notifications may continue).
11. Security Measures
The Company implements administrative and technical measures to prevent unauthorized access, data loss, or unlawful processing: limiting access rights, encryption during transmission/storage, network/security controls, logging, backup, penetration testing, contractual obligations of data processors, etc.
12. Policy Updates
This Policy may be updated in line with changes in legislation and practices. The current version shall enter into force on the date it is published on the Platform.
13. Information Notice and KVKK Approval
By approving the Information Text we provide during membership/reservation on the Platform and reading and accepting the KVKK text, you continue with your transactions. This Privacy Policy is a supplement to the Information Text; in case of any conflict, the provisions of the Information Text shall prevail.