Last updated: September 5, 2025
Effective date: [September 5, 2025]
1) Data Controller and Contact
This Privacy Policy applies to the website [codedesign.com.tr] and associated digital channels operated by CODE Design (“Company,” “we”).
Title: [CODE Design Interior Architecture and Design Inc.]
Address: [Gazi Umur Paşa Sok. Balmumcu Plaza 2 No:32 D:11-12 34349 Beşiktaş – Istanbul]
MERSİS/TAX NO: [2111289978]
E-mail: [info@codedesign.com.tr]
Phone: [0 (212) 347 40 52]
2) Scope
This policy; This data processing concerns the processing of personal data of all natural persons (relevant persons), including users who visit our website, those who fill out contact/offer forms, e-newsletter subscribers, job applicants, and our customer representatives.
3) Data Categories We Collect
We may process the following personal data based on your visit and interactions:
Technical Data: IP address, browser/device information, cookie identifiers, session information, and log records.
Communication Data: Name, surname, email, telephone, company/title, message content (contact/offer forms).
Marketing Data: E-newsletter preference, campaign/interaction records, and approval/rejection statuses.
Customer Transaction Data: Request/offer records, purchase intent/product interests (corporate sales processes).
Candidate Data (optional): CV, resume information (if you use a career/recruitment form).
4) Our Processing Purposes and Legal Grounds
Your personal data is processed for the following purposes and for the legal grounds stipulated in Article 5 of the Personal Data Protection Law:
- Site security and performance, error/fault detection: Legitimate interest (Article 5/2-f).
- Visitor analytics and experience improvement (cookies/analytics): Explicit consent (Article 5/1) or legitimate interest (depending on the type of cookie).
- Response to contact requests/offers: Establishment/performance of the contract (Article 5/2-c) and legitimate interest (Article 5/2-f).
- Commercial messages (newsletters, campaigns): Explicit consent (Article 5/1) and IYS legislation.
- Fulfillment of legal obligations: Legal obligation (Article 5/2-ç).
- Dispute resolution, preservation of evidence: Legitimate interest (Article 5/2-f).
- Additional legal bases under the GDPR for visitors from the European Economic Area: contract (Article 6/1-b), legal obligation (Article 6/1-c), legitimate interest (Article 6/1-f), explicit consent (Article 6/1-a).
5) Cookies and Similar Technologies
Our site may use mandatory, functional, performance/analytical, and marketing cookies.
- Mandatory cookies: Necessary for the site to function (consent is not required).
- Analytics/performance cookies: Traffic and usage analysis (may require consent).
- Marketing/personalization cookies: Content/ad personalization (requires consent).
Cookie Management
You can set your preferences through the cookie notice displayed on your first visit and update them at any time via the [Cookie Preferences] link. You can reject/delete cookies through your browser settings; however, this may limit some site functionality.
Examples of third-party services used (edit if applicable): Google Analytics, Meta Pixel, YouTube embeds. These providers may process data abroad (e.g., the USA) in accordance with their own privacy policies.
6) Data Transfer and International Transfer
- Service Providers: Your data may be transferred to providers such as hosting, email, backup, security, analytics, and customer communication tools.
- International Transfer: Infrastructure/service providers may be located abroad. In this case, the necessary security measures, standard contractual clauses, and/or your explicit consent are provided in accordance with the Personal Data Protection Law and relevant legislation.
- Legal Obligations: Data may be transferred to authorized institutions/authorities in accordance with legislation.
7) Retention Periods
- Technical/log data: [12 months]
- Communication/offer records: [3 years]
- Marketing data (newsletters/permissions): Until permission is withdrawn or the purpose is void + the legal limitation period
- Legal Dispute Data: For the duration of the dispute/dispute + legal retention periods.
Upon expiration of this period, data is deleted, destroyed, or anonymized using legally compliant methods.
8) Security
Personal data is protected against unauthorized access, disclosure, loss, and modification by administrative and technical measures: access control, encryption during transmission/storage (to the extent applicable), logging, backups, staff training, supplier evaluations, etc.
9) Your Data Subject Rights
According to Article 11 of the Personal Data Protection Law;
- You have the right to learn whether your personal data is being processed,
- If so, to request information about it,
- To learn whether it is being used for its intended purpose,
- To know the third parties to whom it has been transferred, both domestically and internationally,
- To request rectification if it is incompletely/inaccurately processed,
- To request erasure/destruction (if applicable),
- To request restriction of processing (within the scope of the GDPR),
- To object to processing activities,
- To withdraw your consent at any time,
- To claim compensation if you suffer damage.
Recourse
You can submit your requests regarding your rights in accordance with the "Communiqué on the Procedures and Principles for Applications to the Data Controller":
You have the right to withdraw your consent at any time, and to claim compensation if you suffer damage.
Recourse
You can submit your requests regarding your rights in accordance with the "Communiqué on the Procedures and Principles for Applications to the Data Controller" via:
- E-mail: [info@codedesign.com.tr] (If you have a registered email address/KEP, please specify: [your KEP address])
- Postal: [Gazi Umur Paşa Sok. Balmumcu Plaza 2 No:32 D:11-12 34349 Beşiktaş – Istanbul] – "KVKK Information Request"
- Form: [https://codedesign.com.tr/contact] (if applicable). Your requests will be answered within 30 days. If the process requires additional costs, a fee may be charged according to the tariff determined by the Board in accordance with the KVKK.
10) Children's Data
Our website is intended for a general audience. We do not knowingly collect data from persons under the age of 18. Data collected inadvertently will be deleted within a reasonable timeframe when detected.
11) Policy Changes
We may update this policy from time to time. The updated version will be effective on the date it is published. You can find the "Last updated" date at the top of the page.