Privacy Policy

Effective Date: 01.05.2025
Website: https://krmyacht.com
Data Controller: KRM Yat A.Ş.
Registered Address: Tarabya Mah. Fırınlar Sok. No:1/2, Sarıyer / İstanbul, Türkiye

1. Introduction

KRM Yacht A.Ş. (“KRM Yacht”, “we”, “our”, or “us”) is committed to protecting personal data and respecting the privacy of individuals who interact with our website, services, and communications.

This Privacy Policy explains how we collect, use, store, disclose, and otherwise process personal data when you:

  • visit our website,

  • submit a yacht refit inquiry,

  • contact us via email, forms, or communication tools,

  • interact with embedded services,

  • apply for employment, or

  • otherwise communicate with us.

Personal data is processed primarily in accordance with the Turkish Personal Data Protection Law No. 6698 (“KVKK”) and applicable regulations.

Where relevant, certain data processing activities may also involve individuals located in the European Union, in which case applicable data protection principles under the General Data Protection Regulation (GDPR) may also be considered.

2. Categories of Personal Data We Collect

Depending on how you interact with us, we may collect the following categories of personal data.

Identity and Contact Information

Name, surname, email address, phone number, company name, country, and other contact details provided by you.

Inquiry and Communication Data

Information contained in messages sent through:

  • website contact forms

  • yacht refit inquiry forms

  • email communications

  • WhatsApp communication links

  • attachments or documents shared with us

Yacht Refit Inquiry Data

Information relating to yacht refit projects, including:

  • yacht specifications

  • project scope

  • technical requirements

  • photographs, drawings, or documentation

  • project timeline expectations

  • any information voluntarily provided to evaluate a refit request.

Recruitment Data

Information provided when applying for a job, including:

  • CV / resume

  • employment history

  • education

  • qualifications

  • references

  • other application materials.

Technical and Usage Data

Automatically collected technical data including:

  • IP address

  • browser type

  • device information

  • operating system

  • website interaction data

  • server logs

  • security and spam-prevention logs.

Marketing Preferences

Information relating to your preferences for receiving newsletters, updates, or promotional communications.

3. How We Collect Personal Data

Personal data may be collected in the following ways:

Directly From You

When you:

  • complete forms on our website

  • submit yacht refit inquiries

  • contact us via email

  • communicate via WhatsApp links

  • apply for employment

  • send documents or project information.

Automatically

Through technologies such as:

  • cookies and similar technologies

  • analytics services

  • security systems

  • server logs.

Please see our Cookie Policy for more information.

From Third Parties

Where legally permitted and relevant, information may be obtained from business partners, recruitment processes, or public sources.

4. Purposes of Processing

We process personal data for the following purposes:

  • operating and maintaining our website

  • responding to inquiries and communications

  • evaluating yacht refit requests

  • preparing quotations and proposals

  • managing pre-contractual and contractual processes

  • providing customer support

  • managing client relationships

  • improving website functionality and performance

  • ensuring website security and preventing abuse

  • evaluating job applications

  • sending marketing communications where legally permitted

  • complying with legal and regulatory obligations

  • protecting our legal rights and interests.

5. Legal Basis for Processing

Under the Turkish Personal Data Protection Law (KVKK), personal data may be processed on the basis of:

  • explicit consent

  • necessity for the establishment or performance of a contract

  • compliance with legal obligations

  • legitimate interests of the data controller provided fundamental rights are not harmed

  • situations expressly permitted by law.

Where GDPR may apply to a specific processing activity, we rely on the applicable lawful bases such as consent, legitimate interest, or contractual necessity.

6. Sharing of Personal Data

We do not sell personal data.

Personal data may be shared where necessary with:

  • website hosting providers

  • cloud infrastructure providers

  • content delivery and security providers

  • analytics and tag management providers

  • communication and email service providers

  • IT maintenance and cybersecurity providers

  • legal, financial, and professional advisors

  • subcontractors or partners supporting yacht refit services

  • recruitment service providers

  • public authorities where required by law.

All third parties are expected to process personal data only for legitimate business purposes and in accordance with applicable laws.

7. International Data Transfers

Some technical infrastructure used in connection with our website or communications may involve processing or storage of data outside Türkiye.

This may occur through services related to:

  • website hosting

  • cloud infrastructure

  • content delivery networks

  • analytics tools

  • security tools

  • embedded services

  • email systems.

Where personal data is transferred abroad, such transfers are conducted in accordance with Article 9 of Law No. 6698 and applicable legal safeguards.

Where relevant, appropriate safeguards such as contractual protections or consent-based mechanisms may be applied.

8. Data Retention

Personal data is retained only for as long as necessary to fulfill the purposes described in this Privacy Policy or as required by applicable law.

Retention periods may vary depending on the type of data and the purpose of processing.

Once personal data is no longer required, it will be securely deleted, destroyed, or anonymized in accordance with applicable regulations.

9. Your Rights

Under KVKK

Under Article 11 of the Turkish Personal Data Protection Law, you have the right to:

  • learn whether your personal data is processed

  • request information about the processing

  • learn the purpose of processing

  • learn third parties to whom data is transferred

  • request correction of inaccurate data

  • request deletion or destruction of personal data

  • request notification of such actions to third parties

  • object to automated decision-making

  • request compensation for unlawful processing.

To exercise these rights, please contact us.

Where GDPR May Apply

Where applicable, individuals located in the European Union may have additional rights including:

  • access

  • rectification

  • erasure

  • restriction of processing

  • objection to processing

  • data portability.

10. Cookies and Similar Technologies

Our website uses cookies and similar technologies for:

  • essential website functionality

  • website security and spam prevention

  • performance measurement and analytics

  • embedded third-party services

  • advertising measurement where applicable.

We use a cookie consent management tool that allows users to accept, reject, or customize their cookie preferences before non-essential cookies are activated.

For full details, please see our Cookie Policy.

11. Website Infrastructure and Third-Party Tools

Our website may use third-party technologies to support hosting, performance, analytics, security, and communication.

These may include services associated with:

  • website hosting infrastructure

  • content delivery networks and security protection

  • analytics and tag management

  • embedded video and maps

  • spam and bot protection

  • advertising measurement

  • communication tools.

These services may process technical data such as IP addresses or browser data as part of their operation.

12. Recruitment Data Processing

When you submit a job application to [email protected] or via our website, we may process personal data included in your application materials, such as your name, contact details, CV/resume, employment history, education, qualifications, and any other information you choose to provide.

Purpose

To evaluate your application for current open positions, communicate with you regarding your application, and manage the recruitment process.

If you provide your separate consent, we may also retain your application data for up to 1 year in order to consider you for future suitable employment opportunities.

Legal Basis

Processing may rely on:

  • legitimate interests in managing recruitment processes,

  • legal obligations where applicable, and

  • your explicit consent where required, including where your application is retained for future opportunities.

Collection Method

Your personal data may be collected directly from you through the application form on our website, by email, and through documents you submit as part of your application.

Recipients / Transfers

Your personal data may be accessed by authorized HR personnel, relevant managers involved in recruitment, and service providers supporting email, website hosting, and related technical infrastructure. Where such systems are located outside Türkiye or use infrastructure outside Türkiye, your personal data may be transferred abroad in accordance with applicable law.

Retention

Application data is retained only for as long as necessary for the active recruitment process. Where you provide separate consent for future opportunities, your application data may be retained for up to 1 year from the date of your application, unless you withdraw your consent earlier.

You may request deletion of your application data or exercise your rights at any time by contacting [email protected] or [email protected].

13. Yacht Refit Inquiry Data Processing

When you submit a yacht refit inquiry via our website or email, we may process information including:

  • name and contact details

  • yacht specifications

  • project requirements

  • photos, drawings, and documents

  • project timeline or technical information.

Purpose

To evaluate refit requests, communicate with you, prepare quotations, assess technical feasibility, and manage pre-contractual service processes.

Legal Basis

Processing may rely on:

  • steps taken prior to entering into a contract

  • legitimate interests in managing client inquiries

  • legal obligations where applicable.

Recipients

Data may be shared with technical teams, subcontractors, or service providers involved in evaluating or performing refit services.

Retention

Refit inquiry data is retained only as long as necessary for evaluation, communication, and potential service delivery.

14. Marketing Communications

Where legally permitted, we may send newsletters, updates, or promotional communications.

Where required by law, such communications will only be sent with your consent.

You may opt out of marketing communications at any time.

15. Data Security

We implement reasonable technical and organizational measures designed to protect personal data against:

  • unauthorized access

  • misuse

  • loss

  • unlawful disclosure

  • alteration.

However, no internet transmission or storage system can be guaranteed to be completely secure.

16. Children’s Privacy

Our services are not directed to children, and we do not knowingly collect personal data from children without appropriate legal basis or parental involvement where required.

17. Changes to This Policy

We may update this Privacy Policy from time to time to reflect legal, operational, or technical changes.

Any updates will be published on this page with an updated Effective Date.

18. Contact

If you have questions about this Privacy Policy or the processing of personal data, please contact:

KRM Yat A.Ş.

Email: [email protected]
Phone: +90 212 26 26 7 26
Address: Tarabya Mah. Fırınlar Sok. No:1/2, Sarıyer / İstanbul, Türkiye