DATA PROTECTION NOTICE – GCA SPIRITS Website: www.gcaspirits.com
Brand Owner: Gürok Turizm ve Madencilik A.Ş. (“GCA Spirits”)
GCA Spirits is the data controller responsible for the collection and use of your personal data through this website. At
GCA Spirits, we value your privacy and are committed to protecting your personal data in accordance with applicable data
protection laws, including the General Data Protection Regulation (GDPR) and relevant national data protection
regulations. Security measures for the protection of your personal data by GCA Spirits are implemented at an appropriate
level, taking into account technological capabilities and potential risks. As GCA Spirits, we are committed to
processing the personal data you share with us only when necessary, in full confidentiality and in compliance with the
law. For this reason, we would like to inform you about the protection of your personal data and your legal rights in
this regard.
What Personal Data We Collect?
We may collect and process the following types of personal data when you interact with our website:
• Contact Information (e.g. name, email address, invoice address, phone number)
• Location and IP address
• Browser type and device data
• Interaction data (e.g. clicks, visited pages, form submissions)
• CRM and behavioral data (via Salesforce Pixel)
• Marketing and advertising preferences
• CAPTCHA verification data (via reCAPTCHA)
How We Collect Your Data?
The personal data provided above are collected and processed automatically through electronic means based on the legal
grounds set forth in Article 5(2) of the Law on the Protection of Personal Data (PPD Law), including: (a) being
explicitly prescribed by laws, (c) being directly related to the establishment or performance of a contract and
necessary for the processing of personal data of the parties to the contract, (d) being required for the data controller
to fulfill a legal obligation, (e) being necessary for the establishment, exercise, or protection of a right, and (f)
being necessary for the legitimate interests of the data controller, provided that such processing does not harm the
fundamental rights and freedoms of the data subject. The collection and processing are carried out in accordance with
the conditions set forth in Articles 5 and 6 of the PPD Law. We collect data through the following means:
• Forms you voluntarily complete on our website
• Cookies and tracking technologies
• Analytics tools (e.g. Google Analytics)
• CRM and advertising pixels (e.g. Salesforce, Meta, LinkedIn – if used)
Why We Use Your Data (Legal Bases)?
Your personal data are processed in accordance with the data processing conditions set forth in Articles 5 and 6 of the
PPD Law, limited to the purposes specified below, and in a manner that is lawful and in accordance with principles of
honesty. We use your data for the following purposes:
| Purpose |
Legal Basis |
| To respond to inquiries |
Consent / Legitimate interest |
| To improve our website |
Legitimate interest |
| To provide marketing communications |
Consent |
| To prevent spam and bots |
Legitimate interest / Legal obligation |
| To analyze usage and traffic |
Consent (via cookies) |
| CRM integration |
Consent |
How Long We Keep Your Data?
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required
by law.
Sharing Your Personal Data
Your personal data may be shared with the following recipients, limited to the purposes specified above, to the extent
necessary for transfer and in accordance with applicable data protection laws. We may share your data with trusted
third-party service providers who help us operate our website and deliver marketing services. These providers may
process data outside of the EU/EEA. In such cases, we ensure adequate safeguards are in place (e.g. Standard Contractual
Clauses):
•
Salesforce (CRM)
•
Google (Analytics, Ads, Tag Manager, reCAPTCHA)
•
Meta (Facebook/Instagram Pixel – if enabled)
•
LinkedIn (Insight Tag – if enabled)
•
Public authorities and other official bodies to fulfill our legal obligations.
•
Lawyers and judicial authorities to exercise or defend our legal rights.
•
Delivery and postal service providers to manage sales operations.
•
Financial institutions, electronic payment systems, audit firms, and tax service providers for
the execution of financial, accounting, and tax-related processes.
•
Technical support providers for the establishment, maintenance, and development of our technical
infrastructure and electronic systems, including platforms such as the Communication Management System for managing
electronic commercial communication permissions and complaints.
• Private legal entities, affiliates, group companies, shareholders, business partners, suppliers, and other third
parties involved in providing our services.
These personal data may be stored on servers or other electronic environments located within Turkey or abroad, and
international transfers are carried out only to the extent necessary for the relevant purpose, in compliance with
applicable laws and regulations (including Article 9 of the PPD Law), with appropriate technical, legal, and
administrative safeguards.
Your Rights Under the Law on the Protection of Personal Data
As a Data Subject, you have the following rights under Article 11 of the PPD Law:
• To find out whether your personal data are being processed.
• To request information if your personal data have been processed.
• To learn the purpose of processing and whether your personal data are used in accordance with that purpose.
• To be informed of third parties within or outside Turkey to whom your personal data are transferred.
• To request correction of your personal data if they are incomplete or inaccurate, and to have such corrections
communicated to third parties to whom the data have been transferred.
• To request the deletion, destruction, or anonymization of your personal data if the reasons requiring processing
no longer exist, even if the data were processed in compliance with the law, and to have such actions communicated to
third parties.
• To object to outcomes resulting from the analysis of your personal data solely through automated systems that
adversely affect you.
• To claim compensation for damages in case your personal data are processed unlawfully.
If you are located in the European Economic Area (EEA), you have the following rights:
• Right to access your data
• Right to rectification
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Right to withdraw consent at any time
• Right to lodge a complaint with a supervisory authority
Security of Your Data
We implement appropriate technical and organizational measures to protect your personal data against unauthorized
access, loss, or misuse.
Changes to This Privacy Notice
We may update this Privacy Notice from time to time to reflect legal or operational changes. Please revisit this page
periodically to stay informed.
Contact Us
As a Data Subject, you have the right to submit requests regarding your personal data under Article 11 of the PPD Law.
You can send your requests in writing or via the methods specified in the “Communiqué on the Procedures and
Principles for Application to the Data Controller” to:
•
Data Controller: Gürok Turizm ve Madencilik A.Ş.
•
Address: Eskişehir Karayolu Üzeri 5. km Merkez/Kütahya, Turkey
•
Phone/Fax: +90 (274) 225 06 60
•
Email: info@gurok.com
•
MERSIS No: 0446003024900114
We will respond to your requests in accordance with applicable data protection laws and within the legally prescribed
time frame.