Citio

Privacy and Return Policy

April 24, 2026

Citio Dijital Teknoloji ve Tic A.Ş. ("Citio," "we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how your personal information is collected, used, and disclosed by Citio. It applies to our website citioapp.com and its associated subdomains, alongside our mobile application, Citio (collectively, our "Service"). By accessing or using our Service, you agree to the collection, storage, use, and disclosure of your personal information as described in this Privacy Policy.

1. Data Controller Information

Under Turkish Law No. 6698 on the Protection of Personal Data ("KVKK"), Citio Dijital Teknoloji ve Tic A.Ş. acts as the Data Controller for the personal data processing activities described in this policy.

Contact Information

  • Company: Citio Dijital Teknoloji ve Tic A.Ş.
  • Address: Akat Mah. Zeytinoğlu Cad Selçuklar Sok. Eti Apt B/6 Beşiktaş, İstanbul
  • Email: info@citioapp.com
  • Website: citioapp.com

2. Definitions

  • Cookie: A small data file stored on your device by your web browser to identify your browser, provide analytics, and remember information such as language preferences or login information.
  • Personal Data: Any information that directly, indirectly, or in connection with other information allows for the identification of a natural person.
  • Service: The services provided by Citio through our website and mobile application.
  • You / User: Any person or entity that accesses or uses our Service.

3. Categories of Data Subjects and Data Types

Customers and Users

Data Collected: Name, contact information, passport number, postal code, phone number, payment data, booking history, IP address, device identifiers, location data.

Purpose: Service provision, transaction processing, customer support, legal compliance.

Website Visitors

Data Collected: IP address, browser type, device identifiers, cookies, online behavior data.

Purpose: Website functionality, security, analytics, user experience improvement.

Employees and Job Applicants

Data Collected: Identification data, contact information, CV/resume, payroll data (employees), performance records.

Purpose: Recruitment, HR management, payroll processing, legal compliance.

Business Partners and Suppliers

Data Collected: Name, title, contact information, bank details, contract information.

Purpose: Contract performance, payments, business relationship management.

4. Legal Basis for Processing

Personal data is processed under KVKK Articles 5 and 6, and GDPR Article 6 (where applicable), based on:

  • Explicit consent — e.g., marketing communications.
  • Contract performance — e.g., service delivery, bookings.
  • Legal obligations — e.g., tax records, employment law.
  • Legitimate interests — e.g., fraud prevention, service improvement, provided fundamental rights are not harmed.

5. Information Collection

Information You Provide

We collect information you voluntarily provide, including:

  • Account registration details (name, email, phone)
  • Payment information for transactions
  • Communication content (support requests, feedback)
  • Profile information and preferences

Automatically Collected Information

  • Technical data: IP address, browser type, device characteristics, operating system, browser plug-in types and versions, time zone settings.
  • Usage data: Pages visited, time spent, clickstream data with date and time stamps, feature usage, page response times, download errors, length of visits to specific pages.
  • Interaction data: Page interaction information (scrolling, clicks, mouse-overs), methods used to browse away from pages.
  • Location data: General geographic location based on IP address.
  • Purchase history: Aggregated with similar information from other users for analytics.
  • Cookie data: As described in our Cookie section below.
  • Customer service data: Phone numbers given.

Third-Party Information

We may receive information from:

  • Fraud prevention services
  • Social media platforms (publicly available information only)
  • Business partners and affiliates

6. How We Use Your Information

We use collected information to:

  • Provide and maintain our Service
  • Process transactions and bookings
  • Communicate with you about our Service
  • Improve our Service based on usage patterns
  • Prevent fraud and ensure security
  • Comply with legal obligations
  • Send marketing communications (with consent)
  • Administer contests, promotions, surveys, and other site features
  • Manage call center interactions and customer support

7. Data Sharing and Transfers

Service Providers

We share personal data with trusted third-party service providers who assist us with:

  • IT infrastructure and hosting
  • Payment processing
  • Customer support
  • Analytics and marketing
  • Legal and professional services

Business Transfers

In the event of a merger, acquisition, or sale of assets, personal data may be transferred to the acquiring entity, subject to the same privacy protections.

Legal Requirements

We may disclose personal data when required by law, court order, or to protect our rights, safety, or the rights of others.

International Transfers

Personal data may be transferred to countries outside Turkey and the EEA. We implement appropriate safeguards including:

  • Standard contractual clauses
  • Adequacy decisions by relevant authorities
  • Explicit consent where required

8. Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Ensure website functionality
  • Analyze usage patterns
  • Personalize content
  • Serve relevant advertisements

Types of Storage Technologies

  • Cookies: Small data files stored on your device for identification and analytics.
  • Flash Cookies (Local Shared Objects): Used for fraud prevention and enhanced functionality.
  • Local Storage (DOM Storage): Provides persistent data storage with greater capacity than cookies.
  • Sessions: Small data pieces to identify areas of our website you've visited.

Most browsers allow you to control cookies through their settings. Disabling cookies may affect website functionality.

Third-Party Tracking

  • Google Analytics: Website analytics (subject to Google's privacy policy).
  • Facebook Pixel: Advertising effectiveness (subject to Facebook's privacy policy).
  • Google Maps API: Location services (subject to Google's privacy policy).
  • Google Tag Manager: Managing and deploying tracking codes.
  • Hotjar: User behavior analytics such as heatmaps and recordings.
  • Facebook (Meta): Social media integrations and advertising.
  • Google Ads: Online advertising campaigns.

Remarketing Services

We use remarketing services to serve advertisements across the internet to people who have previously visited our website. This creates a personalized advertising experience that may appear as though we are "following" you on the websites and platforms you visit most frequently. These services operate according to their respective privacy policies.

9. Data Retention

We retain personal data only as long as necessary for the purposes outlined in this policy or as required by law.

  • Customer data: Until account deletion plus 6 years for legal/tax purposes.
  • Transaction records: 7 years, as required by Turkish commercial law.
  • Marketing data: Until consent is withdrawn.
  • Website analytics: 26 months.

Upon expiry, data is securely deleted or anonymized.

10. Your Rights

Under KVKK (Turkish residents)

  • Right to be informed about data processing
  • Right to access your personal data
  • Right to request correction of inaccurate data
  • Right to deletion (under specific conditions)
  • Right to object to processing
  • Right to data portability
  • Right to lodge a complaint with supervisory authorities

Under GDPR (EEA residents)

All KVKK rights, plus:

  • Right to restrict processing
  • Right not to be subject to automated decision-making
  • Right to withdraw consent at any time

To exercise your rights, contact us at info@citioapp.com. We will respond within 30 days and may require identity verification.

11. Data Security

We implement technical and organizational measures to protect personal data, including:

  • SSL encryption for data transmission
  • Access controls and authentication
  • Regular security assessments
  • Staff training on data protection
  • Incident response procedures

To protect information from inadvertent loss, we maintain backup systems. This means that a copy of your information may exist in a non-erasable form that may be difficult or impossible for us to locate. However, we commit to updating, correcting, or deleting all personal information stored in databases we actively use and other readily searchable media as soon as reasonably and technically practicable upon your request.

12. Marketing Communications

We may send marketing communications with your explicit consent. You can:

  • Unsubscribe using links in our emails
  • Contact us to opt out of all marketing
  • Update your communication preferences in your account settings

13. Third-Party Links and Services

Our Service may contain links to third-party websites, integrate third-party services, or use third-party tools for various functionalities. This Privacy Policy does not apply to such third-party services.

Third-Party Tools We Use

  • Google Analytics: Collects website usage data.
  • Facebook Pixel: Tracks advertising effectiveness.
  • Google Maps API: Provides location services.
  • Payment processors: Handle transaction processing.
  • Customer support tools: May collect communication data.

Important Notes

  • These third parties may collect data directly from your device.
  • They operate under their own privacy policies and terms of service.
  • We do not control their data practices.
  • Some tools may use cookies or similar tracking technologies.
  • Data collected by third parties may be subject to different retention periods and geographic locations.

Your Control

  • You can disable cookies to limit some third-party data collection.
  • Review third-party privacy policies for opt-out options.
  • Contact us if you have concerns about specific third-party integrations.

We encourage you to read the privacy policies of any third-party services you interact with through our platform.

14. International Users

Governing law: This Privacy Policy is governed by Turkish law.

Cross-border transfers: By using our Service, you consent to the transfer of your information to Turkey and other countries where we operate, which may have different data protection laws than your country of residence.

15. Changes to This Policy

We may update this Privacy Policy periodically. All changes can be found at: citioapp.com/en/page/privacy-policy

16. Return Policy

  • Booking events: If the purchased item is for a booking event, it can be returned at least 24 hours before the event starts.
  • Tangible products: If it is a tangible product and you are located in Istanbul, it can be returned within 24 hours of receipt.

For return requests, please contact us using the information in the Contact section below.

17. Contact Information

For questions about this Privacy Policy or our data practices:

This Privacy Policy was last updated on September 26, 2025. Please review it regularly for any changes.