Privacy and Return Policy

September 26, 2025


Citio Privacy Policy

Effective Date: September 1, 2025 Last Updated: September 26, 2025

Citio Dijital Teknoloji ve Tic A.Ş. ("Citio," "we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how your personal information is collected, used, and disclosed by Citio.

This Privacy Policy applies to our website https://citioapp.com/ and its associated subdomains, alongside our mobile application, Citio (collectively, our "Service"). By accessing or using our Service, you agree to the collection, storage, use, and disclosure of your personal information as described in this Privacy Policy.


  • Data Controller Information

  • Under Turkish Law No. 6698 on the Protection of Personal Data ("KVKK"), Citio Dijital Teknoloji ve Tic A.Ş. acts as the Data Controller for the personal data processing activities described in this policy.

    Contact Information:


    • Company: Citio Dijital Teknoloji ve Tic A.Ş.

    • Address: Akat Mah. Zeytinoğlu Cad Selçuklar Sok. Eti Apt B/6 Beşiktaş İstanbul

      Email: info@citioapp.com

    • Website: https://citioapp.com/


  • Definitions

    • Cookie: A small data file stored on your device by your web browser to identify your browser, provide analytics, and remember information such as language preferences or login information.

    • Personal Data: Any information that directly, indirectly, or in connection with other information allows for the identification of a natural person.

    • Service: The services provided by Citio through our website and mobile application.

    • You/User: Any person or entity that accesses or uses our Service.

  • Categories of Data Subjects and Data Types

  • Customers and Users

  • Data Collected: Name, contact information, passport number, postal code, phone number, payment data, booking history, IP address, device identifiers, location data

    Purpose: Service provision, transaction processing, customer support, legal compliance


  • Website Visitors

  • Data Collected: IP address, browser type, device identifiers, cookies, online behavior data

    Purpose: Website functionality, security, analytics, user experience improvement


  • Employees and Job Applicants

  • Data Collected: Identification data, contact information, CV/resume, payroll data (employees), performance records

    Purpose: Recruitment, HR management, payroll processing, legal compliance


  • Business Partners and Suppliers

  • Data Collected: Name, title, contact information, bank details, contract information


    Purpose: Contract performance, payments, business relationship management


  • Legal Basis for Processing

  • Personal data is processed under KVKK Articles 5 and 6, and GDPR Article 6 (where applicable), based on:

    • Explicit consent (e.g., marketing communications)

    • Contract performance (e.g., service delivery, bookings)

    • Legal obligations (e.g., tax records, employment law)

    • Legitimate interests (e.g., fraud prevention, service improvement), provided fundamental rights are not harmed


  • Information Collection

  • Information You Provide

  • We collect information you voluntarily provide, including:

    • Account registration details (name, email, phone)

    • Payment information for transactions

    • Communication content (support requests, feedback)

    • Profile information and preferences


  • Automatically Collected Information

  • We automatically collect:


    • Technical Data: IP address, browser type, device characteristics, operating system, browser plug-in types and versions, time zone settings

    • Usage Data: Pages visited, time spent, clickstream data with date and time stamps, feature usage, page response times, download errors, length of visits to specific pages

    • Interaction Data: Page interaction information (scrolling, clicks, mouse-overs), methods used to browse away from pages

    • Location Data: General geographic location based on IP address

    • Purchase History: Aggregated with similar information from other users for analytics

    • Cookie Data: As described in our Cookie section below

    • Customer Service Data: Phone numbers given


  • Third-Party Information

  • We may receive information from:


    • Fraud prevention services

    • Social media platforms (publicly available information only)

    • Business partners and affiliates


  • How We Use Your Information

  • We use collected information to:


    • Provide and maintain our Service

    • Process transactions and bookings

    • Communicate with you about our Service

    • Improve our Service based on usage patterns

    • Prevent fraud and ensure security

    • Comply with legal obligations

    • Send marketing communications (with consent)

    • Administer contests, promotions, surveys, and other site features

    • Manage call center interactions and customer support


  • Data Sharing and Transfers

  • Service Providers

  • We share personal data with trusted third-party service providers who assist us with:


    • IT infrastructure and hosting

    • Payment processing

    • Customer support

    • Analytics and marketing

    • Legal and professional services


  • Business Transfers

  • In the event of a merger, acquisition, or sale of assets, personal data may be transferred to the acquiring entity, subject to the same privacy protections.


  • Legal Requirements

  • We may disclose personal data when required by law, court order, or to protect our rights, safety, or the rights of others.


  • International Transfers

  • Personal data may be transferred to countries outside Turkey and the EEA. We implement appropriate safeguards including:

    • Standard contractual clauses

    • Adequacy decisions by relevant authorities

    • Explicit consent where required


  • Cookies and Tracking Technologies

  • We use cookies and similar technologies to:


    • Ensure website functionality

    • Analyze usage patterns

    • Personalize content

    • Serve relevant advertisements


    Types of Storage Technologies:


    • Cookies: Small data files stored on your device for identification and analytics

    • Flash Cookies (Local Shared Objects): Used for fraud prevention and enhanced functionality

    • Local Storage (DOM Storage): Provides persistent data storage with greater capacity than cookies

    • Sessions: Small data pieces to identify areas of our website you've visited


    Cookie Management: Most browsers allow you to control cookies through their settings. Disabling cookies may affect website functionality.

    Third-Party Tracking:


    • Google Analytics: For website analytics (subject to Google's privacy policy)

    • Facebook Pixel: For advertising effectiveness (subject to Facebook's privacy policy)

    • Google Maps API: For location services (subject to Google's privacy policy)

    • Google Tag Manager: For managing and deploying tracking codes (subject to Google's privacy policy)

    • HotJar.com: For user behavior analytics such as heatmaps and recordings (subject to Hotjar’s privacy policy)

    • Facebook (Meta): For social media integrations and advertising (subject to Meta’s privacy policy)

    • Google Ads: For online advertising campaigns (subject to Google’s privacy policy)


  • Remarketing Services

  • We use remarketing services to serve advertisements across the internet to people who have previously visited our website. This creates a personalized advertising experience that may appear as though we are 'following' you on the websites and platforms you visit most frequently. These services operate according to their respective privacy policies.


  • Data Retention

  • We retain personal data only as long as necessary for the purposes outlined in this policy or as required by law. Specific retention periods:

    • Customer Data: Until account deletion plus 6 years for legal/tax purposes

    • Transaction Records: 7 years as required by Turkish commercial law

    • Marketing Data: Until consent is withdrawn

    • Website Analytics: 26 months


    Upon expiry, data is securely deleted or anonymized.


  • Your Rights

  • Depending on your location, you may have the following rights:


  • Under KVKK (Turkish residents)

    • Right to be informed about data processing

    • Right to access your personal data

    • Right to request correction of inaccurate data

    • Right to deletion (under specific conditions)

    • Right to object to processing

    • Right to data portability

    • Right to lodge a complaint with supervisory authorities

  • Under GDPR (EEA residents)

  • All KVKK rights plus:


    • Right to restrict processing

    • Right not to be subject to automated decision-making

    • Right to withdraw consent at any time


    Exercising Your Rights: Contact us at info@citioapp.com. We will respond within 30 days and may require identity verification.


  • Data Security

  • We implement technical and organizational measures to protect personal data, including:


    • SSL encryption for data transmission

    • Access controls and authentication

    • Regular security assessments

    • Staff training on data protection

    • Incident response procedures


    Important Notice About Data Backups: To protect information from inadvertent loss, we maintain backup systems. This means that a copy of your information may exist in a

    non-erasable form that may be difficult or impossible for us to locate. However, we commit to updating, correcting, or deleting all personal information stored in databases we actively use and other readily searchable media as soon as reasonably and technically practicable upon your request.




  • Marketing Communications

  • We may send marketing communications with your explicit consent. You can:


    • Unsubscribe using links in our emails

    • Contact us to opt out of all marketing

    • Update your communication preferences in your account settings


  • Third-Party Links and Services

  • Our Service may contain links to third-party websites, integrate third-party services, or use

    third-party tools for various functionalities. This Privacy Policy does not apply to such third-party services.

    Third-Party Tools We Use:


    • Google Analytics: Collects website usage data (subject to Google's Privacy Policy)

    • Facebook Pixel: Tracks advertising effectiveness (subject to Facebook's Privacy Policy)

    • Google Maps API: Provides location services (subject to Google's Privacy Policy)

    • Payment Processors: Handle transaction processing (subject to their respective privacy policies)

    • Customer Support Tools: May collect communication data (subject to provider privacy policies)

    Important Notes:


    • These third parties may collect data directly from your device

    • They operate under their own privacy policies and terms of service

    • We do not control their data practices

    • Some tools may use cookies or similar tracking technologies

    • Data collected by third parties may be subject to different retention periods and geographic locations

    Your Control:


    • You can disable cookies to limit some third-party data collection

    • Review third-party privacy policies for opt-out options

    • Contact us if you have concerns about specific third-party integrations


    We encourage you to read the privacy policies of any third-party services you interact with through our platform.


  • International Users

  • Governing Law: This Privacy Policy is governed by Turkish law.


    Cross-Border Transfers: By using our Service, you consent to the transfer of your information to Turkey and other countries where we operate, which may have different data protection laws than your country of residence.

  • Changes to This Policy

  • We may update this Privacy Policy periodically. All changes can be found at the link at all times: https://citioapp.com/en/page/privacy-policy


  • Return Policy

  • Booking Events: If the purchased item is for a booking event, it can be returned at least 24 hours before the event starts.

    Tangible Products: If it is a tangible product and you are located in Istanbul, it can be returned within 24 hours of receipt.

    For return requests, please contact us using the information provided in the Contact section below.


  • Contact Information

  • For questions about this Privacy Policy or our data practices:


    Email: info@citioapp.com

    Website: https://citioapp.com/

    Address: Akat Mah. Zeytinoğlu Cad Selçuklar Sok. Eti Apt B/6 Beşiktaş İstanbul


    This Privacy Policy was last updated on 26.09.2025. Please review it regularly for any changes.