Citio Privacy Policy
Effective Date: September 1, 2025 Last Updated: September 26, 2025
Citio Dijital Teknoloji ve Tic A.Ş. ("Citio," "we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how your personal information is collected, used, and disclosed by Citio.
This Privacy Policy applies to our website https://citioapp.com/ and its associated subdomains, alongside our mobile application, Citio (collectively, our "Service"). By accessing or using our Service, you agree to the collection, storage, use, and disclosure of your personal information as described in this Privacy Policy.
Data Controller Information
Under Turkish Law No. 6698 on the Protection of Personal Data ("KVKK"), Citio Dijital Teknoloji ve Tic A.Ş. acts as the Data Controller for the personal data processing activities described in this policy.
Contact Information:
Company: Citio Dijital Teknoloji ve Tic A.Ş.
Address: Akat Mah. Zeytinoğlu Cad Selçuklar Sok. Eti Apt B/6 Beşiktaş İstanbul
Email: info@citioapp.com
Website: https://citioapp.com/
Definitions
Cookie: A small data file stored on your device by your web browser to identify your browser, provide analytics, and remember information such as language preferences or login information.
Personal Data: Any information that directly, indirectly, or in connection with other information allows for the identification of a natural person.
Service: The services provided by Citio through our website and mobile application.
You/User: Any person or entity that accesses or uses our Service.
Categories of Data Subjects and Data Types
Customers and Users
Data Collected: Name, contact information, passport number, postal code, phone number, payment data, booking history, IP address, device identifiers, location data
Purpose: Service provision, transaction processing, customer support, legal compliance
Website Visitors
Data Collected: IP address, browser type, device identifiers, cookies, online behavior data
Purpose: Website functionality, security, analytics, user experience improvement
Employees and Job Applicants
Data Collected: Identification data, contact information, CV/resume, payroll data (employees), performance records
Purpose: Recruitment, HR management, payroll processing, legal compliance
Data Collected: Name, title, contact information, bank details, contract information Purpose: Contract performance, payments, business relationship management Personal data is processed under KVKK Articles 5 and 6, and GDPR Article 6 (where applicable), based on: Explicit consent (e.g., marketing communications) Contract performance (e.g., service delivery, bookings) Legal obligations (e.g., tax records, employment law) Legitimate interests (e.g., fraud prevention, service improvement), provided fundamental rights are not harmed We collect information you voluntarily provide, including: Account registration details (name, email, phone) Payment information for transactions Communication content (support requests, feedback) Profile information and preferences We automatically collect: Technical Data: IP address, browser type, device characteristics, operating system, browser plug-in types and versions, time zone settings Usage Data: Pages visited, time spent, clickstream data with date and time stamps, feature usage, page response times, download errors, length of visits to specific pages Interaction Data: Page interaction information (scrolling, clicks, mouse-overs), methods used to browse away from pages Location Data: General geographic location based on IP address Purchase History: Aggregated with similar information from other users for analytics Cookie Data: As described in our Cookie section below Customer Service Data: Phone numbers given We may receive information from: Fraud prevention services Social media platforms (publicly available information only) Business partners and affiliates We use collected information to: Provide and maintain our Service Process transactions and bookings Communicate with you about our Service Improve our Service based on usage patterns Prevent fraud and ensure security Comply with legal obligations Send marketing communications (with consent) Administer contests, promotions, surveys, and other site features Manage call center interactions and customer support We share personal data with trusted third-party service providers who assist us with: IT infrastructure and hosting Payment processing Customer support Analytics and marketing Legal and professional services In the event of a merger, acquisition, or sale of assets, personal data may be transferred to the acquiring entity, subject to the same privacy protections. We may disclose personal data when required by law, court order, or to protect our rights, safety, or the rights of others. Personal data may be transferred to countries outside Turkey and the EEA. We implement appropriate safeguards including: Standard contractual clauses Adequacy decisions by relevant authorities Explicit consent where required We use cookies and similar technologies to: Ensure website functionality Analyze usage patterns Personalize content Serve relevant advertisements Cookies: Small data files stored on your device for identification and analytics Flash Cookies (Local Shared Objects): Used for fraud prevention and enhanced functionality Local Storage (DOM Storage): Provides persistent data storage with greater capacity than cookies Sessions: Small data pieces to identify areas of our website you've visited Cookie Management: Most browsers allow you to control cookies through their settings. Disabling cookies may affect website functionality. Google Analytics: For website analytics (subject to Google's privacy policy) Facebook Pixel: For advertising effectiveness (subject to Facebook's privacy policy) Google Maps API: For location services (subject to Google's privacy policy) Google Tag Manager: For managing and deploying tracking codes (subject to Google's privacy policy) HotJar.com: For user behavior analytics such as heatmaps and recordings (subject to Hotjar’s privacy policy) Facebook (Meta): For social media integrations and advertising (subject to Meta’s privacy policy) Google Ads: For online advertising campaigns (subject to Google’s privacy policy) We use remarketing services to serve advertisements across the internet to people who have previously visited our website. This creates a personalized advertising experience that may appear as though we are 'following' you on the websites and platforms you visit most frequently. These services operate according to their respective privacy policies. We retain personal data only as long as necessary for the purposes outlined in this policy or as required by law. Specific retention periods: Customer Data: Until account deletion plus 6 years for legal/tax purposes Transaction Records: 7 years as required by Turkish commercial law Marketing Data: Until consent is withdrawn Website Analytics: 26 months Upon expiry, data is securely deleted or anonymized. Depending on your location, you may have the following rights: Right to be informed about data processing Right to access your personal data Right to request correction of inaccurate data Right to deletion (under specific conditions) Right to object to processing Right to data portability Right to lodge a complaint with supervisory authorities All KVKK rights plus: Right to restrict processing Right not to be subject to automated decision-making Right to withdraw consent at any time Exercising Your Rights: Contact us at info@citioapp.com. We will respond within 30 days and may require identity verification. We implement technical and organizational measures to protect personal data, including: SSL encryption for data transmission Access controls and authentication Regular security assessments Staff training on data protection Incident response procedures Important Notice About Data Backups: To protect information from inadvertent loss, we maintain backup systems. This means that a copy of your information may exist in a non-erasable form that may be difficult or impossible for us to locate. However, we commit to updating, correcting, or deleting all personal information stored in databases we actively use and other readily searchable media as soon as reasonably and technically practicable upon your request. We may send marketing communications with your explicit consent. You can: Unsubscribe using links in our emails Contact us to opt out of all marketing Update your communication preferences in your account settings Our Service may contain links to third-party websites, integrate third-party services, or use third-party tools for various functionalities. This Privacy Policy does not apply to such third-party services. Google Analytics: Collects website usage data (subject to Google's Privacy Policy) Facebook Pixel: Tracks advertising effectiveness (subject to Facebook's Privacy Policy) Google Maps API: Provides location services (subject to Google's Privacy Policy) Payment Processors: Handle transaction processing (subject to their respective privacy policies) Customer Support Tools: May collect communication data (subject to provider privacy policies) These third parties may collect data directly from your device They operate under their own privacy policies and terms of service We do not control their data practices Some tools may use cookies or similar tracking technologies Data collected by third parties may be subject to different retention periods and geographic locations You can disable cookies to limit some third-party data collection Review third-party privacy policies for opt-out options Contact us if you have concerns about specific third-party integrations We encourage you to read the privacy policies of any third-party services you interact with through our platform. Governing Law: This Privacy Policy is governed by Turkish law. Cross-Border Transfers: By using our Service, you consent to the transfer of your information to Turkey and other countries where we operate, which may have different data protection laws than your country of residence. We may update this Privacy Policy periodically. All changes can be found at the link at all times: https://citioapp.com/en/page/privacy-policy Booking Events: If the purchased item is for a booking event, it can be returned at least 24 hours before the event starts. Tangible Products: If it is a tangible product and you are located in Istanbul, it can be returned within 24 hours of receipt. For return requests, please contact us using the information provided in the Contact section below. For questions about this Privacy Policy or our data practices: Email: info@citioapp.com Website: https://citioapp.com/ Address: Akat Mah. Zeytinoğlu Cad Selçuklar Sok. Eti Apt B/6 Beşiktaş İstanbul This Privacy Policy was last updated on 26.09.2025. Please review it regularly for any changes.Business Partners and Suppliers
Legal Basis for Processing
Information Collection
Information You Provide
Automatically Collected Information
Third-Party Information
How We Use Your Information
Data Sharing and Transfers
Service Providers
Business Transfers
Legal Requirements
International Transfers
Cookies and Tracking Technologies
Types of Storage Technologies:
Third-Party Tracking:
Remarketing Services
Data Retention
Your Rights
Under KVKK (Turkish residents)
Under GDPR (EEA residents)
Data Security
Marketing Communications
Third-Party Links and Services
Third-Party Tools We Use:
Important Notes:
Your Control:
International Users
Changes to This Policy
Return Policy
Contact Information