Menu
EventsCalendarBlogOrganizer Login

Gizlilik Politikası

Article.1 Purpose and Scope

This Privacy Policy (“Policy”) has been prepared by innclude Bilet Dağıtım ve Bilişim Teknolojileri A.Ş. (“innclude”) to clearly explain how we protect your privacy and how we process your personal data.

For us, trust is more than just a word — it’s the foundation of everything we build across our platform.
That’s why we handle your personal data in full compliance with both Turkish legislation and international privacy standards.

This Policy applies to all digital services provided by innclude, including but not limited to:
the innclude.com website, mobile applications, event ticketing infrastructure, organizer panel, email and notification systems, social media accounts, and any other online channels operated by innclude.

This Privacy Policy is an integral part of the Terms of Use.
By using innclude, you acknowledge and agree to both this Policy and the Terms of Use.

Our goal is to explain transparently what information we collect, why we collect it, how long we store it, and with whom and under what conditions we share it.
We use your data solely to provide the service, keep you informed, ensure security, and improve your overall experience — never for any other purpose.

You can always access the most up-to-date version of this Policy at innclude.com/en/legal#terms-of-use.
If we make any changes, we’ll notify you through in-app messages, email, or SMS.

Article.2 Definitions

In this section, we’d like to briefly and clearly explain a few key concepts you’ll often see throughout this Privacy Policy — so you’ll never have any doubts about what information we collect or how it’s processed.

innclude refers to innclude Bilet Dağıtım ve Bilişim Teknolojileri A.Ş., the company responsible for the processing and protection of your personal data as the Data Controller.

User, meaning you, refers to any individual who uses our website, mobile application, or other digital services — including anyone who purchases tickets, creates events, joins as an invitee, or interacts with the platform in any way.

Personal Data means any information that directly or indirectly identifies you — such as your name, surname, phone number, email address, location, IP address, device information, QR code, or ticket history.

Business Account / Organizer refers to corporate users who create events, manage guest lists, or sell tickets through innclude.
In certain cases, these accounts act as Data Processors, meaning they process your personal data only on behalf of and under the instruction of innclude.

Explicit Consent means your freely given and informed approval regarding a specific matter.
You grant this consent when you use the application, register an account, or check consent boxes during your interactions with our services.

Anonymization means altering your personal data in such a way that it can no longer identify you.
We apply this method for purposes such as security, analytics, and reporting.

In short:
We don’t secretly collect, sell, or share your information without permission.
At innclude, we are always transparent about what we collect and why we collect it.
For us, privacy isn’t just a legal requirement — it’s a commitment built on trust.

Article.3 Data We Collect and How We Use it

At innclude, we collect certain information to provide you with a safer, faster, and more personalized experience.
We always stay within legal boundaries and only gather the data that is truly necessary.

We can summarize the data we collect under five main categories:

1. Account Information: When you sign up, you share your name, surname, phone number, and optionally your email address. We use this information to create and verify your account, associate you with events, and contact you when necessary.

2. Event and Participation Data: When you create, join, or purchase tickets for an event, details such as the event name, date, location, ticket type, QR code, and payment information are recorded. This data is necessary to provide ticket access, event entry, organizer notifications, and proper handling of refunds or cancellations.

3. Technical Data: When using the app or website, your device model, operating system, IP address, browser type, location data (if permitted), and in-app activity logs may be automatically collected. This information helps us ensure system security, detect errors, and enhance user experience.

4. Contacts, Invitations, and Social Interactions: If you grant access to your contacts, you can connect with them, create private or public events, and send invitations. This access is entirely based on your consent — if you choose not to grant permission, you can still use the app, but these features will be unavailable.

5. Communication and Notification Data: You may receive emails, SMS messages, or push notifications about event reminders, promotions, and system updates. These notifications are divided into two categories:

  • Mandatory notifications — essential for the service to function, such as security alerts or transaction confirmations.

  • Optional notifications — such as event suggestions, campaigns, or announcements, which you can disable at any time.

We use the data we collect for the following purposes:

  • To verify your identity and secure your account,

  • To enable you to create, join, or purchase tickets for events,

  • To manage payments and invoicing processes,

  • To ensure security and prevent fraud,

  • To analyze technical errors and improve system stability,

  • To personalize your experience (e.g., show events relevant to your city),

  • To fulfill our legal obligations,

  • And, with your explicit consent, to inform you about campaigns or new features.

We never use your personal data for purposes other than those stated, nor do we sell or share it with third parties.
Your information is used solely for service delivery and security.

In short, innclude collects the minimum data necessary and provides maximum protection.
You’re always in control — you can update what data you share and what notifications you receive at any time.

Additionally, for technical and security purposes, innclude automatically collects certain technical data such as:
IP address, device model, operating system version, app crash logs, advertising identifiers (IDFA/GAID), QR code usage records, and login date–time information.

To ensure full functionality, the app may also request permissions for contacts, location, camera, or photo gallery access — all of which are activated only with your consent and can be withdrawn at any time through your device settings.

This data is never used for commercial purposes and is processed solely for system security, error analysis, and performance improvement.

Article.4 Legal Grounds and Conditions for Data Processing

At innclude, we process your personal data only for clear, legitimate, and lawful purposes.
Each piece of data is stored only as long as necessary to provide our services and ensure system security.

The legal bases we rely on when processing your data are as follows:

1. Necessity for the performance of a contract:
When you create an innclude account, purchase a ticket, or join an event, we process certain data as required to fulfill our digital agreement with you.
For example, generating your QR code, sending your ticket, or issuing your invoice fall under this category.

2. Compliance with legal obligations:
We are required by law to retain certain information for tax, accounting, invoicing, auditing, or official authority purposes.
Such data is shared only with authorized institutions within the framework of legal obligations.

3. Explicit consent:
Certain processing activities require your explicit consent.
For instance, we can only send you event recommendations or promotional notifications if you’ve selected “I want to receive notifications.”
You can withdraw this consent anytime through your profile settings.

4. Legitimate interests:
We may process your data to improve our services, prevent fraud, ensure system security, or enhance user experience.
In such cases, we always conduct a balancing test to ensure that our legitimate interests do not override your fundamental rights or privacy.

5. Necessity for the establishment, exercise, or defense of legal claims:
In the event of a dispute, we may retain certain data to protect our rights, detect fraudulent activity, or provide evidence in legal proceedings.

6. Data anonymization:
At times, we may anonymize your data so that it can no longer identify you.
Such anonymized data is used solely for statistics, analytics, or system performance measurements and is not considered personal data.

While processing your information, we strictly adhere to the following principles:

  • Data minimization: We collect only what’s necessary.

  • Transparency: We clearly inform you about what we do with your data.

  • Accuracy and timeliness: We keep your data up to date and correct.

  • Storage limitation: We never retain data longer than necessary.

We process your information never secretly, always lawfully.
We do not collect, share, or retain any data arbitrarily.
Your trust is not just a requirement — it’s our responsibility.

Article.5 Data Retention and Security

At innclude, we retain your personal data only for as long as necessary.
This duration is determined by the need to provide our services, fulfill legal obligations, and protect our rights in case of potential disputes.

The retention period varies depending on the purpose of processing:

  • Account information is stored as long as your account remains active. Once you delete your account and all mandatory legal periods expire, it is securely deleted or anonymized.

  • Ticket, payment, and invoice data are retained for 10 years, in compliance with tax and accounting regulations.

  • Event, QR code, and participation data are kept for up to 2 years after the event ends, then anonymized.

  • Technical log data (such as IP address, transaction time, session records) are stored for 1 year in accordance with Turkish Law No. 5651.

  • Notification preferences, consent forms, and opt-in records are stored for 3 years from the last date of processing.

To protect your data, we apply a combination of technical and administrative safeguards, including:

  • Encrypted data storage on secure servers,

  • Restricted access limited only to authorized personnel,
    Use of SSL/TLS encryption, firewalls, access logs, and regular penetration testing,

  • Data transfers to third parties conducted only via secure communication channels (HTTPS, VPN, SFTP, etc.),

  • Continuous staff training on KVKK (Turkish Data Protection Law) compliance and privacy principles.

While data security is our top priority, we remind users that they also share responsibility for protecting their own accounts.
We recommend not sharing your verification codes, passwords, or device access with others, avoiding logins from untrusted devices, and contacting us immediately if you notice any suspicious activity.

When the retention period ends or the purpose of processing is no longer valid, all personal data is deleted, anonymized, or securely destroyed in accordance with the innclude Personal Data Retention and Destruction Policy.

Article.6 Data Sharing and Transfers (Domestic and International)

At innclude, we share personal data only to provide our services, ensure system security, meet legal obligations, and improve user experience.
Data sharing is never arbitrary — it is always limited, necessary, and controlled.

We may share your data with the following parties:

1. Business Partners and Service Providers:
Trusted companies we work with to operate core systems such as ticketing infrastructure, payment gateways, SMS/email delivery, cloud storage, security platforms, and analytics services.
These partners receive only the information strictly necessary to perform their services.

2. Organizers and Business Accounts:
If you purchase a ticket, the event organizer or business account may access certain data — solely to verify your participation, generate a QR code, or send event-related information.
Organizers are required to use the data shared with them only for these purposes and in accordance with applicable privacy laws.

3. Legal Authorities:
If required by law, data may be shared with courts, public prosecutors, or regulatory bodies such as the Information and Communication Technologies Authority (BTK) or the Personal Data Protection Authority (KVKK) — strictly limited to what is necessary for compliance.

4. Affiliates and Subsidiaries:
We may share limited data within innclude’s corporate group to enhance service quality, strengthen operational efficiency, or ensure technical continuity.

innclude’s systems operate on secure servers located both in Turkey and abroad.
Therefore, your personal data may be transferred internationally when necessary.
Such transfers are carried out in full compliance with Article 9 of the Turkish Personal Data Protection Law (KVKK) and Articles 45–49 of the EU General Data Protection Regulation (GDPR), ensuring appropriate safeguards and obtaining your explicit consent when required.

Examples of international data transfer scenarios include:

  • Cloud servers hosted within EU countries,
    SMS, email, or notification services using global infrastructures,

  • Use of international marketing, analytics, or statistical tools.

innclude never sells, rents, or commercially shares your personal data under any circumstances.
All data transfers are covered by confidentiality agreements, requiring partners to use the data only for the specified purposes and to maintain strict confidentiality.

innclude implements all technical and administrative measures necessary to ensure secure data transfer — including encrypted connections (HTTPS, VPN, SFTP), data encryption, and access control protocols to prevent unauthorized use or disclosure.

Article.7 Situations Requiring Explicit Consent

At innclude, we process your personal data strictly within the framework of lawful grounds.
Some data are essential for establishing or performing a contract, meaning no additional consent is required for those.
However, certain processing activities that are not legally mandatory can only take place with your explicit consent.

The situations that require your explicit consent include:

1. Marketing, Campaigns, and Promotional Communication:
innclude may send you personalized event suggestions, promotions, brand collaborations, newsletters, or discount announcements.
These communications can be delivered via SMS, email, push notifications, or in-app messages, and will only be sent if you have provided your consent.

2. Location Data Usage:
We may use your location information to show events happening in your city or nearby.
This permission is entirely under your control — you can enable or disable it at any time through your mobile device settings.

3. Contact List Access:
To help you see your friends on innclude or create invitation-only events, we may request access to your phone’s contact list.
If you choose not to grant access, the application will continue to function, but these features will be disabled.

4. Usage Analytics and Personalized Experience:
innclude may analyze anonymous usage trends to improve service quality and provide a better experience.
These analyses are conducted using non-identifiable, aggregated data and do not include your personal information.

5. International Data Transfers:
Since some of our service infrastructures are hosted abroad, we may request your consent to transfer your data to secure servers outside Türkiye, under appropriate privacy agreements and safeguards.

Your consent is always voluntary — refusing to give it will not prevent you from using core services.
You may withdraw your consent at any time through Profile → Settings → Notifications & Permissions, or by contacting us directly.
Withdrawal of consent will apply only to future processing and will not affect the lawfulness of any past data processing performed based on your prior consent.

innclude securely stores all consent records in written, electronic, or digital form.
These records are considered legally valid evidence and may only be shared with competent authorities when required by law.

Article.8 Cookies and Similar Technologies

At innclude, we use cookies and similar technologies on our website and mobile application to provide you with the best experience, speed up your interactions, and remember your preferences.
Cookies are small data files stored on your device (phone, tablet, computer, etc.) when you visit a website or app.
They allow the system to recognize you, remember your login information, and personalize content to your preferences.

The main types of cookies used by innclude are:

1. Essential Cookies:
These cookies are required for the platform to function properly.
They enable basic operations such as logging in, completing secure payments, or purchasing tickets.
Without them, certain parts of the service may not function correctly.

2. Performance and Analytics Cookies:
These cookies help us understand which pages are visited most and which features are most frequently used.
This information allows us to continuously improve our website and application.
All data collected through these cookies are anonymous and do not identify you personally.

3. Personalization Cookies:
These cookies tailor your experience based on your language, city, or previous event preferences — so you don’t have to reconfigure your settings every time you log in.

4. Advertising and Marketing Cookies:
These are activated only with your consent.
They help us show you relevant events, promotions, or campaigns based on your interests.
They may also assist us in measuring the effectiveness of advertising through anonymized data shared with trusted partners.

innclude does not collect personal data directly through cookies;
we only analyze browsing behaviors, and all such data are processed in anonymized form and stored on secure servers.

You are always in control of your cookie preferences.
You can delete, reject, or customize which types of cookies are allowed through your web browser or mobile app settings.
However, disabling some cookies may affect the proper functioning of certain features on the website or app.

innclude never shares, sells, or uses cookie-based data for unauthorized marketing purposes.
All cookie management processes are carried out in accordance with the innclude Cookie Policy.
You can find detailed information about how cookies are used and managed on our website under the “Cookie Policy” section.

Article.9 Data Security and Protection Measures

At innclude, we protect your personal data according to the highest security standards — not only as a legal obligation but as a commitment to you and our entire community.
Your personal information is safeguarded against unauthorized access, loss, misuse, alteration, or disclosure while being processed for the purposes defined in our Privacy Policy.
To ensure this, we implement multi-layered technical and administrative security measures across all systems.

Here are some of the key precautions applied within innclude’s infrastructure:

1. Data Encryption:
All user data — including registration, login, password, and payment information — is encrypted during transmission using TLS/SSL protocols, and stored in encrypted form on secure servers.

2. Access Controls:
Only authorized and trained personnel can access user data.
Each access right is strictly limited by role and subject to regular audits.

3. Secure Server Infrastructure:
innclude’s systems are hosted in professionally managed data centers located both in Türkiye and abroad, all certified to international standards such as ISO 27001, SOC 2, or equivalent.

4. Regular Audits and Penetration Tests:
Our systems undergo periodic security testing by independent cybersecurity experts.
Any vulnerabilities identified are promptly remediated to ensure ongoing system integrity.

5. Logging and Monitoring:
All access and system activities are continuously logged.
These records serve as legal evidence in the event of a suspected breach and help protect both users and the platform.

6. Backup and Disaster Recovery:
User data is regularly backed up and stored securely as part of our disaster-recovery and business-continuity plans, ensuring minimal disruption in extraordinary circumstances.

innclude also requires all third-party service providers it collaborates with to maintain the same level of security diligence.
Every agreement includes explicit confidentiality and data-protection commitments.

That said, no digital system is entirely risk-free.
If a potential data breach occurs, innclude will:

  • Notify you as quickly as possible,

  • Take immediate action to minimize potential impact, and

  • Report the incident to the Turkish Personal Data Protection Authority (KVKK) within the legally required timeframe.

At innclude, data security is our top priority — because your trust is the most valuable part of our community.

Article.10 Data Retention and Deletion

At innclude, we retain your personal data only for as long as necessary to provide our services, fulfill legal obligations, and resolve potential disputes.
The retention period may vary depending on the type of data, applicable legal requirements, and the purpose of processing.

For example:

  • Ticket purchases, payment, and billing records are stored for a minimum of 10 years in accordance with tax and commercial regulations.

  • Account details, profile data, and user activity records are kept for as long as your account remains active.

  • Event history, participation records, and QR code data are preserved for 2 years after the event concludes, serving as legal evidence for service completion.

After these periods expire, all data are either securely anonymized or permanently deleted.
Anonymization means removing all identifying elements so that the remaining data can only be used for statistical or analytical purposes.

If you close or delete your account, innclude will continue to store your data securely until the mandatory legal retention periods have expired.
During this time, the data remain accessible only for the following purposes:

  • Fulfilling legal obligations,

  • Serving as evidence in potential disputes or audits, and

  • Ensuring system integrity and security.

No data are kept in the system beyond their retention period or once their purpose of processing no longer exists.
Deletion and anonymization are carried out in compliance with international security standards and verified through system logs.

If you wish to learn how long your data are retained or request deletion, you can email us at [email protected] with the subject line “Data Deletion Request.”
Your request will be reviewed and processed within 30 days, in accordance with legal requirements.

At innclude, we act with complete transparency in every stage of data retention and disposal — safeguarding both your privacy and the security of our system.

Article.11 Data Sharing with Third Parties

At innclude, we never sell, rent, or share your personal data for commercial gain or without your explicit consent.
We share data only when necessary to provide our services, ensuring it is done securely and under strict contractual safeguards.

Data may be shared exclusively with the following categories of parties:

1. Technical Service Providers:
These are trusted partners that provide essential infrastructure for our platform, including cloud hosting, server management, cybersecurity, SMS and email delivery, and payment processing systems.
Data shared with them is strictly limited to what is technically required for the service to function.

2. Business Partners and Affiliates:
We may share anonymized or limited information with our affiliates and partners for purposes such as event promotion, campaign management, or improving user experience.
No data that can directly identify you is included in these transfers.

3. Legally Authorized Institutions:
If required by law, data may be shared with courts, prosecutors, the Information and Communication Technologies Authority (BTK), the Personal Data Protection Authority (KVKK), or other regulatory bodies — but only to the extent necessary to comply with legal obligations.

4. Event Organizers and Business Accounts:
When you purchase a ticket or attend an event, certain limited information (e.g., name, email, QR code) may need to be shared with the event organizer or business account to facilitate participation.
Such sharing is strictly for service fulfillment, and organizers are required to protect this data under their own privacy obligations.

innclude signs Data Processing Agreements (DPAs) with all third parties involved in data handling.
These contracts legally ensure that any shared data is:

  • Used only for the stated purpose,

  • Stored securely, and

  • Not transferred to any other party without authorization.

If data must be transferred abroad, such transfers comply with Article 9 of the Turkish KVKK Law and Articles 44–46 of the GDPR.
They are made only to countries on the “safe country list” or to entities that provide sufficient data protection guarantees, and always with the user’s explicit consent.

innclude carefully selects all data partners and requires them to maintain protection standards equal to or stronger than ours.

However, innclude is not responsible for the accuracy or processing methods of personal data collected and managed by organizer or business accounts.
These entities act as independent data controllers, responsible for ensuring compliance with privacy laws.
innclude’s role in such cases is limited solely to providing the technical infrastructure that enables secure data transmission.

Article.12 User Rights

At innclude, we believe that you should have full control over your personal data.
That’s why we make it easy for you to exercise all your rights under applicable data protection laws — clearly, transparently, and without unnecessary obstacles.

Under the Turkish Personal Data Protection Law No. 6698 (KVKK) and the EU General Data Protection Regulation (GDPR), you have the following rights:

1. Right to Information:
You can request to know whether your personal data is being processed, for what purposes it is used, and with whom it is shared.

2. Right of Access:
You can request access to your personal data held by innclude and ask for a copy of this data.

3. Right to Rectification:
If any of your data is incomplete or inaccurate, you can ask us to correct or update it.

4. Right to Erasure (“Right to be Forgotten”):
You can request the deletion of your personal data when the processing purpose no longer exists or when the legal retention period has expired.

5. Right to Data Portability:
You can request your data in a structured, commonly used, and machine-readable format, and, if technically possible, ask us to transfer it to another data controller.

6. Right to Object:
You may object to your personal data being used for automated decision-making or profiling purposes.

7. Right to Restrict Processing:
You may request that your data be processed only under specific conditions or for a limited period of time.

8. Right to Withdraw Consent:
If you previously gave consent (for example, for marketing or notifications), you may withdraw it at any time.
Once withdrawn, we will immediately stop using your data for that purpose.

9. Right to Compensation:
If your data is processed unlawfully and you suffer damage as a result, you have the right to seek compensation under applicable law.

To exercise any of these rights, you can contact us at [email protected] with the subject line “Personal Data Request.”
Your request will be processed within 30 days after verifying your identity.

innclude carefully reviews all submissions and responds in writing or electronically, in accordance with legal requirements.
For security reasons, some requests — such as accessing another person’s data or deleting financial records subject to retention laws — may be lawfully rejected.

In such cases, you will receive a written explanation of the reason for refusal.
innclude may also request identity verification before processing your request, which will be done using the contact details associated with your user account.

All verified and eligible requests will be fulfilled no later than 30 (thirty) days from the date of submission.

innclude reserves the right to decline requests that are technically infeasible, infringe on other users’ rights and freedoms, or conflict with legal obligations — always providing you with a clear and reasoned response.

Article.13 Cookies and Similar Technologies

At innclude, we use cookies and similar technologies to make your experience more enjoyable, faster, and personalized.
These technologies don’t identify you personally — they simply help the platform work better for you.

Cookies are small data files stored on your device when you visit our website or use our mobile app.
They allow us to remember your preferences, keep your session active, show you events you’re most interested in, and gather general usage statistics to improve our services.

Some of the main types of cookies used on innclude include:

Essential Cookies:
These cookies are necessary for the platform to function securely and properly.
For example, they help maintain your session or ensure that payment transactions are processed safely.

Performance and Analytics Cookies:
These help us understand which sections of innclude are used most, which pages encounter technical issues, and how we can improve our service.
This data does not identify you personally — it’s used only to enhance the overall user experience.

Personalization Cookies:
These allow us to offer event recommendations based on your interests — such as showing you concerts or activities in the cities you most frequently attend events in.

Marketing and Campaign Cookies:
These are used to remind you of special offers or campaigns run by innclude or our partners.
Such cookies are activated only with your explicit consent.

In our mobile application, we also use SDKs (Software Development Kits) that function similarly to cookies.
They help us monitor app performance, detect crashes, and improve the user experience.

Your privacy control always comes first.
You can manage your cookie and tracking preferences anytime:

  • On our website, through the “Cookie Settings” panel,

  • Or in the mobile app under Profile > Settings > Privacy & Notifications, where you can disable advertising and tracking permissions.

Our Cookie Policy may be updated from time to time.
If new types of cookies are introduced or existing categories are modified, we will notify you both via the app and on our website.

Article.14 International Data Transfer

At innclude, we are committed to keeping your data secure at all times.
In some cases, the services or infrastructures we use may operate through servers located outside of Türkiye.
Even in such cases, we guarantee that your data is protected under the same strict security standards.

Some parts of our services — such as:

  • Cloud computing infrastructure,

  • Payment systems,

  • Email delivery services,

  • Analytics and performance tools,
    are provided through international technology providers, typically based in the European Union (EU) or the United States (US).

Whenever personal data is transferred abroad, innclude fully complies with both the Turkish Personal Data Protection Law (KVKK) and the EU General Data Protection Regulation (GDPR).

Your data may be transferred abroad only under the following conditions:

  1. The destination country has been officially recognized as a “safe country” by the Turkish Personal Data Protection Authority (KVKK),

  2. The receiving organization provides a written guarantee ensuring adequate protection of personal data,

  3. Or you have explicitly consented to the transfer.

All international data transfers are carried out in accordance with the principles of confidentiality, integrity, and access control.
The data transferred is always limited to the minimum necessary for providing the relevant service.

innclude signs Data Processing Agreements (DPAs) with all foreign service providers or partners involved in data processing.
These agreements legally ensure that your data will be used only for the specified purposes, kept secure, and never shared with third parties without authorization.

Article.15 Notification in Case of a Data Breach

At innclude, we make every effort to protect your data with the highest security standards.
However, no digital system can ever be completely risk-free — and that’s why, in the event of a potential data breach, we act with full transparency and responsibility.

A data breach refers to any situation in which personal data is accessed, disclosed, altered, deleted, or lost by unauthorized parties.

If such an incident occurs, innclude follows a clear and structured response plan:

1. Incident Identification:
As soon as a breach is detected, we assess its scope, impact, and the categories of affected data, identifying potential risks and vulnerabilities.

2. User Notification:
If your data has been affected, you will be notified as quickly as possible via email, SMS, or in-app notification.
This notice will clearly explain when and how the breach occurred, what type of data was affected, and what actions are being taken.

3. Notification to Authorities:
In accordance with Article 12(5) of the Turkish Personal Data Protection Law (KVKK), innclude reports the incident to the Turkish Data Protection Authority (KVKK) within 72 hours of detection.
For international users, we also notify the relevant European data protection authorities under Article 33 of the GDPR, when applicable.

4. Preventive and Corrective Actions:
We immediately review and reinforce our technical and administrative safeguards, update security protocols, and conduct external audits if necessary — ensuring that similar incidents do not occur again.

Throughout this process, innclude maintains open communication with affected users, addressing any questions or concerns directly.
Our goal is to minimize risks, restore trust, and re-establish full security as quickly as possible.

If you suspect or are informed of a data breach involving your information, you can contact us at [email protected] to obtain further details about the incident and our response actions.

Article.16 Effective Date and Amendments

This Privacy Policy enters into force on the date of its publication.
At innclude, we may update this document from time to time to reflect technological advancements, legal requirements, or changes in our services.

Every change we make is communicated openly and transparently.
The updated version is published on innclude.com and announced through in-app notifications.
The latest revision date is always clearly stated at the top of the page.

If a significant change occurs — for example, regarding how your data is processed or who it is shared with — we will notify you directly via email, SMS, or in-app message.

By continuing to use our services after such updates, you are deemed to have accepted the revised Privacy Policy.
If you do not agree with the new terms, you may close your account or contact us to discontinue using the services.

Article.17 Contact and Data Controller Information

If you have any questions, requests, or suggestions regarding this Privacy Policy or the processing of your personal data, you can contact us directly.
As the data controller, innclude evaluates all requests within the legal timeframe and provides you with a clear and understandable response.

Data Controller:
innclude Bilet Dağıtım ve Bilişim Teknolojileri A.Ş.
Mersis No: 0478121800000001
Address: Fenerbahçe Mah. İğrip Sok. No:13/1, 34726 Kadıköy – İstanbul, Türkiye
E-mail: [email protected]

You can submit your personal data requests using one of the following methods:

  • By e-mail: Send your request to [email protected]

  • By written application: Send a letter titled “Personal Data Request” to the company address above.

All applications are processed within 30 (thirty) days, in accordance with Article 13 of the Turkish Personal Data Protection Law (KVKK).
Requests are generally handled free of charge; however, if the process requires additional costs, a fee may be charged in accordance with the KVKK Regulation on Application Procedures and Principles.

Article.18 Children's Privacy and Age Limit

innclude services are intended only for individuals aged 18 and over.
Persons under 18 are not permitted to register for the app or website, share personal information, or use the platform.

innclude does not knowingly collect, store, or process personal data of users under 18.
If we become aware that an account belongs to someone under 18, the account will be immediately closed and any stored data will be securely deleted.

If you suspect a user is under 18, or believe your child’s information has been shared in error, please notify us right away at [email protected].