Gizlilik Politikası

1. Who we are

This Privacy Policy explains how Yelken G Sailing Academy & Yacht Club (“we”, “us”, “the club”) collects, uses, and protects personal data. We are the data controller for personal data processed in connection with our membership, training, fleet, and racing activities. The KVKK information notice (Aydınlatma Metni) sets out the equivalent obligations under Turkish law.

2. Who this policy covers

This policy applies to: members (sailors, coaches, race officials), parents and legal guardians of junior members, prospective members who use our contact form or visit our facilities, race and regatta participants, and users of the crew marketplace.

3. Data we collect

• Identity: name, date of birth, and TR Kimlik number where legally required (e.g. for federation licensing).
• Contact: phone number, email address, postal address, and emergency contact details.
• Financial: membership tier, dues paid, refunds, and supporting transaction records.
• Training: session attendance, certifications, peer ratings, and skipper qualification.
• Health and safety (special category): swim ability declaration and medical declarations on consent forms, collected solely for safety on the water.
• Race participation: results, sail numbers, and where you opt in, public race results.

4. Lawful bases

We rely on the following lawful bases under KVKK Art. 5 (and the equivalents under UK GDPR Art. 6):

• Contractual necessity: membership dues, training delivery, fleet use.
• Legal obligation: financial records, federation reporting, KVKK Art. 11 rights handling.
• Legitimate interests: safety logs, anti-fraud, internal records.
• Vital interest: emergency contact disclosure where life or health is at risk.
• Public interest: publication of race results where you opt in.
• Explicit consent: newsletter, marketing communications, photo and video use beyond operational records.

5. Retention

We retain membership and financial records until the end of your membership plus five years, in line with Türk Ticaret Kanunu Art. 82 and other applicable retention laws. Health and emergency-contact data is retained only while you are an active member. Marketing-consent records are retained until you withdraw consent.

6. Sub-processors and international transfers

We engage technology vendors as data processors (or sub-processors) to deliver the service. Each is bound by appropriate contractual safeguards.

• Hosting: Vercel Inc. (US/EU regions) — application hosting and edge delivery.
• Database: MongoDB Atlas — region selected per environment.
• Email: Resend (US) — transactional and notification email.
• WhatsApp delivery: HMD WA Gateway (TR), operated by HMD Corporation as a sub-processor providing WhatsApp infrastructure.

Where data is transferred outside Türkiye, we rely on KVKK Art. 9 explicit consent or equivalent contractual safeguards. We will update this list as vendors change.

7. Cookies and similar technologies

We classify cookies and comparable storage into four categories: essential, functional, analytics, and marketing. Today we deploy only essential storage (session, CSRF, locale, and consent record). The consent surface preserves your control should we add optional categories in future. For the full breakdown see the Çerez Politikası.

8. Your rights

You have the right to access, rectify, restrict, object to, and request deletion of your personal data, and to withdraw consent for processing based on consent. KVKK Art. 11 rights are listed in full in the KVKK Aydınlatma Metni.

9. Contact

For privacy and data protection enquiries, write to kvkk@yelkeng.com.