Privacy Policy
Last updated: 24 May 2026
1. Who we are
This website, ikametsigorta.com, is owned and operated by Ikamet Limited, a company registered in England and Wales ("we", "us", "our"). Insurance services in Turkey are provided through our Turkish operating entity, İKAMET SİGORTA ARACILIK HİZMETLERİ LİMİTED ŞİRKETİ, licensed by SEDDK.
Ikamet Limited is the data controller for personal data collected through this website. For data-related enquiries please contact us via our contact page.
2. Scope and global applicability
Our clients are located worldwide. This Privacy Policy is designed to comply with applicable data protection laws including:
- UK GDPR and the Data Protection Act 2018
- EU GDPR (European Union and EEA residents)
- KVKK — Kişisel Verileri Koruma Kanunu (Turkey)
- CCPA / CPRA (California, United States)
- PIPEDA (Canada)
- PDPA (various Asia-Pacific jurisdictions)
- Other applicable national data protection legislation
Where laws conflict, we apply the higher standard of protection.
3. Data we collect
3.1 Information you provide directly
- Full name
- Email address
- Phone number (including WhatsApp)
- Date of birth
- Nationality
- Insurance requirements and details you share
- Messages and correspondence
3.2 Information collected automatically
- IP address and approximate location
- Browser type and version
- Device type and operating system
- Pages visited, time on site, referral source
- Device fingerprint (via Fingerprint.com — for fraud prevention)
- Session recordings and interaction data (via FullStory)
- Behavioural analytics (via PostHog)
3.3 Information from third parties
- Data from advertising platforms (Google Ads, Meta/Facebook Ads) when you interact with our ads
- Data from messaging platforms (WhatsApp, Apple Business Messages, Telegram) when you contact us through these channels
4. How we use your data
| Purpose | Legal basis |
|---|---|
| Responding to insurance quote requests | Contract / Pre-contractual steps |
| Providing insurance brokerage services | Contract |
| Sending policy documents and correspondence | Contract |
| CRM and lead management (HubSpot) | Legitimate interest |
| Analytics and site improvement (GA4, Tinybird, PostHog) | Legitimate interest / Consent |
| Fraud prevention (Fingerprint.com) | Legitimate interest |
| Session analysis and UX improvement (FullStory) | Legitimate interest / Consent |
| Marketing communications (where consented) | Consent |
| Retargeting advertising (Facebook Pixel, Google Ads) | Consent |
| Customer communications via messaging platforms | Contract / Legitimate interest |
| Legal and regulatory compliance | Legal obligation |
| AI-assisted query handling and triage | Legitimate interest |
5. Third-party services and data processors
| Service | Purpose | Location |
|---|---|---|
| Google Analytics / GTM | Web analytics and tag management | USA (SCCs) |
| Google Ads | Advertising and conversion tracking | USA (SCCs) |
| Meta (Facebook Pixel & Ads) | Advertising and retargeting | USA (SCCs) |
| HubSpot | CRM, lead management, email marketing | USA (SCCs) |
| Tinybird | Real-time web analytics | EU (GCP Europe) |
| PostHog | Product and behavioural analytics | EU / USA |
| FullStory | Session recording and UX analysis | USA (SCCs) |
| Fingerprint.com | Device fingerprinting and fraud prevention | USA (SCCs) |
| Segment | Customer data platform | USA (SCCs) |
| Mailgun | Transactional email delivery | EU |
| Twilio | SMS and communications | USA (SCCs) |
| WhatsApp (Meta) | Customer messaging | USA (SCCs) |
| Apple Business Messages | Customer messaging | USA (SCCs) |
| Telegram | Customer messaging | International |
| Dialpad | Voice and communications | USA (SCCs) |
| Cloudflare | Hosting, CDN and security | Global (SCCs) |
| Anthropic / Claude (AI Agents) | Query handling and triage | USA (SCCs) |
SCCs = Standard Contractual Clauses (EU/UK approved mechanism for international data transfers)
6. International data transfers
As a global business serving clients worldwide, your data may be transferred to and processed in countries outside your home jurisdiction, including the United States, Turkey, the European Economic Area and the United Kingdom. We ensure appropriate safeguards are in place for all international transfers, including Standard Contractual Clauses, adequacy decisions, and equivalent mechanisms as required by applicable law.
7. Data retention
- Quote and contact data: Up to 6 years from last interaction
- Policy-related data: Up to 6 years from policy expiry
- Marketing consent records: Duration of consent plus 3 years
- Analytics data: As per each platform's retention settings (typically 13–26 months)
- Session recordings: Up to 12 months
8. Your rights
Depending on your location, you may have the following rights:
- Access — request a copy of the data we hold about you
- Rectification — request correction of inaccurate data
- Erasure — request deletion of your data
- Restriction — request we limit how we use your data
- Portability — receive your data in a machine-readable format
- Object — object to processing based on legitimate interests or direct marketing
- Withdraw consent — at any time where processing is consent-based
- CCPA (California) — right to know, delete, opt-out of sale, and non-discrimination
- KVKK (Turkey) — rights under Turkish data protection law
To exercise any right, contact us via our contact page. We will respond within 30 days.
9. Cookies
We use cookies and similar tracking technologies. For full details see our Cookie Policy.
10. Children's privacy
Our services are not directed at children under 18. We do not knowingly collect personal data from minors. If you believe a minor has submitted data to us, please contact us and we will delete it promptly.
11. Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction or alteration, including HTTPS encryption, access controls and regular security reviews of third-party processors.
12. Complaints
You have the right to lodge a complaint with the relevant supervisory authority:
- UK: Information Commissioner's Office (ICO) — ico.org.uk
- EU: Your local Data Protection Authority
- Turkey: Kişisel Verileri Koruma Kurumu (KVKK) — kvkk.gov.tr
We would appreciate the opportunity to address your concerns first — please contact us before escalating.
13. Changes to this policy
We may update this Privacy Policy from time to time. The date at the top of this page indicates when it was last revised. Continued use of the site after changes constitutes acceptance of the updated policy.
14. Contact
For privacy-related enquiries or data subject requests, please contact us via our contact page. We aim to respond within 5 business days.