1. Purpose and Scope of the Policy
Personal Data within the scope of KVK Law; means any information relating to an identified or identifiable natural person. According to the provisions of the KVKK, the natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system is defined as the data controller. In terms of KVKK, the position of our company is Data Controller.
This document (“Policy”) has been written in order to enlighten the real persons whose personal data our Company processes as the data controller within the scope of Article 10 of the KVKK. (hereinafter referred to as "turist.com") reserves the right to update the text of this Statement on the Protection of Personal Data at any time within the framework of changes that can be made in the current legislation.
2. Methods of Collection of Personal Data and Legal Basis
turist.com, personal data on the website turist.com.com, the mobile applications of the website, social media accounts, cookies, call center, notifications from administrative and judicial authorities and other communication channels, audio, electronic or written, commercial relations with our company KVK, in a physical or virtual environment, face-to-face or remotely, verbally or in writing or electronically, received from people who share their personal data with business cards, CVs, bids and other ways for purposes such as establishing, applying for a job, making offers, etc. It collects in accordance with the personal data processing conditions specified in the Law and in line with the legal reasons specified in this Personal Data Protection Policy.
There are regulations in various laws regarding the use of personal data. In the first place, the principles of protection of personal data were determined with KVKK. In addition, the Law No. 6563 on the Regulation of Electronic Commerce includes a provision on the protection of personal data. Penal sanctions are envisaged in some cases for the protection of personal data through the provisions of the Turkish Penal Code No. 5237.
On the other hand, it is necessary to collect and use data in order to fulfill our obligations arising from the Law No. 6502 on the Protection of the Consumer and the Regulation on Distance Contracts.
3. Purposes of Processing Personal Data
In accordance with the law, as a rule, personal data cannot be processed without the explicit consent of the data owner. turist.com will be able to record, store, update, disclose, transfer, classify and process your personal information to third parties in cases and to the extent permitted by the legislation.
Your personal data is used for the following purposes:
Confirming the identity information of the person who purchases the ticket via the website/mobile applications,
To save the address and other necessary information for communication,
To communicate with our customers about the conditions, current status and updates of the contracts we have concluded under the relevant articles of the Law on Distance Sales Contract and Consumer Protection, and to provide the necessary information,
To be able to offer suggestions to our customers by our contracted institutions and solution partners, to inform our customers about our services,
To be able to evaluate customer complaints and suggestions about our services,
To fulfill our legal obligations and to use our rights arising from the current legislation.
Personal data of our employees may be processed without consent as far as necessary in terms of business relations. However, turist.com ensures the confidentiality and protection of the data of its employees. According to the Law, data related to race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, disguise and dress, membership to associations, foundations or unions, health, sexual life, criminal convictions and security measures, and biometric and genetic data is personal data of special nature. Turist.com also takes adequate measures determined by the Board, in addition to the approval of the person concerned, in the processing of sensitive personal data. Special categories of personal data can be processed without the consent of the person, but only in relation to the cases permitted by the Law and in a limited manner.
To arrange all records and documents that will be the basis of the transaction in electronic (internet / mobile etc.) or paper media,
To fulfill the obligations undertaken in accordance with the contracts we have concluded under the relevant articles of the Law on Distance Sales Contract and Consumer Protection,
To provide information to public officials on matters related to public safety upon request and in accordance with the legislation,
To provide a better service to our customers, to inform our customers about the products that our customers may be interested in, "taking into account the interests of our customers", to convey campaigns,
To increase customer satisfaction, to get to know our customers who buy flight tickets from the website and/or mobile applications, to use them in customer environment analysis, to use them in various marketing and advertising activities, and to organize surveys in electronic and/or physical environment through contracted institutions in this context,
4. Rights and Obligations of our Company arising from the Law
Personal data by our company, in accordance with Article 20 of the Constitution and Article 4 of the Personal Data Protection Law (KVKK),
In accordance with the law and honesty rules,
Accurately and up-to-date when necessary,
Pursuing specific, clear and legitimate purposes,
related to the purpose
in a limited and measured way,
By keeping it for as long as required by the laws or for the purpose of processing personal data,
It is processed based on one or more of the conditions specified in Article 5 of the KVKK.
Personal data shared with turist.com is under the supervision and control of turist.com. turist.com undertakes the responsibility as data controller to establish the necessary organization and to take and adapt the technical measures in order to protect the confidentiality and integrity of the information in accordance with the provisions of the relevant legislation in force. Being aware of our obligation in this regard, we would like to state that we have taken the following administrative and technical security measures. In this context, we inform you that we always update our data processing policies.
All data received via our web or mobile applications are transferred from your computer or mobile device to our application servers with a 256-bit RSA SSL certificate compatible with TLS 1.2 standard. Your critical payment information is not kept on the servers of our application in any way, it is encrypted in the standards required by the relevant payment system and transmitted to the relevant bank-payment system infrastructure.
Penetration tests are carried out periodically and the system's resistance to unauthorized access is tested.
Access authorization and control matrices have been established for employees in order to prevent the illegal processing of personal data collected from the website or mobile application.
Personal data in the paper environment are strictly kept in locked cabinets and only authorized persons have access.
The rights you have in accordance with the KVKK are the obligations of turist.com. We would like to inform you that we process your personal data with this awareness and to the extent required by the legislation, in case of legal changes, we will update this information on our page in accordance with the new legislation, and you can easily follow the updates on this page at any time.
Pursuant to Article 4 of the KVKK, turist.com has an obligation to keep your personal data accurate and up-to-date. In this context, in order for turist.com to fulfill its obligations arising from the current legislation, our customers are required to share accurate and up-to-date data with turist.com. If your data is changed in any way, we request you to update your data by contacting us through the communication channels listed below.
Our company stores the personal data it processes for the periods determined by the legislation, and in the absence of a separate period specified in the legislation; Personal data is stored for the period that requires processing in accordance with the practices of our Company and the practices of commercial life, depending on the services our company provides while processing that data, and after this period, only for the periods that are necessary in practice in order to constitute evidence in possible legal disputes. After the expiry of the specified periods, the personal data in question are deleted, destroyed or anonymized. (Anonymization of personal data means that personal data cannot be associated with an identified or identifiable natural person under any circumstances, even by matching them with other data.)
5. Rights of Data Owners Arising from the Law
According to Article 11 of the Law, personal data owners;
To learn whether personal data about himself is processed,
If personal data about him/her is processed, requesting information about it,
Learning the purpose of processing personal data and whether they are used in accordance with its purpose,
Knowing the third parties to whom personal data is transferred at home or abroad,
Requesting correction of personal data in case of incomplete or incorrect processing,
Requesting the deletion or destruction of personal data in the event that the reasons requiring processing disappear, although it has been processed in accordance with the provisions of the law and other relevant laws,
Requesting the notification of the transactions made as a result of the correction, deletion and destruction requests to the third parties to whom the personal data has been transferred,
The person has the right to object to the emergence of a result against himself by analyzing the processed data exclusively through automated systems.
Paragraph 2 of Article 28 of the Law regulates that in certain circumstances, the data owner cannot make a claim from the data controller other than the compensation of his losses. According to this,
Personal data processing is necessary for the prevention of crime or for criminal investigation,
Processing of personal data made public by the person concerned,
Personal data processing is necessary for the execution of supervisory or regulation duties and for disciplinary investigation or prosecution by authorized and authorized public institutions and organizations and professional organizations in the nature of public institution, based on the authority given by the law,
Personal data processing is necessary for the protection of the economic and financial interests of the State with regard to budget, tax and financial matters,
In such cases, the above-mentioned rights cannot be used for the relevant data.
6. Transfer of Personal Data
The sharing of personal data of our customers with third parties takes place within the framework of the consent of the customers and as a rule, personal data is not transferred to third parties without the consent of our customers.
However, due to and limited to our legal obligations, personal data is shared with courts and other public institutions. In addition, personal data is transferred to contracted third parties in order to provide the services we undertake and to control the quality of the services provided.
Necessary technical and legal measures are taken to prevent violations of rights during data transfer to third parties. However, turist.com is not responsible for the breaches that occur in the risk area of the third party's responsibility and due to the data protection policies of the third party receiving the personal data.
Your personal data is turist.com's program partner institutions and organizations that we cooperate with in order to carry out our activities, domestic/foreign persons and institutions from which we receive data storage services in the cloud environment, domestic/foreign institutions with which we have an agreement to send commercial electronic messages to our customers, the Interbank Card Center, with which we have a contract. It can be shared with banks and various domestic and foreign agencies, advertising companies and survey companies within the scope of various marketing activities in order to provide you with better service and customer satisfaction, and with other domestic/foreign third parties and our relevant business partners.
Personal data by our company; After the declaration of foreign countries with adequate protection by the Personal Data Protection Board, it will only be transferred to these countries. For countries that are declared not to have sufficient protection; In cases where data controllers in Turkey and in the relevant foreign country undertake in writing to provide adequate protection and the Board has permission, personal data will be transferred.
7. Categories of Personal Data
Customer Information Name, Surname, TR Identity Number, E-Mail Address, Mobile Phone Number, Location Information, Gender, Date of Birth, Ticket PNR Code, Where He Purchased the Service (Browser or Application), Tax Office, If Available, Billing Information, Membership Information, Password and Password Information, IP Addresses, Call Center Call Records, Cookie Records, Targeting Information, Evaluations Showing Habits and Likes, Campaigns Used, Information on Ticket Purchase, Marketing SMS Sent Based on the Permission of Commercial Electronic Message Given by the Relevant Person, E-Mail Messages or Calls Made by the Call Center, Complaints/Requests Regarding the Service Transmitted via the Website, Mobile Application, Social Media or Call Center
Turist.com Contact Information
DEFINITIONS
Company : Refers to Adeka Turizm.
Address : Merkez Mh. 29 October Cd. No:2/410 Bahcelievler / Istanbul
Phone : 0(850) 302 92 13 E-mail : web@adekaturizm.com
Web Site / Site: Represents the website of the Company, www.turist.com.