Privacy Notice on the Personal Data Protection of Customers

Within the scope of the Fulfilment of the Obligation to Inform of the Data Controller in accordance with the Personal Data Protection Law No. 6698 (“KVKK”) and the European Union 2016/679 General Data Protection Regulation (“GDPR”), we aim to inform you about your personal data processed by Hürkuş Aviation and Trade Inc. (“Company”, “we”) in the capacity of data controller with this Privacy Notice.

1. WHAT ARE YOUR PROCESSED PERSONAL DATA?

  • Identity Information:Name-Surname, Date of Birth, Country of Domicile, Identity Number, Identity, Passport and Visa Information*
  • Advanced Passenger Information (“API”)**:Name-Surname, Naitonality, Date of Birth, Gender, the Type and Number of Travel Documents, the Start and End Dates of their Validity and the Country of Issuance Information
  • Flight Information***:Your Reservation and Ticket Information and Other Information on Your Flight,
  • Contact Information: E-mail address, Phone Number, Address Information
  • Customer Transaction Information: Website usage information, preferences, likes, interests and usage habits, advertising ID (identity identifiers), billing information, request / complaint information, comments, points and evaluation information
  • Transaction Security Information: Data about the device you use, such as device type, model, operating system and version, IP address, user transaction logs
  • Financial Information:Information on payments and payment methods
  • Marketing Information: (Other Information Obtained for Marketing Purposes) Reports and assessments showing the habits and tastes of the person that will be associated with our customers and used for marketing purposes, targeting information, cookie records, information available through data enrichment activities, information and assessments obtained as a result of surveys, satisfaction surveys, campaigns and direct marketing activities with the person
  • Audiovisual Records: If available; Call Center Records
  • Special Categories of Your Personal Data:Information on diseases, disabilities, allergies and special dietary requirements, if any, in order to provide the service you need during your trip, upon your request and with your explicit consent.

You may find more detailed information on the processing of your Identity/Passport/Visa information in the “Privacy Notice on the Personal Data Protection of Customer Identity-Passport-Visa Information”.

API: In case you book your ticket through a travel agency or other airlines, they may send us your name, nationality, date of birth, gender, as well as the type, number, country of issuance and validity date of your travel documents.

Flight Information: In case you book your ticket through a travel agency or other airlines, they may send us your booking or ticket information or other information about your flights, such as your medical condition or food preferences etc.

2. WHAT ARE THE METHOD, PROCESSING PURPOSES AND LEGAL BASIS OF THE COLLECTION OF YOUR PERSONAL DATA?

Your personal data mentioned above are collected by automatic and/or partially automatic methods during the establishment of your relationship with us and during the continuation of the relationship in question, for the purposes and based on the reasons for compliance with the law set out below.

PERSONAL DATA CATEGORY

PURPOSES

LEGAL BASIS

  • Identity Information
  • Advanced Passenger Information (“API”)
  • Flight Information
  • Contact Information
  • Customer Transacton Information
  • Transaction Security Information
  • Financial Information
  • Marketing Information
  • Audiovisual Records
  • Fulfillment of our legal obligations
  • Execution of Contract and Sales processes
  • Execution / Supervision of Business Activities
  • Execution of Business Continuity Ensuring Activities
  • Execution of Communication Activities
  • Execution of Goods / Services After Sales Support Services
  • Execution of Goods / Services Production and Operation Processes
  • Execution of Customer Relationship Management Processes
  • Execution of Activities for Customer Satisfaction
  • Execution of Company / Product / Service Loyalty Processes
  • Conducting Marketing Analysis Studies
  • Execution of Advertising / Campaign / Promotion Processes
  • Receiving and Assessing Suggestions for Improvement of Business Processes
  • Follow-up of Requests / Complaints
  • Providing Information on Processes of Personal Data Processing
  • Providing Information to Authorized Persons, Institutions and Organizations
  • Processing of your personal data is explicitly stipulated by legislation (KVKK m. 5/2-a)
  • Processing is necessary for the performance of a contract (KVKK m. 5/2-c) (GDPR m. 6/1-b)
  • Processing of your personal data is necessary for fulfilling our legal obligations (KVKK m. 5/2-ç) (GDPR m. 6/1-c)
  • Processing is necessary in order to protect the vital interests of the data subject or of another natural person (KVKK m. 5/2-e) (GDPR m. 6/1-d)
  • Legitimate interest of the data controller (KVKK m. 5/2-f) (GDPR m. 6/1-f)
  • Special Categories of Your Personal Data
  • Upon your request and with your explicit consent, we process information about your illness, disability, allergies and special dietary requirements, if any, in order to provide the service you need during your trip.
  • Obtaining explicit consent (KVKK m. 5/1) (GDPR m. 6/1-a)


3. TO WHOM YOUR PERSONAL DATA ARE TRANSFERRED AND WHAT ARE THE PURPOSES OF TRANSFER?

Your personal data can only be transferred to third parties in the following cases, being limited, associated and restrained with the purposes of the processing, in accordance with the provisions of the KVKK and GDPR regarding the transfer of personal data.

RECIPIENTS

PURPOSES

  • Authorized Persons, Institutions or Organizations
  • Suppliers and Business Partners
  • Gözen Holding A.Ş. Group Companies
  • To fulfill our legal obligations, to inform authorized persons, institutions, or organizations within the scope of our legal obligations, to carry out legal processes, and to conduct our business operations in accordance with the legislation.
  • Obtaining support from third parties within the scope of supplying goods or services (For example: software companies, security companies, advertising agencies or transportation service providers from whom we receive technical support), ensuring business continuity, managing our relations with suppliers and business partners, conducting organizations and events (For example: Service providers providing ground handling services at airports, agencies, in case of connecting flights; airline companies that undertake part of your journey, etc.).
  • Some of the services offered by our company are carried out through our affiliates, your personal data may be shared with our relevant group companies in this context. Gözen Holding A.Ş. Group Companies may share your information with Holding Group Companies only when exceptionally necessary for the purpose of execution of administrative affairs, technical and technological activities. You may access the information of our Holding Companies at https://gozenholding.com/.

4. IN CASE YOUR PERSONAL DATA IS TRANSFERRED ABROAD, WHAT ARE THE PURPOSES OF THE TRANSFER?

  • In the case of flights performed abroad/to abroad, your personal data may be transferred to foreign states where the transportation takes place, authorized private institutions and organizations authorized by national and international legislation, and public institutions in accordance with the provisions of KVKK and GDPR regarding the transfer of personal data, limited, relevant, adequate (proportionate) to the purposes of the processing. (For example: Relevant authorities of the country where your travel takes place or whose airspace is used in accordance with national and/or international civil aviation legislation and regulations, and authorized third parties, law enforcement agencies within the scope of investigations, etc.).
  • In accordance with the provisions of the KVKK and GDPR regarding the transfer of personal data, limited, related and adequate (proportionate) to the purposes of the processing; for the purpose of obtaining support within the scope of supplying goods or services (For example: software companies, security companies, advertising agencies, or companies providing transportation services from which we receive technical support, and social media platforms just for the purpose of creating a “Custom Audience” etc.), ensuring business continuity, managing our relations with suppliers and business partners for the purpose of conducting organizations and events (For example: Service providers providing ground handling services at airports, agencies, Global Distribution Systems (GDS), in case of connecting flights; airline companies that undertake part of your journey, etc.) can be transferred to our suppliers and business partners abroad.
  • We may transfer your personal data abroad for data storage and messaging services. Please be informed that your personal data may be transferred abroad since digital services such as cloud application and storage, hosting and messaging systems used by the Company are obtained from service providers located abroad.

5. WHAT DOES IT MEAN TO GIVE EXPLICIT CONSENT FOR COMMERCIAL ELECTRONIC COMMUNICATION?

While purchasing tickets on our website; In line with your consent you have given by clicking the “Sign up for our newsletter and be updated on special offers, great promotions and exciting news!” button in the “Contact Data” section, commercial electronic messages may be sent to you in order to provide information about our services through the communication channel you have selected, to promote our goods and services and to keep you informed about our campaigns. Accordingly, your personal data may be processed in accordance with the Regulation of Electronic Commerce Law No. 6563, and the Regulation on Commercial Communication and Commercial Electronic Messages.

You are in full control of your decision to give consent in this regard. You are not obliged to give any consent and you may withdraw your consent at any time by informing the Company or through The Centralized Commercial Message Management System (“IYS”) - https://iys.org.tr. Unless you confirm the existence of your explicit consent by clicking the abovementioned button, no commercial electronic messages shall be sent to you for the purposes and within the scope mentioned above.

Please be informed that the messages sent for non-marketing and service information purposes are outside the scope of commercial electronic messages pursuant to Article 6 of the Regulation on Commercial Communication and Commercial Electronic Messages and are not subject to the relevant consent. Even if you have not given the relevant consent, electronic messages may be sent to you by our Company for non-marketing purposes and to provide service information.

In accordance with the relevant legislation, your commercial electronic message consents must be recorded in the Centralized Commercial Message Management System (“IYS”) and in this context, contact address (phone number or e-mail address), consent date, communication channel, recipient type and consent source data shall be shared with IYS. For detailed information about IYS, please visit https://iys.org.tr.

6. FOR HOW LONG YOUR PERSONAL DATA IS STORED?

Your personal data is not stored for longer than the required period. In accordance with our company procedure, the storage period of your personal data processed during your relationship with our Company is 10 years. At the end of this period, the data is destroyed.

In addition, our company is committed to ensuring the protection of your personal data. Therefore, technical and organisational measures are taken within the scope of KVKK and GDPR to protect your personal data from unauthorised access, use or disclosure.

7. WHAT ARE YOUR RIGHTS REGARDING YOUR PERSONAL DATA?

In accordance with the Article 11 of the KVKK, you have the following rights regarding your personal data;

  • Right to be Informed:To learn whether personal data is processed, To request information if personal data is processed, To learn the purpose of processing personal data and whether they are used in accordance with their purpose,
  • Right of Access:To know the third parties to whom personal data are transferred domestically or abroad,
  • Right to Rectification:To request correction of personal data in case of incomplete or incorrect processing,
  • Right to Erasure:Request deletion or destruction of personal data,
  • Right to Notification:In case of correction, deletion or destruction of personal data, to request notification of these transactions to third parties to whom personal data are transferred,
  • Right of Objection:To object to the occurrence of a result to the detriment of the person himself/herself by analysing the processed data exclusively through automated systems,
  • Right to Compensation:To demand compensation for damages in case of loss due to unlawful processing of personal data.

In accordance with the Article 3 of the GDPR, you have the following rights regarding your personal data;

  • Right to be Informed:Organisations must tell individuals what data is collected, how it is used, how long it will be stored and whether it will be shared with third parties.
  • Right of Access:Individuals have the right to request a copy of the information an organisation holds on them.
  • Right to Rectification:Individuals have the right to correct inaccurate or incomplete data.
  • Right to Erasure and to be Forgotten:In certain circumstances, individuals can ask organisations to erase personal data stored on them, including on the Internet.
  • Right to Data Portability:Individuals can request organisations to transfer all data held on them to another company.
  • Right to Restriction of Data Processing:Individuals can request that an organisation limit the way it uses their personal data.
  • Right to Object:Individuals have the right to object to certain types of processing, such as direct marketing.
  • Rights relating to automated individual decision-making tools, including profiling:Individuals can ask organisations to provide a copy of their automated processing activities if they believe that data is being processed unlawfully. Organisations should also remind individuals that they are free to exercise their rights and explain how they can do so.

8. HOW TO USE YOUR RIGHTS?

In order to exercise these rights granted to the data subjects under Article 11 of KVKK and Article 3 of the GDPR, certain procedures are set out in the Communiqué on the Procedures and Principles of Application to the Data Controller. To exercise your rights and to get information about your rights;

- You can send your requests to the following address of our company by hand upon identification in person or through a notary public,

  •  Hürkuş Hava Yolu Taşımacılık ve Ticaret A.Ş.  (“Hürkuş Aviation and Trade Inc”), Simetri Ofis - Çobançeşme Mah. Sanayi Cad. No:60 Kat:4-5 34197 Bahçelievler - İstanbul/Türkiye,

- You can apply to our company's [email protected] / [email protected] e-mail address or our company's registered electronic mail (KEP) [email protected] address with your secure electronic signature and mobile signature or your e-mail address previously notified to us by you and confirmed by us in our systems.