Personal Data Protection Disclosure Statement
We would like to inform you about the processing of your personal data obtained through the sale of flight tickets and hotel/accommodation reservation services on the "gidiyorum" website, which is a brand of our company, Huge Tours – Rozi Turizm Ticaret Nakliyat Limited Şirketi, within the scope of the "Personal Data Protection Law."
Our company, as the "Data Controller" within the scope of the Personal Data Protection Law No. 6698 and relevant regulations, processes your personal data within the frameworks outined below and in accordance with the applicable legislation.
With this Disclosure Statement, we fulfill the disclosure obligation stated in Article 10 of the Personal Data Protection Law No. 6698 regarding the processing of personal data obtained.
Our company may update and amend the provisions of this Disclosure Statement based on changes in the purposes related to the processed personal data. Updates and amendments will be effective as of the date they are published on the website.
1.Collection, Processing, and Purposes of Processing Personal Data:
Your personal data may also be processed when you use our call center or website with the intent of utilizing the sales services provided by the "gidiyorum" website, or when you visit or browse these web pages. Your personal data is collected verbally, in writing, or electronically through call centers and the website. Your personal data listed below can be processed for the purposes outlined below:
| Identification Information: | Information contained in documents such as a driver's license, ID card, residence certificate, passport, attorney ID, marriage certificate (e.g., T.R. ID number, passport number, ID card serial number, name-surname, gender, photograph, place of birth, date of birth, age, place of registration, certified copy of the ID card). | ||
| Contact Information: | Information used for the purpose of contacting the individual (e.g., email address, phone number, mobile phone number, address). | ||
| Customer Information: | Information related to customers benefiting from our services (e.g., reservation details, customer number, occupation information, etc.). | ||
| Customer Transaction Information, Location | Information related to any transactions carried out by customers benefiting from our services (e.g., reservations, requests and instructions, region, number of people, transportation requests, check-in and check-out dates for the hotel/facility, city, website membership date, services received, favorites, searching or purchasing flight tickets on the website, including departure location, destination, departure and return dates, number of passengers, flight class, airline company, PNR, price, flight details, payment amount if paid, transaction description, transaction time, transaction number, confirmation number, service sold, invoice number, etc.), location | ||
| Physical Space Security Information: | Personal data related to records and documents obtained during entry to physical premises and while staying within the premises (e.g., entry-exit logs, visitor information, camera recordings, etc.). | ||
| Transaction Security Information: | Personal data processed to ensure the technical, administrative, legal, and commercial security of our company and related parties (e.g., website passwords and passcodes associated with the data subject to link the individual with the transaction and verify their authorization to perform the transaction, website traffic information, connection time, visited pages, etc.) | ||
| Risk Management Information: | Personal data processed to manage the commercial, technical, and administrative risks of our company (e.g., IP address, Mac ID, and similar records). | ||
| Financial Information: | Personal data within the scope of information, documents, and records that show any financial outcome created based on the type of legal relationship with the data subject (e.g., information showing the financial result of transactions made by the data subject, credit card expiration date, credit card security number, payment method, transaction amount in the case of wire transfer/ EFT, transfer date, bank name, payable interest amount and rate, debt balance, receivable balance, tax office in invoice issuance, tax identification number, etc.). | ||
| Marketing Information: | Data to be used in marketing activities by our company (e.g., reports and evaluations showing an individual's habits and preferences collected for marketing purposes, targeting information, cookie records, data enrichment activities). | ||
| Legal Transaction and Compliance | Information: | Personal data processed for the determination and pursuit of legal claims and rights, as well as the fulfillment of debts and legal obligations (e.g., data included in documents such as court and administrative authority decisions). | |
| Audit and Inspection Information: | Personal data processed within the scope of our company's legal obligations and compliance with company policies (e.g., audit and inspection reports, related meeting records, and similar records). | ||
| Request /Complaint Management | Information: | Personal data related to the receipt and evaluation of any requests or complaints directed to our company (e.g., requests and complaints regarding the company, related records and reports). | |
| Visual and Audio Data: | Visual and audio recordings associated with the data subject (e.g., photographs, camera recordings, and audio recordings). |
Your personal data;
• Your personal data may be processed for the following purposes
• To facilitate your travel planning and reservations,
• To issue invoices in return for our services and conduct finance and accounting processes,
• To verify your identity,
• To share information requested by public institutions and organizations in accordance
with relevant legislation,
• To fulfill legal and regulatory requirements,
• To ensure, improve, and conduct internal operations and research,
• To carry out activities related to the services provided through contracted institutions,
• To manage customer satisfaction and complaints,
• To communicate with customers regarding travel benefits and services received,
• To create records for customers and website visitors, conduct information security
processes, and perform archiving and retention activities,
• To carry out contract, service sales, operational, and retention processes,
• To process and store data related to website membership transactions,
• To conduct reporting and audits,
• To enhance services and conduct analyses, customer relationship management, and
reporting for future requests and events, and to carry out campaigns, promotions, and
announcements, tailored marketing activities according to usage purposes and needs,
• To plan and execute market research, determine preferences, and customize service
approaches,
• including but not limited to these purposes, for conducting, developing, and fulfilling
customer requests in relation to travel services. Your data may also be processed and
transferred to information systems in compliance with relevant laws and stored in both
digital and physical environments.
Your personal data may be transferred to relevant institutions without the obligation of disclosure and without seeking your explicit consent, as required by Article 28/1 of the Personal Data Protection Law (PDPL), if requested. In unforeseen situations other than these, your data may be transferred to public institutions specified by law, upon request and within the purposes and limitations set forth by the law.
Your personal data, within the scope of the Law and other relevant legislation;
• TÜRSAB (Association of Turkish Travel Agencies),
• Relevant Ministries, including regulatory and supervisory public institutions and organizations,
• Official authorities and regulatory and supervisory bodies, • General Directorate of Security and other law enforcement agencies,
• Courts,
• Lawyers and auditors,
• Authorized representatives and agents,
• Airline companies, hotels/accommodation facilities,
• Payment institutions, banks,
• E-invoice integrator company and GİB (Revenue Administration) (as per Article 3/b of the
VUK General Communiqué No. 433 regarding the obligation to issue e-archive invoices),
• Service providers and business partners with whom agreements have been made to fulfill
the provided services,
• Business partners conducting analyses, reporting, campaigns, promotions, and
announcements to enhance services and, within this scope, improve and carry out travel
services for the purposes mentioned above,may be shared with our business partners to
ensure the development and execution of travel services
Your personal data is collected in any verbal, written, or electronic environment to fulfill the purposes and services mentioned above within the defined legal framework, and to ensure the complete and proper execution of contractual and legal obligations.
It is processed pursuant to Article 5/2(a) of PDPL due to explicit stipulations in the laws; specifically, it is processed in accordance with Article 4 of Law No. 5651 on the Regulation of Publications on the Internet and Combating Crimes Committed Through These Publications, which outlines the responsibilities of the hosting provider .
It is processed due to the necessity for data processing for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject, as stated in Article 5/2(f) of PDPL
It is processed and stored due to the necessity of processing personal data of the parties to a contract when it is directly related to the establishment or execution of an agreement, as outlined in Article 5/2(c) of PDPL.
Your personal data may be shared by “gidiyorum” with contracted hotels, airline companies, and service providers both domestically and internationally to facilitate your accommodation and/or travel. In cases where the servers of these companies are located abroad, your personal data may be transferred to servers abroad based on your explicit consent.
It is processed and shared due to the necessity for the data controller to fulfill its legal obligations as specified in Article 5/2(ç) of PDPL.
It is stored due to the necessity of data processing for the establishment, exercise, or protection of a right, as mentioned in Article 5/2(e) of PDPL.
It is processed pursuant to Article 230/1, clause 5, and Article 232/1 of the Tax Procedure Law No. 213 regarding the obligation to issue invoices and delivery notes, and shared with the e-invoice integrator company and the Revenue Administration (GİB) based on Article 3/b of the VUK General Communiqué No. 433 regarding the obligation to issue e-archive invoices.
4. Your Rights Regarding the Protection of Personal Data
To exercise their rights regarding personal data, data subjects must first apply to the data controller. In accordance with Article 11 of the Personal Data Protection Law regarding your processed personal data;
Regarding the exercise of the rights stated in Article 11 of the Personal Data Protection Law listed above, you can submit your application containing the minimum information specified in the Communiqué on the Procedures and Principles of Application to the Data Controller, along with documents verifying the identity of the relevant data subject;
In writing to the address Kemeraltı St. 111. Sk. No:3/1 Marmaris/MUĞLA 48700, or by hand delivery or via notary with a wet-signed copy,
You can submit your application in writing via Rem (Registered Electronic Mail) to the address [email protected]. The "Data Subject Application Form" related to the application process is provided in Article 8 of this disclosure statement.
Data subject requests submitted via the method mentioned above are concluded by our
company within a maximum of thirty days. Your application may be accepted, and you
maybe informed regarding your request, or it may be rejected with an explanation of
the reason.Our company reserves the right to request additional information and
document from the applicant, particularly to assess whether the applicant is the relevant
data subject.
6. Personal Data to be Processed with the Explicit Consent of Customers and Purposes of Processing
In cases where the conditions for processing personal data specified in Articles 5/2 and 6/3 of the Law cannot be met, the explicit consent of customers must be obtained for the processing of personal data by the Company.
For purposes such as cross-selling, audience targeting, tracking customer activities to conduct activities that enhance user experience, improving the functioning of the Company's website and personalizing it according to customer needs, direct and indirect marketing, personalized marketing and remarketing activities, conducting personalized segmentation, targeting, analysis, and internal reporting activities, market research, planning and execution of customer satisfaction activities, planning and execution of customer relationship management processes, planning and execution of sales and marketing processes of services, and planning and execution of processes for creating and/or increasing loyalty to the services offered; in this context, customers' personal data may be processed to create campaigns for customers, to receive information about campaigns and promotions, and for advertising/campaign processes with the customer's consent and may be shared with the parties specified in this Disclosure Statement.
To prevent the unlawful processing of your personal data, to prevent unauthorized access to this data, and to ensure the preservation of personal data, the necessary level of security is maintained, and all kinds of technical and administrative measures are taken. Additionally, all technological resources necessary to ensure the required level of security for your personal data are utilized.
In accordance with Article 13, paragraph 1 of the Personal Data Protection Law, data subjects must submit their requests related to the exercise of their rights to our Company using the methods outlined below.
| Application | Method | Adress for Submission of Application | İnfermation to be Included When Submitting the Application | |
| Via REM | [email protected] | The title and content of the request should include “Information Request within the Scope of the Personal Data Protection Law.” | ||
| In-Person Application | (Application by the applicant in person with an identity-verifying document) | Kemeraltı St. 111. Sk. N:3/1 Marmaris/MUĞLA 48700 | The envelope should be labeled with “Information Request within the Scope of the Personal Data Protection Law.” | |
| Nofitication Via Notary | Kemeraltı St. 111. Sk. N:3/1 Marmaris/MUĞLA 48700 | The notification envelope should be labeled with “Information Request within the Scope of the Personal Data Protection Law.” | ||
In the application, the following must be included: name, surname, and signature if the application is in writing; Turkish Republic ID Number for Turkish citizens; nationality, passport number, or identity number for foreigners (if applicable); residential or workplace address for notification; electronic mail address, telephone, and fax number for notification (if applicable); and the subject of the request. Information and documents related to the matter should also be attached to the application.
It is not possible for third parties to make requests on behalf of personal data subjects. For a person other than the personal data subject to make a request, a special power of attorney issued by the personal data subject in favor of the applicant must be provided.
In accordance with Article 11 of PDPL , by applying to our Company;
1. To learn whether your personal data is being processed,
2. To request information if your personal data has been processed,
3. To learn the purpose of processing your personal data and whether it is used in accordance with its purpose,
4. To know the third parties to whom your personal data is transferred domestically or abroad,
5.To request the correction of your personal data if it has been processed incompletely or incorrectly,
6. To request the deletion or destruction of your personal data if the reasons for processing, evaluated within the principles of purpose, duration, and legitimacy, no longer exist,
7. To request that the correction, deletion, or destruction of your personal data be notified to third parties to whom the data has been transferred,
8. To object to a result arising against you if your processed personal data is analyzed exclusively through automated systems,
9. You have the right to demand compensation for damages in case your personal data is processed unlawfully and you suffer harm as a result.
As a personal data subject, in order to exercise your rights mentioned above and make an application that includes explanations regarding the right you wish to exercise, the matter you are requesting should be clear and understandable, the request should be related to you, or if you are acting on behalf of someone else, you must be specifically authorized in this regard and provide documentation of your authorization. The application must include identity and address information and be accompanied by documents verifying your identity.
Applications made within this scope will be concluded within the shortest possible time and no later than 30 days. Such applications are free of charge. However, if the process incurs an additional cost, a fee determined by the Personal Data Protection Board may be charged.
Name Surname :
T.R. Identification Number:
Adress:
Mobile Phone :
E- Mail (providing this will allow us to respond to you quickly ):
APPLİCATİON OWNER REQUEST DETAİLS Please specify your request below in accordance with your rights listed above under the Personal Data Protection Law:
DECLARATİON
As the data controller, I request that my application made to your Company be evaluated in accordance with Article 13 of the Personal Data Protection Law and that I be informed via the electronic mail address specified above.
Date:
Name Surname:
Signature: