Personal Data Protection Clarification Text

ROZİ TURİZM TİC. LTD. STI. We attach importance to the security of your personal data. In this context, we would like to inform you about the "Law on the Protection of Personal Data", which is designed to protect the fundamental rights and freedoms of individuals, especially the privacy of private life, and to protect personal data, and about your personal data to be processed by us within the scope of this law.

ROZİ TURİZM TİC. LTD. STI. (“ROZİ”) has the title of “Data Controller” within the scope of the Personal Data Protection Law No. 6698 (“KVKK”) and related regulations, and your personal data is processed within the scope described below and in accordance with the relevant legislation.

1. Collection, Processing and Processing Purposes of Personal Data

Your personal data may vary depending on the service, product or commercial activity provided by ROZİ; It is collected verbally, in writing or electronically, through automatic or non-automatic methods, offices, branches, dealers, call center, website, social media channels, mobile applications and similar means. As long as you benefit from the services of ROZİ and its brands, your general and special personal data below can be processed by creating and/or updating, including but not limited to the following purposes:

Credential:

Information contained in documents such as driver's license, identity card, residence, passport, attorney's ID, marriage certificate (eg TCKN, passport no., identity card serial no., name-surname, photo, place of birth, date of birth, age, registered in the population). place of residence, copy of proof of identity card)

Communication information:

Information used to contact the person (e.g. e-mail address, telephone number, mobile phone number, address)

Customer information:

Information belonging to customers benefiting from our services (eg reservation information, customer number, profession information, etc.)

Customer Transaction Information:

Information regarding any transaction performed by customers using our services (e.g. reservation, request and instructions, payment information, etc.)

Physical Space Security Information:

Personal data regarding the records and documents taken during the entrance to the physical space, during the stay in the physical space (e.g. entry-exit logs, visit information, camera recordings, etc.)

Transaction Security Information:

Personal data processed in order to ensure the technical, administrative, legal and commercial security of our company and related parties (e.g., information such as website password and password indicating that the person is authorized to match the transaction associated with the personal data owner and that person and to perform that transaction)

Risk Management Information:

Personal data processed in order to manage the commercial, technical and administrative risks of our company (eg IP address, Mac ID, etc. records)

Financial Information:

Personal data within the scope of information, documents and records showing all kinds of financial results created according to the type of legal relationship with the personal data owner (For example: information showing the financial result of the transactions made by the data owner, loan amount, card information, loan payments, interest amount and rate to be paid , debit balance, credit balance, etc.)

Marketing Information:

Data to be used by our company in marketing activities (eg, reports and evaluations showing the habits and tastes of the person collected for marketing purposes, targeting information, cookie records, data enrichment activities)

Legal Action and Compliance Information:

Personal data processed for the purpose of determination and follow-up of legal receivables and rights and fulfillment of debts and legal obligations (for example, data contained in documents such as court and administrative authority decisions)

Audit and Inspection Information:

Personal data processed within the scope of our company's compliance with its legal obligations and company policies (eg audit and inspection reports, relevant interview records and similar records)

Request/Complaint Management Information:

Personal data regarding the receipt and evaluation of all kinds of requests or complaints directed to our company (eg, requests and complaints against the Company, records and reports related to them)

Visual and Audio Data:

Audio-visual recordings (e.g. photographs, camera recordings and audio recordings) associated with the personal data subject

In addition, your personal data may also be processed when you use our call center or website with the intention of using certain ROZİ online services, when you attend trainings, seminars or organizations organized by ROZİ, or if you visit or browse the internet pages.

Your personal data and your personal data of special nature;

  • Making your travel plans, reservations and rentals,
  • Execution of your visa applications in order to present them to the consulates,
  • Carrying out your insurance transactions within the scope of travel,
  • Invoicing for our services,
  • Confirmation of your identity,
  • Sharing information requested by public institutions and organizations in accordance with the relevant legislation,
  • Fulfillment of legal and regulatory requirements,
  • Ensuring, developing and conducting research,
  • Continuing the activities necessary for the recruitment and continuation of the business,
  • To be able to carry out the activities related to the services offered to you with the contracted institutions,
  • Managing customer satisfaction and complaints,
  • To be able to communicate with customers about travel advantages and the service they receive,
  • Carrying out training, organization, announcement and card applications made within the company,
  • Reporting and auditing
  • To be able to develop products and services and to make analyzes, customer relationship management, reporting and use them in subsequent demands and organizations, to make campaigns, promotions and announcements, to carry out marketing activities by customizing them according to usage purposes and needs.
  • It may be processed for the purposes of conducting and developing travel services, fulfilling customer demands and similar purposes , including but not limited to, planning and execution of market research, detection and customization of taste, usage and service understanding . 

In addition, it can be processed within the framework of the Passport Law No. 5682, the Identification Law No. 5115, the Regulation on Package Tour Contracts, the Regulation on the Implementation of the Identification Law, the Law No. 1618 and other legislation. It can be kept under protection both in digital and physical environment. 

2. Transfer of Personal Data

Your personal data, within the scope of the Law and other legislation and for the purposes listed above:

  • TURSAB,
  • Supervisory and regulatory public institutions and organizations, including relevant Ministries,
  • Official authorities and regulatory and supervisory bodies
  • General Directorate of Security and other law enforcement agencies,
  • courts
  • Third parties from whom we receive consultancy services, including lawyers, consultants and auditors,
  • Authorized representatives and agents,
  • insurance companies
  • Airlines, hotels, rental companies,
  • Our contracted service providers and business partners for the performance of the services offered within the scope of ROZİ
  • It can be shared with our business partners and other third parties, with whom we cooperate in the country and abroad, in order to develop products and services, and to ensure that the travel services, including the business partners who make campaigns, promotions and announcements, can be developed and carried out within this scope.

3. Method and Legal Reason for Personal Data Collection

Your personal data is collected in all kinds of verbal, written or electronic media, in order to provide the above-mentioned purposes and services within the determined legal framework, and in this context, for ROZİ to fully and properly fulfill its contractual and legal obligations.

4. Your Rights Regarding the Protection of Personal Data

Pursuant to Article 11 of the Personal Data Protection Law regarding your processed personal data;

  1. Learning whether personal data is processed or not,
  2. If personal data has been processed, requesting information about it,
  3. Learning the purpose of processing personal data and whether they are used in accordance with the purpose,
  4. Knowing the third parties to whom personal data is transferred at home or abroad,
  5. Requesting correction of personal data in case of incomplete or incorrect processing,
  6. Requesting the deletion or destruction of personal data within the framework of the conditions stipulated in Article 7,
  7. Requesting notification of the transactions made pursuant to subparagraphs (5) and (6) to third parties to whom personal data has been transferred,
  8. Objecting to the emergence of a result against the person himself by analyzing the processed data exclusively through automated systems,
  9. It has the right to demand the compensation of the damage in case of loss due to the unlawful processing of personal data.

Requests regarding the exercise of the aforementioned rights can be made in writing to the Company's address @hs01.kep.tr together with the documents that will determine the identity of the relevant data owner , in writing with a wet-signed copy, by hand or through a notary public or other methods specified in the Law . It can be forwarded to …………

If a contractual relationship is established with our company and our customers, the collected personal data can be used without the customer's consent. However, this use takes place in line with the purpose of the contract. The data is used to the extent of better execution of the contract and the requirements of the service and updated when necessary by contacting the customers. On the other hand, the data left to us by our prospective customers (prospective customers) are processed in order to provide them with an easier and higher quality service afterwards. If this data has not turned into a contractual relationship upon request, it will be deleted.

Our company, as the data controller, informs the data owners in line with Article 10 of the Law before obtaining their personal data from the data owners, within the scope of its obligations arising from the Law. If any data processing process carried out by our company does not meet the conditions specified in the Law and detailed above, explicit consent is obtained from the data owners and the related processes are carried out within the framework of the aforementioned express consent.

Within the scope of the law, express consent is defined as “consent related to a certain subject, based on information and expressed with free will”, and accordingly, our Company provides their explicit consent after informing the data owners in accordance with Article 10 of the Law.

Although no period has been determined for the storage of personal data within the scope of the law, it is essential to keep personal data for as long as required by the relevant legislation or for the purpose for which they are processed, in accordance with general principles. Our company makes an evaluation based on the legislation in force regarding each data processing process and the purpose of the process, in order to determine the retention periods in accordance with the said principle. Accordingly, our Company keeps personal data at least for the period required by its legal obligations, and in any case, until the relevant statute of limitations expires. Our company anonymizes, deletes or destroys personal data in accordance with the Law, when the purpose of processing the relevant personal data disappears within the scope of any process, including the expiration of the aforementioned periods. Within the scope of the law, anonymization is defined as “making personal data impossible to associate with an identified or identifiable natural person under any circumstances, even by matching them with other data”. Our Company's anonymization activities are carried out in accordance with the current legislation.

Paragraph 2 of Article 28 of the Law regulates that, in certain circumstances, the data owner cannot make a claim from the data controller other than the compensation of the damages. Accordingly, Personal data processing is necessary for the prevention of crime or for criminal investigation, Processing of personal data made public by the person concerned, Personal data processing is performed by public institutions and organizations that are authorized and authorized by the law, and by professional organizations in the nature of public institutions, inspection or regulation duties. In cases where personal data processing is necessary for the protection of the economic and financial interests of the State with regard to budget, tax and financial matters, the above-mentioned rights cannot be used for the relevant data.

Requests of data subjects transmitted by the above-mentioned method are evaluated and answered by our Company within a maximum of thirty days. Our company reserves the right to request additional information and documents from the applicant, especially in order to evaluate whether the applicant is the relevant data owner.

As a rule, data subject applications are evaluated by our Company free of charge. However, if a fee is determined by the Personal Data Protection Board regarding the request of the data owner, our Company will have the right to demand payment over this fee.

5. Personal Data to be Processed in accordance with the Explicit Consent of Customers and Purposes of Processing

In the following cases where the personal data processing conditions in Articles 5/2 and 6/3 of the Law cannot be met, the express consent of the customers is required for the processing of personal data by the Company .  

In this context, personal data of customers; Creating campaigns for customers, cross-selling, determining the target audience, executing activities to increase the user experience by tracking customer movements, developing the operation of the Company 's website and mobile application and personalizing it according to customer needs, direct and indirect marketing, personalized marketing and Sales and marketing of ROZİ's services , including for the purposes of conducting remarketing activities, performing tailor-made segmentation, targeting, analysis and internal reporting activities, planning and executing market research, customer satisfaction activities, and customer relationship management processes. Within the scope of planning and execution of processes, creating and/or increasing loyalty to the services offered by ROZİ , it can be processed in line with the approval of the Customer within the scope of planning and execution of the processes provided by ROZİ. e It can be shared with the parties specified in the Explicit Consent Text.

6. Data Security

ROZİ prevents your personal data and sensitive personal data from being processed and accessed illegally, provides the necessary level of security for the protection of personal data and takes all kinds of technical and administrative measures. In addition, ROZI uses all the necessary technological means to provide the required level of security.

Within the scope of the law, you can send us all kinds of requests, questions, requests, suggestions and complaints about your personal data by using the contact information below.

7. Transfer of Personal Data of Customers

The personal data of the customers, the business units to carry out the necessary work to benefit the persons concerned from the services offered by ROZİ and the execution of the relevant business processes, the necessary work to be carried out by the relevant business units for the realization of the commercial activities carried out by the Company and the execution of the related business processes, and/or planning and execution of business strategies, providing legal, technical and commercial-occupational safety of ROZİ and related real and legal persons in business relationship with ROZİ , and customizing the services provided by ROZİ according to the tastes, usage habits and needs of the relevant persons. Within the framework of the personal data processing conditions and purposes specified in Articles 8 and 9 of the Law, including the planning and execution of activities necessary for the recommendation and promotion of individuals , the Company's officials, affiliates, business partners, partners, shareholders, legal It can be shared with authorized public institutions and organizations and private institutions.

You can use the contact information below for all your questions, suggestions, complaints and requests.