+905334019871

Home Personal Data Protection

Personal Data Protection

This page explains the core approach of NAVIERA YACHTING TOURISM TRAVEL AGENCY (“FERIBOTBILETIM”) regarding personal data protection and privacy.

1) About the Policy

1.1 Purpose

The purpose of this Personal Data Protection and Privacy Policy (“Policy”), effective as of 7 October 2016, is to define the principles regarding the processing of personal data of FERIBOTBILETIM’s existing and potential customers, business partners, visitors, shareholders, company executives, job applicants, employees of cooperating institutions and authorities, and relevant third parties. The Policy aims to protect fundamental rights and freedoms—especially the right to privacy—ensure lawful processing of personal data, define related rights and obligations, raise awareness among FERIBOTBILETIM employees, comply with Article 20 of the Constitution of Türkiye, the Law No. 6698 on the Protection of Personal Data (“Law”), secondary legislation and other applicable regulations, and implement necessary measures.

1.2 Scope

The provisions and principles in this Policy cover all kinds of information and documents that can be associated with an identified or identifiable natural person, as well as the measures and arrangements taken in relation thereto.

1.3 Responsibilities

The FERIBOTBILETIM Personal Data Protection Committee is responsible for preparing, updating and submitting this Policy for approval by the Board of Directors and/or senior management. Units and employees who use/manage systems where personal data is stored, processed and/or transferred are responsible for implementation, primarily together with the Committee.

2) Definitions

Personal Data
Any information relating to an identified or identifiable natural person. Data relating to legal entities is not protected under the Law.
Special Category Personal Data
Data relating to race, ethnic origin, political opinion, philosophical belief, religion/sect/other beliefs, attire, membership to associations/foundations/trade unions, health, sexual life, criminal convictions and security measures, as well as biometric and genetic data.
Explicit Consent
Consent that is specific, informed and freely given.
Anonymization
Rendering personal data incapable of being associated with an identified or identifiable natural person, including by matching with other data.
Law
Law No. 6698 on the Protection of Personal Data.
Processing of Personal Data
Any operation performed on personal data such as collection, recording, storage, preservation, alteration, re-organization, disclosure, transfer, acquisition, making available, classification or preventing use, by fully or partially automated means or non-automated means provided that it forms part of a data filing system.
Board
Personal Data Protection Board
Authority
Personal Data Protection Authority
Company
NAVIERA YACHTING TOURISM TRAVEL AGENCY
Data Processor
A natural or legal person who processes personal data on behalf of the data controller, based on the authority granted by the controller.
Data Controller
The natural or legal person who determines the purposes and means of processing personal data and is responsible for establishing and managing the data filing system.

3) Principles for Processing Personal Data

3.1 FERIBOTBILETIM’s Processing Principles

  • Confidentiality: Technical and administrative measures are implemented to prevent unauthorized access; periodic audits are performed.
  • Lawfulness: Data is processed within legal boundaries and in accordance with good faith; information and consent are obtained where required.
  • Accuracy & Up-to-date: Data is kept accurate; procedures exist for correction, update or deletion of incorrect/incomplete data.
  • Purpose Limitation & Transparency: Data is processed for explicit, legitimate purposes and not beyond notified purposes.
  • Data Minimization & Proportionality: Only data necessary for the purpose is processed and retained.
  • Storage Limitation: Data is deleted/destroyed/anonymized when the purpose ceases, without prejudice to legal retention periods.
  • Choice & Consent: Data subjects are informed; consent can be withdrawn and request channels are provided.

3.2 Lawful Processing

FERIBOTBILETIM seeks explicit consent to process personal data and special category personal data. Where explicit consent is not available, personal data may be processed if one of the lawful bases stipulated in the Law applies.

3.3 Purposes of Processing

  • Conducting business operations
  • Providing travel services (travel planning, visa applications, insurance and service operations with contracted institutions)
  • Providing accommodation services (reservations and rentals)
  • Improving service standards and offering personalized services
  • Service development through request/complaint handling, surveys and feedback to increase satisfaction
  • Customer services, reporting/audit/analysis and lawful notifications via email/SMS, etc.

3.4 Transfer of Personal Data

Personal data may be transferred, limited to the purpose of transfer and with necessary safeguards, to authorized representatives/agencies, public institutions and organizations, service providers and call center companies, provided that explicit consent is obtained or another lawful basis exists.

4) Our Obligations

4.1 Duty to Inform

  • Identity of the data controller and, if any, its representative
  • Purpose(s) of processing
  • Recipients and purposes of transfers
  • Method of collection and legal basis
  • Rights of the data subject under the Law

4.2 Data Security Obligations

Technical measures are applied to prevent unlawful processing and unauthorized access, and to prevent accidental loss, alteration or destruction, considering current technologies and risks. Administrative measures include limiting employee access to job scope, preventing purpose-exceeding processing and unauthorized disclosure, and informing/training employees.

4.3 Data Controllers Registry

FERIBOTBILETIM is registered / will be registered in the Data Controllers Registry as required by applicable legislation.

4.4 Audits

FERIBOTBILETIM conducts periodic audits to ensure compliance and personal data protection.

4.5 Responding to Data Subject Requests

  • To learn whether personal data is processed
  • To request information if processed
  • To learn the purpose and whether it is used in line with its purpose
  • To know third parties to whom data is transferred
  • To request correction if incomplete/incorrect
  • To request deletion/destruction
  • To request notification of correction/deletion to third parties
  • To object to a result arising against the person from analysis exclusively by automated means
  • To claim compensation for damages due to unlawful processing

Requests are responded to within 30 days. If processing the request requires additional cost, a fee may be charged in accordance with the tariff determined by the Board.

5) Security-Related Data Processing in the Workplace

Data processing activities at workplace entrances and within the workplace are carried out in compliance with applicable legislation. For security purposes, CCTV recordings may be kept and visitor entry/exit logs may be processed. If internet access is provided, log records may be maintained.

6) Personal Data Protection Committee

A “Personal Data Protection Committee” has been established by decision of the Company’s senior management. The Committee is responsible for managing policies/procedures, ensuring compliance, increasing awareness, assessing risks, conducting trainings and evaluating data subject applications.

This page is for informational purposes only. For detailed information, please review KVKK texts, the privacy policy and relevant agreements.