PDPL
Personal Data Protection Information Notice
This information notice has been prepared pursuant to Article 10 of Personal Data Protection Law No. 6698 (“KVKK”) and in accordance with Notification on the Procedures and Principles to Be Followed in Fulfillment of the Obligation to Inform.
As İstanbul Özel Yolcu ve Genel Havacılık Hizmetleri Anonim Şirketi (“Data Controller”), we attach great importance to the security and protection of your personal data. With this awareness, we act with due care to ensure that all personal data collected are processed and stored in compliance with KVKK and its secondary legislation.
As stated under KVKK, being aware that we are responsible in the capacity of “Data Controller” with respect to personal data processed by Data Controller or processed upon the instructions of Data Controller, we process your personal data as explained below and within the limitations permitted by the applicable legislation.
1. Data Controller
Pursuant to KVKK, your personal data may be processed by İstanbul Özel Yolcu ve Genel Havacılık Hizmetleri Anonim Şirketi, as “Data Controller”, within the scope explained below.
2. Collection, Processing and Purposes of Processing of Personal Data
Your personal data shall be collected and processed in the manner set forth in the table below.
|
Data Processing Activity |
Data Subject |
Data Category |
Purpose of Processing |
Method of Collection
|
Legal Basis |
|
Provision of CVIP Terminal Services |
Service Recipient |
Identity Contact Flight and Boarding Pass Information Financial Information |
• Execution of Goods / Services Sales Processes |
Directly from the data subject by electronic or physical means |
KVKK Art. 5/2(c) Processing of personal data of the parties to an agreement is necessary, provided that it is directly related to the establishment or performance of the agreement. |
| Provision of CVIP Terminal Services |
Other – Child of the Service Recipient (Children's personal data processed only in connection with adult guardian's booking. Parental verification available on request.) |
Identity Flight and Boarding Pass Information |
• Execution of Goods / Services Sales Processes • Execution of Agreement Processes • Execution of Goods / Services Production and Operational Processes • Execution / Audit of Business Activities • Execution of Finance and Accounting Processes • Execution of Customer Relationship Management Processes • Execution of Communication Activities • Follow-up of Requests / Complaints • Execution of Storage and Archiving Activities |
Directly from the data subject by electronic or physical means | KVKK Art. 5/2(c) Processing of personal data of the parties to an agreement is necessary, provided that it is directly related to the establishment or performance of the agreement. |
| Retention of log records generated on the relevant websites for the purpose of ensuring transaction security | Visitor | Transaction Security (IP Address Information, Website Login and Logout Information) |
• Execution / Audit of Business Activities Execution of Business Continuity Activities • Execution of Goods / Services Production and Operational Processes • Ensuring Security of Data Controller Operations • Providing Information to Authorized Persons, Institutions and Organizations |
Directly from the data subject by electronic or physical means | KVKK Art. 5/2(a) Processing is explicitly prescribed by law. |
| Execution of Dispute Resolution Processes | Service Recipient | Identity (Name and Surname, Signature) |
• Execution of Audit / Ethics Activities • Ensuring Compliance of Activities with Legislation • Follow-up and Execution of Legal Affairs • Execution of Internal Audit / Investigation / Intelligence Activities • Providing Information to Authorized Persons, Institutions and Organizations |
Directly from the data subject by electronic or physical means | KVKK Art. 5/2(e) Processing of data is mandatory for the establishment, exercise or protection of a right. |
| Execution of Dispute Resolution Processes | Service Recipient | Legal Transaction (Enforcement Information, Litigation Information) |
• Execution of Audit / Ethics Activities • Ensuring Compliance of Activities with Legislation • Follow-up and Execution of Legal Affairs • Execution of Internal Audit / Investigation / Intelligence Activities • Providing Information to Authorized Persons, • Institutions and Organizations |
Directly from the data subject by electronic or physical means | KVKK Art. 5/2(e) Processing of data is mandatory for the establishment, exercise or protection of a right. |
Your personal data collected shall be processed solely within the scope specified above, and in the event that the purpose of processing changes, this shall constitute a new processing activity and you shall be provided with an additional information notice.
Your personal data collected are processed in compliance with the principles of lawfulness and good faith, accuracy and being kept up to date where necessary, processing for specific, explicit and legitimate purposes, being relevant, limited and proportionate to the purposes for which they are processed, and being retained for the period stipulated under the applicable legislation or required for the purposes for which they are processed.
3. Transfer of Personal Data to Third Parties and Purposes of Transfer
Your personal data collected in line with the fulfillment of the purposes set forth under Article 2 above may be transferred, within the scope of our legitimate interests, to our business partners and suppliers from whom we receive services, whether resident domestically or abroad, and, where explicitly prescribed by law and within the scope of fulfillment of our legal obligations, to legally authorized public institutions and legally authorized private persons, in accordance with the data processing conditions set forth under Article 5 of the Law and in compliance with the rules regarding the transfer of personal data specified under Articles 8 and 9 of the Law.
4. Data Subject Rights
As a data subject, if you submit your requests regarding your rights to the Data Controller through the methods specified below, Data Controller shall finalize your request as soon as possible and at the latest within thirty days, free of charge, depending on the nature of the request. However, a fee may be charged if so prescribed by the Personal Data Protection Board.
Pursuant to Article 11 of KVKK, your rights as a data subject are as follows:
1. To learn whether your personal data are processed.
2. To request information if your personal data have been processed.
3. To learn the purpose of processing of your personal data and whether they are used in accordance with such purpose.
4. To know the third parties to whom your personal data are transferred domestically or abroad.
5. To request the correction of your personal data if they are processed incompletely or inaccurately and to request notification of the third parties to whom your personal data have been transferred regarding such correction.
6. To request the deletion or destruction of your personal data if the reasons requiring processing cease to exist, even though they have been processed in compliance with KVKK and other applicable legislation, and to request notification of the third parties to whom your personal data have been transferred regarding such deletion or destruction.
7. To object to the occurrence of a result against you by analyzing your processed data exclusively through automated systems.
8. To request compensation for damages in case you suffer damage due to unlawful processing of your personal data.
Data Controller reserves the right to make amendments to this Information Notice due to any amendments that may be made to KVKK and the methods and decisions to be determined by the Personal Data Protection Board.
Pursuant to paragraph 1 of Article 13 of KVKK, in order to exercise your rights set forth above, you may submit your relevant request to us by using the attached form. The use of the attached form, the address to which the form shall be sent and the information required to be included therein are determined in accordance with KVKK, and the relevant explanations are set out in the form. Although the use of the attached form is not mandatory, we would like to emphasize that requests submitted using the form may be responded to in a shorter time due to organizational reasons.
ANNEX – 1: Application Form
Pursuant to paragraph 1 of Article 13 of KVKK, notifications regarding the rights in question must be made in writing. Within this scope, applications must be submitted to Data Controller by taking a printout of this form and delivering it in person with identity verification, through a notary public, or via a KEP address. If your e-mail address has previously been recorded in our system, you may also contact us via [x].
|
Address for Submission of the Application:
|
Tayakadın Mah. Terminal Cad. Havalimanı Terminal Binası No: 1 İç Kapı No: 760494 Arnavutköy / İSTANBUL |
|
Department to Which the Application Will Be Submitted:
|
Guest Relations Department |
|
Information to Be Indicated Upon Submission of the Application:
|
The envelope in which the application is sent must state “KVKK Data Subject Information Request” |
Your application submitted to us in the manner specified above shall be responded to as soon as possible and in any case within a maximum period of thirty days from the date on which your request reaches us, pursuant to paragraph 2 of Article 13 of KVKK. Our responses shall be delivered to you in writing or electronically, in accordance with the same article of KVKK.
1. Data Subject Information:
Name:
Surname:
Date of Birth:
Turkish ID Number:
Phone Number:
E-mail Address:
Address:
2. Your Relationship with the Data Controller
Please indicate your relationship with the Data Controller.
| ( ) Customer / Prospective Customer |
( ) Supplier / Business Partner |
( ) Employee |
|
( ) Job Applicant |
( ) Other |
3. Your Request
Please specify your request within the scope of KVKK. Unless you state otherwise, the response to be sent to you will be delivered to the e-mail address specified above.
This application form has been prepared in order to enable us to respond to you within the maximum period specified under KVKK and to ensure that your personal data can be identified more accurately and completely. Data Controller may request additional documents in order to identify or verify the identity and authority of the data subject.
By signing this form and submitting it to us, you undertake that the information you have provided within the scope of the form is accurate and up to date, and that you are authorized to submit such information and requests. You also acknowledge that Data Controller shall have no liability arising from incorrect or outdated information stated in the form or from an unauthorized application.
Data Subject
Name and Surname:
Application Date:
Signature: