Izmir Maritime Operations Transportation and Tourism Trade Inc.
Website Privacy Notice
This Privacy Notice has been prepared under the Personal Data Protection Law No. 6698 of Türkiye ("PDP Law") to transparently inform you about the identity of the data controller, the method by which your personal data is collected, the purposes of processing, sharing, retention period, and your rights under Article 11 of the PDP Law.
1 Purpose and Scope of the Privacy Notice
As Izmir Maritime Operations Transportation and Tourism Trade Joint Stock Company, we take measures to protect your personal data under the Personal Data Protection Law No. 6698 of Türkiye. We process your personal data within the scope of the PDP Law and relevant legislation in our capacity as "data controller" for the reasons and by the methods explained below.
This notice has been prepared in accordance with Article 10 of the PDP Law titled "Obligation of the Data Controller to Inform". For more detailed information regarding the processing of your personal data, you may access the Personal Data Protection and Processing Policy available on our website.
2 Data Controller
| Company Title | Izmir Maritime Operations Transportation and Tourism Trade Joint Stock Company |
| Address | Bahçelerarası Mah. Haydar Aliyev Bulvarı No:4 Balçova / İzmir |
Hereinafter referred to as the "Company" within this Privacy Notice.
3 Method of Collection and Legal Basis for Your Personal Data
Your personal data may be collected by automated or non-automated means, through our Company's affiliated units, social media channels, software used to conduct activities within the Company, camera recordings, and similar means, verbally, in writing, or electronically.
Your personal data is processed under the condition of explicit consent within the scope of Article 5(1) of the PDP Law, or based on the following legal grounds specified in Article 5(2):
4 Processed Personal Data and Purposes of Processing
Your personal data is processed securely and in accordance with the PDP Law, in order to fulfill legal obligations or to provide a more accurate service in our Company's business and operations.
| Personal Data Category | Description |
|---|---|
| Identity Data | The data category containing information about the identity of the data subject. E.g.: First Name, Last Name, Turkish Republic ID Number, Passport Number, etc. |
| Contact Data | The data category that can be used to reach the data subject. E.g.: Phone Number, Residential Address, E-mail Address, etc. |
| Transaction Security Data | Refers to data types such as IP address information, website login/logout information, passwords and credentials. E.g.: Security Keys, Username, User ID, Passwords, Log Records, IP Addresses, etc. |
If you purchase an international voyage ticket via bilet.izdeniz.com.tr, the following data is also processed in addition to the information above:
| Personal Data Category | Description |
|---|---|
| Financial Data | The data group containing financial information of the individual. E.g.: Credit Card Number, etc. |
5 Information Regarding Cookies Used on Our Website
Our Company automatically collects data such as the sections visited and the areas clicked during users' navigation on the website. You may access our Company policy regarding these cookies through our website.
6 Purposes of Use of Personal Data Obtained via Our Website
Your personal data collected by our Company is processed for the following purposes in accordance with both the legislation and the basic principles set by the Personal Data Protection Authority:
- Carrying out necessary work to enable real/legal third persons, institutions and organizations associated with the Company to benefit from products and services,
- Verifying the identity information of the person performing transactions on our corporate website,
- Fulfilling existing/potential legal requirements arising from Law No. 5651, the Archive Services Regulation and all relevant laws,
- Carrying out the supervision/regulation duties of authorized public institutions and organizations,
- Fulfilling information and document requests from judicial bodies or administrative authorities,
- Listing, reporting, verification and analysis regarding service usage; producing statistical and scientific information, developing our products/services, increasing satisfaction,
- Market research, promotion and information, evaluation of complaints and suggestions, contacting you directly,
- Carrying out risk management and quality improvement activities,
- Conducting communication activities,
- Carrying out goods/service sales and procurement processes,
- Conducting activities related to customer relationship management and satisfaction,
- Taking necessary technical and administrative measures for systems and applications within the scope of data security.
Pursuant to Articles 5 and 8 of the PDP Law and/or in the presence of exceptions in the relevant legislation, our Company may process personal data and share it with third parties without obtaining the user's separate consent.
7 Sharing of Personal Data
By ensuring all necessary technical and administrative measures are taken to provide an appropriate level of security in accordance with the PDP Law and relevant legislation, your personal data may be shared with the parties listed below:
- With legally authorized public institutions and organizations in line with their requests and limited to the purposes of those requests,
- With our business partners for the performance and continuity of our services,
- With the Ministry of Interior of the Republic of Türkiye and domestic audit firms for the supervision of our activities in accordance with applicable legislation,
- With our domestic suppliers and business partners for the preparation/implementation of strategies,
- With domestic organizations from which we receive or to which we provide services on a contractual basis.
8 Right of Access to Personal Data and Rectification Requests
The user has the following rights with respect to themselves by applying to our Company:
- To learn whether personal data is processed or not,
- To request information if personal data has been processed,
- To learn the purpose of the processing of personal data and whether they are used for their intended purpose,
- To know the third parties to whom personal data is transferred domestically or abroad,
- To request the rectification of personal data if processed incompletely or incorrectly,
- To request the deletion or destruction of personal data within the framework of the conditions stipulated in the relevant legislation,
- To request that the rectification, deletion or destruction operations be communicated to the third parties to whom personal data has been transferred,
- To object to the occurrence of an adverse outcome as a result of analysis by automated systems,
- To request compensation for damages in case of suffering damage due to unlawful processing.
To exercise these rights, in accordance with the "Communiqué on the Procedures and Principles of Application to the Data Controller":
Our Company's reasoned response will be delivered in writing or digitally. As a rule, no fee is charged for the necessary actions regarding requests; however, if the actions require a cost, a fee may be requested based on the tariff determined by the Personal Data Protection Board.
9 Retention and Data Storage Period
Your personal data is processed in compliance with the data processing and statute of limitations periods contained in all relevant laws and other legislation to which our Company and its affiliated centers/units are subject, limited to the purposes specified in this Privacy Notice.
If the legislation does not regulate the retention period of personal data, it is processed for as long as required by the activity carried out by our Company while processing that data. When the period expires, the data is deleted, destroyed or anonymized.
10 Measures Taken by Our Company Regarding Data Security
Our Company undertakes to take the necessary technical and administrative measures to ensure an appropriate level of security, in order to prevent unlawful processing of personal data, prevent unlawful access, and ensure the protection of data under the conditions set forth in the relevant legislation, and to have the necessary audits performed.
In purchases made through the website, the information entered on each page is encrypted with the security network indicated by the small key icon at the bottom of your browser and transmitted to our systems. This prevents the information from being intercepted, read or used by outsiders.
Credit card number, expiration date, card type and CVV2 security number can absolutely not be viewed by Company personnel. Additionally, your credit card information is not stored on Company servers and is transmitted instantly to the relevant banks.