Privacy Notice for Customers(KVKK)

Customer Privacy Notice

(Prepared in accordance with the Turkish Law on the Protection of Personal Data No. 6698)

Introduction

As Visita Istanbul (“Company”, “We” or “Us”), we are committed to ensuring the confidentiality of your personal data and processing it in compliance with the law while delivering our services to you, our valued guests.
This Privacy Notice has been prepared in accordance with Article 10 of the Personal Data Protection Law No. 6698 (“Law”). Within this scope, we would like to inform you about the following topics:

How do we collect your personal data?
Which personal data do we process?
For what purposes and on which legal grounds do we process your data?
With whom and for what purposes can we share your personal data?
What are your rights regarding your personal data and how can you exercise them?

How do we collect your personal data?

At Visita Istanbul, we may collect your personal data through various channels:

When you contact us through our agencies or offices,
When you call our call center and leave your information,
When you visit our website or make a reservation by becoming a member,
When you reach us via WhatsApp,
When you communicate with our customer services or employees via email,

Additionally, if your relationship with us is established through an intermediary agency, we may obtain your personal data through these intermediaries as well.

Which personal data do we process?

Depending on the services we provide, we may process personal data in different categories, such as:

Identity and contact details: Full name, ID number, passport details, email address, phone number, address, etc.
Visual and audio data: Your photo, call center voice records.
Financial data: Records related to services purchased, payment information.
Transaction history: Current or past reservations, hotel/flight/activities purchased, tour preferences, travel information.
Requests and complaints: Records of your demands or complaints regarding our services.
Insurance information: Travel insurance policy details.
Occupation details: Information about your profession.
Other data: Marriage date, children’s information.
Special categories of data: Health-related information if required for travel, reservation changes or cancellations due to health conditions (processed only with your explicit consent).

For what purposes and legal grounds do we process your personal data?

To provide requested services
Based on Article 5/2(c) of the Law (“necessary for the conclusion and performance of a contract”), we process your data to complete your reservations, manage your membership, purchase activities, issue tickets, inform welcoming personnel, and ensure the success of your travel.
To improve service quality
Based on Article 5/2(f) (“legitimate interest”) and Article 5/2(d) (“publicly disclosed by the data subject”), we use your data to improve our products and services, conduct satisfaction analyses, and evaluate public feedback (e.g., via social media).
To resolve your requests and complaints
Based on Article 5/2(f) and 5/2(ç) (“legal obligations”), we evaluate your feedback, resolve problems, and take preventive measures.
To manage financial processes
Based on Article 5/2(c), we process data for invoicing, financial records, and audits.
To carry out internal company operations
Based on Article 5/2(f), we may process data for IT management, employee performance evaluations, or internal audits.
To fulfill legal obligations
Based on Article 5/2(ç) and 5/2(a), we may share your data with authorities (courts, police, regulators) when legally required.
For marketing and promotional activities (with your explicit consent)
With your consent (Article 5/1), we may process your name, surname, phone number, email, gender, marital status, travel preferences, etc. to send you promotional offers, personalized marketing, segmentation, and profiling. You may withdraw your consent at any time.

With whom do we share your personal data?

Business partners and service providers: Hotels, airlines, transportation companies, activity providers, insurance companies, and tour organizers (including abroad).
Suppliers: For website management, IT infrastructure, legal and security services, etc.
Financial institutions: Banks or payment providers for payment transactions.
Authorized public authorities: Courts, tax authorities, insurance regulators, or other institutions when required by law.
Marketing suppliers: For sending commercial messages, we may share your data with communication service providers and upload consent records to the national “Message Management System (İYS)”.
Hosting and server providers: Your data may be stored on servers located in Turkey or abroad.
WhatsApp communications: Your personal data exchanged via WhatsApp may be stored on servers belonging to Meta Platforms Inc. abroad.

What are your rights regarding your personal data?

According to Article 11 of the Law, you have the right to:

Learn whether your personal data is processed,
Request information if processed,
Learn the purposes of processing and whether it is used accordingly,
Learn the third parties to whom your data is transferred at home or abroad,
Request correction if incomplete or inaccurate, and notification of corrections to third parties,
Request deletion or destruction of data if processing reasons no longer exist, and notification of deletion to third parties,
Object to results against you arising from automated analysis,
Claim compensation if you suffer damages due to unlawful processing.

You can exercise your rights by submitting a request to us in accordance with legal requirements. For this purpose, we have prepared a Visita Istanbul Data Subject Application Form, which you can access via www.visitaistanbul.com.
Applications will be answered as soon as possible, and within a maximum of 30 days.
As a rule, requests are free of charge, but in case of additional costs, fees may be charged according to the tariff determined by the Personal Data Protection Board.