Защита личных данных

  • Политика конфиденциальности и использования файлов cookie

    PRIVACY AND COOKIE POLICY

    As Biletall, we attach importance to the protection of your data and the privacy of your private life. The purpose of the regulation of this Privacy and Cookie Policy is to inform you about the personal data collected from you during your visit to the www.biletall.com website and mobile application and the cookies we use on our site.

    1. What is Cookie?

    Cookies are small text files, usually consisting of letters and numbers, that are stored by users in browsers and on your device or network server by the website you visit.

    As Biletal, Biletal İç ve Dış Ticaret Anonim Şirketi (“Company” or “Biletal”), we use cookies, pixels and similar technologies to improve the experience of our visitors within the scope of your visit to our Company's www.biletall.com website and sending a contact form to us via this address. In this respect, cookies are used under all regulations, communiqués, and decisions published from time to time by the Personal Data Protection Authority, especially the Turkish Personal Data Protection Law no. 6698.

    As a Company, we always reserve the right to change, edit, add, or remove this Privacy and Cookie Policy. You can always access the Policy on the Protection and Processing of Personal Data and the Clarification Text on the Protection of Personal Data published by our Company at www.biletall.com and the mobile application.

    2. Purpose of Cookies

    We use the data we collect from users visiting our website through cookies for the following purposes:

    • To improve the services offered to us by increasing the functionality of the website,

    • To improve the existing website and to offer new features on the site and to personalize the offered features according to your preferences,

    • To ensure the legal and commercial security of the website, you and our Company,

    • To integrate and analyze the different servers on which the website is running, to increase the performance on the website, to determine the number of visitors to the website and to make performance settings accordingly or to make it easier for visitors to find what they are looking for,

    • To increase functionality and provide ease of use, to share with third party social media channels on the website,

    • Displaying advertisements related to the interests of the visitors on the pages that visitors view by performing personalization, targeting, and advertising activities.

    3. Personal Data Collection Method and Legal Reason

    In the contact and membership forms filled out to contact our Company or become a member on our site, our users may need to enter their identity, contact information (name, address, phone number, e-mail address, etc.), and personal information.

    Our users can delete their records from our system if they wish. Our website also has links to other websites. Our website, www.biletall.com, is not responsible for the privacy policies and contents of other sites.

    Your data collected by our Company through cookies during your visit to our website may be processed under articles 5 and 6 of the law.

    4. Transfer of Personal Data

    Within the scope of this Cookie and Privacy Policy, we may transfer your data to our domestic or foreign business partners, suppliers, group companies, authorized public institutions and organizations, and other private persons, limited to the following purposes and under the relevant legislation:

    • Our business partners: Shares made to announce services that may be of interest to our users who visit our site.

    • Our Suppliers: Shares made with the suppliers we work in connection with our business activities within the scope of improving customer satisfaction with the services, sending e-mails, data analysis, and similar transactions.

    • Authorized public institutions and organizations: Shares made with law enforcement, government or public institutions, regulatory authorities and/or others who have the appropriate legal authority or justification to obtain your information to protect the rights, interests, privacy or security of our company, you or other third parties, and to respond to requests if permitted or required by law or legal process.

    • Group companies: Shares made with Group Companies within the scope of the purposes included in this Privacy and Cookie Policy.

    • Third parties: Shares made with third parties benefiting from our company's services.

    5. Cookies Used on Our Site

    Cookies can be used to perform the basic functions required for the operation of the website, to analyze the website and to increase its performance, to increase the functionality of the website and to provide ease of use, and to perform personalization targeting and advertising activities.

    • Essential Cookies

    Cookies that must be at least for a targeted function to work are called essential cookies. These are used for security purposes to ensure that our website works correctly. These types of cookies are necessary for site performance and are not subject to the consent of our visitors.

    • Performance and Analysis Cookies

    We improve the services we offer to our customers by performing performance analysis in the use of our site. Performance and analysis cookies are used to determine the pages our visitors view the most on our site, and whether our site is functioning properly.

    • Functionality Cookies

    By reminding the preferences and choices made by our visitors on our site, the services on the site are personalized. The function of font size and language options of the texts used on the site is provided by functionality cookies.

    • Advertising Cookies

    Advertising cookies are used to promote services on our site. These include advertising cookies that are carried out to track the clicks on the advertisements on our pages, and whether the services on the websites are directed by the advertisements that interest you are used.

    • Social Media Cookies

    Social media cookies are used on our website to use social media accounts to connect, log in, and use your social media accounts in other communication forms. The use of social media platform account information to create personalized advertising content for visitors is within this scope.

    The following cookies are used on our website:

    Cookie Name

    Purpose of Usage

    Duration of Use

    Google Analytics

    Cookies are used by the website to analyze how the website is used by visitors. Information about your use of this website (including your IP address) is transferred to Google and stored on servers located in the United States. Google will use this information to evaluate your use of the website, to compile website activity for the Company, and to provide other services related to website activity and internet usage, but will not match your IP address with other data stored by Google. To learn more about using Google Analytics, including opt-out options, you can visit http://www.google.co.uk/intl/en/analytics/privacyoverview.html.

    Persistent Cookies

    Session Cookies

    Google Ads

    Google Ads uses cookies to remember your safe search preferences, show ads relevant to you, determine how many visitors a website is visited, help you register with your services, protect your data, or remember your ad settings. This helps the website remember information about your visit (for example, the language you preferred and other settings). Information about your use of this website (including your IP address) is transferred to Google and stored by Google on servers located in the United States. Google will use this information to evaluate your use of the website, to compile the website activity for the Company, and to provide other services related to website activity and internet usage, but will not match your IP address with other data stored by Google. To learn more about Google Ads cookie usage, including the opt-out option, you can visit https://policies.google.com/privacy?hl=tr

    Persistent Cookies

    Session Cookies

    Facebook

    Facebook uses cookies, if you have a Facebook account, use Facebook products, including sites and apps, or visit sites or apps that use Facebook Products (including the Like button and other Facebook Technologies). Cookies enable Facebook to deliver Facebook products to you and understand the information it receives about you, including your use of other websites and apps, regardless of whether you are registered or logged in. It uses cookies for identity control, security and site integrity, ads, recommendations, measurement, analysis, and reporting.

    Besides, your e-mail address from your data is shared with these platforms to present advertisements that may be of interest to you on social media platforms and to create a special target audience. Your e-mail address is transmitted through the secure channels and environments offered by these platforms. Social media platforms use your e-mail address only for matching by hashing it. Your e-mail address is not shared with third parties or other advertisers and is deleted from the systems of social media platforms as soon as possible after the matching process is completed. (b) For example; Facebook (a) maintains the security and integrity of your data as long as it resides in Facebook systems and (b) ensure the privacy and security of your hash-encrypted e-mail address which makes up your specific target audience (‘’your specific target audience’’) and Facebook User ID collection by including technical and physical security measures developed to protect against accidental or unauthorized access to your data in Facebook systems and accidental or unauthorized use, modification or disclosure of your data. Besides, without your consent or unless required by law, Facebook will not provide access or information to third parties or other advertisers for your specific target audience, do not add your custom audience information to information about our users, or create interest-based profiles, or use your specific audience other than to serve you.

    You can visit the following links;

    For Facebook-specific target audience conditions; https://www.facebook.com/ads/manage/customaudiences/tos.php?_=_

    And for Facebook Privacy Policy; https://www.facebook.com/privacy/explanation

    Persistent Cookies

    Session Cookies


    Information about the cookies on our website takes place in the table below:

    Service Provider

    Cookie Name

    Purpose of Usage

    Duration of Use

    biletall-cdn.mncdn.com

    GA1.3.841060618.1577718601

    This cookie is a Google Analytics persistent cookie used to distinguish unique users.

    2 Years

    biletall.com

    _gat_gtag_UA_6216713_2

    This cookie is used to reduce the request rate. These are third-party cookies placed on your device to allow us to use the Google Analytics service. These cookies are used to collect information about how visitors use our website. This information is used to help compile reports and improve the website.

    During the Session

    biletall.com

    revotas_web_push_user

    Revotas is used for target tracking.

    3 Years

    biletall.com

    _gcl_aw

    Google Analytics is used for conversion count.

    1 Month

    biletall.com

    _ga

    This cookie is a Google Analytics persistent cookie used to distinguish unique users.

    2 Years

    biletall.com

    revotas_web_push

    Revotas is used for target tracking.

    3 Years

    biletall.com

    cto_bundle

    Revotas is used for target tracking.

    1 Year

    biletall.com

    rvts_popup_inf

    Revotas is used for target tracking.

    10 Days

    biletall.com

    _gid

    Google Analytics

    1 Day

    biletall.com

    _gcl_au

    Google Analytics is used for conversion count.

    1 Week

    biletall.com

    rvts_user_browse_time

    Revotas is used for target tracking.

    10 Days

    biletall.com

    SL_C_23361dd035530_VID

    Hopi unique sales number

    1 Year

    biletall.com

    SL_C_23361dd035530_KEY

    Hopi unique identification number

    1 Year

    biletall.com

    _gac_UA-6216713-2

    Hopi usage analytics

    40 Days

    biletall.com

    _fbp

    Facebook Analytics

    4 Months

    doubleclick.net

    RUL

    Facebook Analytics

    13 Months

    doubleclick.net

    IDE

    Facebook Analytics

    2 Years

    facebook.com

    xs

    Facebook Analytics

    2 Years

    facebook.com

    c_user

    Facebook Analytics

    2 Years

    facebook.com

    sb

    Facebook Analytics

    2 Years

    facebook.com

    datr

    Facebook Analytics

    2 Years

    facebook.com

    fr

    Facebook Analytics

    4 Months

    google.com

    __Secure-3PSID

    It creates a profile of website visitor interests to show relevant and personalized ads through retargeting.

    2 Years

    google.com

    SID

    It is a security cookie used to verify the visitor's authenticity, prevent fraudulent use of login data, and protect visitor data from unauthorized access.

    2 Years

    google.com

    SIDCC

    It is a security cookie used to verify the visitor's authenticity, prevent fraudulent use of login data, and protect visitor data from unauthorized access.

    1 Year

    google.com

    1P_JAR

    Based on recent searches and previous interactions, specific ads are displayed on Google sites.

    1 Month

    google.com

    APISID

    Based on recent searches and previous interactions, specific ads are displayed on Google sites.

    2 Years

    google.com

    NID

    It is used to store visitors' preferences and personalized ads on Google websites based on recent searches and interactions.

    7 Months

    google.com

    __Secure-3PSIDCC

    It is required to use website options and services.

    1 Year

    google.com

    __Secure-3PAPISID

    These cookies are used to deliver advertisements that are more relevant to you and your interests.

    2 Years

    google.com

    ANID

    It is used by Google to make ads more attractive to users and more valuable to publishers and advertisers.

    2 Years

    google.com

    SAPISID

    Google collects visitor information for videos hosted by YouTube.

    2 Years

    google.com

    SSID

    Google collects visitor information for YouTube-hosted videos on maps integrated with Google Maps.

    2 Years

    google.com

    SEARCH_SAMESITE

    SameSite prevents the browser from sending this cookie with cross-site requests. The main goal is to reduce the risk of cross-source information leakage. It also provides some protection against cross-site request forgery attacks.

    6 Months

    google.com

    CONSENT

    It stores the preferences of the visitors and personalizes the ads.

    18 Years

    google.com

    OGPC

    It is used for Google advertising optimizations..

    1 Month

    google.com

    HSID

    It is a security cookie to verify the authenticity of the visitor, prevent fraudulent use of login data and protect user data from unauthorized access.

    2 Years

    google.com.tr

    SID

    It is a security cookie to verify the visitor's authenticity, to prevent fraudulent use of login data, and to protect visitor data from unauthorized access.

    2 Years

    google.com.tr

    SAPISID

    Google collects visitor information for videos hosted by YouTube.

    2 Years

    google.com.tr

    APISID

    These are personalized Google ads on websites based on recent searches and interactions.

    2 Years

    google.com.tr

    SSID

    Google collects visitor information for videos hosted by YouTube on maps integrated with Google Maps.

    2 Years

    google.com.tr

    CONSENT

    It stores the preferences of the visitors and personalizes the ads.

    18 Years

    google.com.tr

    HSID

    It is a security cookie to verify the authenticity of the visitor, prevent fraudulent use of login data and protect user data from unauthorized access.

    2 Years

    google.com.tr

    __Secure-3PAPISID

    It creates a profile of website visitors’ interests to show relevant and personalized ads through retargeting.

    2 Years

    google.com.tr

    NID

    It stores visitors' preferences and personalizes ads on Google websites based on recent searches and interactions.

    2 Months

    google.com.tr

    __Secure-3PSID

    It creates a profile of website visitors’ interests to show relevant and personalized ads through retargeting.

    2 Years

    google.com.tr

    SEARCH_SAMESITE

    SameSite prevents the browser from sending this cookie with cross-site requests. The main goal is to reduce the risk of cross-source information leakage. It also provides some protection against cross-site request forgery attacks.

    1 Month

    googleadservices.com

    __gads

    It is used for Google ad service analytics services.

    2 Years

    mncdn.com

    _ga

    This cookie is a Google Analytics persistent cookie used to distinguish unique users.

    2 Years

    accounts.google.com

    __Host-GAPS

    Google session service

    2 Years

    accounts.google.com

    user_id

    Google session service

    During the Session

    accounts.google.com

    LSID

    Google session service

    2 Years

    accounts.google.com

    LSOLH

    Google session service

    1 Year

    accounts.google.com

    ACCOUNT_CHOOSER

    Google session service

    2 Years

    accounts.google.com

    SMSV

    Google session service

    9 Years

    accounts.google.com

    __Host-3PLSID

    Google session service

    2 Years

    biletall.com

    BiletallUye

    It helps to keep the login information of the user encrypted when the 'remember me' button is checked,

    2 Years

    biletall.com

    UyeOneTap

    If the member is logged in, the Google session assistant keeps information so that it does not disturb the user.

    1 Year

    biletall-cdn.mncdn.com

    ASP.NET_SessionId

    User Session Code

    During the Session

    biletall.com

    g_state

    User Session Code

    6 Months

    biletall.com

    __RequestVerificationToken

    User Session Code

    During the Session

    biletall.com

    .AspNet.ApplicationCookie

    User Session Code

    During the Session

    biletall.com

    ASP.NET_SessionId

    User Session Code

    During the Session

    biletall.com

    adid

    CRM user tracking code

    18 Months

    google.com

    UULE

    Google session service

    12 Hours

    google.com

    OTZ

    Google session service

    1 Month

    6. Use and Control of Cookies

    You have the right to customize your preferences by changing the browser settings you view on our website. If the browser you are using offers this opportunity, it is possible to change the preferences for cookies through your browser settings. Thus, although it may differ according to the possibilities offered by the browser, data subjects have the opportunity to prevent the use of cookies, to choose to receive a warning before the cookie is used or to deactivate or delete only some cookies. Preferences on this subject vary depending on the browser you use, and you can reach the general explanation at https://www.aboutcookies.org/. Your preferences for cookies may need to be made separately for each device from which you access our website.

    Click to turn off the cookies managed by Google Analytics.

    • Click to manage the personalized advertising experience provided by Google.

    • In terms of cookies used by many companies for advertising activities, preferences can be managed through Your Online Choices.

    • To manage Cookies on mobile devices, the settings menu of the mobile device can be used.

    Our users can delete their records from our system depending on their wishes. Our website also has links to other websites. Our website, www.biletall.com, is not responsible for the privacy policies and contents of other sites.

    7. Your Rights as a Data Subject

    As a personal data subject, we declare that you have the following rights under Article 11 of the Law:

    • Learning whether your data is being processed,

    • Requesting information if your data has been processed,

    • Learning the purpose of processing your data and whether they are used under their purpose,

    • To know the third parties in the country or abroad to whom your data has been transferred,

    • To request correction of your data in case of incomplete or incorrect processing and to request notification of the transaction made within this scope to third parties to whom your data has been transferred,

    • To request the deletion or destruction of personal data if the reasons requiring its processing disappear, although it has been processed under the Law and other relevant provisions of the law, and to request notification of the transaction made within this scope to third parties to whom your data has been transferred,

    • To object to any unfavorable outcome by analyzing the processed data exclusively through automated systems,

    • Request compensation in case you suffer damage due to unlawful processing of your data.

    You can submit your applications regarding your rights listed above to our Company by filling out the Data Subject Application Form on our website. Depending on the content of your request, your applications will be concluded free of charge as soon as possible and within thirty days at the latest; however, if the transaction requires an additional cost, you may be charged according to the tariff determined by the Personal Data Protection Board.

  • Политика защиты и обработки персональных данных

    BİLETAL İÇ VE DIŞ TİCARET ANONİM ŞİRKETİ

    POLICY ON THE PROTECTION AND

    PROCESSING OF PERSONAL DATA

    I. INTRODUCTION

    1.1. Purpose of the Policy

    The purpose of this Policy is to process personal data obtained by Biletal İç ve Dış Anonim Şirketi ("Company" or "Biletal"), in accordance with Article 20 of the Constitution titled "Right of Privacy" and the Law on the Protection of Personal Data ("Law") numbered 6698 and the provisions of the regulations and communiqués in force, to protect the fundamental rights and freedoms of the data owners (employees, employee candidates, customers, potential customers, suppliers, shareholders/partners, company officials, visitors, business partners and other third parties), especially the right of privacy, and the data controller who processes the personal data to perform the data processing activity in accordance with the law, to determine the principles for protection, storage and destruction when necessary.

      1. Scope of the Policy

    The scope of this policy is to establish the procedures and principles of the data processing activity carried out by the Company, since all kinds of transactions such as obtaining, recording, storing, preserving, modifying, rearranging, disclosing, transferring, taking over, making available, classifying or preventing the use of the information as personal data by the Company as a data controller, fully or partially automated or non-automated provided that it is part of any data recording system are considered as data processing activities.

      1. Implementation of the Policy and Relevant Legislation

    This Policy, has been prepared in accordance with the relevant legislation in force and the rules shown in the regulations, communiqués, decisions and guides published by the Board, especially Law No. 6698. In case of a change in the Law or other relevant legislation after the date of publication of the Policy by the Company, and the Policy becomes incompatible with the respective alteration, the amended provisions and rules will apply. All communiqués, decisions and guidelines published by the Board are followed by our Company, and the rules stipulated by the Policy are kept up to date.

      1. Policy Enforcement

    The policy has been published both on the company's website www.biletall.com and mobile application, and entered into force on the date of its publication.

    II. ISSUES ON THE PROTECTION OF PERSONAL DATA

    2.1. Ensuring the Security of Personal Data

    According to Article 12 of Law No. 6698, a data controller is obliged to take all necessary administrative and technical measures

    • To prevent unlawful processing of personal data,

    • To prevent unlawful access to personal data,

    • To ensure the protection of personal data

    and overall, in order to ensure the appropriate level of security.

    For the instances explained, the Company implements security measures to prevent unlawful processing, transfer and disclosure of personal data to third parties, unauthorized access, and other security deficiencies. Explanations regarding the administrative and technical measures taken are included in the VI. ADMINISTRATIVE AND TECHNICAL MEASURES TAKEN FOR THE PROTECTION OF PERSONAL DATA.

    2.2. Protection of Sensitive Personal Data

    Data that is sensitive due to its nature and that may cause aggrievement or discrimination of data subjects if they fall into the hands of third parties are accepted as sensitive personal data within the scope of the Law. Sensitive personal data consist of the person's race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, appearance, association, foundation or union membership, health, sexual life, criminal conviction, security measures , and biometric and genetic data. Sensitive personal data cannot be processed without the explicit consent of the data owner.

    All necessary measures are taken by the company to protect sensitive personal data, and it is essential that such data is not obtained and processed as much as possible.

    III. ISSUES REGARDING THE PROCESSING OF PERSONAL DATA

    3.1. Processing of Personal Data in Compliance with the Principles Prescribed in Legislation

    The principles to be applied in the processing of personal data in accordance with Article 4 of the Law are as follows:

    • Compliance with the law and good faith,

    • Being accurate and up-to-date when necessary,

    • Processing for specific, explicit and legitimate purposes,

    • Being relevant, limited and measured for the purpose of processing,

    • Being kept for the period stipulated in the relevant legislation or required for the purpose of processing.

    3.2. Conditions of Processing Personal Data

    Personal data obtained by the company cannot be processed without the explicit consent of the person concerned, except for the exceptions stipulated in the Law. Your personal data may be processed without your explicit consent in case of the following circumstances:

    • In the event that it is clearly stipulated in the laws,

    • In the event that the person who is unable to disclose his consent due to the actual impossibility or whose consent is not legally valid is compulsory for the protection of himself or another person's life or physical integrity.

    • In the event that it is necessary to process personal data belonging to the parties of the contract, provided that it is directly related to the establishment or performance of a contract.

    • In the event that it is necessary for the data controller to fulfill his legal obligation,

    • In the event that the person concerned has been made public by himself,

    • In the event that data processing is mandatory for the establishment, use or protection of a right,

    • In the event that data processing is necessary for the legitimate interests of the data controller, provided that the fundamental rights and freedoms of the data subject are not damaged.

    3.3. Exceptions to the Obligation of Obtaining Explicit Consent

    1. Being clearly stipulated in the laws

    One of the data processing conditions is that it is clearly stipulated in the laws. Provisions in the laws regarding the processing of personal data can create a data processing requirement. In such a case, obtaining the explicit consent of the concerned person is not required.

    1. Actual impossibility

    In cases where it is necessary to protect the life or physical integrity of the person who is unable to disclose his consent due to the actual impossibility or whose consent is not legally valid, personal data of the relevant person can be processed without his explicit consent.

    1. Being directly related to the establishment or execution of the contract

    In the establishment of a contract to which the data owner is a party or if data processing is required during the execution of the contract, the processing of personal data without explicit consent may be brought into question.

    1. The company’s fullfilling its legal obligation

    Personal data can be processed without explicit consent in order to fulfill the legal obligations that our Company has to do as a data controller.

    1. Being made public by the person concerned

    Personal data made public by the data owner; in other words, personal data disclosed to the public in any way can be processed without explicit consent. Even in such case, personal data, which is made public, cannot be misused.

    1. Being mandatory for the establishment, use and protection of a right

    In cases where it is necessary for the establishment, use or protection of a right, it is possible to process the personal data of the concerned person without explicit consent.

    1. Being mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedom of the person concerned.

    If the processing of personal data is required by the data controller and the data processing activity will not harm the fundamental rights and freedom of the person concerned, personal data may be processed without explicit consent.

    The legitimate interest of the data controller is directed towards the benefit to be obtained as a result of the processing. The benefit to be obtained by the data controller should be about a legitimate, effective, specific and already existing interest that can compete with the fundamental rights and freedoms of the person concerned. It should be a procedure related to the current activities carried out by the data controller and will benefit him in the near future.

    3.4. Processing Sensitive Personal Data

    The processing of sensitive personal data is subject to Article 6 of the Law and is prohibited without the explicit consent of the person concerned.

    Individuals' race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, appearance, association, foundation or union membership, health, sexual life, criminal conviction and security measures, and biometric and genetic data are considered sensitive personal data. The data included in this scope are limited and cannot be expanded through interpretation.

    Due to its nature, sensitive personal data can cause discrimination and victimization of the person concerned if collected. For this reason, it needs to be protected much more tightly than other personal data.

    1. Sensitive personal data other than health and sexual life

    Sensitive personal data, other than personal data on health and sexual life, can be processed without the explicit consent of the person concerned in cases where it is stipulated by the law.

    1. Sensitive personal regarding health and sexual life

    Sensitive personal data regarding health and sexual life can only be processed by persons or authorized institutions and organizations under the obligation of secrecy for the purpose of protecting public health, conducting preventive medicine, medical diagnosis, treatment and care services, planning and managing health services, and financing.

    3.5. Clarifying and Informing Personal Data Owner

    During the acquisition of personal data, the data owners are informed by the data controller or authorized persons. The rules and procedures regarding the information provided are specified in the Information Texts on the Protection of Personal Data published by the Company, and the information briefly includes the following elements:

    • The identity of the data controller and, if any, its representative

    • The purpose for which the personal data will be processed,

    • To whom and for what purpose the personal data can be transferred,

    • The method and legal reason for collecting the personal data,

    • rights of the person concerned as shown in Article 11 of the Law.

    1. Identity of the data controller and representative

    According to Article 10 of the Law, personal data obtained from data owners (customers, business partners, suppliers, shareholders, company officials, visitors and other third parties) are processed by Biletal İç ve Dış Ticaret Anonim Şirketi in the capacity of data controller, and you can contact the relevant unit through kvk@biletall.com.tr e-mail address or www.biletall.com.

    1. Purposes of processing personal data

    The processing of personal data is carried out for specific, explicit and legitimate purposes and is based on informing the data owners. The purposes for which your data is processed are included in the V. CATEGORIZATION AND PROCESSING PURPOSES OF PERSONAL DATA PROCESSED BY OUR COMPANY.

    1. Persons to whom personal data are transferred and the purposes for transferring them

    Within the framework of the data controller's obligation to inform the data subject, the persons to whom personal data are transferred and the purposes for transfer must be clearly stated. Personal data cannot be transferred to third parties without the explicit consent of the data owner. The recipient groups to which personal data are transferred by our company and the purposes for transferring them are shown in the section on IV.TRANSFER OF PERSONAL DATA.

    1. The method and legal reason for collecting personal data

    In accordance with Article 5 and 6 of the Law, the data controller must clearly indicate which of the personal data processing conditions the data is processed on. Data collection method and mediation are determined by the data controller. The processing conditions of personal data, that is, the cases of compliance with the law, are listed in a limited number in the Law (c.5-6), and these conditions cannot be expanded.

    The data controller Company primarily assesses whether the purpose of the personal data processing activity is based on one of the processing conditions other than explicit consent, and if this purpose does not meet at least one of the conditions other than explicit consent, the explicit consent of the person is taken for the continuation of the data processing activity.

    IV. TRANSFER OF PERSONAL DATA

    4.1. Domestic Transfer

    Personal data cannot be transferred without the explicit consent of the person concerned. But:

    • In the second paragraph of Article 5,

    • In the third paragraph of Article 6, provided that adequate measures are taken,

    if one of the specified conditions is met, it can be transferred without the explicit consent of the person concerned.

    Accordingly, its being clearly stipulated in the laws (1), its being mandatory for the protection of the life or body integrity of the person or someone else who is unable to disclose his consent due to the actual impossibility or whose consent is not legally valid (2), its being necessary to process personal data belonging to the parties of the contract, provided that it is directly related to the establishment or execution of a contract. (3), its being mandatory for the data controller to fulfill his legal obligation (4), the data subject`s being made public himself (5), data processing`s being mandatory for the establishment, use or protection of a right (6), provided that it does not harm the fundamental rights and freedom of the data subject; if data processing is mandatory for the legitimate interests of the data controller, the personal data of the relevant person may be transferred to third parties without their explicit consent.

    At the same time, personal data other than health and sexual life from the sensitive personal data of the relevant persons, in cases stipulated by the law; personal data on health and sexual life, on the other hand, only for the purposes of protecting public health, preventive medicine, medical diagnosis, treatment, execution of care services, planning and management of health services and financing, can be transferred to third parties by persons under the obligation of confidentiality or authorized institutions and organizations, without needing the explicit consent of the person concerned.

    Information on the recipient groups to which your personal data processed by the Company is transferred, are included in the Annex 4 - Third Persons to whom Personal Data is Transferred and Transferring Purposes of this Policy.

    4.2. International Transfer

    Personal data cannot be transferred abroad without the explicit consent of the person concerned. However, the existence of one of the conditions specified in the second paragraph of Article 5 and the third paragraph of Article 6 of the Law and in the foreign country where personal data will be transferred, transfers to abroad can be performed without seeking the explicit consent of the person concerned provided that

    • There is adequate protection,

    • In the absence of adequate protection, data controllers in Turkey and in the foreign country concerned must commit to an adequate protection in writing and must have the Board's consent.

    V. CATEGORIZATION AND PROCESSING PURPOSES OF PERSONAL DATA PROCESSED BY OUR COMPANY

    The data categorization obtained by the data owners in our Company and the purposes observed in the processing of personal data are shown in the relevant parts of the clarification texts on our website for each relevant person category.

    VI. ADMINISTRATIVE AND TECHNICAL MEASURES FOR THE PROTECTION OF PERSONAL DATA

    Administrative and technical measures are taken by the Company in order to keep personal data securely and to prevent unlawful processing and access to personal data.

    In order to ensure personal data security, all personal data processed by the Company and the probability of realization of the risks that may arise regarding the protection of these data are determined; when determining these risks, it is taken into account whether the personal data is private data (1), the degree of confidentiality required by its nature (2), the nature and quantity of the damage that may occur for the person concerned in the event of a security violation (3).

    After the identification and prioritization of these risks, control and solution alternatives for reducing or eliminating these risks should be evaluated in line with the principles of cost, applicability and usefulness, and the necessary technical and administrative measures should be planned and implemented.

    6.1. Administrative Measures

    Even if employees have limited information, it is of great importance for the employees to make the first response to attacks that may harm personal data security and cyber security in terms of ensuring personal data security. For this reason, awareness and information activities are carried out in our internal organization.

    Providing necessary training for employees on issues such as not disclosing and sharing personal data illegally, conducting awareness studies for employees and creating an environment where security risks can be identified; ensures that the roles and responsibilities regarding personal data security in their job descriptions of people who work with the data controller, regardless of the position they work in, are determined, and that the employees are aware of their roles and responsibilities in this regard.

    On the other hand, confidentiality agreements are signed as part of the recruitment process of employees, and a disciplinary process is implemented in case the employees do not comply with security policies and procedures.

    In case of any change in the policies and procedures applied for personal data security, trainings are held in order to inform and explain the change to employees, and information about data security and security threats is kept up to date.

    Personal data should be accurate and up-to-date when necessary in accordance with Article 4 (b) and (d) of the Law, and should be kept for the period stipulated in the relevant legislation or for the purpose for which they are processed. In this context, the processed data are processed in accordance with the principles and rules to be observed in data processing activities and are stored for the period required for the purpose for which they are processed. The retention periods of personal data processed by the Company are shown in the VIII. STORAGE AND DESTRUCTION OF PERSONAL DATA section of this Policy.

    The table below provides a summary of the administrative measures taken to ensure data security:

    Administrative Measures

    Preparation of Personal Data Processing Inventory

    Corporate Policies (Access, Information Security, Use, Storage and Destruction etc.)

    Contracts (Between Data Controller-Data Controller, Data Controller-Data Processor)

    Confidentiality Commitments

    Internal Periodic and / or Random Audits

    Risk Analysis

    Employment Contract, Discipline Regulation (Addition of Provisions According to Law)

    Corporate Communication (Crisis Management, Informing Processes of the Board and Related Person, Reputation Management etc.)

    Education and Awareness Activities (Information Security and Law)

    Notification to Data Controllers Registry Information System (VERBİS)

    Personal Data Security Policies and Procedures

    Quick Reporting of Personal Data Security Problems

    Follow- Up of Personal Data Security

    Creating Disciplinary Arrangements Including Data Security Provisions for Employees

    Reducing Personal Data As Much As Possible

    Preparation and Implementation of Corporate Policies on Access, Information Security, Use, Storage and Destruction

    Removing the Authority of Employees with Change of Duty or Leaving Employees

    Including Data Security Provisions in Signed Contracts

    Identifying Current Risks and Threats

    Performing Periodic and / or Random Internal Audits

    Determination and Implementation of Protocols and Procedures for Sensitive Personal Data Security

    Raising Awareness of Data Processing Service Providers on Data Security

    6.2. Technical Measures

    Firewalls and gateways are used among the measures taken to protect my information technology systems containing personal data against unauthorized access and threats by third parties. With the firewall used, it is ensured that violations to the information network are stopped, and the gateway allows employees to restrict access to websites or online platforms that pose a threat to personal data security.

    In addition, regular checks are provided regarding the proper functioning of software and hardware and whether the security measures taken for the systems are sufficient. Access to systems containing personal data is restricted, and in this context, employees are granted access to the extent necessary for their job and duties, and their powers and responsibilities, and access to relevant systems is provided by using a username and password. While creating these passwords, the easily guessable numbers or letter sequences associated with personal information are avoided as much as possible.

    Access authorization and control matrices are created within the data controller organization, and tools such as antivirus and antispam that regularly scan the information system network and detect threats are used to protect against malicious software.

    In order to ensure data security, necessary measures are taken to keep the documents in paper environment containing personal data and servers, backup devices, CD, DVD, USB and other similar storage devices accessible only to authorized personnel and to increase physical security in this regard.

    The table below provides a summary of the administrative measures taken to ensure data security:

    Technical Measures

    Authority Matrix

    Authority Control

    Access Logs

    User Account Management

    Network Security

    Application Security

    Encryption

    Penetration Test

    Attack Detection and Prevention Systems

    Log Records

    Data Masking

    Data Loss Prevention Software

    Backup

    Firewalls

    Current Anti-Virus Systems

    Deletion, Destruction or Anonymization

    Key Management

    VII. PERSONAL DATA PROCESSING ACTIVITY IN BUILDING, FACILITY ENTRANCES AND INSIDE OF BUILDING AND FACILITY

    7.1. Camera Monitoring Activities at the Building, Facility Entrances and Inside

    Within the scope of the Law on Private Security Services, camera surveillance activities are carried out in order to ensure security in the Company building, work areas, parking lot and its surroundings, and to protect the interests of the Company and other persons. Camera monitoring activity is carried out in accordance with the Law, and is carried out within the scope of the data processing conditions listed both in the Law and this Policy.

    7.2. Tracking of Guest Entrances and Exits at Building, Facility Entrances and Inside

    The identity information of the guests visiting our Company is subject to personal data processing in order to control and monitor the entrance and exit of the Company buildings and facilities and to ensure security. Personal data processed within the scope of this activity is limited to the entrance and exit of the guests, and the relevant personal data are recorded in the data recording system in electronic or physical media.

    VIII. RECORDING AND DESTRUCTION OF PERSONAL DATA

    8.1. Recording Periods of Personal Data

    Your personal data kept with our company is kept as long as data processing is required; In the event of deletion, destruction or anonymization obligation of personal data, they are deleted, destructed or anonymized within the first periodic destruction period following the date on which this obligation occurred.

    The time interval for periodic destruction is limited to a maximum of 6 months.

    Our company acts in accordance with the general principles shown in Article 4 of the Law and the technical and administrative measures indicated in Article 12 in the deletion, destruction or anonymization of your personal data.

    All transactions regarding the deletion, destruction or anonymization of personal data are recorded and kept for at least 3 years in accordance with legal obligations.

    The personal data specialist personnel assigned by the Company regarding the storage and destruction of data is the person responsible for the execution and supervision of the personal data recording and destruction policy.

    8.2. Obligation to Delete, Destruct and Anonymize Personal Data

    Personal data processed by the Company are deleted, destructed or anonymized, either ex officio or upon the request of the relevant data owner, in the event that the reasons that require personal data to be processed in accordance with Article 7 of the Law and the provisions of the "Regulation on the Deletion, Destruction or Anonymization of Personal Data" published in the Official Gazette dated 28 October 2017 and numbered 30224 prepared by the Personal Data Protection Board are eliminated.

    1. Deletion of personal data

    Deletion of personal data is the process of making personal data inaccessible and unavailable in any way for the concerned users.

    All necessary technical and administrative measures are taken to ensure that deleted personal data are inaccessible and unavailable for the concerned users.

    1. Destruction of personal data

    The destruction of personal data is the process of making personal data inaccessible, unretrievable, and nonreusable in any way. The data controller is obliged to take all necessary technical and administrative measures regarding the destruction of personal data.

    1. Anonymization of personal data

    The anonymization of personal data is to render personal data in no way associated with an identified or identifiable natural person, even if they are matched with other data.

    All kinds of technical and administrative measures are taken by our Company to anonymize your personal data, and methods in accordance with our personal data storage and destruction policy are applied.

    8.3. Techniques of Deletion, Destruction and Anonymization of Personal Data

    The techniques for deletion, destruction or anonymization of personal data processed by our company are shown below, and which of the techniques to be applied may vary depending on the nature of the personal data processed.

    For this, first of all, determining the personal data that is the subject of deletion, destruction or anonymization (1), determining the concerned users for each personal data using an access authorization and control matrix or a similar system (2), determinig the methods such as access, retrieval and reuse of the concerned users (3), and the authorization and methods of access, retrieval and reuse within the scope of personal data of the concerned users should be closed and eliminated (4).

    The process of the deletion of personal data takes place as follows:

    • Giving a delete command in cloud or application type solutions,

    • Dimming, cutting out or making invisible data in paper media,

    • The process of deleting data on removable media using appropriate software.

    The process of the destruction of personal data takes place as follows:

    • Physical destruction by melting, burning or pulverizing optical media and magnetic media,

    • Other destructive operations on paper or electronic form.

    IX. RIGHTS OF THE PERSONAL DATA OWNER AND THE USE OF THESE RIGHTS

    9.1. Rights of the Personal Data Owner

    In accordance with Law No. 6698, you have the following rights as a data owner:

    • Learning whether your personal data is being processed,

    • Requesting information regarding your personal data, if it has been processed,

    • Learning the purpose of processing your personal data and whether they are used appropriately for their purpose,

    • Being aware of the the third parties to whom personal data are transferred domestically or abroad,

    • Requesting correction of personal data if it is incomplete or incorrectly processed,

    • Requesting deletion or destruction of your personal data within the framework of the conditions stipulated in Article 7,

    • In case of incomplete or inaccurate processing, requesting the third parties to whom the personal data have been transferred to be notified of the correction of these and the deletion or destruction of data

    • Objecting to the occurrence of a result against you by analyzing your processed data exclusively through automated systems,

    • Requesting compensation in case of damage due to unlawful processing of your personal data.

    9.2. Personal Data Owner’s Exercising His Rights

    The requests regarding the implementation of the Law by the data owner can be sent to kvk@biletall.com.tr or to the Company (Fatih District, Prof. Fevzi Fevzioğlu Street, No: 19) in written form. In application requests, the "Data Owner Application Form" published by the Company on its website and mobile application must be used.

    9.3. Our Company's Response to Applications

    The application requests are concluded by the Company as soon as possible, depending on the nature of them. This period cannot exceed 30 days. If the transaction requires any cost, a fee may be charged according to the tariff determined by the Personal Data Protection Board.

    ANNEX - 1: Definitions

    Explicit consent: It is the consent based on being informed and expressed with free will regarding a specific subject.

    Anonymization: It is the rendering of personal data that cannot be associated with an identified or identifiable natural person under any circumstances, even by being matched with other data.

    Recipient group: The category of natural or legal persons to whom personal data is transferred by the data controller.

    Direct descriptors: These are descriptors that directly reveal and distinguish the person they are in a relationship with.

    Indirect identifiers: They are descriptors that reveal and distinguish the person they are in a relationship with by coming together with other descriptors.

    Related person: It is a natural person whose personal data is processed.

    Concerned user: A natural or legal person who processes personal data within the organization of the data controller or in accordance with the authority and instruction received from the data controller, except for the person or unit responsible for the technical storage, protection and backup of the data.

    Destruction: It is the deletion, destruction or anonymization of personal data.

    Law: It is the Law on Protection of Personal Data dated 24/3/2016 and numbered 6698.

    Dimming: Processes such as scratching, painting and icing all personal data in a way that cannot be associated with an identified or identifiable person.

    Recording medium: Any medium that contains personal data that is fully or partially automated or processed non-automatically provided that it is a part of a data recording system.

    Personal data: All kinds of information related to an identified or identifiable person.

    Processing of personal data: All kinds of operations performed on data such as obtaining, recording, storing, preserving, changing, reorganizing, disclosing, transferring, taking over, making available, classifying or preventing its use through fully or partially automatic means or non-automatic means provided that they are part of any data recording system

    Board: Personal Data Protection Board

    Authority: Personal Data Protection Authority

    Data processor: The natural or legal person who processes personal data on behalf of the data controller, based on the authority given by him.

    Data recording system: It is the recording system in which personal data are structured and processed according to certain criteria.

    Data controller: Natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system.

    ANNEX - 2: Personal Data Owners (Related Persons)

    Data Subject Categories

    Definition

    Employee

    Refers to people working within the company.

    Employee Candidate

    It refers to real persons who apply for a job by sending a resume to the company or by other methods.

    Intern

    It refers to the people who use the profession they have trained within the company practically to increase their professional knowledge.

    Customer

    Refers to real persons who benefit from the services offered by the company.

    Potential Customer

    It refers to real persons who show interest in using the services offered by the company and have the potential to turn into customers.

    Supplier

    Refers to natural persons and legal person employees from whom services are provided.

    Shareholders / Partners

    It refers to individuals who own at least one share of the company.

    Company Official

    Refers to authorized persons operating on behalf of the company in matters authorized by the company.

    Visitor

    Refers to the third parties visiting the workplace.

    Job Partners

    It refers to natural persons and legal person employees with whom business and transactions are made to carry out service development and any other commercial activity

    ANNEX - 3: Third Parties to whom Personal Data are Transferred and Transferring Purposes

    Transferred Person / Unit

    Scope

    Transferring Purpose

    Shareholders

    Company shareholders

    Transfer of personal data in a limited way in order to fulfill the information flow between the company and the shareholders.

    Job Partners

    Business partnerships within the scope of commercial activities carried out by the company

    Transfer of personal data in a limited way in order to ensure the performance of the activity with business partners.

    Authorized Public Institutions and Organizations

    Legal relations between legally authorized public institutions, organizations and the Company

    Limited sharing / transfer of the information and documents requested by the relevant public institutions and organizations from our Company.

    Group Company

    Group companies in which the Company is included

    Limited transfer of commercial, administrative, technical and financial activities that require the participation of group companies.

    Supplier

    Parties from which services are provided in order to sustain the commercial activities of the company

    Transfer of personal data to ensure services received from suppliers.

  • Форма заявления Владельца данных о защите и обработке персональных данных

    DATA OWNER APPLICATION FORM

    As Biletal İç ve Dış Ticaret Anonim Şirketi (“Company” or “Biletal”), we would like to state that you have recognized rights according to the 11. Article that is granted to the data owners, and is stated in the 6698 numbered Personal Data Protection Law. In accordance with the 13. Article in the law, our Company, which is in the position of the data provider, has published the conditions of processing personal data, data safety and destruction procedures, and principles fundamentals on Personal Data Protection and Processing Law on www.biletall.com and mobile application.

    As the data owner, you can send us requests regarding personal data within the 13. Article of the law and the 5.Article of the Communiqué on Application Procedures and Principles to the Data Controller by using the Data Subject Application Form hereby (Application Form).

    DATA SUBJECT RIGHTS

    The rights granted to you by the Law as a data owner are the following, and you can submit your request in Turkish and in writing by using the applicatiın method shown in the Application Form hereby.

    You can demand the following requests with the application form:

    1. Learning whether your personal data is processed or not,

    2. If your personal data has been processed, to request information regarding them,

    3. Learning for the purpose of processing your personal data and whether they are used appropriately,

    4. To know the third parties to whom personal data are transferred domestically or abroad,

    5. To request correction of personal data in case of incomplete or incorrect processing,

    6. To request the deletion or destruction of personal data processed in accordance with the law and legislation, in case the reasons requiring its processing disappear,

    7. Request notification of the transactions made according to subparagraphs (e) and (f) to third parties to whom personal data have been transferred,

    8. Object to the occurrence of a result, induced by analysis of the processed data exclusively through automated systems, proceeding against the person themselves,

    9. To request compensation for the damage emerging due to the processing of personal data in violation of the law.

    APPLICATION METHOD

    In accordance with the 11. and 13. Article of the Law, the applications made to our company, which is the data controller, can be requested with the form on www.biletall.com or the mobile application through:

    • An originally signed petition in written form or through notary to Fatih Mahallesi, Prof. Fevzi Fevzioğlu Caddesi, No:19, Kocasinan/Kayseri

    or

    • Using your registered e-mail address or secure electronic signature, mobile signature, or your e-mail address previously notified by you to our Company and registered in our data recording system, by means of delivering it to kvk@biletall.com.tr.

    1. Personal Information of the Applicant

    Applicant

    Name

    Surname

    T.C. Identification Number

    Passport Number if the applicant is foreign

    Place of Residence

    /Workplace address

    Telephone and Fax Number

    E-mail Address



    1. The Relationship between the Applicant and the Company

    Please state your relationship with our company. (Customer, business partner, visitor, employee candidate, former employee, third party company employee, shareholder etc.)

    ☐ Customer

    ☐ Visitor

    ☐ Business partner

    ☐ Shareholder

    ☐ Former Employee

    Years worked:


    ☐ Person Who Applied for a Position/Shared CV

    Date:

    ☐ Third-Party Company Employee

    Company and position information:



    ☐ Other:

    The department you have communicated with at our company:



    Subject:







    1. Request

    Please write your request regarding your application.












    ATTACHMENTS (Please list the documents related to your application below, if any.)

    1-       

    2-       


    1. Application Response

    Please select how you want your application to be answered.

    ☐ I want it sent to my place of residence/workplace address.

    ☐ I want it sent to my E-Mail Address.

    ☐I want to receive it by hand. (Application responses are not handed out to anyone else without the letter of attorney).

    • Written applications are made on the date the document is notified to the data controller Company and/or its representative; Applications made by other methods are deemed to have been made on the date the application reaches the data controller.

    • The response to your application will be sent out to your selected address in 30 (thirty) days at the latest.

    • If you request a written response to your application, it will be concluded for free up to 10 pages. Responses over 10 pages are charged per page exceeding the tariff determined by the Personal Data Protection Institution.

    We hereby declare that we reserve the right to request additional documents in order to determine your personal data processed by our Company and to respond to your application in a correct and complete manner. We are not responsible for possible errors and damages caused by information that is wrong, deficient, or out of date, which you have provided.

    Applicant (Date Subject)

    Name Surname :

    Application Date :

    Sign :

  • Информационный текст для клиентов о защите и обработке персональных данных

    CUSTOMER INFORMATION TEXT ABOUT THE PROTECTION OF PERSONAL DATA

    In Biletal İç ve Dış Ticaret Anonim Şirketi (“Company” or “Biletal”), with the principle of protecting the right of privacy; the personal data of our customers will be recorded, classified, stored, updated and processed within the framework of the processing conditions enumerated in the Law within the scope of the Law on Protection of Personal Data ("Law") No.6698, and will be transferred to third parties in cases and to the extent permitted by the legislation.

    This Clarification Text has been prepared in accordance especially with the Law, the relevant legislation in force and the rules shown in the regulations, communiqués, decisions and guides published by the Board. If there is a change in the Law or other relevant legislation after the date of publication of the Customer Clarification Text by the Company and if the Customer Clarification Text is incompatible with the said amendment, the amended terms and rules will apply. All communiqués, decisions and guides published by the Board are followed by our Company, and the rules stipulated by the Customer Disclosure Text are kept up-to-date.

    1. DATA OWNER

    The data owners within the scope of this Clarification Text are all real persons within the Company Customers.

    2. IDENTITY OF DATA CONTROLLER AND REPRESENTATIVE

    In accordance with the law, your personal data will be collected and processed by Biletal İç ve Dış Ticaret Anonim Şirketi within the scope described below.

    For your questions regarding the processing of your personal data, you can contact Biletal Contact Person via kvk@biletall.com.tr.

    3. PURPOSE OF PROCESSING PERSONAL DATA, LEGAL REASONS OF PROCESSING AND COLLECTION METHODS

    Biletal will be able to record, store, update, transfer to third parties, classify and process your personal data in accordance with the terms and extent specified under the heading of "personal data processing conditions" in Article 5 of the Law. Our company clearly reveals the purposes of processing personal data and does it in line with business activities, within the scope of purposes related to them.

    Your Personal Data collected through the channels and methods specified in this Clarification Text are processed by the Company for the following purposes and legal reasons:

    ID Information

    Personal Data Processed

    Purposes of Personal Data Processing

    • Name

    • Surname

    • T.C. ID Number

    • Date of Birth

    • Gender

    • Nationality

    • Passport Number

    • Passport Validity Period

    • Country of Issuance of Passport

    • Visa Information

    • Social Media User Information

    Within the Scope of Travel Reservations and the Execution of Ticket Sales Transactions; Identification and Verification Procedures, Creation of Membership for Reservation and Sales Management, Issuing Bus, Plane and Ferry Tickets, Check-in Procedures, Preparation of Flight and Travel Cards, Execution of Travel Approval Procedures, Delivery of Reminder and Informative Texts Regarding Travel, Execution of Cancellation, Refund, Open Money and Change Transactions Execution of Advertising / Campaign / Promotion Processes, Cooperating with Digital Payment Solution Companies to Ensure Payment Security, Travel Planning as a Guest User, Carrying Out Ticket Sales Transactions and Carrying Out After Sales Support Services, Execution of User Login Through Social Networks, Execution of Ticket Sales, Cancellation, Return and Change Processes Over the Call Center, Within the Scope of Conducting Marketing Analysis Studies; Reminders Regarding Incomplete Reservation, Conducting Survey and Evaluation Studies, Personalization and Development of Customer Experiences, Execution / Inspection of Business Activities, Execution of Business Continuity Activities, Execution of Activities in Compliance with the Legislation, Follow-up of Requests and Complaints, Execution of Customer Relations Management Processes, Conducting Activities for Customer Satisfaction, Receiving and Evaluating Suggestions for Improvement of Business Processes, Execution of Goods / Service Sales Processes, Execution of Contract Processes, Execution of Firm/ Product/Service Loyalty Processes, Conducting Communication Activities, Execution of Finance and Accounting Affairs, Execution of Information Security Processes, Follow-up and Execution of Legal Affairs, Execution of Storage and Archive Activities, Ensuring the Security of Data Supervisor Operations

    Legal Reasons for Processing Personal Data

    Your personal data are processed by the Company in line with the realization of the above-mentioned purposes, based on the legal reasons specified in Article 5 of the PDPL;

    • If it is clearly stipulated in the laws,

    • If it is necessary to process the personal data of the parties to the contract, provided that it is directly related to the establishment or performance of a contract,

    • If it is mandatory for the data controller to fulfill his legal obligation,

    • If data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the person concerned.

    Methods of Collecting Personal Data

    Your personal data mentioned above are collected through screens/forms on the website and mobile applications, and call center line and social media accounts when logged in as a social media user.


    Contanct Information

    Personal Data Processed

    Personal Data Processing Purposes

    • E-Mail Address

    • Mobile Phone Number

    • Home Phone Number

    Within the Scope of Travel Reservations and the Execution of Ticket Sales Transactions; Creating Membership for Reservation and Sales Management, Execution of Travel Approval Procedures, Delivery of Reminder and Informative Texts Regarding the Travel, Execution of Cancellation, Refund, Open Money and Change Transactions, Execution of Advertising/ Campaign / Promotion Processes, Travel Planning as a Guest User, Execution of Ticket Sales Transactions and After Sales Support Services, Execution of User Login on Social Networks, Execution of Ticket Sales, Cancellation, Return and Change Processes Over the Call Center, Within the Scope of Conducting Marketing Analysis Studies; Reminders Regarding Incomplete Reservation, Conducting Survey and Evaluation Studies, Personalization and Development of Customer Experiences, Execution / Inspection of Business Activities, Conducting Business Continuity Activities, Informing Authorized Persons, Institutions and Organizations, Follow-up of Requests and Complaints, Execution of Customer Relationship Management Processes, Execution of Activities for Customer Satisfaction, Execution of Goods / Service Sales Processes, Execution of Contract Processes, Execution of Goods/Services After Sales Support Services, Execution of Firm/Product/Services Loyalty Processes, Execution of Communication Activities, Execution of Information Security Processes, Follow-up and Execution of Legal Affairs, Execution of Storage and Archive Activities, Execution of Contract Processes

    Legal Reasons for Processing Personal Data


    Your personal data are processed by the Company in line with the realization of the above-mentioned purposes, based on the legal reasons specified in Article 5 of the PDPL;

    • If it is clearly stipulated in the laws,

    • If it is necessary to process the personal data of the parties to the contract, provided that it is directly related to the establishment or performance of a contract,

    • If it is mandatory for the data controller to fulfill his legal obligation,

    • If data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the person concerned.

    Methods of Collecting Personal Data


    Your personal data mentioned above are collected through screens/forms on the website and mobile applications, and call center line and social media accounts when logged in as a social media user.


    Location Information

    Personal Data Processed

    Personal Data Processing Purposes

    • Location data

    Conducting the Process of Facilitating the Determination of the Departure Destination on Ticket Search Screens

    Legal Reasons for Processing Personal Data


    Your personal data is processed by the Company in line with the realization of the purposes listed above, based on the legal reason specified in Article 5 of the PDPL;

    • Explicit Consent

    Methods of Collecting Personal Data

    Your personal data mentioned above are collected electronically and via mobile application within your consent.

    Financial Information

    Personal Data Processed

    Personal Data Processing Purposes

    • Debit / Credit Card Number

    • Debit / Credit Card Expiration Date

    • Debit / Credit Card Security Code

    • Loyalty Program Information

    Within the Scope of Travel Reservations and the Execution of Ticket Sales Transactions; Issuing Bus, Plane and Ferry Tickets, Execution of Cancellation, Refund, Open Money and Change Transactions, Travel Planning as a Guest User, Execution of Ticket Sales Transactions and After Sales Support Services, Execution of User Login on Social Networks, Execution of Ticket Sales, Cancellation, Return and Change Processes Over the Call Center, Execution of Activities in Compliance with Legislation, Follow-up of Demands and Complaints, Execution of Customer Relationship Management Processes, Execution of Goods / Services Sales Processes, Execution of Contract Processes, Execution of Goods / Services After Sales Support Services, Execution of Finance and Accounting Affairs, Execution of Information Security Processes, Follow-up and Execution of Legal Affairs, Execution of Storage and Archive Activities

    Legal Reasons for Processing Personal Data


    Your personal data are processed by the Company in line with the realization of the above-mentioned purposes, based on the legal reasons specified in Article 5 of the PDPL;

    • If it is clearly stipulated in the laws,

    • If it is necessary to process the personal data of the parties to the contract, provided that it is directly related to the establishment or performance of a contract,

    • If it is mandatory for the data controller to fulfill his legal obligation,

    • If data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the person concerned.

    Methods of Collecting Personal Data

    Your personal data mentioned above is collected through electronic screens / forms on the website and mobile applications and the call center lines.

    Customer Transaction Information

    Personal Data Processed

    Personal Data Processing Purposes

    • Invoice, Voucher and Check Information

    • Call Center Records

    • Travel Information (One-Way /

    • Round-Trip, Departure Point, Destination, Departure Date, Return Date, Seat Number)

    • Request and Complaint Information

    • PNR Number

    • Transaction Information (Return, Order, Change, Cancellation)

    • Customer / Ticket Number

    • Insurance Information

    Within the Scope of Travel Reservations and the Execution of Ticket Sales Transactions; Preparation of Bus, Plane and Ferry Tickets, Check-in Procedures, Preparation of Flight and Travel Cards, Execution of Cancellation, Refund, Open Money and Change Transactions, Travel Planning as a Guest User, Execution of Ticket Sales Transactions and After Sales Support Services, Execution of User Login on Social Networks, Execution of Ticket Sales, Cancellation, Return and Change Processes Over the Call Center,

    Execution / Inspection of Business Activities, Execution of Business Continuity Activities, Execution of Activities in Compliance with Legislation, Follow-up of Requests and Complaints, Execution of Customer Relations Management Processes, Execution of Goods / Service Sales Processes, Execution of Contract Processes, Execution of Goods / Services After Sales Support Services, Execution of Communication Activities, Execution of Goods / Services Purchase Processes, Execution of Finance and Accounting Affairs, Execution of Information Security Processes, Tracking and Execution of Legal Affairs, Execution of Storage and Archive Activities, Execution of Contract Processes, Ensuring the Security of Data Supervisor Operations

    Legal Reasons for Processing Personal Data


    Your personal data are processed by the Company in line with the realization of the above-mentioned purposes, based on the legal reasons specified in Article 5 of the PDPL;

    • If it is clearly stipulated in the laws,

    • If it is necessary to process the personal data of the parties to the contract, provided that it is directly related to the establishment or performance of a contract,

    • If it is mandatory for the data controller to fulfill his legal obligation,

    • If data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the person concerned.

    Methods of Collecting Personal Data

    Your personal data mentioned above is collected through electronic screens / forms on the website and mobile applications and the call center lines.

    Legal Transaction Information

    Personal Data Processed

    Personal Data Processing Purposes

    • Information in Correspondence with Judicial and Administrative Authorities

    • Information within the Scope of Warning Notice / Notice

    • Contract Information

    • Information in the Lawsuit and Consumer Arbitration Committee File

    Execution of Activities in Compliance with the Legislation, Execution of Goods / Services Sales Processes, Execution of Contract Processes, Informing Authorized Persons, Institutions and Organizations, Follow-up and Execution of Legal Affairs

    Legal Reasons for Processing Personal Data


    Your personal data are processed by the Company in line with the realization of the above-mentioned purposes, based on the legal reasons specified in Article 5 of the PDPL;

    • If it is clearly stipulated in the laws,

    • If it is mandatory for the data controller to fulfill his legal obligation,

    Methods of Collecting Personal Data

    Your personal data mentioned above are collected through letters of attorneys, contracts, printed and electronic petitions / documents.

    Transaction Security Information

    Personal Data Processed

    Personal Data Processing Purposes

    • Website Entry-Exit Information

    • Passcode and Password Information

    • IP Information

    • Browser Information

    • User Traffic Information

    • User Experience Criteria Information


    Execution of Information Security Processes, Execution of Audit / Ethical Activities, Execution of Marketing Analysis Studies, Execution of Advertising / Campaign / Promotion Processes, Execution of Activities for Customer Satisfaction, Execution of Marketing Processes of Services, Ensuring Security of Data Supervisor Operations, Execution of Storage and Archive Activities, Execution of Strategic Planning Activities, Informing Authorized Persons, Institutions and Organizations

    Legal Reasons for Processing Personal Data

    Your personal data are processed by the Company in line with the realization of the above-mentioned purposes, based on the legal reasons specified in Article 5 of the PDPL;

    • If it is clearly stipulated in the laws,

    • If it is necessary to process the personal data of the parties to the contract, provided that it is directly related to the establishment or performance of a contract,

    • If data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the person concerned.

    Methods of Collecting Personal Data

    Your data is collected through electronic forms, websites and mobile applications.

    Marketing Information

    Personal Data Processed

    Personal Data Processing Purposes

    • Shopping History Information

    • Survey Records

    • Cookise Records

    • Information Obtained from Campaign Studies

    • Comments and Ratings

    Conducting Communication Activities, Receiving and Evaluating Suggestions for Improving Business Processes, Conducting Marketing Analysis Studies, Conducting Advertising / Campaign / Promotion Processes, Carrying Out After-Sales Support Services, Carrying Out Customer Relations Management Processes, Conducting Activities for Customer Satisfaction, Execution of Marketing Processes of Services, Execution of Storage and Archive Activities, Tracking of Requests / Complaints, and Strategic Planning Activities

    Legal Reasons for Processing Personal Data


    Your personal data are processed by the Company in line with the realization of the above-mentioned purposes, based on the legal reasons specified in Article 5 of the PDPL;

    • If it is clearly stipulated in the laws,

    • If data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the person concerned.

    Methods of Collecting Personal Data

    Your data is collected through electronic forms, website and mobile applications.

    Health Information

    Personal Data Processed

    Personal Data Processing Purposes

    • HES Code

    • Disability Information

    Informing Authorized Persons, Institutions and Organizations, Conducting Activities in Compliance with Legislation, Conducting Goods and Services Sales Processes

    Legal Reasons for Processing Personal Data


    • Your personal data are processed by the Company in line with the realization of the above-mentioned purposes, based on the legal reasons specified in Article 5 of the PDPL;

    • If it is clearly stipulated in the laws,

    • If it is necessary to process the personal data of the parties to the contract, provided that it is directly related to the establishment or performance of a contract,

    Methods of Collecting Personal Data

    Your data is collected through electronic forms available on the website and mobile applications.

    4. TRANSFER OF PERSONAL DATA

    Personal data belonging to data owners are shared with business partners for the purposes of cooperation with business partners, suppliers and solution partners in order to receive support from third parties to fulfill the commercial activities of our company, employees, group companies, suppliers, authorized agents performing transactions, and other airline companies within the framework of flight collaborations and partnerships for the purpose of performing customer and potential customer transactions, the relevant insurance companies in case of receiving insurance services during the sales processes, the shareholders/partners of the Company for the purposes of creating strategies regarding the commercial and administrative activities of our Company, conducting internal and external auditing and management activities in accordance with the provisions of the relevant legislation, authorized public institutions and organizations with the documents and purposes requested by the relevant public institutions and organizations, companies providing information technologies and archive services.

    5. SHARING PERSONAL DATA WITH THIRD PARTIES ABROAD

    Your personal data can be shared with third parties abroad within the framework of execution of the supply chain management processes of the services, the execution of the service sales processes, the execution of the contract processes; carrying out after-service customer satisfaction activities, benefiting from storage and archive activities, ticketing system infrastructures used in service sales processes and/or airline, bus, etc. companies' infrastructure or cloud systems’ being located abroad, keeping the e-mail service infrastructures of the e-mail contact addresses sent to the concerned parties in data centers located abroad

    6. YOUR RIGHTS UNDER THE LAW

    As personal data owners, you can make your requests regarding your rights by filling out the Personal Data Protection and Processing Policy, which is shared with the public on www.biletall.com, by following the methods set out in the data owner application procedure (Based on the Communiqué on the Procedures and Principles of Application to the Data Supervisor.), and by filling out the Data Owner Application Form published on the same web address. You can also make your request by using another document containing your mandatory information specified in the application form, in writing or by using the registered electronic mail (REM), secure electronic signature, mobile signature or the e-mail address previously notified to Biletal by the relevant person and registered in Biletal's system. If you send the necessary information to Biletal, depending on the nature of your request, Biletal will finalize it as soon as possible, within thirty days at the latest, and free of charge.

    However, if the transaction requires an additional cost, Biletal will charge the fee in the tariff determined by the Personal Data Protection Board. In this context, personal data owners have the rights listed below:

    • Learning whether personal data is processed,

    • Requesting information relating to processed personal data if it has been done,

    • Learning the purposes of processing personal data and whether they are used appropriately for their purposes,

    • Being aware of the third parties in the country or abroad to whom personal data have been transferred,

    • Requesting correction of personal data in case of incomplete or incorrect processing and the third parties to whom personal data are transferred to be notified of the transaction made within this scope,

    • Requesting the deletion or destruction of personal data in the event that the reasons requiring its processing disappear, despite the fact that it has been processed in accordance with the provisions of the law and other relevant laws, and the third parties to whom personal data are transferred to be notified of the transaction made within this scope,

    • Object to the occurrence of a result against the person himself by analyzing the processed data exclusively through automated systems,

    • Requesting compensation in case of damage due to unlawful processing of your personal data.

    Biletal İç ve Dış Ticaret Anonim Şirketi ensures that in the event that the current legislation is changed and there is any inconsistency between the Customer Information Text on the Protection of Personal Data and the said change, the provisions of the legislation will apply.

    Data Supervisor: Biletal İç ve Dış Ticaret Anonim Şirketi

    Address            : Fatih District, Prof. Fevzi Fevzioğlu Street, No: 19, Kocasinan / Kayseri

    Phone Number: +90 (352) 222 44 55

  • Текст информации о потенциальном клиенте о защите и обработке персональных данных

    POTENTIAL CUSTOMER DISCLOSURE TEXT REGARDING THE PROCESSING OF PERSONAL DATA

    As the data subject, especially with the principle of protecting privacy, Biletal İç ve Dış Ticaret Anonim Şirketi (“Company” or “Biletal”); will record, classify, store, update the personal data of our potential customers, and process the data within the framework of the processing conditions, and will transfer data to the third parties according to the extended permit of the legislation.

    The Clarification text has been prepared in accordance with the relevant legislation, especially the law, and the rules shown in the regulations, communiques, decisions, and guides published by the council. If there is a change in the Law or other relevant legislation after the date of publication of the Clarification Text by the Company, and if the Clarification Text becomes incompatible with the said amendment, the amended terms and rules will be applied.

    All communiqués, decisions, and guidelines published by the Board are followed by our Company, and the rules stipulated by the Clarification Text are kept up to date.

    1. DATA OWNER/DATA SUBJECT

    The data owners/data subjects within the scope of the Clarification Text are all real persons whose personal data are being processed by the Company.

    2. ID OF DATA CONTROLLER AND REPRESENTATIVE

    In accordance with the law, your personal data will be; collected and processed by the data owner Biletal İç ve Dış Ticaret Anonim Şirketi, following the scope stated below.

    For your questions regarding the processing of your personal data, you can contact Biletal Contact Person via kvk@biletall.com.tr e-mail address.

    3.PURPOSE OF PROCESSING PERSONAL DATA, LEGAL REASONS OF PROCESSING, AND COLLECTION METHODS

    Biletal will be able to record, store, update, transfer to third parties, classify and process your personal data in accordance with the terms and extent specified under the article of "Conditions for Processing of Personal Data” in Article 5 of the Law.

    Our company is clearly stating the purposes of processing personal data and is processing personal data for purposes related to these activities in line with its business activities.

    Your personal data, which is collected through the channels and methods stated in the Clarification Text hereby, is processed by our Company according to the following purposes and legal reasons.

    ID Information

    The processed personal data


    Personal Data Processing Purposes

    • Name

    • Surname

    • T.C. Identification Number

    • Birthdate

    • Gender

    • Social Media User Information

    Within the Scope of the Execution of Travel Reservations; Execution of Identification and Verification Procedures, Creating Membership for Reservation Management, Issuing Bus, Plane and Ferry Tickets, Check-in Procedures, Preparation of Flight and Travel Cards, Execution of Advertising / Campaign / Promotion Processes, User Login on Social Networks, Reservation Processes Over the Call Center, Within the Scope of Conducting Marketing Analysis Studies; Reminders Regarding Incomplete Reservation, Personalization and Development of Potential Customer Experiences, Receiving and Evaluating Suggestions for the Improvement of Business Processes, Conducting Communication Activities, Execution of Information Security Processes, Follow-up and Execution of Legal Affairs, Execution of Custody and Archive Activities, Ensuring the Security of Data Controller Operations

    Legal Reasons for Processing Personal Data

    Your personal data, in line with the realization of the above-mentioned purposes by the Company, is specified in Article 5 of the Turkish Personal Data Protection Law based on the legal purposes hereby;

    • Provided that it does not harm the fundamental rights and freedoms of the relevant person, it is necessary for the legitimate interests of the data controller,

    • Provided that it is directly related to the establishment or performance of a contract, it is necessary to process personal data belonging to the parties to the contract,

    • Explicit Consent

    Methods of Collecting Personal Data

    Your personal data mentioned above are collected through the screens/forms on the websites and mobile applications, the call centerline, and social media accounts when logged in as a social media user.

    Contact information

    The processed personal data

    Purpose of Processing personal data


    • E-Mail Address

    • Cellphone Number

    • Home Phone Number

    Within the Scope of Travel Reservation Process; Creating Membership for Reservation Management, Execution of Advertising / Campaign / Promotion Processes, Travel Planning as a Guest User, User Login on Social Networks, Reservation Processes Over the Call Center, Within the Scope of Conducting Marketing Analysis Studies; Personalization and Development of Potential Customer Experiences, Conducting Business Continuity Activities, Execution of Contract Processes, Conducting Communication Activities, Execution of Information Security Processes, Execution of Custody and Archive Activities, Execution of Advertising / Campaign / Promotion Processes

    Legal Reasons for Processing Personal Data

    Your personal data, in line with the realization of the above-mentioned purposes by the Company, is specified in Article 5 of the Turkish Personal Data Protection Law based on the legal purposes hereby;

    • Provided that it does not harm the fundamental rights and freedoms of the relevant person, it is necessary for the legitimate interests of the data controller,

    • Provided that it is directly related to the establishment or performance of a contract, it is necessary to process personal data belonging to the parties to the contract,

    • Explicit Consent

    Methods of collecting Personal Data


    Your personal data mentioned above are collected through the screens/forms on the websites and mobile applications, the call centerline and social media accounts when logged in as a social media user.


    Location Information

    Processed Personal Data

    Purpose of Processing Personal Data

    • Location Information

    Conducting the Process of Facilitating the Determination of the Departure Destination on Ticket Search Screens

    Legal Reasons for Processing Personal Data

    Your personal data, in line with the realization of the above-mentioned purposes by the Company, is specified in Article 5 of the Law on the Protection of Personal Data based on the legal purposes hereby;

    • Explicit Consent

    Methods of Collecting Personal Data

    Your personal data mentioned above are collected electronically and via mobile application with your consent.

    Müşteri İşlem Bilgileri

    Processed Personal Data

    Purpose of Processing Personal Data


    • Call Center Records

    • Seyahat Bilgisi (Tek Gidiş/ Gidiş-Dönüş, Kalkış Noktası, Varış Noktası, Gidiş Tarihi, Dönüş Tarihi, Koltuk Numarası)

    • Sigorta Bilgisi

    Within the Scope of the Execution of Travel Reservations; Execution of Travel Planning Services as a Guest User, User Login on Social Networks, Reservation Processes Over the Call Center, Execution / Supervision of Business Activities, Conducting Business Continuity Activities, Conducting Activities in Compliance with Legislation, Conducting Communication Activities, Execution of Information Security Processes

    Legal Reasons for Processing Personal Data

    Your personal data, in line with the realization of the above-mentioned purposes by the Company, is specified in Article 5 of the Turkish Personal Data Protection Law based on the legal purposes hereby;

    • It is clearly stated in the laws,

    • It is mandatory for the legitimate interests of the data controller, provided that the fundamental rights and freedoms of the data subject are not harmed.

    Methods of Collecting Personal Data

    Your personal data mentioned above is collected through the websites and applications via electronic screens/forms and the call centerline.

    Legal Transaction Information

    Processed Personal Data

    Purpose of Processing Personal Data


    • • Information in Correspondence with Judicial and Administrative Authorities

    • Information within the Scope of Warning / Notice

    Conducting Activities in Compliance with Legislation, Informing Authorized Persons, Institutions and Organizations, Follow-up and Execution of Legal Affairs

    Legal Reasons for Processing Personal Data

    Your personal data, in line with the realization of the above-mentioned purposes by the Company, is specified in Article 5 of the Turkish Personal Data Protection Law based on the legal purposes hereby;

    • It is clearly stated in the laws,

    • It is mandatory for the data controller to fulfill their legal obligation.

    Methods of collecting Personal Data


    Your personal data mentioned above are collected through power of attorney, printed, and electronic petitions/documents.

    Transaction Security Information

    Processed Personal Data

    Purpose of Processing Personal Data


    • Website Entry-Exit Information

    • Password Information

    • IP Information

    • Browser Information

    • User Traffic Information

    • User Experience Criteria Information

    Execution of Information Security Processes, Conducting Audit/Ethical Activities, Marketing Analysis Studies, Execution of Advertising/Campaign/Promotion Processes, Execution of Marketing Process of Services, Ensuring the Security of Data Controller Operations, Execution of Custody and Archive Activities, Conducting Strategic Planning Activities, Informing Authorized Persons, Institutions and Organizations

    Legal Reasons for Processing Personal Data


    Your personal data, in line with the realization of the above-mentioned purposes by the Company, is specified in Article 5 of the Turkish Personal Data Protection Law based on the legal purposes hereby;

    • It is clearly stated in the laws,

    • Provided that it is directly related to the establishment or performance of a contract, it is necessary to process personal data belonging to the parties to the contract,

    • It is mandatory for the legitimate interests of the data controller, provided that the fundamental rights and freedoms of the relevant person are not harmed.

    Methods of collecting Personal Data


    Your data is collected through electronic forms, websites, and mobile applications.

    Pazarlama Bilgileri

    Processed Personal Data

    Purpose of Processing Personal Data


    • Anket Kayıtları

    • Çerez Kayıtları

    • Kampanya Çalışmaları ile Elde Edilen Bilgiler

    • Yorum ve Değerlendirmeler

    Conducting Communication Activities, Receiving and Evaluating Suggestions for the Improvement of Business Processes , Conducting Marketing Analysis Studies, Execution of Advertising / Campaign / Promotion Processes, Execution of Service After Sales Support Services, Execution of Customer Relationship Management Processes, Conducting Activities for Customer Satisfaction, Execution of Marketing Process of Services, Execution of Custody and Archive Activities, Tracking of Requests / Complaints, Conducting Strategic Planning Activities,

    Legal Reasons for Processing Personal Data

    Your personal data, in line with the realization of the above-mentioned purposes by the Company, is specified in Article 5 of the Turkish Personal Data Protection Law on the legal purposes hereby;

    • It is clearly stated in the laws,

    • It is mandatory for the legitimate interests of the data controller, provided that the fundamental rights and freedoms of the relevant person are not harmed.

    Methods of collecting Personal Data


    Your data is collected through electronic forms, websites, and mobile applications.

    4. TRANSFER OF PERSONAL DATA

    Personal data belonging to data owners are; shared with the business partners under the limited scope of performing cooperation activities with business partners; shared with employees and group companies under the limited scope of performing potential customer transactions; shared with authorized public institutions and organizations, and companies providing information technologies and archive services, under the limited scope of providing documents and purposes requested by the relevant public institutions and organizations.

    5. SHARING PERSONAL DATA WITH THIRD PARTIES ABROAD

    Your personal data can be shared abroad in cases of utilization of storage and archive activities, ticketing system infrastructures used in reservation processes and/or airline, bus, etc. companies' infrastructure or cloud systems that are located abroad, keeping the e-mail service infrastructures of the e-mail contact addresses sent to the relevant persons in data centers that are located abroad.

    6. YOUR RIGHTS ACCORDING TO THE LAW

    As personal data owners, your requests regarding your rights based on the Turkish Personal Data Protection Law, which is shared with the public at www.biletal.com, and the methods regulated in the Data Subject Application Procedure (the Communiqué on Application Procedures and Principles to the Data Controller) and published on the same website, can be attained by filling in the Data Owner Application Form or with another document containing your mandatory information written in the application form or in written form, or registered electronic mail address, secure electronic signature, mobile signature or previously notified to Biletal by the relevant person and if you have transmitted your identity to the Company in a verifiable form using the electronic mail address registered in the system, the Company will conclude the request free of charge as soon as possible and within thirty days at the latest, depending on the nature of the request.

    However, if the transaction requires an additional cost, the fee in the tariff determined by the Personal Data Protection Board will be charged by the Company. In this case, the data owner has the following rights:

    • Learning whether your personal data is processed or not,

    • If your personal data has been processed, to request information regarding them,

    • Learning for the purpose of processing your personal data and whether they are used appropriately,

    • To know the third parties to whom personal data are transferred domestically or abroad,

    • To request correction of personal data in case of incomplete or incorrect processing and to request notification of the transaction made within this scope to third parties to whom personal data are transferred,

    • To request the deletion or destruction of personal data in the event that the reasons requiring its processing disappear, despite the fact that it has been processed in accordance with the provisions of the law and other relevant laws, and to request notification of the transaction made within this scope to third parties to whom personal data have been transferred,

    • Object to the occurrence of a result, induced by analysis of the processed data exclusively through automated systems, proceeding against the person themselves,

    • To request compensation for the damage emerging due to the processing of personal data in violation of the law.

    For comprehensive information about your personal data, you can review the Personal Data Protection and Processing Policy on the www.biletal.com website and mobile application.

    Data Controller : Biletal İç ve Dış Ticaret Anonim Şirketi

    Address             : Fatih Mahallesi, Prof. Fevzi Fevzioğlu Caddesi, No:19, Kocasinan/Kayseri

    Telephone         : +90 (352) 222 44 55

  • Разъясняющий текст поставщика / делового партнера о защите и обработке персональных данных

    SUPPLIER / BUSINESS PARTNER CLARIFICATION TEXT

    ON THE PROCESSING OF PERSONAL DATA

    Biletal İç ve Dış Ticaret Anonim Şirketi (" Company " or "Biletal" ) as the data controller, with the principle of protecting the right of privacy in particular; Personal data of our visitors, will be recorded, classified, stored, updated in accordance and within the scope of the Turkish Personal Data Protection Law No.6698 (" Law ") and processed within the framework of the processing conditions enumerated in the Law and will be transferred to third parties in conditions and the extent permitted by the legislation.

    This Clarification Text has been prepared in accordance with the relevant legislation in force and the rules shown in the regulations, communiqués, decisions, and guidelines published by the Board, notably the Law. If there is an alteration in the Law or other relevant legislation after the date of issue of the Clarification Text by the Company, and if the Clarification Text is incompatible with the respective alteration, the changed terms and rules will apply. All communiqués, decisions, and guides published by the Board are followed by our Company, and the rules stipulated by the Visitor Clarification Text are kept up-to-date.

    1. DATA SUBJECT

    The data subject / relevant persons within the scope of the Clarification Text are all real persons who fall under the category of supplier employee, supplier official, business partner and business partner employees, and officials whose personal data are processed by the Company.

    2. ID OF DATA CONTROLLER AND REPRESENTATIVE

    In accordance with the law, your personal data will be collected and processed by Biletal İç ve Dış Ticaret Anonim Şirketi, as the data controller, within the scope described below.

    For your questions regarding the processing of your personal data, you can contact Biletal Contact Person via kvk@biletall.com.tr e-mail address.

    3. PURPOSE OF PROCESSING PERSONAL DATA, COLLECTING METHODS, LEGAL REASONS

    Biletal will be able to record, store, update, transfer to third parties, classify and process your personal data in accordance with the terms and extent specified under the heading of "personal data processing conditions" in Article 5 of the Law. Our company clearly reveals the purposes of processing personal data and processes personal data within the scope of purposes related to these activities in line with business activities.

    Your Personal Data collected through the channels and methods specified in Clarification Text hereby are processed by the Company for the following purposes and legal reasons:

    Credentials

    Personal Data Processed


    Personal Data Processing Purposes

    • Name

    • Surname

    • Turkish ID No

    • Signature

    • Signatory Circular

    • Tax Board

    Execution / Control of Business Activities, Execution of Goods / Service Purchase Processes, Execution of Contract Processes, Execution of Supply Chain Management Processes

    Legal Reasons for Processing Personal Data

    Your personal data, in line with the realization of the above-mentioned purposes by the Company, is primarily specified in Article 5 of PDPL;

    • Provided that it is directly related to the establishment or performance of a contract, it is necessary to process personal data belonging to the parties to the contract.

    is processed on the basis of legal reasons.

    Methods of Collecting Personal Data

    Your personal data mentioned above are collected through printed and electronic forms.

    Contact information

    Personal Data Processed


    Personal Data Processing Purposes


    • Email

    • Business Phone Number

    • Mobile Number

    • Workplace Address

    • Workplace Name / Title

    Execution / Control of Business Activities, Execution of Goods / Service Purchase Processes, Execution of Contract Processes, Execution of Supply Chain Management Processes

    Legal Reasons for Processing Personal Data


    Your personal data, in line with the realization of the above-mentioned purposes by the Company, is primarily specified in Article 5 of PDPL;

    • Provided that it is directly related to the establishment or performance of a contract, it is necessary to process personal data belonging to the parties to the contract.

    is processed on the basis of legal reasons.

    Methods of Collecting Personal Data


    Your personal data mentioned above are collected through printed and electronic forms, websites, and mobile applications.

    Personal Information

    Personal Data Processed


    Personal Data Processing Purposes

    • Position / Title Information

    Execution / Control of Business Activities, Execution of Goods / Service Purchase Processes, Execution of Contract Processes, Execution of Supply Chain Management Processes

    Legal Reasons for Processing Personal Data


    Your personal data, in line with the realization of the above-mentioned purposes by the Company, is primarily specified in Article 5 of PDPL;

    • Provided that it is directly related to the establishment or performance of a contract, it is necessary to process personal data belonging to the parties to the contract.

    is processed on the basis of legal reasons.

    Methods of Collecting Personal Data

    Your personal data mentioned above is collected through printed and electronic forms, websites, and mobile applications.

    Financial Information

    Personal Data Processed

    Personal Data Processing Purposes


    • Company Bank Account Information

    Execution / Control of Business Activities, Execution of Goods / Service Purchase Processes, Execution of Contract Processes, Execution of Supply Chain Management Processes

    Legal Reasons for Processing Personal Data


    Your personal data, in line with the realization of the above-mentioned purposes by the Company, is primarily specified in Article 5 of PDPL;

    • Provided that it is directly related to the establishment or performance of a contract, it is necessary to process personal data belonging to the parties to the contract.

    is processed on the basis of legal reasons.

    Methods of Collecting Personal Data

    Your personal data mentioned above is collected through printed and electronic forms, websites, and mobile applications.


    4. TRANSFER OF PERSONAL DATA

    Personal data belonging to data subjects is shared with other business partners, supplier officials, and employees of suppliers limited to the purposes of performing cooperation activities with business partners; with authorized public institutions and organizations and limited to the documents and purposes requested by the relevant public institutions and organizations and with companies providing information technologies and archive services.

    5. SHARING PERSONAL DATA WITH THIRD PARTIES ABROAD

    Your personal data can be shared abroad within the framework of benefiting from storage and archive activities, keeping the e-mail service infrastructures of the e-mail contact addresses sent to the relevant persons in data centers located abroad.

    6. YOUR RIGHTS UNDER THE LAW

    As personal data subjects, your requests regarding your rights are based on the Personal Data Protection and Processing Policy, which is shared with the public at https://www.biletall.com/, and the methods set out in the data subject application procedure (Communiqué on Application Procedures and Principles to the Data Controller are taken as the basis.) and to fill in the Data Subject Application Form published on the same web address or with another document containing your mandatory information written in the application form, in writing or with the registered electronic mail (REM) address, secure electronic signature, mobile signature or if you transfer your identity to Biletal in an averrable manner by using the e-mail address declared and registered in Biletal's system by the relevant person before, Biletal will finalize the request as soon as possible and free of charge within thirty days at the latest, depending on the characteristics of the request. However, if the transaction requires an additional cost, Biletal will charge the fee in the tariff determined by the Personal Data Protection Board. In this context, personal subjects;

    • Learning whether personal data is processed,

    • If personal data has been processed, to request information regarding this,

    • Learning the purpose of processing personal data and whether they are used appropriately for their purpose,

    • To know the third parties to whom personal data are transferred domestically or abroad,

    • To request correction of personal data in case of incomplete or incorrect processing and to request notification of the transaction made within this scope to third parties to whom personal data are transferred,

    • Although it has been processed in accordance with the provisions of the Law and other relevant laws, in case the reasons requiring its processing disappear, to request the deletion or destruction of personal data and to notify the third parties to whom the personal data has been transferred,

    • Object to the occurrence of a result weigh against the person by analyzing the processed data exclusively through automatic systems,

    • In case of damage due to illicit processing of personal data, requesting the compensation of the damage

    have the rights mentioned above.

    For comprehensive information about your personal data, you can review the Personal Data Protection and Processing Policy on the www.biletall.com website and mobile application.

    Data Controller : Biletal İç ve Dış Ticaret Anonim Şirketi

    Address             : Fatih Mahallesi, Prof. Fevzi Fevzioğlu Caddesi, No:19, Kocasinan/Kayseri

    Telephone         : +90 (352) 222 44 55

  • Текст явного согласия на защиту и обработку персональных данных

    ABOUT PERSONAL DATA PROTECTION

    EXPLICIT CONSENT TEXT

    As the data controller, by Biletal İç ve Dış Ticaret Anonim Şirketi ("Company" or "Biletal") regarding the principle of protection of the right of privacy, the personal data of our customers will be recorded, classified, saved, updated in accordance with the Law on the Protection of Personal Data no 6698 ("Law"), will be processed in the frame of the processing terms mentioned in the Law and will be transferred to the third parties in conditions that the legislation allows.

    The Explicit Consent Text has been hereby prepared in accordance with the legislation in effect and the Law firstly, and the regulations, notifications, verdicts, and the rules that are illustrated in the guides that have been published by the Council.  In case of any change in Law or other related legislations after the publication of the Explicit Consent Text by the Company and the Explicit Consent Text's becoming incompatible with the mentioned change, the changed verdict and rules will be executed. The notifications, verdicts and guides published by the Council, in general, are monitored by our Company and the rules that have been set forth with the Explicit Consent Text are being kept up to date.

    Under the Law, by clicking the button related to the Explicit Consent Text, you hereby accept that your data will be processed in the way that is explained to you in detail in the clarification text that is included on the website and the mobile application and that you can access through biletall.com or on the mobile application that has been shared with you beforehand.

    2. IDENTITY OF THE DATA CONTROLLER AND REPRESENTATIVE

    In accordance with the Law, your personal data will be collected and processed by Biletal İç ve Dış Ticaret Anonim Şirketi as a data controller in the scope described below. For questions regarding the processing of your personal data you can contact Biletal Contact Person via kvk@biletall.com.tr e-mail address.

    2. PURPOSES OF PROCESSING PERSONAL DATA

    In accordance with the terms mentioned under the caption "terms of processing personal data" personal data Law's 5th article, your personal data can hereby be collected, saved, updated, processed, classified and transferred to the third parties in the frame of your explicit consent with the purpose of verification of the customers’ identities who shops online on the website/mobile applications, with the purpose of execution of processes of membership and reservation, with the purpose of execution of processes of communication with our customers about the terms, the current state of the contracts and the updates of the contracts that are signed by you, to be able to send the necessary notifications about cancellation/change and updates, information transfer to the authorized state institutions and organizations, personalized targeting, creation of personalized advertisement, promotion and special offers and communication for informing, pop-up display, special offers, personalization of user interface, planning of processes of advertisement, searching, survey, marketing analysis and customer satisfaction, evaluation of demands and complaints.

    3. THE TRANSFER OF PERSONAL DATA

    The personal data of data owners are being transferred to the business partners limited to the purposes of performing cooperation activities with business owners, to the suppliers and solution partners to a limited extent in order to receive support within the scope of payment infrastructure and after-sales support services, especially payment methods from third parties in order to fulfill the commercial activities of our Company and which our Company procures externally from the supplier, to the employees, group companies, suppliers, authorized agencies that perform your transactions and with the other airline businesses in the frame of flight cooperations and partnerships limited with the purposes of performing customer and potential customer transactions, to the related insurance companies in situations that the customer gets insurance service in the purchasing process, to the shareholders/partners of the Company limited with the purposes of creating strategies about our Company’s commercial and administrative activities in accordance with the relevant legislation’s verdicts and carrying out the in-house and non-corporate execution and management activities, to the authorized institutions and organizations limited with the purposes and documents that the related state institutions and organizations demand and companies that provide information technologies and archive service.

    4. SHARING PERSONAL DATA WITH THIRD PARTIES ABROAD

    Your personal data can be transferred to abroad in the frame of execution of services’ supply chain management process, execution of service sales processes, execution of contract processes; execution of after-service customer satisfaction activities, taking benefit of saving and archive activities, the situations in which the ticketing system infrastructure that are used in the service sales processes’ and/or the cloud systems or infrastructures of the airline, bus, etc. firms whose sales are being carried out are abroad, the situations in which e-mail service infrastructures of e-mail contact addresses that are sent to the relevant people are being held in data centers that are located abroad.

    5. COLLECTION METHOD AND LEGAL REASONS FOR PROCESSING PERSONAL DATA

    Your personal data is obtained by us in accordance with your explicit consent in order to perform the services offered by the Company in electronic form in a complete and accurate manner in accordance with the legislation. Your personal data collected in this process can be processed by Biletal through different channels and depending upon the legal reasons mentioned below, can be processed in accordance with the verdicts of the legislation. The personal data you have filled electronically with the aims that are listed above can be processed by means of ticket purchasing, payment and membership screen and call center or by non-automated methods, the website or the mobile application. Based on the legal reason for “express consent” regulated by Law 5/1, Biletal will be able to process your personal data that you transmit to the Company with your explicit consent in accordance with the law and secondary regulations.

    6. YOUR RIGHTS UNDER THE LAW

    As personal data owners, if you submit your requests related to your rights with the methods (Notice on Application Procedure and Principles to Data Controller is taken as a basis.) set out in the data owner application procedure and the Personal Data Protection and Processing Policy which have been shared with public on www.biletall.com website and by filling the Data Controller Application Form that is provided on the same website, or with another written document that contains the same mandatory data of you that are written in the form, or with a registered e-mail address, a secure electronic signature, or by using an e-mail address that has already been saved in Biletal’s system or has been submitted to Biletal beforehand by the related person in a way that makes it possible to verify your identify, Biletal will conclude the request as soon as possible and in thirty days at the latest depending on the nature of the request. However, if the transaction requires an additional cost, the fee will be charged by Biletal in the tariff set by the Personal Data Protection Board. In this context, personal data owners have the rights of;

    • Learning whether personal data is processed,

    • Request information if personal data has been processed,

    • Learning the purpose of processing personal data and whether it is used for its purpose,

    • Knowledge of third parties with whom personal data is transferred at home or abroad,

    • Request that personal data be corrected if it is incomplete or incorrectly processed and request that the transaction made in this context be notified to third parties to whom the personal data is transferred,

    • Requesting that the personal data to be deleted or removed, in case the reasons that necessitate it to be processed are no longer valid even though it is processed in accordance with the Law, and other related verdicts of the laws, and requesting that the third parties to whom the personal data has been transferred to be informed about the transaction that is done in this context,

    • By analyzing the processed data exclusively through automated systems, objecting to a consequence that is against the person himself,

    • In case of any damage, request of compensation of damages that is caused by personal data's being processed contrary by the law.

    Biletal İç ve Dış Ticaret Anonim Şirketi hereby assures that if the current legislation is amended and there is any discrepancy between Explicit Consent Text on Personal Data Protection and the change in question, the provisions of the legislation will find an application area.


    Data Controller :
    Biletal İç ve Dış Ticaret Anonim Şirketi

    Address             : Fatih District, Prof. Fevzi Fevzioglu Street, No: 19, Kocasinan/Kayseri

    Phone no           : +90 (352) 222 44 55

  • Информационный текст call-центра о защите и обработке персональных данных

    ABOUT PERSONAL DATA PROTECTION

    CALL CENTER CLARIFICATION TEXT

    As the data controller, by Biletal İç ve Dış Ticaret Anonim Şirketi ("Company" or "Biletal") regarding the principle of protection of the right of privacy, the personal data of our customers will be recorded, classified, saved, updated in accordance with the Turkish Personal Data Protection Law no 6698 ("Law"), will be processed in the frame of the processing terms mentioned in the Law and will be transferred to the third parties in conditions that the legislation allows.

    The Clarification Text has been hereby prepared in accordance with the legislation in effect and the Law firstly, and the regulations, notifications, verdicts, and the rules that are illustrated in the guides that have been published by the Council. In case of any change in Law or other related legislations after the publication of the Call Center Clarification Text by the Company and the Call Center Clarification Text's becoming incompatible with the mentioned change, the changed verdict and rules will be executed. The notifications, verdicts and guides published by the Council, in general, are monitored by our Company and the rules that have been set forth with the Call Center Clarification Text are being kept up to date.

    1. DATA OWNER

    The data owners within the scope of the Clarification Text are hereby the real people who call the Company call center line.

    2. IDENTITY OF THE DATA CONTROLLER AND REPRESENTATIVE

    In accordance with the Law, your personal data will be collected and processed by Biletal İç ve Dış Ticaret Anonim Şirketi as a data controller in the scope described below.

    For questions regarding the processing of your personal data you can contact Biletal Contact Person via kvk@biletall.com.tr e-mail address.

    3. PURPOSES OF PROCESSING PERSONAL DATA, LEGAL REASONS FOR PROCESSING AND METHODS OF COLLECTION

    In accordance with the terms mentioned under the caption "terms of processing personal data" personal data Law's 5th article, Biletal can collect, save, update, process, classify your data and transfer it to the third parties. Our Company clearly sets out the purposes for processing personal data, and in accordance with the business activities and the purposes related to those activities, processes personal data.

    Through a phone call, collected first name, last name, T.R. Identity Number, date of birth, gender, nationality, passport number, passport validity, the country the passport was issued in, visa information, e-mail address, mobile phone number, home phone number, bank/credit card number, bank/credit card expiration date, bank/credit card security code, loyalty program information, call center records, travel information (one-way/ round-trip, departure point, destination, departure date, return date, seat number), request and complaint information, PNR number, transaction information (return, order, change, delete), customer/ticket number, insurance information, comments, and evaluations are processed by the Company with the aims of;

    • Ability To Address The Caller Correctly,

    • Confirmation of the Call and Determination of the Number of Calls for Statistical Purposes,

    • As Part of the Activity of Conducting Travel Reservations and Ticket Sales; Conducting Identification and Verification Operations, Creating Membership for Booking and Sales Management, Organizing Bus, Plane and Ferry Tickets, Performing Check-in Operations, Preparing Flight and Travel Cards, Conducting Travel Approval Operations,

    • Execution of Ticket Sales Operations and After-Sales Support Services,

    • Execution of Ticket Sales, Cancellation, Refund and Change Processes through the Call Center,

    • Use As Evidence In Future Disputes,

    • Follow-up of Requests and Complaints,

    • Conducting Activities For Customer Satisfaction,

    • Carrying out Storage and Archive Activities

    on condition that they are directly related to a contract’s formation or execution, and that it is necessary to process the personal data of the sides of the contract as long as it is not violating the fundamental rights and freedom of the relevant person, data processing’s being compulsory for the data controller’s legitimate interests.

    4. THE TRANSFER OF PERSONAL DATA

    The personal data of data owners are being transferred to the business partners limited to the purposes of performing cooperation activities with business owners, to the suppliers and solution partners limited to the purposes of getting help from third parties as service supply to perform commercial activities of our Company and which our Company procures from the supplier as external, to the employees, group companies, suppliers, authorized agencies that perform your transactions and with the other airline businesses in the frame of flight cooperations and partnerships limited with the purposes of performing customer and potential customer transactions, to the related insurance companies in situations that the customer gets insurance service in the purchasing process, to the shareholders/partners of the Company limited with the purposes of creating strategies about our Company’s commercial and administrative activities in accordance with the relevant legislation’s verdicts and carrying out the in-house and non-corporate execution and management activities, to the authorized institutions and organizations and  companies that provide information technologies and archive service limited with the purposes and documents that the related state institutions and organizations demand.

    5. SHARING PERSONAL DATA WITH THIRD PARTIES ABROAD

    Your personal data can be transferred to abroad in the frame of execution of services’ supply chain management process, execution of service sales processes, execution of contract processes; execution of after-service customer satisfaction activities, taking benefit of saving and archive activities, the situations in which the ticketing system infrastructure that are used in the service sales processes’ and/or the cloud systems or infrastructures of the airline, bus, etc. firms whose sales are being carried out are abroad, the situations in which e-mail service infrastructures of e-mail contact addresses that are sent to the relevant people are being held in data centers that are located abroad.

    6. YOUR RIGHTS UNDER THE LAW

    As personal data owners, if you submit your requests related to your rights with the methods (Notice on Application Procedure and Principles to Data Controller is taken as a basis.) set out in the data owner application procedure and the Personal Data Protection and Processing Policy which have been shared with public on www.biletall.com website and by filling the Data Controller Application Form that is provided on the same website, or with another written document that contains the same mandatory data of you that are written in the form, or with a registered e-mail address, a secure electronic signature, or by using an e-mail address that has already been saved in Biletal’s system or has been submitted to Biletal beforehand by the related person in a way that makes it possible to verify your identify, Biletal will conclude the request as soon as possible and in thirty days at the latest depending on the nature of the request. However, if the transaction requires an additional cost, the fee will be charged by Biletal in the tariff set by the Personal Data Protection Board.

    In this context, personal data owners have the rights of;

    • Learning whether personal data is processed,

    • Request information if personal data has been processed,

    • Learning the purpose of processing personal data and whether it is used for its purpose,

    • Knowledge of third parties with whom personal data is transferred at home or abroad,

    • Request that personal data be corrected if it is incomplete or incorrectly processed and request that the transaction made in this context be notified to third parties to whom the personal data is transferred,

    • Requesting that the personal data to be deleted or removed, in case the reasons that necessitate it to be processed are no longer valid even though it is processed in accordance with the Law, and other related verdicts of the laws, and requesting that the third parties to whom the personal data has been transferred to be informed about the transaction that is done in this context,

    • By analyzing the processed data exclusively through automated systems, objecting to a consequence that is against the person himself,

    • In case of any damage, request of compensation of damages that is caused by personal data's being processed contrary by the law.

    Biletal İç ve Dış Ticaret Anonim Şirketi hereby assures that if the current legislation is amended and there is any discrepancy between The Call Center Clarification Text on Personal Data Protection and the change in question, the provisions of the legislation will find an application area. For comprehensive information about your personal data you can review the Personal Data Protection and Processing Policy and other Clarification Texts on the website www.biletall.com.

    Data Controller : Biletal İç ve Dış Ticaret Anonim Şirketi

    Address            : Fatih District, Prof. Fevzi Fevzioglu Street, No: 19, Kocasinan/Kayseri

    Phone no          : +90 (352) 222 44 55

  • Форма утверждения коммерческого электронного сообщения

    BİLETAL COMMERCIAL ELECTRONIC MESSAGE APPROVAL FORM

    As Biletal, Biletal İç ve Dış Ticaret Anonim Şirketi, we are informing you with this Confirmation Form about the electronic messages that are published in the Official Gazette dated 15/7/2015 no. 29417 and in the Official Gazette dated 4/1/2020 no. 30998 and changed according to The Regulation on the Amendment of the Regulation on Commercial Communication and Commercial Electronic Messages and will be sent to you under the provisions Amendments To The Regulation On Commercial Communication And Commercial Electronic Messages. (‘’Regulation’’)

    By accepting this Approval Form, you agree to be informed about the messages and notifications regarding the promotion, marketing, campaigns, promotions, opportunities, and advantages that will be carried out by Biletal on the website, mobile applications, and similar electronic media of Biletal and sent to you for commercial purposes and that you may be contacted by e-mail, text message, telephone and similar means within the scope of these activities, and that the said records can be shared with the relevant Ministry when necessary.

    The acceptance of the Approval Form is valid until the right to refuse is exercised; The lack of approval will not affect the services Biletal provides to you. You can stop receiving commercial electronic messages sent by Biletal at any time and without any justification, and send your request to our Company using the contact information on the website.

    This Approval Form is an integral part of the Privacy and Cookie Policy and the Clarification Text published at www.biletall.com and mobile application.

  • Информационный текст для посетителей о защите и обработке персональных данных

    VISITOR CLARIFICATION TEXT

    ON THE PROTECTION OF PERSONAL DATA

    Biletal İç ve Dış Ticaret Anonim Şirketi (" Company " or "Biletal" ) as the data controller, with the principle of protecting the right of privacy in particular; Personal data of our visitors, will be recorded, classified, stored, updated in accordance and within the scope of the Turkish Personal Data Protection Law No.6698 (" Law ") and processed within the framework of the processing conditions enumerated in the Law and will be transferred to third parties in conditions and the extent permitted by the legislation.

    This Clarification Text has been prepared in accordance with the relevant legislation in force and the rules shown in the regulations, communiqués, decisions, and guidelines published by the Board, notably the Law. If there is an alteration in the Law or other relevant legislation after the date of issue of the Visitor Clarification Text by the Company, and if the Visitor Clarification Text is incompatible with the respective alteration, the changed terms and rules will apply. All communiqués, decisions, and guides published by the Board are followed by our Company, and the rules stipulated by the Visitor Clarification Text are kept up-to-date.

    1. DATA SUBJECT

    The data subjects within the scope of Clarification Text hereby are all real persons who come to the Company's workplace.

    2. ID OF DATA CONTROLLER AND REPRESENTATIVE

    In accordance with the law, your personal data will be collected and processed by Biletal İç ve Dış Ticaret Anonim Şirketi, as the data controller, within the scope described below.

    For your questions regarding the processing of your personal data, you can contact Biletal Contact Person via kvk@biletall.com.tr e-mail address.

    3. PURPOSE OF PROCESSING PERSONAL DATA, COLLECTING METHODS, LEGAL REASONS

    Biletal will be able to record, store, update, transfer to third parties, classify and process your personal data in accordance with the terms and extent specified under the heading of "personal data processing conditions" in Article 5 of the Law. Our company clearly reveals the purposes of processing personal data and processes personal data within the scope of purposes related to these activities in line with business activities.

    Your Personal Data collected through the channels and methods specified in Clarification Text hereby are processed by the Company for the following purposes:

    Credentials

    Personal Data Processed

    Personal Data Processing Purposes

    • Name

    • Surname

    Ensuring Physical Space Security, Ensuring Security of Movable Property and Resources, Ensuring the Security of Data Controller Operations, Creating and Tracking Visitor Records, Carrying Out Storage and Archive Activities, Carrying Out Information Security Processes, Conducting Activities in Compliance with Legislation, Providing Information to Authorized Persons, Institutions and Organizations, Conducting Communication Activities

    Legal Reasons for Processing Personal Data


    Your personal data, in line with the realization of the above-mentioned purposes by the Company, is primarily specified in Article 5 of PDPL;

    • It is clearly stipulated in the laws,

    • It is mandatory for the data controller to fulfill their legal obligation,

    • It is mandatory to process data for the legitimate interests of the data controller, provided that the fundamental rights and freedoms of the relevant person are not harmed.

    is processed on the basis of legal reasons.

    Methods of Collecting Personal Data

    Your personal data mentioned above are collected through printed and electronic forms and electronic systems.

    Contact Information

    Personal Data Processed

    Personal Data Processing Purposes

    • Work Place Name / Title

    • Mobile Number

    • E-mail Address

    Conducting Communication Activities, Ensuring Physical Space Security, Ensuring Security of Movable Property and Resources, Ensuring the Security of Data Controller Operations, Creating and Tracking Visitor Records, Carrying Out Information Security Processes, Conducting Activities in Compliance with Legislation, Providing Information to Authorized Persons, Institutions and Organizations, Storage and Archive Conducting Activities

    Legal Reasons for Processing Personal Data

    Your personal data, in line with the realization of the above-mentioned purposes by the Company, is primarily specified in Article 5 of PDPL;

    • It is clearly stipulated in the laws,

    • It is mandatory for the data controller to fulfill his legal obligation,

    • It is mandatory to process data for the legitimate interests of the data controller, provided that the fundamental rights and freedoms of the relevant person are not harmed.

    is processed on the basis of legal reasons.

    Methods of Collecting Personal Data


    Your personal data mentioned above are collected through printed and electronic forms and electronic systems.

    Physical Space Security

    Personal Data Processed

    Personal Data Processing Purposes


    • Entry-Exit Registration Information

    • Security Camera Registration Information

    Ensuring Physical Space Security, Ensuring the Security of Movable Property and Resources, Ensuring the Security of Data Controller Operations, Creating and Tracking Visitor Records, Providing Information to Authorized Persons, Institutions and Organizations, Carrying Out Storage and Archive Activities

    Legal Reasons for Processing Personal Data

    Your personal data, in line with the realization of the above-mentioned purposes by the Company, is primarily specified in Article 5 of PDPL;

    • It is mandatory for the data controller to fulfill his legal obligation,

    • It is mandatory to process data for the legitimate interests of the data controller, provided that the fundamental rights and freedoms of the relevant person are not harmed.

    is processed on the basis of legal reasons.

    Methods of Collecting Personal Data

    Your personal data mentioned above are collected through printed and electronic forms and Security Camera Records.

    Methods of Collecting Personal Data

    Your personal data mentioned above are collected through electronic forms and Security Camera Records.

    Process Security Information

    Personal Data Processed

    Personal Data Processing Purposes

    • Output IP

    • Destination IP

    • Log Records

    • Name of the Website

    • Date / Time

    • User Traffic Information

    • User Experience Criteria Information

    • Port Number

    • MAC Address

    Carrying Out Information Security Processes, Conducting Activities in Compliance with Legislation, Providing Information to Authorized Persons, Institutions and Organizations, Ensuring the Security of Data Controller Operations, Creating and Tracking Visitor Records

    Legal Reasons for Processing Personal Data

    Your personal data, in line with the realization of the above-mentioned purposes by the Company, is primarily specified in Article 5 of PDPL;

    • It is necessary for the establishment, use, and protection of a right,

    • It is mandatory o process data for the legitimate interests of the data controller, provided that the fundamental rights and freedoms of the relevant person are not harmed.

    is processed on the basis of legal reasons.

    Methods of Collecting Personal Data

    Your personal data mentioned above are collected through electronic systems.

    Health Information

    Personal Data Processed

    Personal Data Processing Purposes

    • Fever Measurement Result Information

    Conducting Occupational Health and Safety Activities, Conducting Activities in Compliance with the Legislation

    Legal Reasons for Processing Personal Data

    Your personal data, in line with the realization of the above-mentioned purposes by the Company, is primarily specified in Article 5 of PDPL;

    • Explicit (direct) consent

    is processed on the basis of legal reason.

    Methods of Collecting Personal Data

    Your personal data mentioned above are collected through the fever measurement device.



    4. TRANSFER OF PERSONAL DATA

    Personal data belonging to data subjects is shared with Company shareholders/partners limited to the purposes of conducting intra-unit supervision activities, authorized public institutions and organizations limited to the documents and purposes requested by the relevant public institutions and organizations, and those required from your personal data, is shared with companies providing information technology services.

    5. YOUR RIGHTS UNDER THE LAW

    As personal data subjects, your requests regarding your rights are based on the Personal Data Protection and Processing Policy, which is shared with the public at https://www.biletall.com/, and the methods set out in the data subject application procedure (Communiqué on Application Procedures and Principles to the Data Controller are taken as the basis.) and to fill in the Data Subject Application Form published on the same web address or with another document containing your mandatory information written in the application form, in writing or with the registered electronic mail (REM) address, secure electronic signature, mobile signature or if you transfer your identity to Biletal in an averrable manner by using the e-mail address declared and registered in Biletal's system by the relevant person before, Biletal will finalize the request as soon as possible and free of charge within thirty days at the latest, depending on the characteristics of the request. However, if the transaction requires an additional cost, Biletal will charge the fee in the tariff determined by the Personal Data Protection Board. In this context, personal subjects;

    • Learning whether personal data is processed,

    • If personal data has been processed, to request information regarding this,

    • Learning the purpose of processing personal data and whether they are used appropriately for their purpose,

    • To know the third parties to whom personal data are transferred domestically or abroad,

    • To request correction of personal data in case of incomplete or incorrect processing and to request notification of the transaction made within this scope to third parties to whom personal data are transferred,

    • Although it has been processed in accordance with the provisions of the Law and other relevant laws, in case the reasons requiring its processing disappear, to request the deletion or destruction of personal data and to notify the third parties to whom the personal data has been transferred,

    • Object to the occurrence of a result weigh against the person by analyzing the processed data exclusively through automatic systems,

    • In case of damage due to illicit processing of personal data, requesting the compensation of the damage

    have the rights mentioned above.

    Biletal İç ve Dış Ticaret Anonim Şirketi ensures that in case the current legislation is changed and there is any inconsistency between the said change and the Visitor Clarification Text on the Protection of Personal Data hereby, the provisions of the legislation will be applied.

    Data Controller: Biletal İç ve Dış Ticaret Anonim Şirketi

    Address : Fatih Mah. Fevzi Fevzioğlu Cad. No:19 Kocasinan/Kayseri

    Telephone : +90 (352) 222 44 55

Позвоните нам, мы поможем вам с приобретением автобусного билета.

+90 (850) 360 32 58
Sizi Arayalım
позвоните мне
https://biletall-cdn.mncdn.com/img-v7/ortak/preloader.svg?v=16277
/ru True
16277