Skyway Travel is a company in the tourism sector dedicated to the sale of tourism services nationwide through intermediary services, including the sale of transportation tickets, private transfers, accommodation and food services, package tours, and full days located in Urgup, 50400 Nevsehir-TURKEY. Skyway Travel is obliged to comply with the Turkish/Turkish legislation in force regarding personal data protection, https://www.kvkk.gov.tr/en/ Personal Data Protection, and its supplementary provisions. Therefore, Skyway Travel is committed to:
Collecting and using personal information.
Ensuring the quality and security of information.
Respect the rights of individuals with respect to information about themselves.
Skyway Travel. is committed to the protection, handling, and proper treatment of personal data to which it has access in the regular operation of its business. This commitment includes the review and continuous improvement of the processes of the organization to ensure adequate protection of such personal data and the guidelines established by Skyway Travel for the collection and processing of personal data to ensure respect for the rights of their owners and compliance with the current regulatory framework. The Policy may be supplemented with additional procedures, regulations, and/or guidelines that develop the provisions of this document as long as they are aligned with its guiding principles.
OBJECTIVE
The purpose of this document is to establish principles, uniform practices, and responsibilities regarding the processing of personal data in which Skyway Travel is involved.
SCOPE
This document is applicable to all Skyway Travel processes that will use the personal data of customers to be contained in the various databases of Skyway Travel and the treatment of these.
The Policy will be known and fully complied with by all Skyway Travel employees and suppliers. For the purpose of interpreting this Policy, the definitions contained in the Law, and especially those included below are applicable.
DEFINITIONS
Personal data: Any information that identifies a natural person or that can be identified through reasonably used means. For example, ID card, physical address, and full name.
Sensitive data: Personal data consisting of biometric data that by itself can identify the holder; data referring to racial and ethnic origin; economic income; political, religious, philosophical, or moral opinions or convictions; union membership; and health-related information.
Processing of personal data: Any operation or technical procedure, automated or not, that allows the collection, recording, organization, storage, conservation, elaboration, modification, extraction, consultation, use, blocking, suppression, communication by transfer or diffusion or any other form of processing that facilitates the access, correlation or interconnection of personal data. In short, the processing of personal data regulates all possible forms of use and processing of personal data within the organization from its entry to its eventual deletion or conservation.
Consent: Prior, a free, unequivocal, and express authorization that must be given by the individual to authorize the processing of his personal data.
Prior: Must be obtained prior to collection.
Free: Must not be forced or conditioned.
Unequivocal and express: There must be no doubt as to its manifestation and it must be recorded in some tangible medium.
Personal data bank: Organized set of personal data, automated or not, regardless of the support, whether physical, magnetic, digital, optical, or other that may be created, whatever the form or modality of its creation, formation, storage, organization, and access.
Holder of the personal data bank: Natural person, legal person of private law or public entity that determines the purpose and content of the personal data bank, the processing of such data, and the security measures. Data Controller: Any natural person, a legal person under private law or public entity that alone or acting jointly with another person carries out the processing of personal data on behalf of the owner of the personal data bank. Anonymization procedure: Processing of personal data that prevents identification or does not make the holder of the personal data identifiable. The procedure is irreversible. Disassociation procedure: Processing of personal data that prevents identification or does not make the holder of the personal data identifiable. The procedure is reversible.
COMPLIANCE OFFICERS
Skyway Travel will assign and communicate the corresponding responsibilities to all personnel and suppliers for compliance with this Policy.
The area responsible for annually reviewing this Policy and making the respective adjustments within Skyway Travel will be the General Management. Likewise, the General Management will be responsible for answering any questions related to the application and scope of this Policy.
Notwithstanding the above, all employees of Skyway Travel as well as all suppliers and third parties with whom Skyway Travel is linked in the regular exercise of its business and have access to or process personal data are subject to compliance with the Policy. Finally, no employee of Skyway Travel shall perform on behalf of the Company. actions or incur in omissions that involve a breach of the Law.
CONFIDENTIALITY
This Policy will be for the internal and exclusive use of Skyway Travel and, therefore, is confidential. Any use other than that indicated is prohibited and must be expressly authorized in writing by the General Management.
The personal data to which both Skyway Travel employees and related third parties have access or participate in its treatment may not be treated or used in any way without the prior consent of the owner of the personal data even after the termination of their relationship with Skyway Travel, except for the exceptions regulated by law.
In the case of workers who by the nature of their duties have access to confidential and sensitive personal information, Skyway Travel will seek to develop specific training and awareness actions. Persons involved in the processing of personal data are obliged to keep professional secrecy and maintain confidentiality with respect to them. This obligation will be maintained even after the end of their relationship with Skyway Travel.
PRINCIPLES
All employees of Skyway Travel must permanently comply with the principles established in the Law in the performance of their duties, which are detailed below:
a. Legality. The processing of personal data carried out by Skyway Travel shall be following the provisions of the Law. Collecting personal data by fraudulent, unfair, or unlawful means is prohibited.
b. Consent. Skyway Travel may not process personal data that does not have the prior, express, unambiguous, and free consent of the owner as required, except as otherwise provided by law.
c. Purpose. Skyway Travel will collect personal data clearly indicating the purpose for which it makes such collection, which must be determined, explicit, and lawful. The personal data object of the treatment will not be used for different or incompatible purposes with those that motivated its collection, except with the consent of its owner. In this regard, Skyway Travel will comply with implementing measures to ensure:
The collection, storage, and conservation of personal data comply with the principles of proportionality and purpose.
The adequate safeguarding of personal data complying with appropriate technical and legal security measures. It should be noted that Skyway Travel may not disclose personal data unless ordered by a reasoned order of the judge or with the authorization of the owner, with the guarantees provided by law. Also, Skyway Travel may not refuse to deliver to a public entity information containing personal data provided that such requirement is made for the strict fulfillment of the powers of such entities assigned by law.
d. Proportionality. Any processing of personal data by Skyway Travel must be adequate, relevant, and not excessive to the purpose for which it was collected.
e. Quality. Personal data to be processed by Skyway Travel must be truthful, accurate, and, as far as possible, up to date, necessary, relevant, and adequate with respect to the purpose for which it was collected. They must be kept in such a way as to ensure their security and only for the time necessary to fulfill the purpose of the processing, respecting the applicable legal deadlines for the conservation of documents and information.
f. Security. Skyway Travel and the third parties to whom it entrusts the processing of personal data must adopt the necessary and appropriate technical, organizational, and legal measures to ensure the security of personal data against various risks, such as accidental loss or destruction by casualty, unauthorized access, covert use or infection by malware or computer viruses. These measures will be established, communicated and if necessary updated by Skyway Travel.
g. Adequate Level of Protection. In case Skyway Travel carries out international transfers of personal data, it shall ensure an adequate level of protection for the personal data to be processed or, at least, comparable to that provided by law.
h. Rights of the holders of personal data. Skyway Travel will have a simple and free procedure to address the rights of holders of personal data under the Act: (i) information, (ii) access, (iii) update, (iv) inclusion, (v) rectification, (vi) deletion, (vii) prevent the provision, (viii) opposition and (ix) objective treatment. Therefore Skyway Travel:
Will take the necessary measures to inform the holder of the personal data about the rights conferred by the Law.
Adopt measures that allow the holder of the personal data to keep them updated.
Will comply with the requirements and requests related to the aforementioned rights of the holders of personal data in a timely manner and within the terms of the law; In the processes of attention to the rights of holders of personal data, the following guidelines shall apply.
Deleting or rectifying personal data will not proceed when it affects the rights or legitimate interests of Skyway Travel, its shareholders, employees, directors, or third parties or when there is a legal obligation to preserve personal data.
Skyway Travel may refuse specific requests when the disclosure of personal data may compromise or hinder ongoing judicial or administrative proceedings.
TRANSFERS OF PERSONAL DATA
Personal data processed by Skyway Travel may only be assigned or transferred to third parties for the fulfillment of purposes related to the legitimate interest of the assignor and the assignee and with the prior, express, free, unequivocal, and informed consent of the owner of the personal data. Such consent shall not be required in the cases permitted by law.
COLLECTION OF SENSITIVE DATA
Skyway Travel will only collect personal data and/or sensitive data when strictly necessary and in compliance with the principles of purpose and proportionality. When the collection and processing of such data are derived from the fulfillment of a legal obligation, Skyway Travel will inform the owner of the data prior to its collection.
DISCLOSURE OF PERSONAL DATA
Skyway Travel will not disclose personal data to third parties except when: a) It is necessary for the purpose for which the personal data was collected; as in the provision of services through third parties and suppliers. b) The owner of the personal data is informed prior to disclosure or at the time of collection of personal data. c) The owner of the personal data gives its prior express consent. d) The consent is not required by law. e) personal data are required by public entities within the scope of their competencies and legal attributions. f) The personal data are necessary to satisfy legitimate requirements of any company interested in acquiring any of the operations of Skyway Travel, with the prior consent of the owner; or, g) The access to personal data is by auditors and lawyers and other professionals obliged to keep professional secrecy.
DELETION OF PERSONAL DATA
Once the processing of personal data has been completed and the principle of purpose has been fulfilled and provided that there is no legal mandate or reason that justifies the retention of personal data, Skyway Travel will proceed to delete them from its records. Alternatively, Skyway Travel may apply disassociation processes, or equivalent when for any commercial, statistical, or market analysis reason justifies the convenience of keeping such data. Skyway Travel will define in a timely manner the respective procedures necessary for the elimination of personal data.
SANCTION REGIME
It will be considered serious misconduct and subject to sanction the employee who commits any violation of the provisions set forth in this Policy. Skyway Travel will take the disciplinary measures it deems appropriate in cases of non-compliance with the obligations stipulated herein by employees.
DISSEMINATION AND ENFORCEMENT OF THE POLICY
Skyway Travel will endeavor to: i) ensure compliance with the provisions of this Policy; ii) make this Policy known, observed, and respected by each employee; iii) publish this Policy in easily accessible places; and iv) subscribe to confidentiality obligations with employees, users, contractors and third parties who access personal data included in the databases.
