Terms of Use

ASYALI TURİZM BİLİŞİM TEKNOLOJİLERİ INC.
Personal Data Processing and Protection Information Notice & Explicit Consent Declaration

Pursuant to the Personal Data Protection Law No. 6698 (KVKK),

We, ASYALI TURİZM BİLİŞİM TEKNOLOJİLERİ INC. (hereinafter referred to as the “Company”), attach the utmost importance to compliance with the Personal Data Protection Law No. 6698 regarding the processing and safeguarding of your personal data.

With the aim of protecting fundamental rights and freedoms, particularly the right to privacy, we would like to inform you that this Information Notice has been prepared in accordance with the Personal Data Protection Law No. 6698 (“KVKK”), published in the Official Gazette dated April 7, 2016, No. 29677, and entered into force under the title of Personal Data Protection Law.

Your personal data is processed within the scope of the methods, legal grounds, purposes, and conditions specified below, and for the period required for its intended purpose or as stipulated by relevant legislation. All necessary administrative and technical measures are taken by our Company to ensure its protection.

Identity of the Data Controller

Pursuant to Article 3, paragraph 1, subparagraph (ı) of the Personal Data Protection Law No. 6698 (KVKK), a data controller is defined as:
“the natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system.”

Within this scope, the data controller is:

Company Title: ASYALI TURİZM BİLİŞİM TEKNOLOJİLERİ INC.

Address: Nisbetiye Mah. Gazi Güçnar Sok. Uygur İş Merkezi No:4 D:2 Beşiktaş / Istanbul, Türkiye

Email / Registered Electronic Mail (KEP): info@transfergrup.com

1-Purpose and Legal Basis

Pursuant to Article 10 of the Personal Data Protection Law No. 6698 (“KVKK”), at the time of collection of personal data, the data controller or its authorized persons are obliged to inform the data subjects regarding:

  • The identity of the data controller and its representative, if any,
  • The purposes for which personal data will be processed,
  • The persons to whom personal data may be transferred and the purposes of such transfer,
  • The method and legal basis for collecting personal data,
  • The other rights listed under the relevant article.

2-Data Controller

Your personal data may be processed by our Company in its capacity as the data controller, in accordance with the Personal Data Protection Law No. 6698, within the scope explained below.

Detailed information regarding the purposes of processing your personal data by our Company is provided in the “Personal Data Processing, Protection and Destruction Policy of ASYALI TURİZM BİLİŞİM TEKNOLOJİLERİ INC.”

3-For What Purposes Are Your Personal Data Processed?

Your personal data is processed in accordance with the personal data processing conditions set forth in Articles 5 and 6 of the Personal Data Protection Law No. 6698, for the purpose of fulfilling our legal obligations arising from:

The Personal Data Protection Law No. 6698,
Labor Law No. 4857,
Social Insurance and General Health Insurance Law No. 5510,
Occupational Health and Safety Law No. 6331,
Turkish Commercial Code No. 6102,
Turkish Code of Obligations No. 6098,
and secondary legislation enacted pursuant to these laws,

as well as for the following purposes:

  • Execution of emergency management processes,
  • Management of information security processes,
  • Conducting audit and inspection activities,
  • Ensuring compliance with applicable legislation,
  • Execution of finance and accounting processes,
  • Ensuring physical premises security,
  • Monitoring and execution of legal affairs,
  • Conducting communication activities,
  • Execution and supervision of business activities,
  • Collecting and evaluating suggestions for improving business processes,
  • Ensuring business continuity,
  • Execution of logistics operations,
  • Managing customer relationship processes,
  • Execution of contract processes,
  • Handling requests and complaints,
  • Managing supply chain processes,
  • Execution of marketing activities for products/services,
  • Execution of procurement processes for products/services,
  • Execution of sales processes for products/services,
  • Providing after-sales support services,
  • Execution of production processes for products/services,
  • Providing information to authorized persons, institutions, and organizations,
  • Execution of management activities,
  • Creation and monitoring of visitor records.



Detailed Purposes

Your personal data is processed in detail for the following purposes:

In order to provide services related to our Company’s fields of activity and to improve the quality of such services, to carry out sales, marketing, and other business activities, to comply with obligations related to data retention, reporting, and disclosure, and within the scope of activities such as Customer Relationship Management (CRM) practices conducted to enhance the quality of services provided to you and to support sales and marketing activities;

  • Improving the quality of the products/services offered and customizing them in line with our customers’ needs, preferences, and usage habits, and presenting and recommending them accordingly,
  • Informing you about our services and providing clarification when necessary,
  • Customizing and recommending the products and services offered by our Company in line with your preferences, usage habits, and needs,
  • Enabling our business units to carry out necessary work so that you may benefit from our products and services,
  • Informing you about and enabling you to benefit from general and special campaigns, promotions, advertisements, discounts, and similar advantages offered by our Company,
  • Processing your personal data available on the platforms where you log in using your username and password, including your preferences, transactions, and browsing duration, in order to provide you with the information and services you have requested,
  • Sending notifications regarding website memberships of our Company and its affiliated entities (such as renewal or expiration), establishing all kinds of communication with you, and informing you about new services and products, as well as any changes or updates in personal data policies and membership terms,
  • Providing you with information regarding the information, events, and services you request from our Company,
  • Determining and implementing our Company’s commercial and business strategies,
  • Ensuring the execution of our Company’s human resources policies,
  • Fulfilling legal obligations where explicitly required by legislation or when necessary.

Within this scope, and in accordance with the personal data processing conditions and purposes specified in Articles 5 and 6 of the Personal Data Protection Law, your personal data may be processed by our Company, its affiliated/related companies and organizations, as well as by other real and/or legal persons specified below.

Your personal data will not be used for purposes other than those stated above without your explicit consent and will not be shared or transferred to third parties except for legal obligations and authorized public institutions and organizations.

4-To Whom and for What Purposes Are Your Personal Data Transferred?

Your personal data collected by the data controller may be transferred by ASYALI TURİZM BİLİŞİM TEKNOLOJİLERİ INC., in accordance with the fundamental principles set forth in the Law and within the scope of the personal data processing conditions specified in Article 8 of the Personal Data Protection Law No. 6698, and for the purposes stated above.

Within this scope, your personal data may be transferred for the purpose of fulfilling our legal obligations arising from:

  • Personal Data Protection Law No. 6698,
  • Turkish Commercial Code No. 6102,
  • Turkish Code of Obligations No. 6098,
  • Labor Law No. 4857,
  • Social Insurance and General Health Insurance Law No. 5510,
  • Occupational Health and Safety Law No. 6331,
  • and secondary legislation enacted pursuant to these laws,

as well as other legal obligations, to persons and organizations authorized to request and process personal data under applicable legislation and/or contractual relationships, including:

  • Social Security Institution,
  • Ministry of Treasury and Finance,
  • Revenue Administration,
  • Tax Offices,
  • Enforcement Offices,
  • Competent judicial authorities,
  • Domestic business partners,
  • Suppliers from whom services are procured,

and, where necessary, to domestic and international companies with whom services are received or cooperation is established, as well as contracted banks, for the purposes of fulfilling legal obligations, executing contractual requirements, and carrying out all processes related to the performance of contracts.

5- Method of Collection of Personal Data & Legal Basis

Your personal data may vary depending on the services/products/commercial activities provided by our Company;

In accordance with Articles 4, 5, and 6 of the Personal Data Protection Law (KVKK), your personal data may be collected, updated, and processed through automated or non-automated means via offices, direct phone lines, call centers, websites, social media platforms, mobile applications, and similar channels, whether verbally, in writing, or electronically.

Your personal data is collected in order to enable the provision of our products and/or services within the legal framework and to ensure that our Company fulfills its contractual and legal obligations fully and accurately.

In this context, your personal data is collected based on the following legal grounds:

  • It is necessary for the data controller to fulfill its legal obligations,
  • It is necessary for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject.

Accordingly, your personal data may be processed, shared, and transferred within the scope of the conditions and purposes specified in Articles 5 and 6 of the KVKK and for the purposes stated in this Information Notice.

6-Retention Period of Personal Data

Pursuant to Article 7/1 of the KVKK, your personal data will be deleted, destroyed, or anonymized when the purpose requiring its processing ceases to exist and/or when the legal retention periods we are obliged to comply with under the applicable legislation expire.

For detailed information, please refer to the “Data Retention and Destruction Policy of ASYALI TURİZM BİLİŞİM TEKNOLOJİLERİ INC.”

7-Termination

The Customer may terminate their membership in the Transfer Grup App at any time without providing any reason, through the following methods:

  • Via the application:
    By navigating to (My Account → Edit Profile Information) and clicking the “Delete My Account” button located at the bottom of the page,
  • Or by sending an email to:
    info@transfergrup.com
    with a request for account deletion.

8-Storage and Protection of Information

Your personal data shared with our Company is stored on secure servers located domestically, in compliance with the Personal Data Protection Law No. 6698 and its related secondary regulations. Within this scope, our Company takes all necessary legal, technical, and administrative measures to ensure the security of your personal data.

The Transfer Grup App retains user information only for the period necessary and in accordance with the retention periods stipulated by applicable legislation. Such data is secured through appropriate technical and administrative measures against cyber threats.

The payment infrastructure is provided by MasterCard and BKM Express. The application stores only the first 6 and last 2 digits of the credit card number. Additionally, membership to MasterPass and BKM Express can be queried using the user’s registered mobile phone number, and existing cards can be used as a payment method through redirection.

The user acknowledges that the responsibility for maintaining the security of their application access credentials (such as password, username, etc.) rests entirely with them.


9-Accuracy and Updating of Information

Users are responsible for ensuring that the information they provide is accurate and up to date. In the event of any changes, such information may be updated via the application or by contacting Transfer Grup App customer support.

Users who share information on behalf of another person are deemed to have declared that they are authorized to share such information.

It is acknowledged that if the use of certain information is restricted upon request, some services may not be available partially or fully.

10-Third-Party Redirections

The Transfer Grup App may redirect users to third-party links. In such cases, the privacy policies and terms of use of those third parties shall apply. Transfer Grup App shall not be held responsible for the practices of such third parties.

11-Right to Amend

Transfer Grup App reserves the right to modify, suspend, or discontinue the services provided through the application, as well as to amend this Policy, without prior notice.

Users are responsible for monitoring any changes made to this Policy.

12-Disclaimer

Transfer Grup App shall not be held liable for any direct or indirect damages arising from interruptions, errors, delays, viruses, or system-related issues that may occur during the use of the application.

Your Rights as a Data Subject under Article 11 of the KVKK

As data subjects, if you submit your requests regarding your rights to our Company through the methods specified in the Personal Data Protection, Processing, and Destruction Policy, your request will be concluded free of charge within a maximum of thirty (30) days, depending on the nature of the request.

However, if the process requires an additional cost, a fee may be charged in accordance with the tariff determined by the Personal Data Protection Board.

Within this scope, data subjects have the following rights:

  • To learn whether their personal data is processed or not,
  • To request information if their personal data has been processed,
  • To learn the purpose of processing personal data and whether it is used in accordance with its purpose,
  • To know the third parties to whom personal data is transferred domestically or abroad,
  • To request the correction of personal data if it is incomplete or inaccurately processed, and to request that such correction be notified to third parties to whom the data has been transferred,
  • To request the deletion or destruction of personal data if the reasons requiring its processing cease to exist, even though it has been processed in accordance with the law, and to request that such actions be notified to third parties to whom the data has been transferred,
  • To object to the occurrence of a result against the person by analyzing processed data exclusively through automated systems,
  • To request compensation for damages in case of loss due to unlawful processing of personal data.

Methods for Submitting Requests Regarding Data Subject Rights under Article 11 of the KVKK

Data subjects may submit their requests regarding their rights by providing information and documents verifying their identity, completing and signing the Application Form issued by the Personal Data Protection Authority, and submitting it to ASYALI TURİZM BİLİŞİM TEKNOLOJİLERİ INC. free of charge through the following methods:

  • After completing the application form, a signed hard copy (wet-ink signature) may be delivered in person or via a notary public to the following address:
    Nisbetiye Mah. Gazi Güçnar Sok. Uygur İş Merkezi No:4 D:2 Beşiktaş / Istanbul, Türkiye
  • After completing the application form and signing it with a secure electronic signature in accordance with the Electronic Signature Law No. 5070, the signed form may be sent via registered electronic mail (KEP),
  • After completing the application form, it may be sent via email to:
    info@transfergrup.com
    using a mobile signature or via the email address previously provided to and registered in the data controller’s system.

In cases where a third party submits the request on behalf of the data subject, a notarized power of attorney authorizing the representative must be provided.


Response to Applications

Applications submitted within this scope will be concluded as soon as possible and within a maximum period of thirty (30) days.

Right to Lodge a Complaint with the Personal Data Protection Authority

In cases where your application is rejected, the response provided is found to be insufficient, or no response is given within the required timeframe, you have the right to lodge a complaint with the Personal Data Protection Board within:

  • thirty (30) days from the date you become aware of our response, and
  • sixty (60) days from the date of your application,

in accordance with the provisions of the Personal Data Protection Law.



Explicit Consent Declaration under the Personal Data Protection Law

In accordance with the relevant provisions of the Personal Data Protection Law No. 6698 (“KVKK”), and based on the General Information Notice on Personal Data Protection provided to your attention by Asyalı Turizm Bilişim Teknolojileri A.Ş., and within the framework of the Company’s Personal Data Protection and Processing Regulation,

I hereby declare and consent as follows:

My personal data may be processed by Asyalı Turizm Bilişim Teknolojileri Anonim Şirketi, acting as the data controller, or by authorized data processors appointed by the Company with the necessary security measures in place, directly or indirectly, including but not limited to identity information, address information, contact details, and other personal data.

This processing shall be carried out for the purposes of:

  • Providing products and services to customers under the best possible conditions,
  • Ensuring secure and uninterrupted delivery of products and services,
  • Maximizing customer satisfaction,
  • Processing payments,
  • Carrying out operational processes related to such services,
  • Managing and improving operations,
  • Conducting promotion, marketing, advertising, and campaign activities for products and services,
  • Informing customers about opportunities, campaigns, and other services,
  • Fulfilling contractual obligations with customers.

I further acknowledge that my personal data may, in accordance with the general principles set out in Article 4 of the KVKK, particularly the principle of retention for the required or legally prescribed period, be:

  • collected,
  • recorded,
  • processed,
  • securely stored in physical or electronic environments,
  • retained,
  • modified,
  • reorganized,
  • disclosed or transferred in compliance with applicable legislation,
  • transferred to third parties,
  • classified,
  • processed,
  • or restricted from use where necessary.

I also acknowledge that I have been informed by the Company regarding all the above matters and hereby declare that I give my explicit consent in accordance with the Personal Data Protection Law.


I hereby acknowledge and declare that my personal data, as specified above and limited to the purposes set out herein, may be processed and transferred by Asyalı Turizm Bilişim Teknolojileri A.Ş. to:

  • its employees, officers, and personnel,
  • its group companies,
  • business partners and/or shareholders (both domestic and international),
  • public institutions and authorities,
  • independent auditing firms, within the framework of legal obligations and statutory limitations,
  • survey companies,
  • business partners and service providers from whom Asyalı Turizm Bilişim Teknolojileri A.Ş. receives services or with whom it cooperates for the execution of services and/or activities provided to me,

for the purpose of carrying out the Company’s operations and ensuring the proper execution of services.

I further expressly acknowledge and consent to such transfer and processing of my personal data within this scope.


In addition, in accordance with Article 11 of the Personal Data Protection Law (KVKK) and the relevant legislation, I acknowledge that I have the following rights by applying to the Company regarding my personal data:

  • To learn whether personal data about me is processed,
  • To request information if my personal data has been processed,
  • To learn the purpose of processing my personal data and whether it is used in accordance with that purpose,
  • To know the third parties to whom personal data is transferred domestically or abroad,
  • To request correction if personal data is incomplete or incorrectly processed,
  • To request the deletion or destruction of my personal data if the reasons requiring its processing no longer exist,
  • To request that such correction and deletion actions be notified to third parties to whom the personal data has been transferred,
  • To object to any result arising against me through the analysis of processed data exclusively via automated systems,
  • To request compensation for damages in case I suffer harm due to unlawful processing of my personal data.

I also acknowledge that I have the right to submit my request, including the necessary identification information and explanations regarding the right I wish to exercise, either in person by delivering it to the Marketing Department at Nisbetiye Mah. Gazi Güçnar Sok. Uygur İş Merkezi No:4 D:2 Beşiktaş / Istanbul, together with identity verification documents, or via a notary, or through other methods specified under the KVKK.

Furthermore, I declare and undertake that the personal data I have shared with the Company is accurate and up to date, and that I will notify the Company of any changes to this information.

I give my explicit consent for the processing, use, sharing, and retention of my personal data, including any special categories of personal data as defined under the KVKK, strictly limited to the purposes of processing within the relevant scope, and I acknowledge that I have been duly informed in this regard.

I confirm that I have read, understood, and accepted the Personal Data Protection and Processing Regulation of Asyalı Turizm Bilişim Teknolojileri A.Ş. and the Information Notice and Explicit Consent Statement.

“I have read, understood, accepted, and hereby undertake the Information Notice and Explicit Consent Statement.”