Privacy Policy

Effective date: [DATE]
Last updated: [DATE]

1. Purpose and Scope

This Privacy Policy has been prepared to explain the general principles and practices for the protection of personal data processed within the scope of all services provided by TRIPORA GROUP TURİZM GAYRİMENKUL VE DANIŞMANLIK LİMİTED ŞİRKETİ ("Tripora").

The Policy covers data processing activities carried out through our website tripora.com, our mobile applications, WhatsApp and other communication channels, our offices, our call center, and all our digital assets.

Detailed information regarding the processing of your personal data is provided in our documents titled KVKK Information Notice and Cookie Policy. This policy is complementary to those texts.

2. Data Controller

3. Our Core Principles

Tripora processes your personal data in accordance with the following principles under the Personal Data Protection Law No. 6698 ("KVKK") and the relevant secondary legislation:

• Compliance with the law and rules of honesty

• Being accurate and, where necessary, up to date

• Processing for specified, explicit and legitimate purposes

• Being relevant, limited and proportionate to the purposes for which they are processed

• Retention for the period stipulated in the relevant legislation or required for the purpose for which they are processed

4. What Data We Collect

Tripora collects data in different categories, such as identity, contact, financial, passport, health declaration, cookie, and traffic data, within the scope of reservation, package tour, transfer, visa assistance, customer service, and marketing activities. For the detailed list, please review the KVKK Information Notice.

5. How We Collect Data

We collect your personal data through the following channels:

• Forms and reservation systems on our website

• WhatsApp, telephone, email, and call center communications

• Face-to-face meetings and physical documents

• Messages received through our social media accounts

• Cookies and similar tracking technologies

• Data flows from our business partners and suppliers (only for the provision of the service)

6. For What Purposes We Use Data

Your personal data are processed for the purposes of:

• carrying out reservation and tour operations

• evaluating customer requests and complaints

• managing financial processes

• legal reporting and notification obligations

• marketing, campaign, and innovation notifications (with explicit consent)

• improving service quality and statistical analysis

within the framework of contract performance, legal obligations, legitimate interest, and your explicit consent.

7. Sharing with Third Parties

Your data are shared, to the extent necessary for the provision of the service, with airlines, hotels, transfer providers, insurance companies, payment institutions, consulates, TÜRSAB, and authorized public institutions. Tripora obtains a commitment of data processing in compliance with the KVKK from all parties with whom data are shared.

We do not sell your data to third parties for marketing purposes.

8. International Data Transfers

Due to tours abroad, your data may be transferred to suppliers in the EU and other countries. These transfers are made under the exception in Article 9/2 of the KVKK, as they are necessary for the performance of the contract, or based on your explicit consent.

9. Data Security Measures

Tripora implements technical and administrative measures to ensure the security of your personal data:

Technical Measures

• Data transmission with SSL/TLS encryption

• Database encryption (encryption at rest)

• Regular security tests and penetration tests

• Firewall and intrusion detection/prevention systems

• Access logs and audit trails

• Regular backups and disaster recovery plans

• Anti-virus and malware protection systems

Administrative Measures

• Confidentiality undertakings for personnel

• Regular KVKK and data security training

• Role-based management of access authorizations

• Data processing agreements signed with suppliers

• KVKK compliance policies and internal audit

• Data breach response plan

10. Children’s Data

Tripora processes data of participants under 18 years of age only with the written consent of a parent/guardian and only to the extent necessary for the performance of the reservation service. Data processing for marketing purposes is not carried out for children.

11. Data Subject Rights

Under Article 11 of the KVKK, you have the rights to learn whether your data are being processed, request access, correction and deletion, learn the third parties to whom they are transferred, object to processing, and request compensation for damages. Please refer to the KVKK Information Notice for application channels and procedure.

12. Cookies

Performance, functionality, and marketing cookies are used on our website. Please review the Cookie Policy for information on cookie use, managing preferences, and disabling cookies.

13. Linked Websites

Our website may contain links to third-party websites (hotel booking platforms, airlines, social media, etc.). Tripora is not responsible for the privacy practices of these websites.

14. Policy Changes

This Privacy Policy may be revised in line with changes in legislation or updates within the scope of the services. Significant changes are announced via email or through our website.

15. Contact

• Email: [info@tripora.com]

• KEP: [kep address]

• Phone: +90 541 824 79 09

• Address: 19 Mayıs Mah. Halaskargazi Cad. No: 216 İç Kapı No: 3, Şişli / Istanbul

Your right to complain to the Personal Data Protection Board is reserved: kvkk.gov.tr