KVKK Information Notice
Detailed information about the personal data processing activities carried out by Tripora as the data controller within the scope of the Personal Data Protection Law No. 6698.
LPPD Clarification Text
Effective date: [DATE]
Last update: [DATE]
Pursuant to the Law on the Protection of Personal Data No. 6698 ("LPPD"), as TRIPORA GROUP TURİZM GAYRİMENKUL VE DANIŞMANLIK LİMİTED ŞİRKETİ ("Tripora" or "Company") in the capacity of the data controller, we would like to inform you about the processing of your personal data as follows.
1. Identity of the Data Controller
Commercial Title | TRIPORA GROUP TURİZM GAYRİMENKUL VE DANIŞMANLIK LİMİTED ŞİRKETİ |
TÜRSAB Certificate No | [TÜRSAB-A-XXXX] |
Ministry of Culture and Tourism Operation Certificate No | [____] |
MERSIS No | [16-digit MERSIS number] |
Tax Office | Mecidiyeköy |
Tax Identification No | 8591533338 |
Primary Activity Code | 791101 — Travel Agency Activities |
Trade Registry No | [Registry No] |
Registered Headquarters Address | 19 Mayıs Mah. Halaskargazi Cad. No: 216 İç Kapı No: 3, Şişli / İstanbul |
KEP Address | triporagroup@hs09.kep.tr |
Phone | +90 541 824 79 09 |
Web | tripora.com |
VERBİS Registration No | [____] |
2. Processed Personal Data Categories
Tripora may process your personal data in the following categories within the framework of the travel agency and package tour organization services it offers:
Identity Data: Name, surname, date of birth, Republic of Turkey ID number, passport information, nationality, gender
Contact Data: Telephone, e-mail, postal address, WhatsApp number
Customer Transaction Data: Reservation records, request and complaint records, customer correspondence
Financial Data: Invoice information, payment information (card numbers are not stored, processed through virtual POS), bank account information (in case of refund)
Visual and Audio Data: Call center voice recordings, images captured by IP cameras (during office visits)
Marketing Data: Campaign preferences, survey answers, communication consents
Legal Transaction Data: Agreements, power of attorney, legal correspondence
Special Quality Personal Data: (only with your explicit consent) health declaration, dietary/allergen information, movement restrictions, food preferences based on religious beliefs (halal, kosher, etc.)
Passport/Visa Data: Copy of passport, visa application documents, biometric photo
Cookie and Traffic Data: IP address, device information, browser info, visited pages (refer to Cookie Policy for details)
3. Purposes of Processing Personal Data
Your personal data is processed for the following purposes:
Execution of contract processes: Providing tour, transfer, accommodation, visa facilitation, and other travel services
Reservation and operations management: Creating reservations with airlines, hotels, transfer companies, and other suppliers
Fulfillment of legal obligations: Notification obligations to TÜRSAB, the Ministry of Culture and Tourism, the Ministry of Finance, the Police, and other public institutions
Visa and travel document processing: Review and tracking of consulate applications, visa consultancy
Customer relationship management: Evaluation of requests, complaints, and feedback
Execution of financial processes: Issuance of invoices/receipts, collections, refund processes
Intervention in medical emergencies: Providing support in emergency health events that may occur during the tour
Marketing activities: (with your explicit consent) notifications for campaigns, discounts, and new tours
Execution of legal processes: Defense of rights in possible disputes
Improving service quality: Statistical analyses, surveys
4. Legal Grounds for Processing
Your personal data is processed based on the following legal grounds pursuant to Articles 5 and 6 of the LPPD:
Establishment or performance of a contract: Tour reservation, package tour contract
Expressly prescribed in laws: Law No. 1618, Regulation on Package Tour Contracts, Tax Procedure Law, Turkish Commercial Code
Fulfillment of a legal obligation: Notification obligations to official institutions
Establishment, exercise, or protection of a right: Defense in legal disputes
Legitimate interest: Increasing service quality, prevention of fraud
Explicit consent: Marketing messages, special category health data, data transfer abroad
5. Parties to Whom Personal Data is Transferred and Transfer Purposes
Your personal data may be transferred to the following parties in order to provide the service:
Supplier agencies and operators
Airlines and GDS providers: Amadeus, Sabre, Travelport, etc.
Accommodation facilities
Transfer and transport providers
Visa service providers and consulates
Insurance companies: Compulsory package tour guarantee insurance and travel health insurance
Payment institutions and banks
Legal and financial advisors, audit firms
TÜRSAB and Public Institutions: Ministry of Culture and Tourism, Ministry of Finance, Police, ICTA, Courts
Authorized public institutions (upon request)
6. Transfer of Data Abroad
Within the scope of international tours, your data may be transferred to suppliers such as hotels, airlines, transfer firms, and consulates in EU member states and other countries. These transfers are carried out either within the scope of the exception under Art. 9/2 of the LPPD due to the necessity for the execution of the contract or based on your explicit consent.
7. Retention Periods of Personal Data
Data Category | Retention Period |
|---|---|
Contract and invoice records | 10 years (TCC / TPL) |
Customer request/complaint records | 10 years |
Marketing consent records | Until consent is withdrawn + 3 years |
Call records | 1 year |
Passport and visa documents | 2 years after the service |
Job application records | 1 year |
LPPD application records | 5 years |
At the end of the period, the data is deleted, destroyed, or anonymized.
8. Methods of Collecting Personal Data
Your data is collected through written, verbal, electronic, or automatic methods via our website, mobile platforms, WhatsApp, e-mail, telephone, call center, face-to-face meetings, social media, online forms, and physical documents.
9. Your Rights Under Article 11 of LPPD
As a data subject, you can use the following rights by applying to Tripora:
To learn whether your personal data is being processed or not
To request information if it has been processed
To learn the purpose of processing and whether it is being used in accordance with its purpose
To know the third parties to whom it has been transferred domestically or abroad
To request correction if it is incomplete or incorrectly processed
To request its deletion or destruction within the scope of Art. 7 of the LPPD
To request notification of correction/deletion processes to third parties to whom data has been transferred
To object to any result against you arising from analysis exclusively through automatic systems
To claim compensation for damages suffered due to unlawful processing
10. Method of Application
Pursuant to Art. 13 of the LPPD and the Communiqué on the Procedures and Principles of Application to the Data Controller, you may submit your requests:
In writing with a physically signed petition to the address 19 Mayıs Mah. Halaskargazi Cad. No: 216 İç Kapı No: 3, Şişli / İstanbul,
To our Registered Electronic Mail (KEP) address: [kep address]
With a secure electronic signature to the address [info@tripora.com],
Via the Data Subject Application Form on our website
to make your application.
Your applications will be finalized in at most 30 days. The process is free of charge; however, if the transaction requires an additional cost, the tariff determined by the Personal Data Protection Board may apply.
Your right to complain to the Board is reserved: kvkk.gov.tr
This clarification text may be revised in line with regulatory changes and updates on our service scope. The current version is published on our website.
