Privacy Policy
• Introduction and Scope
This Privacy Policy defines the principles and procedures governing the collection, processing, storage, protection, and use of personal data by Sermar Transfer Transportation Tourism Trade Construction Import Export Limited Company (Sermar Transfer Tasimacilik Turizm Ticaret Insaat Ithalat Ihracat Limited Sirketi) (“the Company”). This Policy applies to all customers, website users, and individuals whose personal data is processed in connection with the Company’s services, digital platforms, and operational activities.
• Legal Basis for Data Processing
The Company processes personal data in accordance with applicable laws and regulations of the Republic of Turkiye, as well as internationally recognized data protection principles. Personal data is processed only where a lawful basis exists, including contractual necessity, legal obligation, legitimate interest, and explicit consent where required.
• Categories of Personal Data Collected
The Company may collect and process the following categories of personal data:
– Identification data (name, surname, passport or ID information where legally required)
– Contact data (telephone number, email address)
– Reservation data (pick-up and drop-off locations, dates, times, flight details, booking references)
– Passenger information (number of passengers, special service requests)
– Technical data (IP address, device information, website usage data)
– Communication records (emails, messages, customer service interactions)
• Purposes of Data Processing
Personal data is processed for the following purposes:
– Execution and management of transfer and transportation services
– Reservation processing and operational planning
– Customer communication and service coordination
– Legal and regulatory compliance obligations
– Security, fraud prevention, and risk management
– Quality control, service improvement, and operational efficiency
– Accounting, invoicing, and financial record keeping
– Legal defense and enforcement of contractual rights
• Data Collection Methods
Personal data is collected through:
– Online reservation forms
– Website interactions and cookies
– Email and telephone communications
– WhatsApp and messaging platforms
– In-person service interactions
– Regulatory reporting systems
• Data Storage and Retention
Personal data is stored in secure digital and physical systems with appropriate access controls. Data is retained only for the duration necessary to fulfill contractual obligations, legal requirements, and legitimate business purposes. Retention periods are determined in accordance with applicable legislation and regulatory obligations.
• Data Security Measures
The Company implements appropriate technical and organizational security measures, including but not limited to:
– Secure servers and encrypted systems
– Access control and authorization protocols
– Internal data confidentiality policies
– Staff training and awareness programs
– System monitoring and security audits
These measures are designed to protect personal data against unauthorized access, loss, misuse, alteration, and disclosure.
• Data Sharing and Disclosure
Personal data may be disclosed only in the following circumstances:
– To public authorities and regulatory bodies where legally required
– To law enforcement agencies upon lawful request
– To authorized service providers strictly for operational purposes
– To courts and legal authorities in case of legal proceedings
The Company does not sell, rent, or commercially exploit personal data.
• International Data Transfers
Where international data transfers are required for operational or legal purposes, such transfers shall be conducted in compliance with applicable data protection laws and with appropriate safeguards in place.
• Data Subject Rights
Individuals whose personal data is processed by the Company have the right to:
– Access their personal data
– Request correction of inaccurate or incomplete data
– Request deletion of data where legally applicable
– Restrict or object to processing under lawful conditions
– Request data portability where applicable
– Withdraw consent where processing is based on consent
These rights may be exercised in accordance with applicable legal procedures and limitations.
• Consent Management
Where required by law, personal data shall be processed only with the explicit consent of the data subject. Consent may be withdrawn at any time, without affecting the lawfulness of processing conducted prior to withdrawal.
• Cookies and Tracking Technologies
The Company may use cookies and similar tracking technologies to enhance user experience, analyze website performance, and improve service quality. Detailed information regarding cookie usage is provided in the separate Cookie Policy.
• Third-Party Platforms
This Policy applies only to the Company’s platforms and services. The Company bears no responsibility for the privacy practices of third-party websites, platforms, or services accessed through external links.
• Policy Updates and Amendments
The Company reserves the right to amend this Privacy Policy at any time to reflect legal, regulatory, or operational changes. Updated versions shall be published on the Company’s website and shall enter into force upon publication.
• Contact and Data Requests
All data protection inquiries, requests, and complaints may be submitted to the Company through its official communication channels. Requests shall be processed in accordance with applicable legal timeframes and procedures.