1. Purpose and Scope of the Policy

Personal data within the scope of the Law on Protection of Personal Data No. 6698 (“KVKK”); means any information relating to an identified or identifiable natural person. According to the provisions of the KVKK, the natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system is defined as the data controller. Within the scope of the KVKK, your personal data regarding the transactions you make on the website www.allferrys.com ("Website") and the mobile application of All Ferrys ("Mobile Application"), as the data controller, is Bodrum Express Lines Denizcilik Tic. Ltd. Sti. (“All Ferrys”) within the scope described below, for purposes and legal reasons. In this Clarification Text document, the Website and the Mobile Application will be referred to as "Platform" together.

All Ferrys is the data controller in terms of ticket listing, flight viewing, ticket sales reservation and similar services provided on the Platform. In terms of personal data processed within the framework of the ticket program provided by All Ferrys, apart from the services specified, All Ferrys has the title of "data processor" within the scope of KVKK.

This Clarification Text has been prepared for the purpose of enlightening the natural persons whose personal data All Ferrys processes as a data controller, within the framework of Article 10 of the KVKK and the Communiqué on the Procedures and Principles to be Complied with in Fulfilling the Liability of Clarification. Transparency and accountability are important to All Ferrys. In this context, we have prepared this Clarification Text in order to provide a good customer experience to our users, as well as fulfilling our obligations arising from the legislation. In this context, in the Illumination Text; Information on the identity of the data controller and its representative, if any, for what purpose the personal data will be processed, to whom and for what purpose the personal data can be transferred, the method and legal reason for collecting personal data, and the other rights of the data subject listed in Article 11 of the KVKK are included.

All Ferrys may update the Clarification Text in case of changes to be made in the current legislation, decisions of the Personal Data Protection Board, judicial decisions, changes in personal data processing and/or transfer methods, purposes, reasons or similar developments. If the Clarification Text is updated, the updated text will be published on the Platform. All Ferrys may publish other lighting texts, rules, conditions or other explanations on the Platform within the framework of its activities regarding the processing and/or transfer of personal data. If you have any questions regarding the matters contained in this Clarification Text, please contact us at info@allferrys.com e-mail address.

2. Methods of Collection of Personal Data and Legal Basis

Ensuring the security of personal data is one of our primary goals. Your personal data by All Ferrys; It is processed in accordance with the provisions of the KVKK, the Law No. 6563 on the Regulation of Electronic Commerce, the Turkish Penal Code No. 5237 and the relevant legislation, especially the Constitution of the Republic of Turkey.

All Ferrys, personal data; Through the Platform, authorized agents, service providers, intermediary service providers, social media accounts, cookies, call center, messaging programs on the Platform, notifications from administrative and judicial authorities and other communication channels; visual, auditory, physical, electronic, verbal or written; for the purposes of establishing a commercial relationship, receiving job applications, making offers, establishing a contractual relationship, fulfilling its obligations arising from the law and/or within the framework of its legitimate interests; It processes in accordance with the personal data processing conditions specified in the KVKK and in accordance with the legal reasons specified in this Clarification Text.

When you interact with All Ferrys via Facebook, Twitter, Instagram and Youtube channels that All Ferrys uses as social media platforms, your personal data that you provide to the relevant social media platform may also be processed by All Ferrys. However, we would like to point out that the use of social media platforms, the content and features provided are subject to the respective platform's own privacy and usage policies.

It uses "cookies" (a cookie or cookie) to help personalize your online experience and enable you to log in to our services. All Ferrys collects personal data for different purposes through cookies on the Platform. Cookies are text files placed on visitors' computers by the websites visited. It is widely used in almost all websites in order to ensure that websites work effectively and in line with the preferences of visitors, and also to provide information to website administrators.

Google Analytics, an analysis service of Google Inc. ("Google"), is used on our Website and Mobile Application. Google Analytics, on the other hand, uses "cookies", that is, text files that are saved on your computer and which enable your use of the website to be analyzed. The information generated by the cookies regarding the use of the website is transmitted to a Google server in the USA and stored there. At the direction of the operator of this website, Google uses this information to evaluate your use and to compile reports in order to provide related services. The IP address transmitted from your browser within the framework of Google Analytics is not combined with other Google data. If you do not want these cookies to be stored, you can adjust your browser accordingly. In addition, AdWords and double-click-Cookies (cookies) are also used for statistical purposes on our website.

We use third-party cookies and our own cookies to show you personalized advertisements on websites. This is called "retargeting" and aims to base your clicks on the pages you browse on our Website, the products you view, and the advertisements shown to you (banners). We also use cookies as part of our online marketing campaigns so that we can see how users interact with our Platform after showing online advertisements, including those on third-party websites. You can delete these cookies from your browser at any time.

Many internet browsers are set to automatically accept cookies by default. If you do not want these tools to be used, you can disable them by setting them in your browser. However, we would like to point out that in this case you may not be able to use all functions on the Platform to their full extent.

3. Processed Personal Data

Your processed personal data may vary depending on the nature of the legal relationship you have established with All Ferrys. However, the personal data we process in general is as follows:

Credentials

Name, surname, identity information, date of birth, driver's license information, passport number, nationality, etc. your personal data.

Communication information

The e-mail address, telephone number, mobile phone number, social media contact information, address, etc. that you have provided when subscribing to the Platform, when purchasing tickets and similar services through the Platform, during the calls made through the live support or call center and in any application. your personal data.

Customer (Passenger / Driver / Consumer / Guest / Guest etc. Adjectives Included) Information

Name, surname, nationality, date of birth, T.R. ID number, passport number, driver's license, gender, reservation information, purchase information, billing information, delivery information, travel information, travel dates, accommodation information, location information, reservation information, customer transaction information, type and number of travel documents, validity your personal data regarding the start and end dates and the country where it was issued; API/PNR numbers; call center records, credit card statements, box office receipts, customer instructions, records recorded in channels for this, etc. your personal data, the information and records collected within the scope of requests and complaints, and the results of these, and the password and password information of the website you created while using our services offered in digital environments.

Financial Information

Credit/debit card information, bank account information, IBAN information, balance information, credit balance, findex note and other financial information.

Sensitive Data

Necessary information regarding your health status, disability information, HES code, etc., which are clearly stipulated in the legislation and which may affect the service you receive, when necessary for our operations and processed upon your express consent.

Marketing Information

Reports showing the likes of the person to be used for marketing purposes, targeting information, cookie records, information derived from data enrichment activities, surveys, campaigns and information and evaluations obtained as a result of direct marketing studies.

Transaction Security Information

IP address information, password and password information, cookie information

Other informations

Family members and close information (children, spouses of the related persons, identity information, contact information), physical location security information (entry/exit records, visit information, photographs, camera and sound recordings), legal action and compliance information (judicial and administrative information requests from authorities, etc.).

4. Purposes of Processing Personal Data

As a rule, personal data cannot be processed without the explicit consent of the person concerned.

All Ferrys processes your personal information where and to the extent permitted by law.

In this context, the purposes of processing your personal data are as follows:

Confirming the identity information of the person who bought the ticket on the platform and on whose behalf the ticket was purchased,

To save the address and other necessary information for communication,

Execution of the processes for the establishment and performance of the contract,

To communicate with our customers about the conditions, current status and updates of the contracts we have concluded under the relevant articles of the Law on Distance Sales Contract and Consumer Protection, to provide the necessary information, to fulfill the obligations undertaken in accordance with the contracts we have concluded,

To arrange all records and documents that will be the basis of the transaction in electronic or paper environment,

To provide information to public officials on matters related to public safety upon request and in accordance with the legislation,

To provide a better service to our customers, to inform our customers about our products that may be of interest to our customers by taking into account the interests of our customers, to convey campaigns,

To inform our customers via e-mail or text message within the framework of the Law on the Regulation of Electronic Commerce and related legislation,

To increase customer satisfaction, to be able to get to know our customers from the Platform and to use them in customer environment analysis, to use them in various marketing and advertising activities, and to organize surveys in electronic and/or physical environment through contracted institutions in this context,

To be able to offer suggestions to our customers by our contracted institutions and solution partners, to inform our customers about our services,

To be able to evaluate customer complaints and suggestions about our services,

Carrying out the production, operation and sales processes of goods, services, finance and accounting activities and archive activities,

To ensure information security,

To fulfill our legal obligations and to use our rights arising from the current legislation.

In addition, the personal data of our employees may be processed without consent as far as necessary in terms of business relations. Regarding the processing of our employees' personal data, the terms and conditions set forth in the Employee's Personal Data Protection and Processing Policy are valid.

5. Rights and Obligations of our Company arising from the Law

Personal data by our company, in accordance with Article 20 of the Constitution and Article 4 of the KVKK;

In accordance with the law and honesty rules,

accurately and up to date,

Pursuing specific, clear and legitimate purposes,

In connection with processing purposes,

in a limited and measured way,

It is processed and transferred based on the conditions specified in Articles 5 and 6 of the KVKK, by keeping it for as long as required by law or for the purpose of processing personal data.

Personal data shared with All Ferrys is under the supervision and control of All Ferrys. All Ferrys, as a data controller, has undertaken the responsibility of establishing the necessary organization and taking and adapting technical measures in order to protect the confidentiality and integrity of the information in accordance with the provisions of the applicable legislation. Being aware of our obligation in this regard, we would like to state that we have taken the following administrative and technical security measures. In this context, we inform you that we always update our data processing policies.

All data received over the platform are transferred from your computer or mobile device to our application servers with a 256-bit RSA SSL certificate compatible with TLS 1.2 standard. Your critical payment information is not kept on the servers of our application in any way, it is encrypted in the standards required by the relevant payment system and transmitted to the relevant bank and/or payment system infrastructure.

Penetration tests are carried out periodically and the system's resistance to unauthorized access is tested.

Access authorization and control matrices have been established for employees in order to prevent the illegal processing of personal data collected from the Platform.

Personal data in paper media are kept in locked cabinets and only authorized persons are allowed to access these media.

Pursuant to Article 4 of the KVKK, All Ferrys has an obligation to keep the personal data of the persons concerned accurate and up-to-date, and in order to fulfill these obligations, our customers are required to share their accurate and up-to-date data with All Ferrys. We would like to point out that if your personal data is changed in any way, you should visit our profile page and update your data.

All Ferrys stores the personal data it processes for the periods determined by the legislation, and if a separate period is not specified in the legislation; Personal data are stored for the period required to be processed in accordance with the practices of All Ferrys and the practices of commercial life, depending on the services offered by All Ferrys while processing the relevant personal data, and after this period, only for the periods determined in practice in order to constitute evidence in possible legal disputes. After the expiry of the specified periods, the personal data in question are deleted, destroyed or anonymized.

6. Transfer of Personal Data

The sharing of personal data with third parties takes place within the framework of the applicable legislation and/or the express consent given by the relevant persons. However, due to and limited to our legal obligations, personal data is shared with courts and other public institutions. In addition, personal data is transferred to third parties within the framework of a contractual relationship in order to provide the services we undertake and to control the quality of the services provided.

Necessary technical and administrative measures are taken to prevent data breaches during data transfer to third parties. For example, during data transfer; SSL and transport layer are used.

Your personal data, with program partner institutions and organizations that we cooperate to carry out our activities, third parties with the title of service provider and / or intermediary service provider, our business partners providing private integrator services, third parties providing independent auditing, and the domestic/foreign person from whom we receive data storage services in the cloud environment. and institutions, domestic/foreign organizations that we have contracted with for sending commercial electronic messages to our customers, our financial advisors, the Interbank Card Center, the banks we have contracted with, the institutions that provide payment service, and within the scope of various marketing activities within the scope of various marketing activities to provide you with better service and customer satisfaction. It can be shared with various agencies, advertising companies and survey companies and other domestic/foreign third parties and related business partners, shareholders and affiliates, as well as third parties from whom we receive services within the scope of a contractual relationship, our lawyers, our consultants and legally authorized public institutions and private law legal entities.

7. Rights of the Relevant Person

According to Article 11 of KVKK, the person concerned;

To learn whether personal data about himself is processed,

If personal data about him/her is processed, requesting information about it,

Learning the purpose of processing personal data and whether they are used in accordance with its purpose,

Knowing the third parties to whom personal data is transferred at home or abroad,

Requesting correction of personal data in case of incomplete or incorrect processing,

Requesting the deletion or destruction of personal data in the event that the reasons requiring processing disappear, although it has been processed in accordance with the provisions of the law and other relevant laws,

Requesting the notification of the transactions made as a result of the correction, deletion and destruction requests to the third parties to whom the personal data has been transferred,

Objecting to the emergence of a result against the person himself by analyzing the processed data exclusively through automated systems,

Requesting the compensation of the damage in case of loss due to unlawful processing of personal data

has rights.

In order to exercise these rights, you can submit your request in this direction to the address of All Ferrys “Çarşı Mahallesi Kale Caddesi No:18 Bodrum/Muğla” in accordance with Article 13 of the KVKK and in accordance with the Communiqué on Application Procedures and Principles to the Data Controller, your name and surname and your signature, if you are a citizen of the Republic of Turkey, T.R. by adding your identity number, if you are not a citizen of the Republic of Turkey, your nationality, passport number or identity number, if any, your place of residence or workplace address for notification, your notification e-mail address and telephone number, and the subject of the request and the necessary information and documents to determine your identity, and / or by using the Application Form, you can apply in writing, via your e-mail address where your membership is confirmed, or, if you do not have any membership, by e-mail to get general information on KVKK. Your application will be evaluated by All Ferrys and processed free of charge within thirty days. However, if the transaction requires an additional cost, the fee in the tariff determined by the Personal Data Protection Board may be charged.

Click here to access the Application Form that you can use to submit your requests.