Purpose of the Clarification Text and Our Company\'s Position as Data Controller:

Our company, AYSAL TREND TOURISM TRAVEL TRANSPORTATION REAL ESTATE INDUSTRY AND TRADE LIMITED COMPANY, under its brand Without Error Travel (www.withouterrortransfer.com), holds the title of “data controller” within the scope of the Personal Data Protection Law No. 6698 (“Law”) with respect to personal data of its customers. Through this Clarification and Consent Text, it aims to inform customers about the personal data processing activities carried out by Without Error Travel in accordance with the Law and to obtain their explicit consent for the situations specified in Article 3 below.

Purpose and Method of Processing Customers’ Personal Data:

Personal data of our customers is collected verbally, in writing, or electronically through automatic or non-automatic means depending on the products, services, and business operations provided by our company, via offices, branches, vendors, call centers, websites, social media channels, mobile applications, etc. Collected data is processed based on the declarations of customers. Without Error Travel is not obliged to verify the accuracy of the declared data. Therefore, the declaring individual bears legal responsibility for any disputes that may arise in this context. Collected personal data is processed for purposes including carrying out necessary work by relevant business units to enable individuals to benefit from the services provided by Without Error Travel and execution of related business processes; conducting necessary activities by relevant business units for the realization of commercial activities carried out by Without Error Travel and execution of related business processes; planning and execution of Without Error Travel\'s commercial and/or business strategies; ensuring the legal, technical, and commercial-business security of Without Error Travel and relevant parties with whom it has business relationships; and planning and executing necessary activities to customize and promote the services offered by Without Error Travel according to the preferences, usage habits, and needs of the individuals concerned, all within the scope of the conditions and purposes of personal data processing specified in Articles 5 and 6 of the Law.

Processing and Protection of Personal Data Under Law No. 6698:

According to Law No. 6698, personal data is defined as “any information relating to an identified or identifiable natural or legal person”; and processing is defined as “any operation which is performed on personal data, whether wholly or partly by automatic means or otherwise, which forms part of a data filing system, such as collection, recording, storage, preservation, alteration, reorganization, disclosure, transfer, retrieval, making available, classification, or preventing its use.”

Personal Data; Identity Information:

Information contained in documents such as driver’s license, identity card, residence permit, passport, bar association ID, marriage certificate (e.g., Turkish ID number, passport number, identity card serial number, full name, photo, place of birth, date of birth, age, place of registration, certified copy of civil registry records).

Contact Information:

Information used for contacting the person (e.g., email address, phone number, mobile phone number, address). Customer Information: Information belonging to customers who benefit from our services (e.g., reservation information, customer number, profession information, etc.).

Customer Transaction Information:

Information on any transactions carried out by customers benefiting from our services (e.g., reservations, requests and instructions, payment information, etc.). Physical Space Security Information: Personal data related to records and documents collected during entry to or stay in physical premises (e.g., entry-exit logs, visitor information, camera recordings, etc.).

Transaction Security Information:

Personal data processed to ensure the technical, administrative, legal, and commercial security of our company and relevant parties (e.g., information linking the transaction to the personal data owner, such as website passwords and codes showing authorization to perform that transaction).

Risk Management Information:

Personal data processed to manage our company’s commercial, technical, and administrative risks (e.g., IP address, MAC ID, etc.).

Financial Information:

Personal data within the scope of any information, document, and record showing any financial result created depending on the type of legal relationship with the personal data owner (e.g., information showing the financial outcome of the transaction performed by the data subject, credit amount, card information, credit payments, interest amount and rate to be paid, debt balance, receivables balance, etc.).

Marketing Information:

Data to be used in our company\'s marketing activities (e.g., reports and evaluations showing the person\'s habits and preferences collected for marketing purposes, targeting information, cookie records, data enrichment activities).

Legal Transaction and Compliance Information:

Personal data processed for the purpose of identifying and pursuing legal receivables and rights, and fulfilling debts and legal obligations (e.g., data contained in documents such as court and administrative authority decisions).

Audit and Inspection Information:

Personal data processed within the scope of our company’s legal obligations and compliance with company policies (e.g., audit and inspection reports, relevant meeting records, and similar documents).

Request/Complaint Management Information:

Personal data related to receiving and evaluating any requests or complaints directed to our company (e.g., requests and complaints to the company, related records and reports).

Visual and Audio Data:

Visual and audio recordings associated with the personal data owner (e.g., photographs, camera recordings, and audio recordings). Personal data may be shared, for the above-stated purposes, with company officials, subsidiaries, business partners, hotels where our online module is installed, shareholders, legally authorized public institutions and organizations, and private institutions by AYSAL TREND TOURISM TRAVEL TRANSPORTATION REAL ESTATE INDUSTRY AND TRADE LIMITED COMPANY. If a contractual relationship has been established with our company and our customers, the collected personal data may be used without obtaining the customer\'s consent. However, this use is for the purpose of fulfilling the contract. Data is used to the extent required by the service and the contract’s better execution, and may be updated by contacting the customers when necessary. Conversely, data left by prospective customers is processed to provide easier and higher-quality service afterward. If this does not lead to a contractual relationship upon request, the data is deleted. As a data controller, our company informs data subjects in accordance with Article 10 of the Law before collecting their personal data. If any data processing activity conducted by our company does not meet the conditions detailed in the Law and described in Section 2.II.a and b above, explicit consent is obtained from data subjects, and the relevant processes are carried out within the scope of this explicit consent. Under the Law, explicit consent is defined as “consent on a specific subject, based on information, and declared with free will,” and accordingly, our company obtains explicit consent from data subjects after informing them in accordance with Article 10 of the Law. Although no specific period is stipulated in the Law for storing personal data, the general principle is that personal data should be retained for the duration stipulated in relevant legislation or for as long as necessary for the purpose of processing. Our company determines storage periods in compliance with this principle, by considering the applicable legislation and the purpose of the process for each data processing activity. In this context, our company retains personal data at least for the duration required by legal obligations and in any case until the relevant statute of limitations expires. When the processing purpose ceases, including the expiry of these periods, our company anonymizes, deletes, or destroys the personal data in accordance with the Law. Under the Law, anonymization is defined as “rendering personal data incapable of being associated with an identified or identifiable natural person, even by matching with other data,” and our company carries out anonymization activities in compliance with applicable legislation. Article 28, paragraph 2 of the Law stipulates certain cases where the data subject cannot assert rights other than compensation for damages. Accordingly, in cases where personal data processing is necessary for the prevention of crime or for a criminal investigation; processing of personal data that has been made public by the data subject; processing is necessary for carrying out supervisory or regulatory duties by authorized and competent public institutions and organizations, or professional organizations in the nature of public institutions, based on the authority granted by the Law; or processing is necessary for the protection of the State’s economic and financial interests concerning budget, tax, and financial matters, the above-mentioned rights cannot be exercised regarding such data.

Personal Data to Be Processed Based on Customers’ Explicit Consent and Processing Purposes:

For the following cases where the personal data processing conditions specified in Articles 5/2 and 6/3 of the Law are not met, Without Error Travel must obtain customers’ explicit consent to process personal data. Within this scope, customers’ personal data may be processed and shared with the parties specified in this Clarification and Consent Text, based on the customer’s consent, for purposes including creating campaigns for customers, conducting cross-sales, identifying target audiences, tracking customer behavior to improve user experience, improving and personalizing Without Error Travel’s website and mobile application according to customer needs, conducting direct and indirect marketing, personalized marketing and remarketing activities, conducting personalized segmentation, targeting, analysis, and internal reporting activities, conducting market research, planning and execution of customer satisfaction activities, and planning and execution of customer relationship management processes, as well as planning and execution of sales and marketing processes for Without Error Travel’s services, and creating and/or increasing customer loyalty for the services offered by Without Error Travel.

Transfer of Customers’ Personal Data:

Customers’ personal data may be shared, within the scope of the personal data processing conditions and purposes specified in Articles 8 and 9 of the Law, with company officials, subsidiaries, business partners, partners, shareholders, legally authorized public institutions and organizations, and private institutions, for purposes including carrying out necessary work by relevant business units to enable individuals to benefit from the services provided by Without Error Travel and execution of related business processes; conducting necessary activities by relevant business units for the realization of commercial activities carried out by Without Error Travel and execution of related business processes; planning and execution of Without Error Travel’s commercial and/or business strategies; ensuring the legal, technical, and commercial-business security of Without Error Travel and relevant natural and legal persons with whom it has business relationships; and planning and executing necessary activities to customize and promote the services offered by Without Error Travel according to the preferences, usage habits, and needs of the individuals concerned.

Method and Legal Basis for Collecting Personal Data:

Personal data is collected electronically from customers. Personal data collected for the legal reasons stated above may be processed and transferred for the purposes specified in Articles 5 and 6 of the Law and in this Clarification and Consent Text.

Rights of Customers as Personal Data Owners:

Pursuant to Article 11 of the Law, data subjects have the right to: learn whether personal data about them is processed; request information if their personal data has been processed; learn the purpose of processing and whether personal data is used in accordance with its purpose; know the third parties to whom personal data is transferred domestically or abroad; request correction of personal data if it is incomplete or incorrectly processed, and request that such corrections be notified to third parties to whom personal data has been transferred; request the deletion or destruction of personal data in accordance with the conditions stipulated in the Law, even if it has been processed in compliance with the Law and other relevant laws, and request that such deletion or destruction be notified to third parties to whom personal data has been transferred; object to any result against themselves arising from analysis of the processed data exclusively through automated systems; and demand compensation for damages if they suffer damage due to the unlawful processing of personal data. Requests regarding these rights must be sent to Menteşeoğlu, Süleyman Demirel Blvd. 385/D, 48300 Fethiye/Muğla, together with documents identifying the data subject, either as a wet-signed copy in person, through a notary, or via other methods specified in the Law. Requests submitted using the method specified above are evaluated and responded to by our Company within a maximum of thirty days. Our Company reserves the right to request additional information and documents from the applicant, especially to assess whether the applicant is the relevant data subject. As a rule, data subject requests are evaluated by our Company free of charge. However, if a fee is determined by the Personal Data Protection Board regarding the data subject’s request, our Company has the right to request payment of this fee.