HOLITERA TOURISM PRIVACY AND PERSONAL DATA PROTECTION POLICY

 

Last Updated Date: 05.11.2025

This Privacy and Personal Data Protection Policy ("Policy") sets out the principles and procedures for the processing of personal data of visitors, members, and customers ("User" or "Data Subject") who use the "holitera.com" website ("Site") and related mobile applications, which are managed by Holitera Turizm Yazılım ve Danışmanlık Ticaret Limited Şirketi (“Holitera Tourism”, “Company”, or “Data Controller”), located at Çarşı Mahallesi Tevfik İleri Bulvarı, Çarşı AVM No: 2 D Blok Kat: 3 No: 12, Merkez / Rize.

As HOLITERA Tourism, we place utmost importance on the privacy of our Users and compliance with the Law on Protection of Personal Data No. 6698 (“KVKK”). This document also serves as a "Disclosure Text" (Aydınlatma Metni) in accordance with the KVKK.

 

1. Identity of the Data Controller

 

HOLITERA Tourism acts as the "Data Controller" under the KVKK for the personal data shared by Users through the Site.

• Trade Name: Holitera Turizm Yazılım ve Danışmanlık Ticaret Limited Şirketi

• Address: Çarşı Mahallesi Tevfik İleri Bulvarı, Çarşı AVM No: 2 D Blok Kat: 3 No: 12, Merkez / Rize

• Phone: +90 535 200 12 96

• KEP Address (Registered Electronic Mail): holitera@hs01.kep.tr

 

2. Personal Data Processed

 

Depending on your use of the Site and the service you purchase, the personal data we collect and process are as follows:

• Identity Information: Name, surname, T.R. identity number, passport number (and passport copy/image), date of birth, gender, nationality.

• Contact Information: E-mail address, mobile phone number, residential address, billing address.

• Reservation and Customer Transaction Information: Details of the tour/hotel/transfer service purchased, PNR code, flight details, hotel accommodation dates, reservation history, call center voice recordings, invoice and receipt information, requests, and complaints.

• Financial Information: Credit card information (only during the payment process, without being stored), bank account information (for refund processes).

• Special Categories of Personal Data (When necessary):

  • For visa applications (if requested by consulates): Health report, criminal record, biometric data (fingerprint, photo).

  • Health data shared indirectly for special service requests (e.g., wheelchair access, special dietary needs).

  • Special categories of personal data are processed only with your explicit consent under Article 6 of the KVKK or as required by legal obligations (e.g., visa procedures).

• Technical and Cookie Data: IP address, device information, browser type, site entry-exit (log) records, cookie records, location data (if permitted).

• Marketing Information: Commercial electronic message (e-mail, SMS) consent and preferences.

 

3. Purposes of Processing Personal Data

 

Your personal data is processed in accordance with the KVKK for the following purposes:

• Performance of the Service: Creating, managing, and confirming reservations (tour, hotel, flight, transfer, insurance, etc.) and sending confirmation documents (Vouchers) to you.

• Operational Processes: Carrying out visa procedures required for the purchased service, issuing flight tickets, and creating travel insurance policies.

• Communication: Sharing operational updates regarding the purchased service (cancellation, changes, delays, emergencies, etc.), and responding to your questions, requests, and complaints.

• Financial Processes: Collection of the service fee, invoicing, and managing accounting and potential refund transactions.

• Legal Obligations: Fulfilling legal obligations as required by relevant legislation (Tax Procedure Law, Consumer Protection Law, Law on Travel Agencies, Identity Reporting Law, etc.) and responding to requests from official authorities (Police, Courts, etc.).

• Marketing and Promotion (With Explicit Consent): If you provide your explicit consent (opt-in), to announce special campaigns, discounts, promotions, and opportunities to you via e-mail, SMS, or other channels.

• Security and Improvement: Ensuring the security of the Site, preventing fraud, analyzing and improving the user experience, and enhancing service quality.

 

4. Legal Basis for Data Processing

 

Your personal data is processed based on the following legal grounds under Article 5 of the KVKK:

• It is directly related to the establishment or performance of a contract (Purposes 3/a, 3/b, 3/c).

• It is necessary for the data controller to fulfill its legal obligations (Purposes 3/d, 3/e).

• It is necessary for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject (Purpose 3/g).

• Explicit consent (Purpose 3/f and for Special Categories of Personal Data).

 

5. Transfer of Personal Data (Domestic and Abroad)

 

To complete your reservation and provide the service to you (based on the "performance of a contract" and "legal obligation" legal grounds), your personal data may be transferred to third parties in compliance with KVKK rules, taking all necessary administrative and technical measures:

• Suppliers: Hotels, airlines, tour operators (including XML suppliers), transfer companies, car rental companies, travel insurance companies, and other intermediary agencies that are part of the service.

• International Transfer (Mandatory): If the service you purchased is located abroad (e.g., Egypt Tour, Dubai hotel, European flight ticket), your Identity, Passport, and Reservation data will be mandatorily transferred to the relevant hotel, airline, local agency, or operator abroad for the performance of the service. By purchasing a service abroad, the User is deemed to have given prior consent for their data to be transferred abroad for this purpose.

• Visa Intermediaries: To the relevant country's consulate, embassy, and authorized visa application centers (e.g., VFS Global, IDATA) for visa procedures.

• Financial Institutions: To banks, payment service providers (e.g., Iyzico, PayTR), and credit card organizations (IATA, BKM) for payment transactions.

• Official Authorities: To the National Police (as required by the Identity Reporting Law), courts, prosecutors' offices, and other authorized state institutions upon legal request.

• Technical Infrastructure Providers: To cloud service providers for data storage and contracted business partners for sending e-mails/SMS (under confidentiality commitments).

 

6. Cookie Policy

 

HOLITERA uses cookies for the efficient operation of the Site, to improve user experience, ensure security, and for marketing activities. Cookies are small text files saved on your device.

• Strictly Necessary Cookies: Absolutely essential for the secure operation of the Site, enabling member login (session), and ensuring the reservation cart and payment processes function.

• Analytical Cookies: Allow us to anonymously analyze how users use the Site (e.g., which page is visited how many times) and improve our services (e.g., Google Analytics).

• Marketing/Targeting Cookies: Used to display advertisements (retargeting) relevant to your interests (e.g., Facebook Pixel, Google Ads). These cookies are used if you grant commercial message consent.

You are presented with a panel to manage your cookie preferences upon your first entry to our Site. You can change your cookie preferences at any time through your browser settings (however, blocking necessary cookies may cause the site to malfunction).

 

7. Rights of the Data Subject (KVKK Article 11)

 

As the Data Subject, you have the following rights by applying to HOLITERA:

• To learn whether your personal data is processed,

• To request information if it has been processed,

• To learn the purpose of processing and whether it is used in accordance with its purpose,

• To know the third parties to whom data is transferred, domestically or abroad,

• To request correction if the data is incomplete or incorrectly processed,

• To request the deletion or destruction of personal data within the framework of the conditions stipulated in the KVKK,

• To request notification of these correction/deletion/destruction operations to third parties to whom data was transferred,

• To object to the emergence of a result against you by analyzing the processed data exclusively through automated systems,

• To demand compensation for damages in case of loss due to unlawful processing of data.

To exercise these rights, you may submit your request in writing (with a wet-ink signature) to our address specified in Article 1, to our KEP address (holitera@hs01.kep.tr), or via other methods specified in the "Communiqué on Application Procedures and Principles to the Data Controller." HOLITERA will conclude the request free of charge as soon as possible and within thirty (30) days at the latest, depending on the nature of the request.

 

8. Data Security, Payment, and Account Management

 

• Data Security: HOLITERA takes all necessary administrative (access authorization matrixes, policies) and technical (encryption, firewalls, SSL) measures to protect your personal data against unauthorized access, loss, and disclosure.

• Credit Card Security: Your credit card information is never stored on the Site or in our databases. Payment transactions are securely transmitted directly to the relevant bank or PCI-DSS compliant payment institution systems via an SSL (Secure Sockets Layer) protected infrastructure and are deleted from the system after the transaction.

• Account Security: Do not share your username and password registered for the Site with third parties for the security of your membership account. We recommend choosing complex (letter, number, special character) combinations when creating your password. You will be responsible for all consequences arising from the seizure of your password or user information by third parties. If your password's security is compromised, we recommend changing it immediately.

 

9. Third-Party Links

 

The Site may contain links to third-party websites or applications (e.g., supplier sites, social media). When you click on these links, you become subject to the privacy policies of those sites. HOLITERA cannot be held responsible for the practices or privacy policies of those sites.

 

10. Policy Changes

 

HOLITERA reserves the right to update this Policy from time to time due to legal regulations or service requirements. When the Policy is updated, it will be published on this page with the renewed "Last Updated Date." Your continued use of the Site signifies your acceptance of the updated policy.