Privacy and Data Protection Policy
This Policy sets out the principles governing the collection, processing, storage, sharing, protection, and disposal of personal data obtained through www.amitaibooking.com and all commercial/operational activities of UIC Mobilya Turizm Sanayi ve Ticaret Ltd. Şti. (operating as Amitai Cruises Travel Agency). The Company complies with KVKK (Law No. 6698), GDPR (EU 2016/679), Law No. 6563 on Electronic Commerce, and applicable national/international regulations.
Data Controller
Trade Name
UIC Mobilya Turizm Sanayi ve Ticaret Limited Şirketi (Amitai Cruises Travel Agency)
Website
E-mail
info@amitaicruises.com / KEP: uicmobilyaturizm@hs01.kep.tr
Address
Bağdat Caddesi, Feneryolu Mah., Selçuk Sindal Sokak, Arzum Apt. No: 3 D:1, Kadıköy / Istanbul / TURKEY
Phone
+90 539 566 61 94 | TÜRSAB Reg. No: 5121 | MERSIS: 0887124339200001
-
Purpose and Scope
This Policy governs how personal data are collected, processed, retained, shared, secured, and destroyed across the Company’s websites, systems, and operations. -
Categories of Data Collected
- Identity: name, surname, date of birth, national ID, passport details
- Contact: phone, e-mail, postal address
- Payment: credit/debit card and mail order details (processed in line with PCI DSS)
- Travel: flight, hotel, transfer, tour/cruise reservations
- Digital: IP address, cookies, logs, browser/device information
- Legal/Financial: invoice, tax, payment records, official requests
- Physical: CCTV footage for office visits; physical documents (e.g., passport copies, slips)
-
Children’s Data
Personal data of individuals under 18 are processed only with explicit consent of a parent/legal guardian. If collected without consent, such data are deleted or anonymized without delay once detected. -
Purposes and Legal Bases
Personal data are processed under KVKK Arts. 5–6 and GDPR Art. 6 for:- Reservation, payment, invoicing, and customer support
- Planning, confirming, and delivering travel services
- Compliance with legal/contractual obligations and audits
- Evaluating and responding to customer requests/complaints
- Quality measurement, control, and service improvement
- Marketing and informative communications only with explicit consent
-
Cookie Use
We use the following cookie types on our website:- Strictly Necessary: required for core site functions
- Performance: analytics to improve user experience
- Functional: remember preferences
- Marketing: campaigns/ads (activated only with explicit opt-in)
-
Retention and Destruction
- Data are retained for the period required by law or the processing purpose.
- When purposes expire, data are securely deleted, destroyed, or anonymized.
- The Company applies a periodic destruction policy and removes unnecessary data regularly.
-
Sharing and International Transfers
Personal data may be shared on a need-to-know basis with:- Business partners (airlines, hotels, cruise, transfer providers)
- Banks, payment institutions, accounting systems
- Cloud service providers (e.g., Microsoft, Google)
- Competent authorities and courts, when legally required
-
Security Measures
The Company implements technical and organizational measures, including:- SSL/TLS encryption, firewalls, logging/monitoring
- PCI DSS-aligned payment infrastructure
- Authorization and role-based access controls
- Employee confidentiality undertakings and regular training
- Periodic security tests and audits
-
Consent for Marketing
Processing for marketing, campaigns, promotions, or sending commercial communications is carried out only with explicit consent. Data subjects may withdraw consent at any time. -
Third-Party Links
Our website may contain links to third-party sites. Their privacy policies are outside our control; users should review those policies separately. -
Personal Data Breach Notification
In case of a personal data breach, the Company will:- Notify competent authorities in accordance with KVKK/GDPR—within 72 hours under GDPR where applicable,
- Inform affected data subjects within a reasonable time.
-
Commercial Electronic Messages
As required by Law No. 6563, sending commercial e-mails/SMS requires prior consent (via İYS or electronic means). Users may opt-out at any time. -
Data Subject Rights
Under KVKK and GDPR, data subjects may:- Learn whether their data are processed and request information
- Request correction of inaccurate/incomplete data
- Request deletion/destruction or anonymization where conditions are met
- Learn the recipients to whom data are transferred
- Object to processing; request cessation of marketing
- Lodge a complaint with the competent supervisory authority
-
How to Submit a Request
Data subjects may apply via:- Written application
- KEP: uicmobilyaturizm@hs01.kep.tr
- Notary notification
- Electronic request form at www.amitaibooking.com
-
Data Controller Representative
The data controller is UIC Mobilya Turizm Sanayi ve Ticaret Ltd. Şti.. If regular processing occurs within the EU, a Data Protection Officer/Representative will be appointed and announced on the website. -
Disclaimer
Despite applying appropriate technical/organizational measures, the Company cannot be held directly liable for incidents arising solely from internet infrastructure failures, third-party attacks, or force majeure events. -
Updates to This Policy
The Company reserves the right to amend this Policy in line with legal requirements. The updated Policy enters into force upon publication on www.amitaibooking.com. -
Contact
UIC Mobilya Turizm Sanayi ve Ticaret Ltd. Şti.
TÜRSAB A-Group Travel Agency (No: 5121) | MERSIS: 0887124339200001
Address: Bağdat Caddesi, Feneryolu Selçuk Sindal Sokak, Arzum Apt. No: 3 D:1, Kadıköy / Istanbul / TURKEY
Tel: +90 539 566 61 94
E-mail: info@amitaicruises.com – uicmobilyaturizm@hs01.kep.tr
This English text is a faithful, professional adaptation of the user-supplied Turkish policy for website use.
