PRIVACY STATEMENT

Version 1.0, July 2023

This information is valid for the following websites and social media pages:

Information about the Controller:

Türkiye Turizm Tanıtım ve Geliştirme Ajansı (‘TGA‘)

Esentepe Mahallesi Büyükdere Cad. No. 127 Astoria AVM B Blok Kat: 4 34394 Şişli/İstanbul

[email protected]

Information about the competent Data Protection AuthorityKişisel Verileri Koruma Kurumu

Nasuh Akar Mahallesi 1407. Sok. No: 4, 06520 Çankaya/Ankara

1. SCOPE AND PURPOSE OF THE PRIVACY STATEMENT

Protecting your personal data is very important to us. In this Privacy Statement, we explain how we collect your personal information, what we do with it, for what purposes and on what legal foundation we do so, and what rights you have on that basis.

This Policy has been prepared in line with the regulations in force and international standards. The TGA will primarily apply this Policy in all its data processing activities such as data processing, transfer, and amendment.

TGA also has different policies that address the protection of personal data and ensuring information security in relation to certain business activities and processes. This policy does not override the data protection terms in different policies of the TGA unless it contains additional terms or requires a higher standard for the protection of personal data. This Policy is implemented along with such other policies and procedures as appropriate.

This Privacy Statement explains:

• Methods of collecting personal data and legal grounds,
• Data subject categorization
• The category of personal data processed in relation to these groups of persons (Data Categories) and sample data types,
• Personal data processing processes and purposes,
• Technical and administrative measures taken to ensure the security of personal data,
• Personal data sharing,
• Personal data retention periods,
• Marketing and research information,
• Data subjects rights,
• Cookies and cookie management

2. METHODS OF COLLECTING PERSONAL DATA AND LEGAL GROUNDS

We process personal data in line with the following legal grounds:

a. If you have given us your consent to process your personal information, then that is the legal foundation for processing it (Art. 6, para. 1, letter a, of the EU's General Data Protection Regulation, or GDPR).

b. Art. 6, para. 1, letter b, of the GDPR is the legal basis for processing personal information for the purpose of entering into a contract or performing a contract with you.

c. If processing your personal information is required to fulfill our legal obligations (e.g. data retention), we are authorized to do so by Art. 6, para. 1, letter c, of the GDPR.

d. Furthermore, we process personal information for purposes of protecting our legitimate interests as well as the interests of third parties in accordance with Art. 6, para. 1, letter f of the GDPR. Examples of such legitimate interests include maintaining the functionality of our IT systems. As part of the consideration of interests required in each case, we take into account various aspects, in particular the type of personal information, the purpose of processing, the circumstances of processing, and your interest in the confidentiality of your personal information.

Based on these legal reasons, TGA collects personal data over TGA’s websites, mobile websites, social media accounts, and cookies.

3. THE PERSONAL DATA THAT TGA COLLECTS AND PROCESSES

Online visitors: TGA collect and process IP address, port info, starting, and ending time of the service given, type of the service, the amount of data transferred and if available subscriber ID information in accordance with the Law numbered 5651 (“Internet Law”).

Users: Account information (name, last name, date of birth, e-mail address, location (city, country), user name, password, information about the employer, phone number, direct marketing opt-in/opt-out choice, alternative login option with Facebook or Google (e-mail address).

Party of Training Agreement: TGA collect and process name, last name, tittle, e-mail address, location of organization and details of needs regarding training through an entry form in the scope of agreement between parties.

4. PERSONAL DATA PROCESSING PROCESSES AND PURPOSES OF USE

TGA processes online visitor’s personal data based on the Internet Law. It is compulsory for website owners to collect and keep abovementioned information in order to combat illegal online content.

If you register TGA’s website as a user and plan a trip to Türkiye, we may use your name and e-mail address to send you necessary information about your visit. If you (visitor or user) click opt-in/agree button on the webpage or mobile webpage for direct marketing, TGA could send you marketing e- mails.

The type of personal information that TGA collects may include your name, contact details, your views and opinions about TGA services. If you use this website, information is recorded about your visit for web personalization, research and statistical and reporting purposes as well as to allow us to improve the website, product and services.

Information provided by you

Whenever you interact with us, you may be asked to provide us with necessary information. For example:

Some of our products or services may require you to create an account or register certain information (your name, address, email address, date of birth, location, contact details, applicable device ID(s) relating to the devices you are using to access and receive particular applications and services, interests and account and marketing preferences) in order to use a particular product or service.

If you contact us via written communications or via our website(s), email, or our social media channels), we may keep information about the particular communication, including your name, the service(s) you request, the reason why you contacted us, and the advice we gave you so we can track the resolution of any user request and enhance.

When you visit us at a public event, such as a trade show or exhibition or participate in one of our surveys, competitions or prize draws, we may ask for information, such as your business card, name, contact details, interests and marketing preferences.

When you use our services or other platforms, we may receive content that you choose to upload, such as product reviews, comments, photos or details of your preferences that you choose to tell us about.

Information we collect from social networks

If you use any of our social network pages or applications or you use one services that allow interaction with social networks, we may receive information relating to your social network accounts:

If you log-in to one of our websites or services using your social network account, we may receive basic details from your social network profile, such as name, last name, e-mail etc., which may depend on your social network accounts privacy settings. We may also receive additional information from your profile if you give us permission to access it.

We may receive information about interactions with the content posted to your profile or feed. To get more information and details about how you can control access to your social network profile, please view the privacy policy and other guidance available on your social networks website.

Information we collect when you use websites, products, services from us

In order to improve and provide a better user experience, some of our websites and services provide us with information about your use of them, including:

Details of your usage patterns, the content that you view and interact with including information on the services and applications you are using in-device to personalize services to your specific needs. Service, product or server logs, which hold technical information about your use of our service, product or websites, such as your IP address (to determine your location/country of origin), device ID(s) etc.

Interests and preferences that you specify during set up or registration of any product or service.

• How the personal information that you provide to us or we collect is used:

We may use information for the following purposes: Create and manage customer database(s) of its users including basic account information, applicable device ID(s), related product or service usage information and customer preference information you provide us. We may consolidate several databases into one or otherwise link separate databases to manage your accounts more effectively.

Ask for your opinions about our products and services and conduct surveys. Facilitate and process your searches and requests for information when you contact us about our websites and services.

Hold competitions and other promotional offers across all platforms, contact winners and to fulfill prizes to winners.

We may use your information to provide you with product and service updates, newsletters and other communications about existing and/or new products and services by post, email, telephone, in-device messaging and/or text message (SMS), if you have provided your consent or we are permitted to do so under applicable law.

We may use the information we collect, or you share with us to personalize our services, content, recommendations and adverts.

We may use your information to create user group profiles or segment data and to otherwise create anonymous, aggregated statistics about the use of our websites, products and services which we may share with third parties and/or make available to the public.

We may use your information to improve our products, services and applications and develop recommendations, advertisements and other communications and learn more about customers' shopping preferences in general.

Where you have uploaded product reviews, comments or content to our websites or services and made them publicly visible, we may link to or publish these materials elsewhere including in our own advertisements.

We may link or combine the information that we collect from the different sources to allow us to provide more seamless customer support whenever you contact us and to provide you with better, personalized services, content, marketing and adverts.

5. TECHNICAL AND ADMINISTRATIVE MEASURES TAKEN TO ENSURE THE SECURITY OF PERSONAL DATA

As the data controller, the TGA is obliged to prevent and protect personal data from being illegally processed or accessed when processing personal data. For this reason, the TGA has taken all technical and administrative measures regarding data security, including the additional measures required to protect sensitive personal data.

6. PERSONAL DATA TRANSFERRING

In general, we do not share or disclose information about you to third parties without your consent unless TGA is required to or authorized by laws.

We may use other third-party service providers including data analytics providers who process information on our behalf, consultants, marketing agencies, Professional advisers, Ministries or business partners with whom TGA has a formal relationship with.

Our service providers are required to only process data in line with this Policy.

If you request or agree to receive information or newsletters from one of our business partners, we may provide that third party with your details so that they can contact you and/or respond to your request.

We may use and/or disclose information about you to:

• Government bodies and law enforcement agencies to prevent fraud, to comply with applicable laws, regulations and court orders and to comply with valid legal information requests from such bodies. To that extent TGA could share traffic data with law enforcement and the Turkish Information Technologies and Communication Authority based on the Internet Law.
• Third parties (including professional advisors) to enforce or defend our legal rights or the terms and conditions of any of our websites, products or services
• A third-party purchaser or seller, and its and our professional advisors, in connection with a corporate event such as a reorganization, merger, business acquisition or insolvency situation
1.Based on the commercial electronic message approval, the commercial electronic message is shared with the service provider in order to promote, advertise and offer benefits and opportunities in line with travel preferences,

7. ANONYMOUS STATISTICS

We prepare anonymous data for a number of purposes. The information may be shared with our partners, advertisers, media and public as you cannot be identified from this information.

8. DIRECT MARKETING COMMUNICATIONS

When you provide us with contact details, you may be given the opportunity to opt-in to receiving various newsletters and other communications from us.

You can change your marketing communication preferences at any time.

If you use more than one e-mail address to contact us on, you will need to unsubscribe separately for each email address.

Please note that we may send you important information about our products and services that you are using or have used including essential software updates, changes to applicable terms and conditions and/or other communications or notifications as may be required to fulfil our legal obligations arising from the Law on the regulation.

9. COOKIES AND COOKIE MANAGEMENT

TGA has a detailed Cookie Policy and provide you very effective cookie management regarding cookies we use. For more details see please our Cookie Policy

9.1.Links to third party sites

Some of our websites may contain links to other third-party websites that are not operated by us. We are not responsible for the content, security or privacy practices of those third-party websites. Please view the privacy and cookie policies displayed on those third-party websites.

10. PERSONAL DATA RETENTION PERIODS

TGA has a Personal Data Retention Policy, which has been prepared in accordance with the DPL. We keep personal data following periods:

• We keep online visitors traffic data 2 years based on the Internet Law.
• We keep login info of users until he/she close his/her account..
• We keep opt-in, opt-out records for 1 year from the date of withdraw and other records regarding commercial electronic messages for 1 year based on the Bylaw on Commercial Communications and Commercial Electronic Messages.
• For retention periods of personal data processed by cookies, see please our Cookie Policy.
• Within a reasonable time following providing the service.

11. PROFILING

We may use your information to create user group profiles or segment data and to otherwise create anonymous, aggregated statistics about the use of our websites, products and services which we may share with third parties and/or make available to the public. In order to create user group profile, instead of sharing personal data directly with our providers, we use pseudonymization. We do not make microtargeting.

12. DATA SUBJECTS’ RIGHTS

a. As a data subject, you have the right of access (Art. 15 GDPR), right to rectification (Art. 16 GDPR), right to erasure (Art. 17 GDPR), right to restriction of processing (Art. 18 GDPR) and right to data portability (Art. 20 GDPR).

b. If you have consented to the processing of your personal data by us, you have the right to revoke your consent at any time. The legality of processing your personal data before revocation remains unaffected.

c. Right to object

For reasons relating to your particular situation, you have the right to file an objection at any time to the processing of personal data pertaining to you that is collected under Section 6 Clause (1e) GDPR (data processing in the public interest) or Section 6 Clause 1 f) GDPR (data processing on the basis of a balance of interests). If you file an objection, we will continue to process your personal data only if we can document mandatory, legitimate reasons that outweigh your interests, rights and freedoms, or if processing is for the assertion, exercise or defense of legal claims.

To the extent we use your personal data for direct marketing based on legitimate interests, you have the right to object at any time without giving reasons.

d. We ask you to address your claims or declarations to the following contact address: [email protected]!

e. If you believe that the processing of your personal data violates legal requirements, you have the right to lodge a complaint with a competent data protection supervisory authority.