Privacy and Security Policy has created this privacy statement to demonstrate our strict commitment to privacy. This policy outlines our personal information processing practices. If you provide us with your personal information, we will handle it in accordance with this policy. Balon Kapadokya encourages you to read this privacy policy and the privacy policy of all websites you visit. When you submit a claim form or contact us directly by email, phone or fax, your information is used in the following ways: Account info These tell us more about who you are and how we can contact you to give you accurate and prompt answers. Email Correspondence It is used to raise and respond to any issues and questions and will never be used to distribute information about site updates for future communications, unless requested. Security This site has security measures to protect the loss, misuse and alteration of information under our control provided by our Service Provider. We take great care in protecting your privacy and will not share any or personal information unless ordered by a court. We reserve the right to make changes to this Statement to provide accurate and up-to-date information on practices and regulations regarding the protection of personal data. In addition, in the event of a material change in the Notice, relevant persons will be notified by appropriate means. This Statement has been prepared to provide information about which personal data processes within the scope of its commercial activities, the purposes of processing, the parties to which personal data is transferred and the purposes of these transfers. This Statement covers the following channels through which personal data is collected: 1. What personal data do we process? Personal data processed by our company differ according to the nature of the legal relationship established with our company. In this context, the categories of personal data collected by our Company through all channels, including Digital Media, are as follows: Identity Information (Personal data provided during use of privileged services such as name, surname, identity and passport number provided by and its business partners. ) Contact Information (Personal data number, social media contact information, address, etc. provided when creating an account on our Website or App, making a seat reservation on the plane or making use of privileged services such as e-mail address, telephone number, mobile phone provided by and its business partners. .) Front Passenger Information (“API”) (name, nationality, date of birth, gender, type and number of travel documents, issue and expiration date, as well as personal data regarding the issuing authority) Information about Family and Relatives (identity information, contact information, children of the person concerned, profession and education information about his spouse, etc.) Customer Transaction Information (personal data recorded in channels such as call centers, credit card statements, box office receipts, customer instructions including reservation, purchase, cancellation, postponement, and other changes to an individual’s instruction or request) Transaction Security Information (website password, etc. information provided during the use of products and services offered in digital environments) Physical Environment Security Information (Entry/exit logs, visit information, camera and audio recordings, etc.) Audit and Inspection Information (information on all kinds of records and transactions regarding the legal request of the data owner and the exercise of our rights) Special Categories of Personal Data (data such as race, ethnicity, political opinion, philosophical belief, religion, special categories of personal data processed, limited to the situations expressly stipulated in the law and where necessary for the Company’s activities and with your explicit consent), sect and other beliefs, disguise and clothing, association, organization and union memberships, health and sexual life, criminal convictions and security measures, and biometric and genetic data) Marketing Information (reports and evaluations containing information about preferences, tastes, usage and travel habits that can be attributed to the data owner and used for marketing purposes, targeting information, cookie records, data created within the scope of data enrichment processes, survey records, satisfaction surveys, campaigns and as a result of direct marketing activities) information and evaluations obtained, etc.) Request/Complaint Management Information (information and records collected regarding requests and complaints regarding our products or services, and information contained in reports regarding the conclusion of such requests by our business units, etc.) Audio-Visual Information (photos, camera and sound recordings, etc.) 2. Transfer of personal data Personal data may be shared with group companies, business partners, public institutions and private persons authorized by law within the framework of the conditions and purposes regarding the processing of personal data specified in Articles 8 and 9 of the Law. It is carried out in accordance with the procedures and principles specified in Article 9 of the Law and the decisions of the Personal Data Protection Board. 3. Storage of personal data Our company determines the retention periods taking into account the applicable laws and data processing purposes. In this context, we take into account, where appropriate, the statute of limitations and legal obligations regarding the processing of personal data in particular. When the purpose of processing personal data ends, the data will be deleted, destroyed or anonymized unless there is another legal reason or basis allowing the personal data to be stored. 4. Principles on personal data privacy Our company acts in accordance with the following principles in all data processing activities. “Acting lawfully and in good faith”, “Authenticity and timeliness”, “Processing for specific, clear and legitimate purposes”, “Relevant, limited and proportionate”, as long as specified in the relevant law or necessary for the relevant purpose” 5. Use of digital platforms Your personal data may be processed during your use of the Digital Platforms in order to manage and operate the Website, to carry out activities to optimize and improve the user experience of the Website and the Application, to identify, support and support the ways in which the Website is used. improve the use of location-based tools to manage your online accounts and inform you about services available near you. If you want to benefit from the products and services offered, your personal data will be processed only to enable you to benefit from these products and services. 6. Data owners’ exercise of rights You can easily exercise your above-mentioned rights and send us your related requests easily from the contact information below. The requests of data owners regarding the above-mentioned rights will be finalized by us within thirty days at the latest, in accordance with the limitations stipulated by the Law. In principle, data subject requests will be concluded free of charge. However, reserves the right to charge a fee from the tariff determined by the Board if the request requires additional costs. Our company may request certain information from the data subject to determine that the applicant is actually the Data Owner, and additional questions may be asked to the applicant to clarify the issues regarding the applications. Aydinli medium mah. No. 11 Goreme/ Nevsehir 51080 +90 536 443 6262 7. Data security We take all appropriate technical and organizational measures to protect your personal data and reduce the risks associated with unauthorized access, accidental data loss, deliberate deletion or damage to personal data. In this direction, our company; Provides data security by using other software and hardware including virus and other malware protection systems, firewalls and intrusion prevention systems, Access to personal data within our company is carried out in a controlled process on the basis of unit / role / application, in accordance with the nature of the data and within the framework of authority, Ensures the necessary inspections for the implementation of the provisions of the Law in accordance with Article 12 of the Law, To ensure the legality of data processing activities through internal policies and procedures, Implements stricter measures to access special categories of personal data, In case of external access to personal data due to outsourced service procurement, our Company undertakes to comply with the provisions of the Law on the relevant third party, It takes the necessary measures to inform all its employees, especially those who have access to personal data, about their duties and responsibilities within the scope of the Law.