1. Introduction.

As a data controller Türk Hava Yolları Anonim Ortaklığı (hereinafter referred to as “THY”, “Turkish Airlines” or “We”) pays the utmost attention to the lawfulness of the processing of personal data relating to its visitors, candidate/employee, intern, retired former employee, employee of third parties, customers and business partners.

The THY Buildings/Premises Privacy Notice  (“Privacy Notice”) has been prepared in accordance with the primarily Turkish Personal Data Protection Law No. 6698 (the “Law”) and the EU General Data Protection Regulation (Regulation (EU) 2016/679) (the “GDPR”) to ensure that personal data are processed in a transparent manner and under your full control during your visits to our campuses, premises, offices, production areas, workshops, warehouses, fairs, event areas and other similar working areas.

Specifically, We would like to inform you with respect to processing of your personal data collected. In this respect, We provide you with information on which personal data We process, for what purposes and how long, the third parties your data are shared with, your rights and ways to contact us in this Privacy Notice.

Data processing is conducted in accordance with the principles of “lawfulness, fairness and transparency”, “purpose limitation”, “data minimization”, “accuracy”, “storage limitation”, “integrity and confidentiality”, “data subject’s control over personal data” and “accountability”.

We reserve the right to update this Privacy Notice at any time and will provide you with a new Privacy Notice if any substantial updates are made thereto. From time to time We may also notify you in other ways about processing of your personal data.

You may read the Turkish Airlines Privacy Notice on the Processing and Protection of Personal Data published on: https://www.turkishairlines.com/en-tr/legal-notice/privacy-policy/index.html for more detailed information about processing of your personal data. You may read the Turkish Airlines GDPR Privacy Notice published on: https://www.turkishairlines.com/en-tr/legal-notice/gdpr-privacy-notice for more detailed information about GDPR.

2. Which Personal Data We Process and How Do We Collect Your Personal Data?

General information on your personal data processed by THY is as follows:

• Identity Information : Information collected during your visits to THY premises such as name, surname, profession, title, institution that you represent, identification document, (only if you choose to submit your identity document temporarily to get a visitor card at the premises entrance and limited to the duration of the visit) (For more detailed information about processing of your Identity/Passport Information please click here ), government identification number etc. ;
• Purpose of Visit : Purpose of visiting THY premises and information about the THY personnel whom you are visiting, date and time of your visit or, if applicable, information about attendants of your meeting;
• Security Information : Where available, information about the key cards assigned to you, date and time of your visits and if necessary due to the internal policies of THY, information on the equipment/devices a record of which should be kept;
• CCTV Recordings : Where available, CCTV cameras may be located on our campuses and premises in order to ensure security and safety. In such cases warning signs are displayed in the areas where the CCTV recordings take place;
• Interview Recordings : Where available and allowed under applicable laws, interviews may be recorded for the purpose of measuring service quality and only on premises within the borders of Turkey. In such cases, warning signs are displayed in the areas where recordings take place. Interviews are not recorded on the premises within the European Union;
• Evaluations and requests : Information regarding your assessments, complaints and requests relating to your visits.
• Other Information: Vehicle plate information in case of using parking area lot in our premises.

Your personal data can be collected during your visits to THY premises, buildings, offices, production areas, workshops, warehouses, fairs, event venues and other working areas via printed documents and electronic equipment specifically dedicated to security purposes in accordance with the provisions of national/international legislation, in particular the basic principles of Art. 4 of the Law and Art. 5 GDPR, only if one or more conditions that are stipulated by Law/GDPR are present.

3. For Which Purposes Do We Process Your Personal Data? [1]

Your personal data are being processed in compliance with GDPR as well as other relevant laws and especially with Law for the following purposes:

• Security : your personal data mentioned above is processed in order to ensure the security of THY's premises, buildings, offices, production areas, workshops, warehouses, fair and activity areas and other similar work areas;
• Communication : processing takes place to make necessary arrangements for your visits and to ensure the proper communication between the relevant parties;
• Assessments of your evaluations and requests: processing takes place to receive your assessments, complaints and requests regarding your visits, if any, and to evaluate them;
• Legal obligations : processing takes place in order to comply with national and international legislation to which THY is subject to and fulfill obligations, arising from the Turkish Occupational Safety and Health and related legislation.

4. What Is Our Legal Basis for Processing Your Personal Data?

Under the Law personal data can only be processed if at least one of the conditions set forth under Art. 5 and Art.6  of the Law and/or required by international legislation, as well as Art. 6 GDPR .

Your personal data are processed on the following basis of the Law and GDPR:

• It is explicitly permitted by any Law provided by 5 (2) (a) Law,
• Compliance with legal obligations provided by Article 5(2) (ç) Law and Art. 6(1)(c) GDPR,
• As required to conduct our business and pursue our legitimate interests if such interests do not have a negative impact on your fundamental rights and freedoms as provided by 5 (2) (f) Law and Art. 6(1)(f) GDPR.

5. How Do We Keep Personal Data Secure and How Long Do We Store Them?

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, accessed in an unauthorized way, altered or disclosed. In addition, We limit access to your personal data to those employees, agents, contractors and other third parties on a need-to-know basis. They will only process your personal data on our specific instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach if We are legally required to do so.

THY, as a global company, has locations in different countries and the applicable laws change thereafter, the retention periods may therefore vary from country to country. THY is subject to legal obligations on data retention periods under Turkish law, European Law and depending on the country in which you live or which law applies, national laws of a country (for example, USA, Germany, Italy, Spain, Switzerland, etc.).

Your personal data will be deleted when the data is no longer needed for the specified purposes and legal retention periods expire. Click for detailed information about storage period.

6. To Whom We Transfer Your Personal Data and Why?

Under certain circumstances for the above listed purposes We may transfer your personal data that We process to third parties, residing within borders of Turkey or abroad, in accordance with the provisions of national and international law, particularly Art. 8 and 9 of the Law as well as Art. 44 seq. GDPR. Types of third parties We may transfer your personal data to are as follows:

• Group companies: certain services offered by THY are carried out by our affiliates, within this context, your personal data may be shared with our relevant affiliates. You may find more detailed information regarding our group companies by opening the following link: https://www.turkishairlines.com/en-tr/press-room/about-us/index.html ;
• Suppliers : e.g. software companies that We procure technical services from, security firms, transportation service providers;

• Government authorities and/or law enforcement officials: your personal data can be shared with government authorities law enforcement officials and/or executive or judicial bodies (e.g. authorized public and private bodies) if required by law in compliance with applicable laws and/or in relation to ongoing investigations.

• Private and Public Institutions Authorized by National or International Legislations: (e.g. Directorate General of Civil Aviation, in order to provide information within the scope of occupational health and safety authorized public institutions, audit firms, insurance companies );

If you are a data subject who is subject to GDPR We will only transfer your personal data outside the EEA in exceptional circumstances if suitable safeguards ensure that an appropriate level of protection is in place. Typically, We rely on the following safeguards:

1. Adequacy Decision of the EU Commission, currently: recipients in Andorra, Argentina, Canada, Faroe Islands, Guernsey, Israel, Isle of Man, Japan, Jersey, New Zealand, Switzerland, Uruguay and the United Kingdom (updated list and further information is available under https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en);
2. Standard Contractual Clauses: Other recipients (further information is available under https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en) except for situations to which Art. 49 GDPR applies:

• you have explicitly consented to the proposed transfer, after being informed of the possible risks of such transfer due to the absence of an adequacy decision and appropriate safeguards;
• the transfer is necessary for the performance of a contract between the data subject and THY;
• the transfer is necessary for the conclusion or performance of a contract concluded in your interest;
• the transfer is necessary for important reasons of public interest and/or other conditions mentioned in Art. 49 GDPR.

3. Exceptions under Art. 49 GDPR: Other recipients.

Further information on such transfers or copies of these measures can be obtained via the contact details in the Privacy Notice below.

7. What are Your Rights as Data Subject ?

As data subject, you are entitled to a number of rights under Art. 11 of the Law and Art. 15 seq. GDPR in relation to your personal data. We would like to inform you about the rights you are entitled to and the ways you may exercise them.

Under Art. 11 of the Law you are entitled to the following rights:

• Learn whether data relating to you are being processed;
• Request further information if personal data relating to you have been processed;
• Learn the purpose for the processing of personal data and whether data are being processed in compliance with such purpose;
• Learn the third-party recipients to whom the data are disclosed within the country or abroad;
• Request rectification of the processed personal data which is incomplete or inaccurate and request such process to be notified to third persons to whom personal data are transferred;
• Request deletion or destruction of personal data in the event that the data are no longer necessary in relation to the purpose for which personal data were collected, despite being processed in line with the Law and other applicable laws and request such process to be notified to third persons to whom personal data are transferred;
• Object to negative consequences that you experienced as a result of analysis of the processed personal data by solely automatic means;
• Demand compensation for the damages that you have suffered as a result of an unlawful processing operation;

If you are subject to GDPR, please find more detailed information on https://www.turkishairlines.com/en-pl/legal-notice/gdpr-privacy-notice/ 

In order to easily exercise your rights listed above and send us your relevant requests you may contact us through our contact information below. We will respond you in the shortest time possible, based on the nature of your request and within 30 days at the latest. As a general rule, responses to data subject requests are given free of charge; however, we reserve the right to charge you according to the tariff to be determined by the Personal Data Protection Board in case the request requires additional costs.

8. Data Controller and Contact Information:

THY Head Quarter Entity:

https://www.turkishairlines.com/tr-tr/bilgi-edin/musteri-iliskileri/geribildirim/

+90 212 444 0 849; +90 212 463 63 63

Türk Hava Yolları A.O. Genel Yönetim Binası, Yeşilköy Mah. Havaalanı Cad. No:3/1 34149 Istanbul, Türkiye

[1] No automated decision-making, including profiling, within the meaning of Art. 22 GDPR is carried out. If this changes, THY will notify you additionally and meet the requirements prescribed by GDPR.

OTHER LANGUAGES

You can use the documents below to examine the translations of this page in other languages.

Bulgarian | Croatian | Czech | Danish | Ducth | Estonian | Finnish | Greek | Hungarian | Latvian | Lithuanian | Polish | Romanian | Slovak | Slovenian | Swedish