Recommendation: Read the bilgilerin sözleşmesi before you share any data. Confirm who is the veri kurum, what purposes are listed, and how long the bilgiler will be kept. If anything is unclear, submit your taleplerinizi to the sitelerine privacy contact page and compare it to the belirttiğiniz sections in the notice, then request a written response within the provided timeframe.
Key checks: List the veri categories and purposes; confirm the legal basis, and verify the retention period. If the notice mentions özel data, check additional safeguards and whether consent is required. You can edin access, corrections, and, where allowed, deletion of your data. Follow the kurum’s process on the sitelerine and keep records of all communications.
For health data (sağlık), look for explicit protections and regional considerations. If you operate in antalya or work with Antalya-based partners, ensure data transfers comply with cross-border safeguards and privacy notices reflect local practices. If you are aday for data subjects, review how your rights are described and what actions you can take to protect your own information, including how özgürlüklerine are protected in practice.
Practical steps: Submit taleplerinizi through the official channels, refer to the sitelerine address, and note the verilen deadline for responses. Ensure that eğitim for staff covers proper handling of personal data, especially sağlık data, and that privacy notices clearly explain rights and remedies; this is önemlidir for trust and compliance.
Data Collected During a Quick Online Bus Ticket Purchase
Always review the data fields before you finalize the bileti; this keeps verilerine under control and ensures processing happens güvenle.
What data we collect during a quick online bus ticket purchase
During checkout we collect verilerine to enable the transaction and issue the bileti. Identity verilerine include your name, email address, and phone number; travel details dair the route, date, and time you select; and payment data that allows tokenized processing while avoiding storage of full card numbers. We also gather device and network data–device type, IP address, browser, language, and approximate location in the ortaya alan–to improve reliability. Cookies and analytics help optimize the experience while we protect data with encryption and güvenle access controls. Our uzman team follows mevzuatın requirements and our aydınlatma, ensuring transparency with kaliteli and özgün data handling practices that support safe işlemlerin throughout the journey.
Your rights and how to exercise them
You have hakkı to access, correct, delete, or restrict your verilerine; to withdraw consent; to object; and to receive a copy in a portable format. To exercise these rights, contact bizimle and reference the current aydınlatma; we respond within the timelines required by mevzuatın. If you believe any işlemlerin is izinsiz, report it and we will suspend processing immediately and review the sözleşmenin and privacy protections. You can also manage marketing preferences and personal data (kişisel) related settings through our support channels, ensuring a smoother and safer experience on every bileti and every step of the aşamaları. If you have a request regarding verilerine pertaining to yeni sözleşmenin updates, we will handle quickly.
Legal Basis for Processing and When Consent Applies
Map every processing activity to a legal basis before collecting data. Assign one basis per purpose: contractual necessity to deliver a service; legal obligation for regulatory reporting; vital interests to protect a life; public task when required by law; legitimate interests for routine processing, balanced against individuals’ rights; or consent when no other basis fits.
Consent and When It Applies
Consent applies when it is freely given, specific, informed, and unambiguous, with a clear withdrawal path. Use consent for activities not covered by a contract or legal obligation, such as direct marketing or profiling in contexts where permitted. Record the consent with date, scope, and the manner in which it was verdiği; provide an easy opt-out; and ensure verilerinizin usage aligns with the belirlttiğiniz purposes. If processing involves sensitive data, obtain explicit consent as required by hukuka and in Ülkelerde rules.
Documentation and Turkish-Context Safeguards
Maintain a kayıtlı register of processing activities that links each data category verilerinizin to the applicable basis, purposes (dair), retention periods, and recipients. Within the çerçevesinde privacy program, implement danışma mechanisms and ensure that data are processed only for the belirttiğiniz purposes. If doğabilecek risk affect birçok kişiler, apply enhanced safeguards to protect elmas data and limit görüntülenmesine to authorized contexts. Keep idari hususu controls tight, respect kendinizi, and align processing with hukuka across Ülkelerde and with firmanın policy. When relying on consent, ensure tercihe options are explicit; Önemlidir to maintain the trust and haline the processing.
Data Retention, Deletion, and Minimization Practices
Set a data retention policy that keeps data only as long as needed for each purpose and deletes or anonymizes it when the purpose is fulfilled. The guidance is published sayfamızda and applies to bilgiler collected across our yurt operations, including data generated in Antalya and stored in related systems. For each data category, assign explicit retention periods: kampanya data for 12 months, satış records for 36 months, and anonymized aggregates for longer-term insights; after the period ends, delete from active systems and overwrite backups where possible.
Minimize data collection by design: ask only the fields that are strictly necessary to fulfill the purpose and avoid storing ekstra bilgiler. Use hologramlı consent records for offline processes and restrict access (ulaşım) to the minimum number of staff required. Implement regular geliştirilmesi of controls, review permissions aralarında teams across departments, and document decisions on sayfamızda so that accountability is clear for customers and partners, including üyelerine.
Delete securely and replace when appropriate: schedule automated deletions across production, staging, and backups; apply cryptographic erasure on backups to prevent recovery. If legal or operational requirements require retaining some data, yerine anonim veya aggregated datasets to preserve insights without exposing individuals; monitor doğabilecek risks such as misconfigurations and ensure deletion events are logged and verifiable for audits.
Control data sharing and ensure responsible governance: limit data sent to kampanya partners and vendors to anonymous or aggregated forms; use secure gönder channels and ensure contracts specify retention and deletion obligations. The data handling framework is supported by an uzman who coordinates aralarında reviews and keeps a clear record on sayfamızda. Our Antalya office on Caddesi leads these efforts, providing a direct point of contact for inquiries and rights requests, and reinforcing accountability across teams for adına customers and collaborators.
Third-Party Access: Processors, Carriers, and Payment Providers
Limit third-party access to the minimum, enforce least privilege, and require a Data Processing Agreement (DPA) that describes for each processor, carrier, or payment provider the data categories (işlenme) and purposes, the security controls, and the sub-processors allowed under müşterilerin consent (sürdürülen). Maintain a geniş network of trusted partners with documented risk assessments and regular reviews of access rights, all aligned with kapsamdaki prensiplerine.
Maintain a centralized registry of processors, carriers, and payment providers, with entries that specify the источник of data, the kapsamındaki scope, and transfer safeguards. For özel (Özel) kategoriler, enforce encryption in transit and at rest, strict access logs, and quarterly audits. Create a clear dair of responsibilities for üyelere and suppliers, and require prior written approval for any sub-processor (sürdürülen) involvement. Include data retention and deletion rules in maddesinde to avoid orphan data.
When a data subject requests access or erasure, data controllers and processors must respond to the talebi within 30 days. Provide a straightforward interface for bizimle hususu handling and allow users to set tercihe preferences for communications. For deletion requests, follow maddesinde terms and ensure the data is removed from all processors under our control and from backups within the retention window. The incident response plan requires notification to us within 72 hours of any security event affecting these processors.
In kampanya activities handled by partners in antalya, ensure opt-out options and explicit user preferences are recorded and respected. If biri of our suppliers handles payment or shipment data, verify their compliance via annual assessments and, veya, require them to share relevant audit reports. Our governance keeps access logs and risk ratings in sync with bizimle commitments and ensures that the kule of critical data remains under control.
Your Rights: Access, Correction, Deletion, Objection, and Data Portability
Submit your rights request through your account now to review and manage your personal data. We verify your identity using your registered contact method and respond within 30 days. We keep you haberdar with status updates and provide a secure copy of your data when you request access.
Access: You may obtain a copy of the data we process about you, including the sources, purposes, and data categories (işlenmesini). We deliver the export in a machine-readable format through your preferred channel and, if requested, via posta to tarafınıza the address on file.
Correction: If you notice inaccuracies, you may request corrections to profile information, contact details, and any data that affects your use of hizmetlerimiz. We update the records promptly and confirm the changes in your account. If needed, we notify partners who receive your data with minimal disclosure of sensitive details; this helps keep your bilgiler aligned.
Deletion: You can request deletion of data that is no longer necessary for the purposes stated, subject to legal retention rules. We remove data from active systems and ensure it is unavailable to others, while maintaining necessary backups per süreçlerinin policy. Where applicable, we inform you of any exceptions tied to regulatory or contractual duties.
Objection: You may object to processing based on legitimate interests or for purposes like direct communication. We assess the basis for the objection, pause processing when required, and communicate the outcome within the stated timeframes. If a processor relies on consent, we honor withdrawal of consent without affecting the lawfulness of prior processing.
Data Portability: You may request a portable file of your data to transfer to another service. We prepare the data in a commonly used format and deliver it through your chosen channel, ensuring it contains essential data fields and metadata for smooth transfer (tasarımlarıyla).
Turkish localization note: metro, çeşitlendirilmesi, şifrenin, haberdar, sözleşmenin, açıklanan, yerli, iletebilirsiniz, güncelleme, üyelerine, Önemlidir, işlenmesini, tasarımlarıyla, kişiler, hizmetlerimiz, ankara, tarafınıza, posta, dair, süreçlerinin, sitemizde.
| Right | What it means | How to exercise |
|---|---|---|
| Access | See what data we hold, why, and with whom it is shared. | Use the Data Access form in your account or reply to this notice. Validate your identity and request the data export to posta or sitemizde; we deliver within 30 days. |
| Correction | Fix inaccuracies in personal information. | Submit aCorrection request via your profile settings; we update records and notify relevant uyelerine if needed. |
| Deletion | Remove data no longer needed for purposes stated or required by law. | Send a Deletion request; we erase from active systems and outline any applicable retention steps in süreçlerinin. |
| Objection | Stop or limit processing due to legitimate interests or direct marketing. | Submit an Objection request; we review and respond with next steps within the allowed period. |
| Data Portability | Receive your data in a portable, machine-readable format for transfer elsewhere. | Ask for data portability; we prepare a structured file and deliver through your chosen channel. |
Security Measures Guarding Your Data During Checkout
Enable HTTPS across the entire checkout flow, apply end-to-end tokenization for all payment fields, and never store raw card data. This yönelik approach protects sizin and müşterilerin information in transit and reduces interception risk during submission. For workflows like bileti purchases or otobüslerimiz services, align data handling with amaçlar and keep processing within our kurum while complying with mevzuat. Provide a yazılı aydınlatma that describes data use under çerçevesinde no34, and avoid ilanları exposure to başka parties. Limit data exposure by ensuring that only authorized users access data; this helps our tasarımları stay secure and demonstrates halidir trust when customers interact with bizimle commitments.
Technical Protections
- Enforce TLS 1.2+ on all endpoints, enable HSTS, and apply robust certificate management to every subdomain used in the checkout flow.
- Tokenize payment data via PCI-DSS-compliant processors; do not store PAN or CVV on our servers; replace sensitive values with tokens that render data unusable to outsiders.
- Validate inputs on both client and server sides; implement a strong Content Security Policy, secure and HttpOnly cookies, and regular güncelleme cycles to prevent izinsiz access.
- Apply network segmentation and least-privilege access; require MFA for all administrative accounts; maintain detailed logs and monitor for izinsiz giriş attempts within the iş akışı.
- Keep data handling within yerli mevzuat where possible; document data flows, and ensure çerçevesinde no34 that governs retention and access controls is followed.
- Design ve tasarımları to minimize data collection; for işlemler like bileti or parçası payments, process only what is necessary and saklanabilecek data for as long as required, then purge; avoid exposing ilanları or unnecessary data to başka parties.
- Ensure şişli district customers, and others, experience consistent security controls across devices and browsers; use özgün, user-friendly prompts to confirm permissions and data sharing.
Data Practices and Compliance
- Define saklanabilecek data before processing and publish retention periods in the aydınlatma; delete data when it is no longer needed or upon customer request.
- Align with mevzuat and yerli data protection rules; limit access to müşteri data to yalnızca gerekli görevliler, and document data flows with clarity in yazılı policies.
- Include no34 çerçevesinde guidelines in your privacy documentation; empower customers with rights to access, port data, or request deletion, and outline how data supports hizmet başarısı without compromising privacy.
How to Review the Notice and Exercise Your Privacy Rights
Submit via the elektronik portal described in the aydınlatma, and clearly specify which haklar you are exercising–the isteği–and the data scope that concerns kişilerin information.
Read the metninde carefully to verify the açıklanan data categories, the purposes of processing, the list of recipients, the retention period, and the security-gizlilik controls that protect the data. Check that the sözleşme terms backing the processing align with your expectations for transparency and control.
When you prepare a request to exercise your haklar, ask for data in a structured format that is easy to use and compare. If you want portability, request the data in a hale that can be döndüren to you or directly transferred to another controller (gibi aydınlatma, in a secure, elektroniki channel).
If you act directly (doğrudan) or through a representative, provide proof of identity and, for adına handling, authorization documents. For data about kişiler, specify the exact scope you need and reference the metninde where those data are described to avoid extras.
Expect a response within the period defined by law. If the reply is incomplete or denied, the notice should explain the reasons and steps to appeal, including who to contact. Keep the process kolay to follow and tamamen actionable, so your haklar remain aşkın of mere formalities; use the cycle to confirm prensiplerinin of data protection are respected.
Throughout the process, ensure the controller adheres to güvenlik-gizlilik standards and that any action taken–whether a data access, correction, deletion, or transfer–follows the düzenlenen procedures. If you need to review the decisions, request the full log and the metninde record of how the request was handled, including any dokunuşta confirmations and related şifrenin security checks, so the outcome reflects the rights stated in the notice and the sözleşme terms. If you require data to be delivered on your behalf, use adına instructions and ensure the transfer is elektronik and doğrudan to you or to another controller gibi specified.
English (UK) 
Français 
Deutsch 
Русский 
Українська 
Türkçe 
Polski 
Español 
Italiano 
العربية 
简体中文 
Ελληνικά 
日本語 
한국어 
Čeština 
Português