GDPR Disclosure
1. Data Controller Information
Company Name: SOFIST TURIZM SEYAHAT ACENTESI ANONIM SIRKETI
Address: BARBAROS MAH. BAYRAK SOK. NO: 1/5 ATASEHIR ISTANBUL – TURKEY
Phone: +90 216 472 34 58
Email: info@awaretour.com
Website: www.awaretour.com
SOFIST TURIZM SEYAHAT ACENTESI ANONIM SIRKETI (“Company”) processes personal data within the scope of its tourism technologies, digital infrastructure services, and global B2B partnership platform activities.
This Disclosure Notice has been prepared in accordance with:
- Turkish Personal Data Protection Law No. 6698 (“KVKK”)
- EU General Data Protection Regulation (GDPR – Regulation EU 2016/679)
- Relevant secondary legislation and international data protection regulations
The Company acts as the Data Controller.
2. Categories of Personal Data Processed
2.1 Identity and Contact Information
- Full name
- Email address
- Phone number
2.2 Corporate Information
- Company name
- Country
- Website address
- Job title/position (if declared)
2.3 Technical Data
- IP address
- Log records
- Browser and device information
- Session data
- Cookie data (PHPSESSID, Tawk.to)
2.4 Communication Data
- Messages submitted via contact forms
- Application details
- Correspondence records
3. Purposes of Processing
Personal data is processed for the following purposes:
- Evaluation of B2B partnership applications
- Management of international agency and partner relations
- Execution and performance of contractual processes
- Providing product demonstrations and commercial proposals
- Corporate communication and customer support
- Fulfillment of legal obligations
- Information security and system integrity
- Global operational coordination
Where explicit consent is obtained, personal data may also be processed for marketing communication purposes.
4. Legal Grounds for Processing
Personal data is processed based on:
- Explicit consent (GDPR Art. 6/1-a; KVKK Art. 5/1)
- Necessity for the establishment or performance of a contract (GDPR Art. 6/1-b; KVKK Art. 5/2-c)
- Compliance with legal obligations (GDPR Art. 6/1-c; KVKK Art. 5/2-ç)
- Legitimate interests of the Company (GDPR Art. 6/1-f; KVKK Art. 5/2-f)
5. International Data Transfers
As the Company operates globally and collaborates with agencies and partners in multiple jurisdictions, personal data may be transferred abroad.
Transfers may occur to:
- International business partners
- Group companies
- Cloud service providers
- Hosting and IT infrastructure providers
Such transfers are conducted in accordance with:
- Article 9 of KVKK
- Chapter V of GDPR
- Standard Contractual Clauses (SCCs)
- Binding Corporate Rules (where applicable)
- Adequacy decisions issued by competent authorities
- Explicit consent where required
6. Data Retention Period
Personal data is retained:
- For the duration necessary for the processing purposes
- In accordance with statutory limitation periods
- During the term of contractual relationships and applicable legal retention obligations
Upon expiry of retention periods, data will be deleted, destroyed, or anonymized in compliance with applicable legislation.
7. Rights of Data Subjects
Under KVKK Article 11 and GDPR provisions, data subjects have the right to:
- Request confirmation whether their data is processed
- Access personal data
- Request rectification
- Request erasure (“Right to be forgotten”)
- Request restriction of processing
- Object to processing
- Request data portability
- Withdraw consent at any time
Requests may be submitted in writing to info@awaretour.com.
EU residents also have the right to lodge a complaint with their local supervisory authority.
8. Data Security Measures
The Company implements appropriate technical and organizational measures, including:
- SSL/TLS encryption
- Firewall systems
- Access control policies
- Logging and monitoring systems
- Internal confidentiality agreements
- Periodic security audits
Despite all measures, no system can guarantee absolute security.