1. Purpose and Scope

Primavera Turizm Seyahat Organizasyon Anonim Şirketi (“Euroriente Travel”), incorporated in Turkey, carries out personal data processing activities in accordance with the Law on the Protection of Personal Data No. 6698 (the “Law”) and related legislation. Euroriente Travel does not sell directly to end customers; rather, it provides services to travel agencies operating internationally and acting as independent Data Controllers. Accordingly, personal data of customers is transmitted to us through the relevant travel agencies.

This Privacy Notice has been prepared to provide information about the personal data processing activities carried out while selling and delivering our services, specifically with respect to the personal data of travel agency representatives and employees, as well as end customers whose information is shared with us by the agencies.

Personal data is processed in accordance with the fundamental principles set out under the Law, for the purposes and legal grounds detailed below, and is securely retained for the periods necessary to fulfill these purposes.

2. Data Controller Information

Title

Primavera Turizm Seyahat Organizasyon Anonim Şirketi

Addresss

Maslak Mah. Büyükdere Cad. USO Center No: 245 İç Kapı No: 7 Sarıyer / İstanbul

Mersis / Trade Registry No

0733063112400001 / 108061-5

Contact

kvkk@euroriente.com / www.euroriente.com

3. Purposes and Legal Grounds for Processing Personal Data

Euroriente Travel processes personal data in the following contexts, based on the legal grounds specified under the Law on the Protection of Personal Data No. 6698:

(i) Web Portal Registration

During the registration process on our online booking platform (www.euroriente.com), personal data of travel agency representatives and employees—including identity, contact, and transaction security information—is collected through electronic forms. This data is processed for the purpose of managing access to the portal, based on the legal ground of establishing and performing a contract (Art. 5/2(c) of the Law).

(ii) Tour Bookings via the Platform

When a travel agency books a tour, customer data in the categories of identity, contact information, and travel details is collected through the agency and processed to complete the sale and provision of services. This is carried out on the legal ground of establishing and performing a contract (Art. 5/2(c)).

(iii) Customer Notifications and Reminders

Customer identity and contact information is processed to provide updates and reminders about the booked tour. The processing is based on the legal ground of establishing and performing a contract (Art. 5/2(c)).

(iv) Hotel Reservations

Customer data—including identity, contact, and travel information—is shared with the relevant hotel to complete accommodation bookings. This is processed based on the legal ground of establishing and performing a contract (Art. 5/2(c)).

(v) Flight, Ferry, and Train Reservations

To issue tickets and arrange transport, customer identity and travel details are processed and shared with relevant service providers (airline, ferry, or train companies). This is based on the legal ground of establishing and performing a contract (Art. 5/2(c)).

(vi) Ground Transfers

Visual and audio recordings (e.g. from in-vehicle cameras) and location data (via vehicle tracking systems) may be processed during transfer services to ensure the safety of passengers and vehicles. This is carried out on the legal ground of legitimate interest (Art. 5/2(f)).

(vii) Call Center Support

When you contact our call center, your personal data including identity, contact information, transaction history, travel details, and complaint or inquiry details is processed to respond to your requests. The legal ground for this processing is legitimate interest (Art. 5/2(f)).

(viii) Invoice and Payment Processing

To issue invoices and process payments, we collect identity, transaction, and payment details of travel agency representatives. The legal ground for processing is establishing and performing a contract (Art. 5/2(c)).

(ix) Supplier Invoicing

In certain cases, customer data may appear on invoices issued by third-party suppliers (e.g. hotels, transport firms, tour operators) for services rendered. This data is processed on the legal ground of establishing and performing a contract (Art. 5/2(c)).

4. Methods of Collecting Personal Data

Personal data processed in the contexts described above is collected by our company either electronically or in hard copy format, using automated or non-automated methods, depending on the specific process involved.

5. Transfer of Personal Data

(i) Transfers to Authorized Persons, Institutions, and Authorities

Personal data of travel agency representatives may be shared with the Turkish Revenue Administration to comply with our legal obligation to report invoices.

Personal data of customers may be shared with the Ministry of Transport and Infrastructure for regulatory reporting requirements and with the Turkish State Railways (TCDD) for train ticket bookings.

In addition, if requested, personal data may be disclosed to courts and other authorized public institutions or officials in accordance with our legal obligations.

(ii) Transfers to Our Service Providers

Personal data may also be shared with the following third-party service providers in connection with the sale and fulfilment of travel services:

§ E-invoice integrator companies – for the issuance of invoices.

§ Banks – for processing payments.

§ GPS tracking providers – for providing technical support when necessary.

§ Hotels – for accommodation bookings.

§ Airline agencies – for flight bookings.

§ Ferry operators – for ferry ticketing.

§ CCTV providers – for providing technical support when necessary.

§ Tour guides – for guided tour services.

§ Local tour operators in other countries – where travel involves multiple international destinations.

§ If you contact our call center, any personal data you provide may be shared with the call center service provider for support purposes.

Personal data you share via our online platform is hosted on the servers of our cloud service provider, Juniper Consulting SL. In this regard, Euroriente Travel ensures that all necessary conditions for the transfer of personal data abroad are met, in compliance with Article 9 of the Law.

To protect the security of your personal data, we obtain appropriate data protection commitments from all third parties to whom data is transferred, and we take steps to ensure that such transfers are made using secure and lawful methods.

6. Use of Cookies

When you use our website, we collect and use certain cookies to enhance your browsing experience, analyse site traffic, and improve our services. Cookies are small text files stored on your device that help websites recognize your browser and remember information such as user preferences. For more detailed information about the types of cookies we use and how you can manage your preferences, please refer to our Cookie Policy.

7. Changes to the Privacy Notice

Our Privacy Notice may be updated due to legal changes and needs, as well as improvements and changes in the way we offer and provide our services and application utilities. Therefore, we recommend visiting and accessing our Privacy Notice periodically to have access to and be aware of the latest changes that may have been incorporated.

8. Rights of the Data Subject

In accordance with Article 11 of the Law, data subjects have the following rights with respect to their personal data:

§ To learn whether personal data is being processed,

§ If processed, to request information about such processing,

§ To learn the purpose of processing and whether personal data is used in line with that purpose,

§ To know the third parties to whom personal data is transferred domestically or abroad,

§ To request the correction of personal data if it is incomplete or inaccurate,

§ To request the deletion or destruction of personal data under the conditions set out in Article 7 of the Law,

§ To request notification to third parties of any correction or deletion carried out in accordance with Article 11(d) and (e),

§ To object to decisions made solely on the basis of automated processing that produce legal effects or significantly affect the data subject,

§ To request compensation for damages arising from the unlawful processing of personal data.

Requests related to the above rights may be submitted by completing the Data Subject Application Form available at https://www.euroriente.com and sending it to kvkk@euroriente.com Euroriente Travel will evaluate your request as soon as possible and respond no later than thirty (30) days from the date of receipt.

This Privacy Notice was last updated by Primavera Turizm Seyahat Organizasyon Anonim Şirketi on April 1, 2025.