KVKK Data Protection Notice

This KVKK Data Protection Notice has been prepared in accordance with Turkish Personal Data Protection Law No. 6698 (“KVKK”).

The data controller is Deren Bodrum Turizm Seyahat Acenteliği Taşımacılık Organizasyon Ticaret Limited Şirketi, operating as the Blu Yachting / Bodrum Yacht Rentals and under the brand Fiona Travel (“Company”).

TÜRSAB Licence No: 11810

1. Data Controller Information

Data Controller:Deren Bodrum Turizm Seyahat Acenteliği Taşımacılık Organizasyon Ticaret Limited Şirketi

Registered Address: Çırkan Mahallesi, Atatürk Bulvarı No:1E | Bodrum, Muğla

Email: info@theblu.co | info@fionatour.com

KEP Address: 25898 - 70737 - 63188

Phone: +90 543 263 39 06 | +90531 474 0448

2. Personal Data That May Be Processed

Depending on the services requested, the Company may process the following categories of personal data:

  • Identity information, including name, surname, nationality and date of birth where necessary;

  • Contact information, including telephone number, email address, accommodation address and pick-up location;

  • Booking and travel information, including preferred dates, guest numbers, yacht preferences, route preferences and concierge requests;

  • Passenger, passport or identification information where required for legal, maritime, port, safety, insurance or operational purposes;

  • Payment, invoicing and transaction-related information;

  • Communication records, including enquiries, emails, WhatsApp messages, feedback and complaints;

  • Preference information, including transfer, catering, event and concierge preferences;

  • Website and technical information, including IP address, browser information and cookie-related data;

  • Dietary, allergy or accessibility-related information only where voluntarily provided and necessary for the requested service.

3. Purposes of Processing

Personal data may be processed for the following purposes:

  • Responding to enquiries and preparing tailored proposals;

  • Establishing, confirming and managing yacht charter, transfer, concierge, event and travel-related bookings;

  • Managing deposits, payments, invoices, cancellations and refunds;

  • Coordinating yacht owners, operators, captains, crew, transfer providers, catering providers and other suppliers;

  • Meeting legal, maritime, port, insurance, tax, accounting and security obligations;

  • Communicating booking confirmations, itinerary updates, operational information and customer-support responses;

  • Managing complaints, legal claims, service quality and guest safety;

  • Protecting the Company, its guests, staff, crew and systems against misuse, fraud or security incidents;

  • Sending commercial communications only where the applicable legal requirements have been met.

4. Legal Grounds for Processing

Personal data may be processed based on one or more of the following legal grounds under KVKK:

  • Where processing is expressly provided for by law;

  • Where processing is necessary for the establishment or performance of a contract;

  • Where processing is necessary for the Company to comply with a legal obligation;

  • Where processing is necessary for the establishment, exercise or protection of a right;

  • Where processing is necessary for the legitimate interests of the Company, provided that the fundamental rights and freedoms of the data subject are not harmed;

  • Where explicit consent is required and has been obtained.

Where special-category personal data is processed, the Company will rely on the legal conditions required under applicable legislation.

5. Collection Methods

Personal data may be collected through:

  • The Website and enquiry or booking forms;

  • Email, telephone, WhatsApp and social-media communications;

  • Face-to-face meetings;

  • Booking, payment and invoicing processes;

  • Travel agents, event organisers, accommodation providers or authorised persons acting on behalf of guests;

  • Cookies and similar technologies used on the Website.

6. Transfer of Personal Data

Personal data may be transferred, where necessary and proportionate, to:

  • Authorised Company personnel responsible for bookings, guest relations, operations, finance and customer support;

  • Yacht owners, operators, captains, crew and onboard service personnel;

  • Transfer, sea taxi, chauffeur, catering, accommodation, concierge and event service providers;

  • Banks, payment providers, accounting providers, insurers and professional advisers;

  • Marinas, port authorities, maritime authorities, public institutions and law-enforcement bodies where required by law;

  • Hosting, IT, security, booking, communication and other service providers supporting Company operations.

Personal data may be transferred abroad only where this is necessary and where the conditions set out under applicable data protection legislation are met.

7. Retention Periods

Personal data is retained only for as long as necessary for the relevant processing purpose and for the periods required under applicable legislation.

Booking, financial, tax, accounting, legal and insurance records may be retained for the periods required by law. Data collected for marketing purposes will be retained only for as long as permitted under applicable law or until the relevant consent is withdrawn, where consent is the legal basis.

8. Rights of Data Subjects

Under Article 11 of KVKK, data subjects may request to:

  • Learn whether personal data is processed;

  • Request information regarding the processing of personal data;

  • Learn the purpose of processing and whether data is used in accordance with that purpose;

  • Learn the third parties to whom personal data has been transferred;

  • Request correction of incomplete or inaccurate personal data;

  • Request deletion or destruction of personal data where the legal conditions are met;

  • Request notification of correction, deletion or destruction to third parties where applicable;

  • Object to a result arising against the data subject through automated processing;

  • Request compensation for damages caused by unlawful processing of personal data.

9. Application Method

Requests regarding personal data may be submitted to the Company through one of the legally permitted methods, including:

  • A signed written application delivered by hand or sent by post to the registered Company address;

  • A request sent through the Company’s KEP address, where applicable;

  • A request signed with a secure electronic signature or mobile signature;

  • An email sent from an address previously provided to and recorded in the Company’s systems.

Applications should include the applicant’s name, surname, contact details, request subject and any information needed to verify identity.

The Company will respond to valid applications as soon as possible and, in any event, within the period required under applicable law.