Turkish Airlines UM Passenger Privacy Notice

As a data controller Türk Hava Yolları Anonim Ortaklığı (hereinafter referred to as “THY”, “Turkish Airlines” or “We”) pays the utmost attention to the lawful processing of its customers’ personal data. This UM Passenger Privacy Notice  (“Privacy Notice”) has been prepared primarily in accordance with the Turkish Personal Data Protection Law No. 6698 (the “Law”) and the EU General Data Protection Regulation (Regulation (EU) 2016/679) (the “GDPR”) to ensure that personal data are processed transparently and remain fully under your control when ticketing, reservation, or similar transactions are being carried out for unaccompanied minor passengers (“UM Passenger”) and their parents or legal guardians via our ticket sales offices, airport check-in counters, or agencies.

Accordingly, this Privacy Notice provides information on which personal data We process as the data controller, for what purposes We process such data, the third parties with whom your data may be shared, your rights regarding your data, and how you can contact us for further information.

You may read the Turkish Airlines Privacy Notice on the Processing and Protection of Personal Data published on: https://www.turkishairlines.com/en-tr/legal-notice/privacy-policy/index.html and for more detailed information about processing of your personal data. For more detailed information under the GDPR, we kindly ask you to read the Turkish Airlines GDPR Privacy Notice published on: https://www.turkishairlines.com/en-tr/legal-notice/gdpr-privacy-notice.

Your personal data may be collected through printed documents and/or electronic systems when you purchase tickets or make reservations via our ticket sales offices, airport check-in counters, travel agencies or when carrying out similar transactions.

General information on your personal data processed by THY is as follows: (For further information regarding the purposes for which your data are processed, please read the privacy notices referred to  in the introduction)

• Identity and Contact Information: Personal data you provide during account creation, flight reservations or while applying for privileged services offered by THY and its partners, including your name, surname, identification and passport number, email address, phone number, mobile phone number, and address etc.
• Flight Information: Details of your flight booking and ticket, including the travel authorization form required for unaccompanied minors.
• Advance Passenger Information (API/PNR): Personal data relating to your name, nationality, date of birth, gender, the type and number of your travel documents, their date of issue and expiry, and the issuing authority.
• Request/Complaint Management Information: Feedback or complaint information you provide regarding our services.
• Financial Information: Credit/debit card information, bank account information, IBAN, balance information, credit balance information and other relevant financial information.
• Membership Program Information: If you are a member, details of your membership in the Miles&Smiles or Turkish Airlines Corporate Club programs.
• Health, Allergy, and Special Dietary Requirements: If requested by you, information regarding any medical needs, allergies or special dietary requirements during travel.
• Cabin Tablet Photo Records: Flight experience images recorded through Cabin Tablets upon request.
• Marketing Information: Reports and evaluations showing the habits and tastes of the person associated with the UM Passenger and his/her legal representatives and to be used for marketing purposes, targeting information, cookie records, information derived through data enrichment activities, information and evaluations obtained as a result of surveys, satisfaction surveys, campaigns and direct marketing activities.

Your personal data is processed under the Law and the GDPR based on the following legal grounds.

Under the Law, your personal data may only be processed if at least one of the conditions specified in the Law is met. As THY, regardless of the purpose for which we process your personal data, we always process your data in compliance with the fundamental principles in Article 4 of the Law, the provisions of national and international legislation, and on the basis of the personal data processing conditions listed in Articles 5 and 6 of the Law.

Your personal data are processed on the following basis of the Law and GDPR:

• Explicitly provided for by law within the meaning of Article 5 (2) (a) of the Law,
• If it is necessary to establish a contractual relationship and/or to perform our obligations under a contract (airline transport services and other related services etc.) as provided by 5(2)(c) Law and Art. 6(1)(b)
• Compliance with legal obligations provided by Article 5(2)(ç) Law and Art. 6(1)(c) GDPR,
• As required to conduct our business and pursue our legitimate interests if such interests do not have a negative impact on your fundamental rights and freedoms as provided by 5(2)(f) Law and Art. 6(1)(f) GDPR.

Your special category personal data are processed under Article 6(3)(d) of the Law and Article 9(2)(f) of the GDPR, on the legal basis that it is necessary for the establishment, exercise, or protection of a right.

In addition to the personal data processing conditions listed above, in certain cases We may request your explicit consent to process your personal data. In such situations, your personal data will be processed solely within the scope of the explicit consent you voluntarily provide. You may withdraw your explicit consent at any time.

Your personal data are being processed in compliance with GDPR as well as other relevant laws and especially with Law for the following purposes:

• Management of your flight reservations and other related services: This includes flight bookings, ticket issuance, check-in procedures, preparation of boarding passes, enabling boarding, other services related to civil aviation operations and processes, and ensuring that passenger’s travel procedures are safely and securely completed.
• Communication: Providing you with reservation information and updates regarding ticket sales transactions, as well as contacting you via relevant communication channels (SMS, email, or phone) in accordance with applicable legislation and operational processes to keep you informed. (Please note that any messages sent solely for the purposes above or for similar service notifications and that do not involve marketing are not subject to consent under Article 6 of the Regulation on Commercial Communication and Commercial Electronic Messages. Even if you have not given your consent to receive messages, such communications may still be sent to you by THY.)
• Evaluation of Requests and Feedback: Collecting and assessing customers’ comments, complaints, and feedback regarding our services through written/online forms and surveys.
• Legal Obligations: Ensuring compliance with the national and international legislation applicable to THY and fulfilling the obligations arising from such legislation.
• Service Customization: Tailoring the programs, services, and products to individual needs, recommending and promoting them to you, and carrying out related activities to customize services for you.
• Membership Programs: If you are a member, carrying out the necessary work and business procedures to allow you to benefit from loyalty programs, primarily Miles&Smiles and Turkish Airlines Corporate Club.
• Information on illness, allergies and special dietary requirements: Ensuring that the necessary services are provided during the UM passenger’s journey.
• Services Provided to Enhance the Travel Experience: Offering services such as the Cabin Tablet Experience Application and in-flight entertainment system to improve the flight experience and increase passenger satisfaction, for example by providing personalized souvenir photos from your journey.

Under certain circumstances for the above listed purposes, We may transfer your personal data that We process to third parties, residing within borders of Turkey or abroad, in accordance with the provisions of national and international law, particularly Art. 8 and 9 of the Law as well as Art. 44 seq. GDPR. Categories of third parties We may transfer your personal data to are as follows:

• Our Business Partners or Suppliers (Domestic or Abroad); g., ground operation service providers at airports, agencies, global distribution systems, or partner airlines providing you with services during connecting or transit flights.
• Group Companies; g., certain services offered by THY are carried out by our affiliates, within this context, your personal data may be shared with our relevant affiliates. You may find more detailed information regarding our group companies by opening the following link: https://www.turkishairlines.com/en-tr/press-room/about-us/index.html;
• Suppliers: e.g., software companies providing technical support, security companies or transportation service providers;
• Foreign States Where Transportation Takes Place, Authorized Private Institutions and Organizations, and Public Authorities; For example, law enforcement agencies in the context of ongoing investigations, or the United States Department of Homeland Security for flights to the United States.

In accordance with Law No. 6563 on the Regulation of Electronic Commerce and the Regulation on Commercial Communication and Commercial Electronic Messages, your personal data may be processed in order to provide information about our services, to promote our goods and services and to ensure that you are informed about our campaigns in line with the permission you have given. In accordance with the relevant legislation, your commercial electronic message permission must be registered in the Message Management System (IYS) and within this scope, contact address (telephone number or e-mail address), date of consent, communication channel, recipient type and permission source data will be shared with IYS. You can visit https://iys.org.tr for detailed information about IYS.

Under Art. 11 of the Law you are entitled to the following rights:

• Learn whether data relating to you are being processed by us;
• Request further information from us if personal data relating to you have been processed;
• Learn the purpose for the processing of personal data and whether data are being processed by us in compliance with such purpose;
• Learn the third-party recipients to whom the data are disclosed within the country or abroad;
• Request rectification of the processed personal data which is incomplete or inaccurate and request such process to be notified to third persons to whom personal data are transferred;
• Request deletion or destruction of personal data in the event that the data are no longer necessary in relation to the purpose for which personal data were collected, despite being processed in line with the Law and other applicable laws and request such process to be notified to third persons to whom personal data are transferred;
• Object to negative consequences that you experienced as a result of analysis of the processed personal data by solely automatic means;
• Demand compensation for the damages that you have suffered as a result of an unlawful processing operation;

If you are subject to GDPR, please find more detailed information on your rights under https://www.turkishairlines.com/en-pl/legal-notice/gdpr-privacy-notice/

In order to easily exercise your rights listed above and send us your relevant requests you may contact us through our contact information below. We will respond to you in the shortest time possible, based on the nature of your request and within 30 days at the latest. As a general rule, responses to data subject requests are given free of charge; however, we reserve the right to charge you according to the tariff to be determined by the Personal Data Protection Board in case the request requires additional costs.

https://feedback.turkishairlines.com/en

(then please proceed with (1) “Create new feedback” / “My previous feedback” (2) “Protection of Personal Data” steps.)

+90 212 444 0 849; +90 212 463 63 63

Türk Hava Yolları A.O. Genel Yönetim Binası, Yeşilköy Mah. Havaalanı Cad. No:3/1 34149 Istanbul, Türkiye

(If you live in Germany and have an unresolved concern you can also contact our German DPO: turkishairlines-dpogermany@eversheds-sutherland.com. If you contact us by e-mail, communication is unencrypted.)