Trip and Tick
Legal

Privacy Policy

Transparent information about how we collect, use and protect your personal data. KVKK (6698) and GDPR compliant.

Effective date: 1 May 2026 · Last updated: 15 May 2026

1. Data Controller

Trip and Tick (Trip and Tick Turizm ve Seyahat Acentası Limited Şirketi) is the data controller under Law No. 6698 on the Protection of Personal Data (KVKK). Our address: Göreme Merkez, Nevşehir 50180, Türkiye. Contact: [email protected].

2. Personal Data Collected

We collect the following categories of data:

  • Identity: first name, surname, date of birth (age check), nationality.
  • Contact: email address, phone number, hotel address.
  • Passport: passport number for international flight guests.
  • Financial: payment amount, currency. Card details are not stored at Trip and Tick — Stripe infrastructure is used.
  • Processing: booking history, preferences, special requests.
  • Technical: IP, browser, device, cookie data.

3. Purposes of Processing

  • Booking processing and operator notification.
  • Payment and invoicing transactions (tax legislation).
  • Customer support and complaint management.
  • Marketing communications (only with explicit consent).
  • Fulfilment of legal obligations (TÜRSAB, tax).
  • Service improvement, anonymous analytics.

4. Data Sharing

Data is shared with the following parties:

  • Operators: the operator you book with (only the minimum information required for that booking).
  • Payment provider: Stripe (PCI-DSS compliant).
  • Email service: Brevo (transactional + marketing).
  • Official authorities: TÜRSAB, the Revenue Administration and courts in the event of a legal request.

Your data is not sold or rented to third parties for marketing purposes.

5. Retention Periods

  • Booking and invoicing data: 10 years (tax legislation).
  • Marketing consent: until withdrawn.
  • Non-contractual communication: 2 years.
  • Cookie data: up to 12 months.

6. User Rights (KVKK Art. 11)

Under the KVKK, you have the following rights:

  • Find out whether your personal data is being processed.
  • Request information about processing if your data has been processed.
  • Question the purpose of processing and whether it is appropriate.
  • Know the parties to whom data is transferred domestically or abroad.
  • Request correction if processed incompletely or inaccurately.
  • Request erasure or destruction.
  • Request notification to parties to whom data has been transferred.
  • Object to results obtained through automated systems.
  • Request compensation if damage has occurred.

7. Applications

To exercise your rights, you may submit a written application to [email protected] along with documents verifying your identity. We will respond no later than within 30 days we will respond free of charge.

8. Security

Data is protected through HTTPS encrypted communication, hashed passwords, role-based access and regular security audits. In the event of a data breach, the Personal Data Protection Board is notified within 72 hours.

9. Cookies

Our site uses cookies. For details, see Cookie Policy see our page.

10. Changes

We may update this policy from time to time. For significant changes, we will notify you by email. Continued use means acceptance of the updated policy.

Contact

For your questions: [email protected]