FASTTOSKY PERSONAL DATA PROTECTION AND PRIVACY POLICY

1. Purpose and Scope

This policy has been prepared to determine the principles regarding the processing, storage, and protection of personal data obtained through www.fasttosky.com (or other affiliated domains) operated by FastToSky, within the scope of the Turkish Personal Data Protection Law No. 6698 (“KVKK”) and related legislation. FastToSky places the highest importance on the privacy and protection of its users' personal data.

2. Methods of Collecting Personal Data

FastToSky may collect personal data through the following methods:

• Via the website, mobile application, or online forms,
• Through e-newsletter subscriptions, contact forms, reservation or service purchase processes,
• Via email, telephone, social media, and live support channels,
• Through automated means via cookie technologies.

3. Personal Data Collected

Personal data in the following categories may be collected from users:

• Identity Information: Name, surname, date of birth, gender, passport information, T.C. (Turkish Republic) Identity Number
• Contact Information: Email address, phone number, address
• Financial Data: Billing information, payment details. (FastToSky does not save or store sensitive payment data such as credit card numbers or CVC codes. This data is processed directly by secure payment infrastructure providers.)
• Reservation Information: Flight, hotel, transfer, or lounge service details
• Technical Data: IP address, cookie data, device model, browser information, transaction time
• Marketing Data: Preferences, campaign participation, communication permissions

4. Purposes of Processing Personal Data

The collected data is processed for the following purposes:

• Providing reservation, ticketing, lounge, or VIP services
• Executing payment transactions and invoicing
• Improving user experience and resolving technical issues
• Sending campaigns, promotions, and information (for users who have consented)
• Measuring customer satisfaction and improving service quality
• Fulfilling legal obligations (financial, operational, security, etc.)

5. Transfer of Personal Data

FastToSky may only share personal data with the following persons and organizations within the framework of the relevant legal legislation:

• Business partners, airlines, hotels, transfer companies, lounge operators
• Authorized public institutions (courts, prosecutor's offices, financial audit units, etc.)
• Business partners located abroad (e.g., international ticketing systems, API providers), only by taking the necessary technical and contractual precautions

6. Personal Data Retention Period

• Personal data is stored for the period required by the processing purpose.
• Certain data may be retained for up to 10 years due to legal obligations.
• Personal data whose purpose has ended is periodically anonymized or destroyed.

7. Your Rights as a Data Subject (under KVKK)

In accordance with Article 11 of the KVKK, you have the following rights regarding your personal data:

• To learn whether your personal data is being processed
• To request information if it has been processed
• To learn the purpose of processing and whether it is used in accordance with that purpose
• To know the third parties to whom data is transferred, domestically or abroad
• To request correction if data is incomplete or incorrectly processed
• To request the deletion or destruction of data within the framework of legal conditions
• To object to an adverse outcome arising from the analysis of data solely through automated systems
• To demand compensation in case of damage

You can submit your requests by sending an email to info@fasttosky.com.

8. Use of Cookies

• FastToSky uses cookie technology to improve the user experience.
• Users have the right to restrict or refuse cookies through their browser settings.
• Our cookie policy is presented in detail on a separate page on our website.

9. Data Security

FastToSky takes all necessary technical and administrative security measures to protect the confidentiality of personal data:

• SSL security certificate
• Encryption, firewall, and secure data center infrastructure
• Authorized personnel access control
• Regular data backup, periodic security assessments and vulnerability scans

10. Policy Updates

• This policy may be updated due to legal requirements or changes in the scope of services.
• The current version will always be published on www.fasttosky.com.

11. Additional Information for EU Residents (GDPR)

If you are a resident of the European Union (EU) or European Economic Area (EEA), you may have specific rights under the General Data Protection Regulation (GDPR) in addition to your rights mentioned in Article 7. As the Data Controller, we process your data based on "performance of a contract" or "legitimate interest" to provide our services (reservations, transfers, etc.) to you.

Your additional rights under the GDPR may briefly include:

• Right to Data Portability: The right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.
• Right to Erasure (Right to be Forgotten): The right to request the deletion of your personal data without undue delay under certain conditions (e.g., when the purpose for processing no longer exists or you withdraw consent).
• Right to Restrict Processing: The right to request the restriction of processing under certain circumstances, such as when you contest the accuracy of the data or deem the processing unlawful.
• Right to Lodge a Complaint: The right to lodge a complaint with a relevant data protection authority in your country of residence if you believe the processing of your personal data infringes the GDPR.

To exercise these rights or for more information, you can contact us using the contact details provided in Article 12.