General Data Protection Regulation (GDPR)
SOUTHWIND AIRLINES GDPR PRIVACY NOTICE
This Privacy Notice aims to inform readers about how personal data is used in accordance with Article 13 of the GDPR (The European Data Protection Regulation).
We use the utmost caution and make every effort to process your personal information legally.
We process your personal data in compliance with the following principles (Article 5 GDPR) and legal justifications (Articles 6 and 9 GDPR):
- lawfulness, fairness and transparency
- limitation of purpose
- minimisation of data
- accuracy
- limitation of the retention period
- integrity and confidentiality
- accountability
Also, we take all necessary security precautions to avoid unauthorised processing of your personal data, unauthorised access to your personal data, and an inadequate level of security that compromises the security of your personal data.
Information about the processing of personal data will be included in headers of our Privacy Notice.
Our mailing address: Göksu Mah. Gazi Bul. No:461/1 Karaşah İş Merkezi 07260 Kepez/ ANTALYA
Our e-mail address: kvkk@southwindairlines.com
Our telephone number: +90 242 4448079
Our website address: www.southwindairlines.com
- Identification: first name, surname, date of birth, gender, nationality, ID and passport numbers
- Flight information: booking/ticket information, baggage information, meal preferences
- Contact: e-mail address, contact address, telephone number, social media contact information
- Advanced passenger information: API and PNR information
- Customer transaction invoice, information on box office receipts, order information, request information
- Risk management: information processed to manage commercial/technical/administrative risks
- Finance: debit/credit card information, bank IBAN no, bank account no
- Transaction security: IP address information, website login and exit information
- Sensitive personal data: health information (personal health information and information on disability status)
- Audio recordings: call centre recordings
| ACTIVITY | CATEGORIES OF PROCESSED PERSONAL DATA | PROCESSING PURPOSE | LEGAL REASON |
|---|---|---|---|
| sales and presentation activities of goods/services (reservation/ ticket/baggage/air freight bill, denied boarding, flight cancellation/refusal, placement in higher/lower service class and other transactions related to passenger rights) | identification, communication, flight information, finance, advanced passenger information | execution of sales and presentation processes of goods/services fulfilment of legal obligations |
the performance of the contract or taking steps at the request of the data subject prior to the conclusion of the contract (GDPR 6/1/b) ensuring compliance with legal obligations (GDPR 6/1/c) |
| activities to ensure the safety of flight operations | identification, communication, flight information, customer transaction, risk management, advanced passenger information | ensuring the safety of flight operations execution of risk management processes |
ensuring compliance with legal obligations (GDPR 6/1/c) in our legitimate interests (GDPR 6/1/f) |
| activities for the follow-up of requests/complaints | identification, communication, customer transaction, finance | follow-up of requests/complaints | the performance of the contract or taking steps at the request of the data subject prior to the conclusion of the contract (GDPR 6/1/b) in our legitimate interests (GDPR 6/1/f) |
| activities for information security | transaction security | execution of information security processes | in our legitimate interests (GDPR 6/1/f) |
Health information about our customers, which is a special type of personal data, may be processed to meet their needs for special services due to limited mobility, to address any medical issues that may arise during the flight, to provide in-flight services in accordance with medical sensitivities, to satisfy their legal obligations as passengers, to ensure the security of flight operations, and to carry out control procedures to protect the public health, but limited to the conditions stipulated in legal regulations (based on Article 9/2/a of the GDPR, taking into account the legislation we are subject to in Turkey).
- Protection of our company against material / moral damages
- Professionalisation and improvement of our products and services
- Cost optimisation
In accordance with applicable national and international law, we may disclose your personal information to individuals, institutions, and organisations in Turkey or other nations in order to provide you with our products and services, to admonish you for violations of the law, to protect our legal interests, and to carry out our contractual obligations:
The persons/institutions/organisations to whom we have made transfers are given below:
- Our business partners and suppliers: Ground handling companies, authorised agents, other service providers (such as information technologies, payment systems, catering, transport/accommodation and consultancy service providers)
- Authorities authorised to ensure public safety and flight safety in accordance with national and/or international legislation (such as civil aviation, customs, law enforcement authorities)
- Authorities authorised to receive information under national and/or international legislation (such as courts, health and supervisory authorities)
We transfer your personal data while taking the necessary security precautions. We follow the guidelines of the legal rules to which we are subject in Turkey, EU standard contractual provisions, or the adequacy judgement made by the EU Commission when determining and putting into practise adequate protection measures (Art. 45 GDPR). In compliance with GDPR Article 49, your personal information may also be transferred.
Link to EU Standard contract clauses:
Link to information on qualification decisions of the EU Commission:
You may submit a request for a copy of the protection measures applied by us via our e-mail address kvkk@southwindairlines.com
The lengths of time that personal data must be kept and the legal justifications for doing so may vary from nation to nation.
If a legitimate legal basis for keeping your personal information changes, we will delete it or anonymize it.
If the legal grounds for our processing cease to exist, the processing is no longer necessary to achieve our goals, the statute of limitations has run its course, you withdraw your explicit consent to processing that relies solely on that consent, or the legal requirements for its retention have expired, we will delete or anonymize your personal data.
Pursuant to the regulations contained in the GDPR, you have the following rights:
- Right to withdraw consent (Art. 7 GDPR)
- Right of access (Art. 15 GDPR)
- Right to rectification (Art. 16 GDPR)
- Right to erasure ("right to be forgotten") (Art. 17 GDPR)
- Right to restrict processing (Art. 18 GDPR)
- Right to data portability (Art. 20 GDPR)
- Right to object (Art. 21 GDPR)
Link for further information.
You can contact us by email at kvkk@southwindairlines.com to request your rights.
We might need to confirm your identification in order to review and consider your application. We would like to remind you that in order to complete your application and confirm your identity, we will process your personal data in accordance with GDPR 6/1/f.
You can make a complaint with the appropriate supervisory body if you think that we processed your personal data in a way that was illegal under the laws governing the protection of personal data.
We would like to emphasise that you have the right to revoke any consent you may have previously provided to our use of your personal data.
The lawfulness of the personal data processing activities we conducted in reliance on your consent prior to your withdrawal will not be impacted by your withdrawal of consent.
Should you have any difficulty in withdrawing your consent, you can contact us via our e-mail address kvkk@southwindairlines.com.
Cookies are text files that your browser processes and stores in order to better serve you, improve website performance, and provide you a more customised browsing experience.
For more detailed information, you can review our Cookie Policy.
We don't employ the automated individual authorization that is prohibited by GDPR Article 22.
You have the right to object at any time, for a reason specific to your situation, to the processing of your personal data, including profiling based on Article 6(1)(e) or (f) GDPR.
Unless we can show compelling legitimate grounds that outweigh the data subject's interests, rights, and freedoms or that the processing is necessary for the establishment, exercise, or defence of legal claims, we will not process personal data.
You have the right to object at any time to the processing of your personal data for direct marketing purposes, including profiling to the extent that it is connected to direct marketing, should personal data be used for such purposes.
If you object to the processing of your personal information for direct marketing reasons, we will stop doing so.
Despite Directive 2002/58/EC, you can use technical features to exercise your right to object when utilising services provided by the information society.