Search
PRIVACY POLICY

Privacy
Policy

Bodrum Yolcu Limanı İşletmeleri Anonim Şirketi (“Bodrum Port” or the “Company”) values your privacy and is committed to protecting your personal data in accordance with the Law on the Protection of Personal Data No. 6698 (“KVKK”) and all other applicable legislation. This Privacy Notice has been prepared to inform you about how your personal data is processed when you visit the Bodrum Cruise Port website or use our port services.

PRIVACY POLICY

Introduction

 

Bodrum Yolcu Limanı İşletmeleri Anonim Şirketi (“Bodrum Port” or the “Company”) values your privacy and is committed to protecting your personal data in accordance with the Law on the Protection of Personal Data No. 6698 (“KVKK”) and all other applicable legislation. This Privacy Notice has been prepared to inform you about how your personal data is processed when you visit the Bodrum Cruise Port website or use our port services.

Please note that our Company is not a travel agency or cruise line operator and does not sell travel programs or cruise services to passengers. As a cruise port operator, our role is strictly limited to managing and facilitating port operations, including embarkation and disembarkation processes. All travel arrangements, bookings, and associated services are provided by cruise companies or authorized travel agencies. Accordingly, our processing of personal data relates solely to port access, safety, logistics, and regulatory compliance within the scope of our terminal operations.

 

Important Information and Who We Are

Purpose of the Privacy Notice

This Privacy Notice explains for what purposes your personal data is collected by Bodrum Liman, on what legal bases it is processed, with whom it may be shared, how long it is retained, and your rights under the KVKK.

 

Controller

Bodrum Yolcu Limanı İşletmeleri Anonim Şirketi, registered at Esentepe Mah. Büyükdere Cad. 193 Apt. Blok No: 193 İç Kapı No: 2 Şişli / İstanbul / Türkiye is the controller responsible for your personal data in relation to the Bodrum Cruise Port (referred to as “Our Company” “we,” “us,” or “our” in this notice).

 

Contact Details

Under the KVKK, your personal data is processed by Ege Liman in its capacity as data controller, within the scope explained below.

  • Legal Entity: Bodrum Yolcu Limanı İşletmeleri Anonim Şirketi
  • Address: Esentepe Mah. Büyükdere Cad. 193 Apt. Blok No: 193 İç Kapı No: 2 Şişli / İstanbul
  • Email: info@bodrumcruiseport.com
  • Operational Site in Türkiye: Bodrum Cruise Port, Kumbahçe Mah. İskele Cad. 48400 Bodrum, Muğla, Türkiye

 

Changes to the Privacy Notice

This Privacy Notice was last updated on [.].[.] 2025. Bodrum Liman may update this Notice from time to time in line with the KVKK and applicable legislation. Significant changes will be announced to the public through our website.

 

Third-Party Links

Our website may contain links to third-party websites, plug-ins, or applications. Clicking on these links or enabling such connections may allow third parties to collect or share data about you. These websites are not under the control of Bodrum Liman, and the Company is not responsible for the privacy practices of such websites.

Please note that when booking through a travel agency or cruise company, they will complete your booking by entering the required data into our systems, acting as independent data controllers. This essentially means that the travel agency or cruise company independently decides how to process your personal data for activities under its competence and is responsible for the processing and appropriate data protection measures. For details on the processing activities involving your personal data, please contact your local travel agency or cruise company. Similarly, if you have booked additional services or packages involving cruise lines, these cruise companies are also separately considered data controllers regarding passenger data processed in the context of providing their services. You can access the privacy policies of the respective travel agencies or cruise companies via their own websites or offices.

 

1. The Data We Collect About You

Personal Data

Personal data, or personal information, means any information about an individual from which that person can be identified. We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

  • Identity Data: First name, maiden name, last name, username or similar identifier, marital status, title, date of birth, and gender.
  • Contact Data: Billing address, delivery address, email address, and telephone numbers.
  • Financial Data: Bank account and payment card details.
  • Transaction Data: Details about payments to and from you and other details of products and services you have purchased from us.
  • Technical Data: Internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
  • Usage Data: Information about how you use our website, products, and services.
  • Marketing and Communications Data: Your preferences in receiving marketing from us and your communication preferences.
  • Surveillance Data: includes static or moving imagery via CCTV or surveillance systems as you pass through our ports.

 

2. How is Your Personal Data Collected?

We collect personal data about you whenever you use our services (whether these services are provided by us or by other companies or agents acting on our behalf), including when you embark or disembark through our ports, use our website, or interact with us via email or by calling our contact center. In addition, we may receive personal information about you from third parties, such as:

  • Companies contracted by us to provide services to you;
  • Companies involved in your travel plans, including airlines, cruise companies, and customs and immigration authorities;
  • Companies that act as our third-party business partners with whom you have interacted and with whom you have consented to provide us with your data to receive marketing communications.

Please also note that when you provide us with data about others (e.g., details of passengers travelling with you, emergency contact data,), such as a co-traveller or minor, it is your responsibility to ensure that such individuals have authorized you to do so and that they are aware and have understood and accepted how our company uses their information (as described in this Privacy Notice).

Your personal data may be processed by Ege Liman in accordance with the Law on the Protection of Personal Data No. 6698 (“KVKK”) for the following purposes:

 

a) Responding to your requests (via website, call center, or email)

To respond to your requests regarding our activities and services, submitted via various communication channels (phone, email, SMS, messaging apps, etc.), we need to process your identity and contact details, as well as the content of your inquiry. This processing is carried out for the purpose of responding to your request and is based on the legal ground set out in Article 5/2(c) of the KVKK — processing is necessary for the conclusion or performance of a contract.

Additionally, if you request to be contacted via specific communication channels using the contact forms on our website, we may reach out to you accordingly. When contacting our call center, phone calls may be recorded where required under applicable legislation. In situations where call recording is not mandatory, it will only be conducted with your explicit consent. These recordings may also be processed based on our legitimate interest in verifying verbal commitments, ensuring service quality, and supporting staff training. If a call is being recorded, you will be informed at the beginning of the call.

 

b) Completing and handling the embarkation process

To ensure smooth operations, we need to process your identity and contact data. We also register your booking and travel information, such as date and port of embarkation and disembarkation, vehicle information such as plate number, brand, and model of the vehicle. We process this information in order:

  • To maintain the safety and security of the ports for our passengers, colleagues, and stakeholders, including but not limited to control authorities, national security, detection and prevention of crime, and aviation security;
  • To monitor flows and demand throughout the ports to optimize resourcing and passenger experience;
  • To support the effective management of port operations and any incidents;
  • For investigative purposes or as evidence to support any formal follow-up to port incidents;
  • In response to a subject access request.

Furthermore, we may contact you before your scheduled embarkation/disembarkation to provide essential documentation or updates related to your journey, such as changes to port access hours, cancellations of tour programs, or last-minute route modifications.

The processing of such personal data is carried out in accordance with Article 5/2(c) of the KVKK — performance of a contract to which you are a party. You may also be required to provide valid travel documents and visa information. In certain ports, biometric data (e.g., facial recognition) may be used to verify travel documents. In such cases, these special categories of personal data will only be processed based on your explicit consent, as required by Article 6/2 of the KVKK.

 

c) Sending you marketing communications

With your explicit consent, we may process your identity and contact data, booking and travel information, preferences, and technical data related to your online activity for marketing purposes. This processing may include sending you commercial communications such as promotional messages, customer satisfaction surveys, market research inquiries, and event invitations through various channels, including email, SMS, WhatsApp, postal mail, mobile app push notifications, telephone calls, instant messaging services, and our official social media pages.

These communications may relate to products and services offered by Global Yatırım Holding, its parent company, subsidiaries, group companies, and trusted business partners. Examples include:

  • Tourism and excursion activities,
  • Transportation and transfer services,
  • Insurance services,
  • Luxury products and other third-party offerings.

Additionally, to better tailor our marketing efforts, we may receive your personal data from third-party databases, provided you have previously consented to such sharing.

Marketing communications are sent only after we have obtained your explicit and verifiable consent through a double opt-in mechanism, in line with the Turkish Personal Data Protection Law (Law No. 6698, “KVKK”). You are not obliged to consent to receive such communications, and you may withdraw your consent at any time. To do so, you can click the “unsubscribe” link included in each marketing email or contact us using the details provided in Section 1 of this notice.

 

d) Sending you personalized communications

With your explicit consent, we may analyse your personal data to send you personalized commercial communications tailored to your interests and preferences. This may involve evaluating your travel preferences, browsing behaviour, and consumption habits to provide you with relevant content and special offers.

Personalization may be carried out through automated means, including profiling techniques. However, such profiling will never result in decisions that produce legal effects or similarly significant consequences for you.

Personalized communications may be delivered through both automated channels (e.g., emails, SMS, social media advertising) and non-automated methods (e.g., postal mail, phone calls).

In addition, if you participate in campaigns through social media platforms, your data may be processed — again, with your explicit consent — for audience targeting purposes. When you visit our website, cookies and similar technologies may be used to analyse your browsing activity and suggest services or products that may be of interest. For more information about our use of cookies, please consult our Cookie Policy.

You can withdraw your consent at any time by clicking the “unsubscribe” link found in our communications or by contacting us using the information provided in Section 1 of this Privacy Notice.

 

e) Compliance with applicable laws

When you provide personal data to our company, we are obligated to process it in accordance with applicable laws, including the Turkish Personal Data Protection Law (Law No. 6698 – “KVKK”) and other relevant regulations.

This may include storing and reporting personal data to public institutions and official authorities when legally required — for example, in the context of port security, customs and immigration procedures, health and safety protocols, or compliance with tax legislation.

Such processing is carried out based on our legal obligations under Article 5/2(ç) of the KVKK and other applicable Turkish legislation.

 

f) Handling requests, complaints, and comments

We keep track of comments and complaints you make regarding our port services, whether on-site or after your visit, to respond appropriately to your requests. We process this data in connection with our provision of services to you or based on our legitimate interest to protect the interests and rights of our company in case of disputes. You may choose to make an anonymous complaint or comment, but please note that in some cases, this may hinder our ability to follow up or provide assistance. You may choose to submit complaints anonymously. However, please note that we may not be able to fully resolve your issue without certain personal details. Additionally, we may use the content of your request, complaint, or comment to improve our port services. We limit the use of personally identifiable data as much as possible in this process. This processing is based on our legitimate interests in enhancing our services to ensure a positive experience for our visitors. We also retain this data to comply with our legal obligations, such as for accounting and tax purposes.

 

g) Ensuring port security

We monitor individuals present at the port to ensure security and handle potential crisis situations. We record your identity and contact data, booking and travel information, and security-related information. We process this data based on our legitimate interest in maintaining public security and managing crisis situations. Providing this data is not mandatory, but refusal to provide it may affect our ability to accommodate you at the port. We also process some personal data for fraud prevention and detection, relying on our legitimate interest in preventing and detecting fraud.
CCTV related data processing activities We use closed-circuit television (CCTV) throughout the port, including at all access points and in public areas. CCTV cameras are continuously operational, and images of you may be captured. CCTV footage may include sound recordings as well. We perform this activity based on our legitimate interest for security purposes, such as recognizing, identifying, and maintaining records of incidents, facilitating investigations and remedies, protecting our rights and the rights of our visitors, enabling public health measures, preventing and detecting fraud, or complying with other legal or regulatory requirements. As CCTV cameras are present throughout the port, processing of your data for these purposes is mandatory. CCTV systems are operated in compliance with GDPR and the Federal Data Protection Act. Recorded footage is stored securely and accessed only by authorized personnel.

In the event of a security incident, security officers may gather evidence from involved guests and staff to draft a report. If you are a witness, suspect, or victim, providing a statement is not mandatory. If CCTV footage is available during an incident, it may be extracted and stored for up to 1 year, or longer if necessary, depending on the specific case (e.g., investigation by authorities). Footage not extracted or used is retained for up to 30 days from the recording date.

 

h) Disciplinary and precautionary measures

Please note that we have the authority to deny access to the port or require disembarkation of an individual whose presence may be deemed a potential risk to themselves, other individuals, or port operations, or when their behaviour may affect or compromise the comfort and safety of others. To manage such situations, we may process data necessary for this purpose, including identity and contact information, booking and travel details, security-related information, as well as information regarding the cause of the measure, based on our contract with the relevant individual and our legitimate interest. Only data strictly necessary to assess and mitigate the risk will be processed, in compliance with GDPR principles of data minimization and purpose limitation.

 

3. How long we store the data

In accordance with the principle of storage limitation, the personal data we collect is kept in a form that allows the identification of data subjects only as long as necessary for the purposes for which it was collected and processed, and in any case, no longer than specified by applicable laws.
Generally, information related to booked services and the contractual relationship with you will be retained for no longer than 10 years. Personal data collected based on your consent, specifically for marketing and profiling purposes, will be retained until you withdraw your consent, and in any case, no longer than 10 years from the withdrawal of this consent.

In cases where the retention period is not specifically stated above, we have defined a Corporate Data Retention Policy which outlines the timeframe for data processing, at the conclusion of which all copies of personal data are either destroyed or anonymized using appropriate techniques that prevent the reidentification of the individual in question.

At the end of this period, all copies of personal data are either destroyed or anonymized using techniques that prevent reidentification of the individual.

For more information on our data retention periods and the criteria used to determine these periods, please contact our Data Protection Officer (DPO) at the email address provided in Section 1.

 

4. Data Sharing and Transfer of Personal Data

Your personal data may be shared only for the purposes set out in this Privacy Notice and in accordance with Articles 8 and 9 of the Turkish Personal Data Protection Law No. 6698 (“KVKK”), with the following parties:

 

a) Group Companies

To ensure personalized and efficient service delivery, depending on the country from which your booking originates, your personal data may be shared with group companies under Global Yatırım Holding. These group companies may act as data processors on behalf of Bodrum Liman and will process data only in accordance with our instructions and under appropriate confidentiality safeguards.

In certain cases (e.g., onboard security services or specific localized operations), group companies may act as independent data controllers. In such cases, a separate privacy notice will be provided to inform you of the relevant processing activities.

 

b) Commercial Partners

Some services offered (e.g., excursion programs, transportation services, insurance procedures) are provided by third-party commercial partners of Bodrum Liman. In order to fulfill your requests and facilitate these services, we may need to share your personal data with such partners.

These third parties are contractually bound to process your data only for the intended purpose and in compliance with confidentiality obligations. Typical categories of commercial partners include:

  • Tourism providers (e.g., tour operators, local guides)
  • Transportation providers (e.g., bus, train, air, or other travel services)
  • Insurance companies (e.g., for activating travel insurance)
  • Service providers (e.g., IT service providers, consultants)

 

c) Port Agents and Competent Authorities

In accordance with applicable legal obligations, your personal data may be shared with local port agents, customs, immigration, or security authorities. Such data sharing is limited to cases where it is strictly necessary and only the minimum required information is provided.

 

4. Your Data Rights

Pursuant to Article 11 of the Turkish Personal Data Protection Law No. 6698 (“KVKK”), you have the following rights regarding your personal data:

  • To learn whether your personal data is being processed;
  • If your data has been processed, to request information regarding such processing;
  • To learn the purpose of the processing and whether your data is used in accordance with its purpose;
  • To know the third parties to whom your data is transferred, either domestically or abroad;
  • To request the rectification of incomplete or inaccurate data;
  • To request the deletion or destruction of your data under the conditions set forth in Article 7 of the KVKK;
  • To request that third parties to whom your data has been transferred be informed about the actions taken under subparagraphs (e) and (f) above;
  • To object to the occurrence of a result against you arising from the analysis of your personal data exclusively through automated systems;
  • To request compensation in case you suffer damage due to the unlawful processing of your personal data.

If you wish to exercise any of the rights listed above, you may submit your request in writing to the email address provided in Section 1 of this Privacy Notice. Your request will be evaluated, and you will receive a response within 30 days.

 

5. Website Cookies and Other Tracking Technologies

The Bodrum Cruise Port website uses cookies and similar tracking technologies such as pixel tags to improve user experience, ensure the functionality of services, and personalize content.

 

What Are Cookies?

Cookies are small text files sent by websites you visit and stored on your device via your browser. These files allow the website to remember your preferences (such as language setting, session details, and font size) during future visits.

 

Purpose of Use

Cookies may be used for various purposes, including session management, authentication, security, statistical analysis, advertising, and content targeting. In addition to first-party cookies set by the visited website, cookies from third-party service providers may also be stored on your device.

 

Types of Cookies

  • Session Cookies: Deleted when the browser is closed. Used to temporarily store information.
  • Persistent Cookies: Remain stored on your device for a predetermined period or until manually deleted.
  • Strictly Necessary Technical Cookies: Required to facilitate electronic communication or provide services explicitly requested by the user. These cookies do not require consent.
  • Analytical Cookies: Help us understand how users interact with the website.
  • Marketing/Profiling Cookies: Enable personalization of ads and content by analyzing user behavior. According to the Turkish Personal Data Protection Law (KVKK), such cookies require explicit user consent.

 

Pixel Tags

Pixel tags are small pieces of code embedded in web pages that allow us to track how users interact with the site. They are used for personalized advertising and analytics by capturing data such as page views and clicks.

 

Cookie Preferences

We obtain your explicit consent before using any non-essential cookies. You can manage or reject your cookie preferences at any time through your browser settings. For more information, please refer to our [Cookie Policy] page.

 

6. Sale of Personal Data

Our Company does not engage in the sale of personal data.

However, as mentioned earlier, we may participate in targeted or personalized advertising, often referred to as interest-based or online behavioural advertising, which might include cross-contextual advertising. Under certain privacy laws, such practices could be considered a “sale” or “sharing” of personal data. These activities are conducted for both business purposes (such as delivering our cruise-related services) and commercial purposes (like marketing). 

 

Changes to This Information Notice

We reserve the right to update, modify, add, or remove portions of this information notice at any time. When changes are made, the revised Information Notice will be posted on this page, the “Last update” date will be modified accordingly, and a banner will be displayed on the website to inform you of the changes.

Each updated version of the information notice becomes effective immediately upon publication on the website. If there are significant changes in how your personal data is processed, your acknowledgment may be required, in accordance with applicable legislation.

We encourage you to periodically review this document to stay informed of the current version. If you need access to a previous version of the information notice, please contact us using the details provided in Section 1 of this notice.

 

7. Contact Us

Our Company is committed to protecting your privacy and ensuring that all personal data processing complies with applicable data protection legislation. If you have any questions or concerns about how we handle your personal data, please reach out to us filling the Personal Data Request Form provided in our website.