Welcome to the official website of Capavia, operated by Cap Havacılık Denizcilik Turizm Sanayi ve Ticaret Ltd. Şti., a corporate travel management company duly incorporated in the Republic of Türkiye and operating as a Group A Travel Agency licensed by TÜRSAB (Association of Turkish Travel Agencies) and an IATA-accredited agency.

These Terms and Conditions (“Terms”) govern your access to and use of our website, applications, platforms, and the services we offer through them. By accessing or using any part of the Capavia digital environment, you acknowledge that you have read, understood, and agree to be legally bound by these Terms.

These Terms apply to all categories of users, including corporate clients, travel coordinators, individual travelers, suppliers, partners, and any other entity or person accessing Capavia's digital or offline services. If you are using our services on behalf of a company or other legal entity, you represent and warrant that you have the legal authority to bind such entity to these Terms.

Capavia provides its services subject to contractual principles, supplier rules, and regulatory obligations arising under the laws and regulations of the Republic of Türkiye, including but not limited to the Turkish Code of Obligations, Consumer Protection Law No. 6502, Regulation on Travel Agencies and Association of Travel Agencies (TÜRSAB), Civil Aviation regulations, and applicable international aviation and tourism conventions. Use of our platform and services implies your consent to comply with these legal and operational frameworks and to assume responsibility for the accuracy and completeness of all information submitted by you or on your behalf.

Capavia reserves the unilateral right to revise, update, or replace any part of these Terms at any time, for any reason, without prior notice. Such changes may reflect legal or regulatory updates, operational requirements, supplier obligations, business process improvements, or user interface modifications.

You are encouraged to review these Terms regularly to ensure that you remain informed of your rights and responsibilities. Continued use of the website, platform, or any Capavia service following the publication of updates shall constitute your acceptance of the revised Terms.

If you do not agree to any part of these Terms, you must immediately discontinue your use of our website and services. Unauthorized, unlawful, or non-compliant use of the site or services may result in restriction of access, suspension of services, termination of contractual relations, and/or legal action in accordance with applicable Turkish legislation.

Definitions
For the purposes of these Terms and Conditions, the following terms shall have the meanings set out below. These definitions shall apply whether the terms appear in singular or plural form.

Client
Means any legal entity, corporation, partnership, public institution, or other organization that enters into a contractual, commercial, or framework agreement with Cap Havacılık Denizcilik Turizm Sanayi ve Ticaret Ltd. Şti. (Capavia) for the provision of corporate travel management, MICE, booking, consultancy, aviation, accommodation, or related services, whether acting on its own behalf or on behalf of its employees, representatives, affiliates, or authorized travelers.

Traveller
Means any natural person whose travel, accommodation, transportation, event participation, or related services are arranged, coordinated, booked, or facilitated by Capavia, either directly or indirectly through a Client, including but not limited to employees, contractors, consultants, guests, delegates, or other persons authorized by the Client.

Supplier
Means any third-party service provider engaged in the delivery of travel, accommodation, transportation, aviation, maritime, event, or related services, including but not limited to airlines, air charter operators, hotels, accommodation providers, ground transportation companies, transfer providers, venue operators, destination management companies (DMCs), event service providers, technology providers, and other subcontractors operating under Turkish or international jurisdiction.

Platform
Means Capavia’s digital and operational environment, including its website, online booking engines, corporate travel portals, mobile applications, communication systems, API integrations, supplier systems, and any other electronic or technical infrastructure through which Services are accessed, delivered, managed, or supported.

Services
Means all services provided by Capavia, including but not limited to corporate travel management, domestic and international flight bookings, accommodation reservations, MICE services, visa and travel consultancy, supplier coordination, reporting, traveler support, operational assistance, maritime and aviation coordination, and any ancillary or administrative services provided under a Corporate Agreement or these Terms.

Corporate Agreement
Means any written agreement, framework contract, service-level agreement (SLA), commercial arrangement, proposal confirmation, or other binding document entered into between Capavia and a Client governing the scope of Services, commercial terms, pricing structures, payment conditions, responsibilities, service standards, and contractual obligations of the Parties.

Force Majeure
Force Majeure means any event, circumstance, or combination of events beyond the reasonable control of Capavia, the Client, or the Supplier that prevents, delays, or materially impairs the performance of contractual obligations under these Terms or any Corporate Agreement.


Force Majeure events shall include, but not be limited to:

• Acts of God, including natural disasters such as earthquakes, floods, volcanic activity, storms, extreme weather conditions, wildfires, and other natural catastrophes
• Public health emergencies, including pandemics, epidemics, quarantine measures, and restrictions imposed by health authorities
• Acts, decisions, or regulations of governmental or administrative authorities, including travel bans, border closures, visa restrictions, airspace closures, embargoes, sanctions, and regulatory changes in aviation, tourism, or hospitality sectors
• War, armed conflict, terrorism, civil unrest, riots, states of emergency, or political instability
• Labor disputes, strikes, slowdowns, or industrial actions affecting airlines, airports, hotels, transportation networks, ports, or essential service providers
• Failures or disruptions of critical infrastructure, including airport operations, seaport operations, air traffic control systems, power grids, communication networks, reservation systems, or global distribution systems (GDS)
• Economic crises, devaluation, and fluctuations in exchange rates for any reason are also considered force majeure events.

For the aviation, tourism, and accommodation sectors, Force Majeure shall specifically include, without limitation:

• Aircraft groundings, fleet-wide safety directives, or mandatory inspections imposed by civil aviation authorities (including SHGM or international regulators)
• Airport closures, runway restrictions, slot cancellations, or air traffic management decisions
• Crew shortages resulting from regulatory, health, or security restrictions
• Overbooking mandates, involuntary re-accommodation, or supplier-imposed service suspensions
• Hotel closures, government-mandated capacity limits, evacuation orders, or revocation of operating licenses
• Supplier insolvency, bankruptcy, financial restructuring, or sudden cessation of operations

In the event of Force Majeure, neither Capavia nor the affected Party shall be deemed in breach of these Terms to the extent that performance of obligations is prevented or delayed by such event. The obligations of the affected Party shall be suspended for the duration of the Force Majeure event, and all remedies, refunds, rescheduling options, or alternative arrangements shall be subject to the terms and conditions of the relevant Supplier, applicable Turkish legislation, and international conventions where relevant.

All travel arrangements made through Capavia are subject to the availability, confirmation, and booking policies of the primary service providers, including but not limited to airlines, hotels, ground transportation companies, event venues, and local operators. Capavia does not own, operate, or directly control these services and acts solely as an intermediary travel management service provider between the Client and the relevant Supplier in accordance with applicable Turkish legislation, including consumer protection and package travel regulations where relevant.

Accordingly, Capavia cannot guarantee availability, pricing, schedules, or the proper performance of any travel service beyond what is officially confirmed and communicated by the Supplier. While Capavia facilitates reservations, coordination, and travel management processes, the contractual relationship regarding the delivery and execution of the travel service is established directly between the Client (or Traveller) and the third-party service provider. Capavia's responsibility is fulfilled by providing the service. Capavia accepts no responsibility in the event of any dispute between the customer and the supplier.

It is the responsibility of the Client to review and fully understand applicable fare rules, ticket conditions, cancellation terms, no-show policies, amendment penalties, and refund eligibility criteria prior to confirming any booking. Such conditions may vary significantly between Suppliers and may change depending on availability, fare class, operational requirements, Supplier policy revisions, or force majeure circumstances as recognized under Turkish law and international travel regulations.

In the event of any cancellation, modification, or refund request, the rules, limitations, and procedural requirements of the relevant Supplier shall apply in full. Capavia will provide administrative support and communication facilitation; however, it cannot override Supplier decisions, accelerate refund timelines, or alter the outcome of the Supplier’s evaluation process.

For all change, cancellation, or refund transactions, Capavia applies an administrative service and handling fee. The applicable fee structure is defined within the commercial agreement, service contract, or corporate framework agreement executed with the Client. Such fees cover operational coordination, documentation processing, Supplier liaison, and follow-up activities, and are non-refundable once the service intervention has been performed, irrespective of whether the request results in a refund, rescheduling, credit issuance, or rejection by the Supplier. Since the service fee agreed upon between the parties is binding only on the parties to that commercial relationship, the customer cannot request a discount from Capavia based on customers of a similar nature.

All requests for amendments, cancellations, refunds, or service support must be submitted in writing via email to info@Capavia.com.tr, together with relevant booking references, passenger details, and a clear written explanation of the request. Capavia will acknowledge receipt and respond within a reasonable timeframe, providing guidance on the next procedural steps in line with Supplier rules, contractual obligations, and applicable legal requirements.

We process all personal information in accordance with the EU General Data Protection Regulation (GDPR), the Swedish Data Protection Act, and the Turkish Personal Data Protection Law No. 6698 (“KVKK”), particularly with regard to data minimization, lawfulness of processing, transparency, data security, and accountability principles recognized under both EU and Turkish data protection frameworks.

Data Minimization – Article 5(1)(c) GDPR / KVKK Article 4(2)(ç)

“Personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.”

Capavia adheres to the principle of data minimization by ensuring that only personal data strictly necessary for the planning, booking, coordination, and management of travel-related services is collected and processed. In line with KVKK’s proportionality and purpose-limitation principles, we do not request, process, or retain excessive, irrelevant, or unrelated personal information.

For example, when arranging flights, accommodation, or transportation, we collect only essential data such as passenger names, dates of birth, identification or passport details, contact information, and payment data where required. Data collection forms, booking tools, and operational workflows are periodically reviewed to eliminate unnecessary fields and prevent disproportionate data retention.

Lawfulness of Processing – Article 6 GDPR / KVKK Articles 5 & 6

“Processing shall be lawful only if and to the extent that at least one of the legal conditions is met.”

Capavia ensures that all personal data is processed lawfully, fairly, and transparently, relying on recognized legal bases under both GDPR and KVKK. These include:

• Explicit Consent: Where required (e.g., marketing communications, special service preferences), we obtain clear, informed, and freely given consent from data subjects.
• Contractual Necessity: The majority of processing activities are necessary for the establishment or performance of a contract, such as booking flights, hotels, or managing corporate travel programs.
• Legal Obligation: Certain data must be processed to comply with legal and regulatory requirements, including taxation, financial reporting, aviation security, and immigration regulations under applicable national and international law.
• Legitimate Interest: In limited circumstances, data may be processed to support legitimate business interests (e.g., service quality monitoring, fraud prevention), provided that such interests do not override the fundamental rights and freedoms of the data subject.

For special categories of personal data (if ever required), Capavia applies heightened protection measures and processes such data only under explicit consent or other lawful exemptions recognized under Article 9 GDPR and Article 6 KVKK.

Capavia evaluates and documents the legal basis applicable to each processing activity in accordance with accountability obligations.

Accountability – Article 5(2) GDPR / KVKK Article 12

“The controller shall be responsible for, and be able to demonstrate compliance.”

Capavia embraces the accountability principle by implementing a comprehensive internal data protection governance framework aligned with both GDPR and KVKK compliance requirements. This framework includes:

• Maintaining up-to-date records of personal data processing activities
• Assigning internal data protection and privacy compliance coordinators
• Conducting periodic compliance audits and risk assessments
• Delivering data protection and confidentiality training to employees handling personal data
• Implementing written data processing agreements with suppliers, partners, and sub-processors containing GDPR- and KVKK-compliant clauses
• Establishing internal policies on data retention, destruction, anonymization, and breach management

Capavia is prepared to demonstrate its compliance to competent supervisory authorities, including the Swedish Authority for Privacy Protection (IMY) and the Turkish Personal Data Protection Authority (KVKK Kurumu).

Records of Processing Activities – Article 30 GDPR / KVKK Article 16 (VERBIS Alignment)

“Each controller shall maintain a record of processing activities under its responsibility.”

Capavia maintains detailed and continuously updated Records of Processing Activities (RoPA) documenting how personal data is collected, processed, transferred, stored, and secured across its operations. Where required under Turkish law, Capavia also aligns its records with Data Controllers’ Registry (VERBIS) obligations.

These records include:

• The identity and contact details of Capavia as Data Controller / Data Processor and designated data protection contact points
• The purposes of each processing activity (e.g., flight reservations, hotel bookings, event logistics, reporting)
• Categories of data subjects (e.g., corporate clients’ employees, business travelers, event participants) and categories of personal data processed
• Recipient groups to whom data is disclosed, including airlines, hotels, DMCs, and technology providers
• Details of international data transfers and implemented safeguards (e.g., Standard Contractual Clauses, adequacy decisions, contractual undertakings)
• General descriptions of technical and organizational security measures implemented under GDPR Article 32 and KVKK Article 12

These records are maintained in written and/or electronic form, updated regularly, and made available to competent supervisory authorities upon lawful request as part of Capavia’s transparency and compliance commitment.

Capavia operationalizes these principles by collecting only the personal data necessary to deliver travel services, ensuring that all processing activities rely on valid legal grounds, implementing strong data security safeguards, and maintaining comprehensive processing records in line with GDPR and KVKK obligations.

Identity Information

Data containing information about the person's identity; name and surname, Turkish ID number, nationality information, place of birth, date of birth, gender, workplace information, registration number, tax number, title, biography, etc., as well as documents such as driver's license, professional ID, identity card, and passport.

Contact Information

Phone number, address, email, fax number

Location Data

Information identifying the location of employees of institutions we collaborate with in relation to emergency procedures

Family Members and Close Relatives Information

Information about the family members and close relatives of the personal data owner within the scope of our company's operations and in relation to the products and services we offer, or for the purpose of protecting the legal and other interests of the Company and the data owner

Customer Information

Data obtained about the customer during the course of our commercial activities

Customer Transaction Information

This refers to records related to the use of our products and services, as well as information such as our customers' instructions and requests regarding the use of our products and services.

Physical Premises Security Information

Personal data related to records and documents obtained upon entry to the physical premises and during stay within the physical premises; camera recordings, vehicle information records, and records obtained at security points, etc.

Transaction Security Information

Personal data processed to ensure our technical, administrative, legal, and commercial security during the execution of our activities (e.g., log records, IP information, identity verification information)

Financial Information

Personal data processed in relation to information, documents, and records showing any financial results generated according to the type of legal relationship established between our company and the personal data owner, as well as data such as bank account number, IBAN number, income information, debt/credit information.

Job Applicant Information

Resume information of our job applicants and/or employee and/or intern candidates who have applied to our company in any way

Special Category Personal Data

Data related to individuals' race, ethnic origin, political opinion, philosophical belief, religion, sect, or other beliefs, attire, membership in associations, foundations, or unions, health, sexual life, criminal convictions, and security measures, as well as biometric and genetic data

Request/Complaint Management Information

Personal data related to the receipt and evaluation of any requests or complaints directed to our company

Visual and Audio Data

Photographs and camera recordings (excluding recordings falling under Physical Premises Security Information) and audio recordings

Audit and Inspection Information

Personal data processed in relation to the execution of our company's operational, financial, fraud, and compliance audit activities

Legal Proceedings and Compliance

Personal data processed for the identification and tracking of our legal claims and rights, the fulfillment of our obligations, and compliance with our legal obligations and company policies

Transaction Information

Survey information, declaration information, purchase information, call center records, membership information, cookie records, and other data processed within the scope of activities carried out by our company, in relation to the products or services offered, or for the purpose of protecting the legal and other interests of the company and the personal data owner

--------

PERSONAL DATA APPLICATION FORM

Pursuant to the Personal Data Protection Law No. 6698 (“KVKK”), personal data subjects have the right to be informed about their personal data, to access such data, to learn whether it is used in line with its purpose, and to request its correction or deletion.

In accordance with Article 13/1 of the KVKK, applications regarding these rights must be submitted in writing to the data controller, Cap Havacılık Denizcilik Turizm Sanayi ve Ticaret Limited Şirketi (hereinafter referred to as “Capavia”), via this Personal Data Subject Application Form or through other methods determined by the Personal Data Protection Board (“Board”).

1. APPLICATION METHODS

Written applications to Capavia may be submitted using the printed version of this form through the following channels:

• Personal application by the applicant
• Submission via postal mail
• Notification through a notary public
• Submission to our Registered Electronic Mail (KEP) address signed with a secure electronic signature under Law No. 5070
• Submission via the e-mail address previously notified to and registered in our systems

Contact Information:

Cap Havacılık Denizcilik Turizm Sanayi ve Ticaret Limited Şirketi
Yeşilbahçe Mah. Portakal Çiçeği Blvd. Rabia Hanım Sitesi No:32/B
Muratpaşa / Antalya – Türkiye
E-mail: info@Capavia.com.tr

2. APPLICANT INFORMATION

Please complete the fields below in full:

Full Name :
Turkish ID Number / Passport No :
Address :
Mobile Phone :
E-mail Address :

Relationship With Capavia

• Visitor
• Customer
• Employee
• Employee of Business Partners
• Third Party
• Other :
Nature of Your Relationship :

Relationship Status :

• Ongoing
• Terminated

3. SUBJECT OF REQUEST

Within the scope of Article 11 of the KVKK, you may request:

• To learn whether my personal data is processed
• To request information if processed
• To learn the purpose of processing
• To learn whether it is used in line with its purpose
• To learn third parties to whom data is transferred
• To request correction of incomplete/incorrect data
• To request deletion/destruction of data
• To request notification to third parties
• To object to automated decision-making
• To request compensation for damages
Please Describe Your Request in Detail

4. APPLICANT DECLARATION

In line with the requests stated above, I kindly request that my application be evaluated and that I be informed accordingly.

I hereby declare and undertake that the information and documents I have provided are accurate, up to date, and belong to me. I consent to the processing of my personal data submitted within this form solely for the purposes of evaluating and responding to my application, delivering the response to me, and verifying my identity and address by Capavia.

5. RESPONSE PREFERENCE

I request that the response be delivered to me via:

• My postal address stated in the form
• My e-mail address stated in the form
• Hand delivery
(In case of proxy collection, a notarized power of attorney is required.)

6. RESPONSE PERIOD

Applications will be concluded as soon as possible and within 30 days at the latest in accordance with Article 13 of the KVKK. Responses will be delivered in written or electronic form.

Written responses up to 10 pages are free of charge. An administrative fee may be charged for each additional page in accordance with applicable legislation.

7. RIGHT TO COMPLAIN TO THE BOARD

If your application is rejected, the response is found insufficient, or no response is provided within the legal period, you may file a complaint with the Personal Data Protection Board within 30 days from learning the response and in any case within 60 days from the application date.

8. OTHER MATTERS

Capavia may request additional information/documents for identity verification.

You may be contacted to clarify your application.

Applications must be submitted personally by the data subject.

9. APPLICANT

Full Name :
Contact Information :
Application Date :
Signature :

Important Note:
Applications must be made personally by the data subject. Applications on behalf of spouses, children, or relatives are not accepted. A copy of your ID must be attached. Capavia does not accept liability for requests arising from false/incomplete information or unauthorized applications.

--------

As Capavia.com.tr, we respect your personal privacy rights and make every effort to ensure this during the time you spend on our website. Explanations regarding the security of your personal information are provided below for your information.

SSL and 3D Secure Systems

Your personal information used on Capavia.com.tr is protected. The information you provide while completing membership and order transactions is secured with the SSL security system. Your credit card information is never stored in our system. Member information is carefully protected against third-party intervention.

Information regarding your purchases made through the Capavia.com.tr website is never shared with other institutions or organizations. Only you can view and modify the information stored in our system. Third parties cannot access or alter your data.

Member information may only be disclosed to official authorities when such information is duly requested in accordance with legal procedures and where disclosure is mandatory under applicable legislation.

During payment, the credit card information you enter is processed through the 3D Secure system directly between you and your bank. Your credit card details are not stored or recorded by Capavia.com.tr.

Mandatory fields completed during registration are retained solely to provide you with better service for your transactions on www.Capavia.com.tr.

Log Files

As with many standard web servers, Capavia.com.tr keeps log files for statistical purposes. These files may include standard information such as your IP address, internet service provider, browser features, operating system, and site entry/exit pages.

Log files are used strictly for statistical purposes and do not violate your privacy. Your IP address and other data are not associated with your personal information.

Cookies

The term “cookie” refers to a small text file placed on your computer’s hard drive by a web page server.

Cookies may be used in certain sections of our site to enhance user convenience. Additionally, cookies and web beacons may be used via advertisements on the site to collect advertising data. This occurs entirely with your consent, and you may prevent it by changing your internet browser settings if you wish.

External Links

The Capavia.com.tr website may provide links to different internet addresses from its pages.

Capavia.com.tr is not responsible for the content or privacy practices of the sites it links to or promotes via banners. Linking is legally considered a form of reference.

Contact

For any questions, opinions, or comments regarding the privacy policy applied on Capavia.com.tr, you may contact us at:
info@Capavia.com.tr

This Cookie Policy explains how Cap Havacılık Denizcilik Turizm Sanayi ve Ticaret Ltd. Şti. (“Capavia”, “we”, “us”, or “our”) uses cookies and similar tracking technologies to recognize you when you visit www.Capavia.com.tr. It explains what these technologies are, why we use them, the legal bases for their use, and your rights to control or refuse them under the EU General Data Protection Regulation (GDPR) and the Turkish Personal Data Protection Law No. 6698 (“KVKK”).

By continuing to browse our website, you acknowledge that cookies may be placed on your device in accordance with this Policy, unless you choose to disable or manage them through your browser settings or our cookie consent management tool.

Cookies are small data files that are placed on your computer, tablet, mobile phone, or other device when you visit a website. Cookies are widely used to ensure websites function properly, operate more efficiently, enhance user experience, and provide reporting information to website owners.

Cookies may be categorized as first-party cookies (set directly by Capavia) or third-party cookies (set by external service providers or technology partners). They may also be session cookies (which expire when you close your browser) or persistent cookies (which remain stored on your device until deleted manually or automatically upon expiry).

Strictly Necessary Cookies

These cookies are essential for the technical operation, security, and core functionality of our website. They enable services such as page navigation, secure login sessions, consent management, and booking or request workflows. The website cannot function properly without these cookies, and therefore they are processed based on legal grounds of legitimate interest and service necessity under GDPR and KVKK, without requiring explicit consent.

Performance and Analytics Cookies

These cookies help us understand how visitors interact with our website by collecting and reporting information in an aggregated and anonymous manner. They allow us to analyze traffic sources, user navigation paths, session durations, and system performance metrics in order to improve website usability and service delivery.

For example, we may use analytics tools such as Google Analytics or similar technologies to monitor traffic patterns and optimize the digital user experience. Where required by applicable law, such cookies are activated only after user consent is obtained.

Functionality Cookies

Functionality cookies allow the website to remember choices you make, such as language preferences, region selections, saved travel searches, or previously entered form information. These cookies enable enhanced and personalized features but are not strictly necessary for the website’s core operation. Their use may therefore be subject to user consent depending on jurisdictional requirements.

Marketing and Advertising Cookies (Activated Only With Explicit Consent)

Marketing cookies track browsing habits and interaction behavior across websites. They may be used to deliver targeted advertisements, measure campaign performance, or enable remarketing activities across digital platforms.

Capavia activates marketing and advertising cookies only after you have provided explicit, informed consent via our cookie banner or consent management tool, in line with GDPR, KVKK, and Turkish electronic communications legislation.

Cookie Consent Management

When you first visit our website, you will be presented with a cookie consent banner allowing you to:

• Accept all cookies
• Reject non-essential cookies
• Customize cookie preferences by category

You may withdraw or modify your consent at any time by accessing the “Cookie Settings” link available in the footer of our website.

In accordance with GDPR, KVKK, and the ePrivacy Directive, as well as Turkish Information and Communication Technologies Authority (BTK) regulations, non-essential cookies may only be stored on your device upon your explicit and informed consent.

Third-Party Cookies

Certain pages on our website may integrate third-party services such as interactive maps, embedded videos, social media plugins, or analytics platforms. These third parties may place cookies independently of Capavia’s control.

Examples may include:

• Google Analytics
• YouTube embedded video services
• LinkedIn Insight Tag or similar marketing pixels (where activated)

We recommend reviewing the respective privacy and cookie policies of these third-party providers to understand their data processing practices.

Browser Controls

Most web browsers automatically accept cookies by default. However, you may modify your browser settings to decline, block, or delete cookies if you prefer. Please note that disabling certain cookies may impact website functionality, performance, or service availability.

For more detailed information on how to manage cookies, you may visit:

• www.allaboutcookies.org
• www.youronlinechoices.eu

To provide you with a better, faster, and more secure experience, Capavia.com.tr uses cookies, as do most websites. The use of these technologies is carried out in compliance with the applicable legislation, primarily the Personal Data Protection Law No. 6698 (“KVKK”).

First of all, we would like to state that by visiting www.capavia.com.tr, you accept the placement of cookies on your device that are necessary for the use of Capavia’s website.

Capavia uses the information collected through cookies in accordance with the Capavia Personal Data Protection and Processing Disclosure.

The purpose of this Cookie Policy is to inform you about the processing of personal data obtained through the use of cookies during the operation of the Capavia.com.tr website operated by us. In this Cookie Policy, we explain which types of cookies we use on our website, for what purposes, and how you can control these cookies.

A cookie is a small file containing text records that is stored in your browser or on your computer’s hard drive if you consent.

Our website uses cookies to distinguish you from other users. This helps us provide you with a good experience while you browse our website and also allows us to improve our site.

As Capavia, we use cookies on our website for various purposes and process your personal data through these cookies. The main types of cookies used on our website and their purposes are as follows:

Session Cookies

(English: “Session Cookies”)

Session cookies are temporary cookies used during visitors’ visits to the Website and are deleted after the browser is closed.

The primary purpose of using these cookies is to ensure that the Website functions properly during your visit.

Persistent Cookies

Persistent cookies are used to enhance the functionality of the Website and to provide visitors with faster and better service.

These cookies are used to remember your preferences and are stored on your device via browsers.

Some types of persistent cookies may be used to provide you with special recommendations, taking into account matters such as your intended use of the Website.

If you revisit our Website using the same device, it is checked whether a cookie created by our Website exists on your device. If so, it is understood that you have visited the site before, and the content to be delivered to you is determined accordingly, thus providing you with better service.

Analytical Cookies

Analytical cookies enable the production of analytical results such as the number of visitors to the website, the pages viewed, visit hours, and page scrolling movements.

Capavia may, when deemed necessary, stop using the cookies it uses, change their types or functions, or add new cookies to the website. Therefore, this Cookie Policy may be amended at any time. In cases where the Cookie Policy is updated, it will become effective as of the update date stated at the top of the page. We recommend that you review the Cookie Policy periodically to stay informed about cookie usage.

Cookies allow us to present advertisements to you on other platforms via our website.

They enable us to provide features, insights, and personalized content in connection with our plugins. You can learn more about plugins in our Privacy Policy.

We may use cookies to determine whether a person who sees an advertisement later visits the advertiser’s site and performs an action (for example, purchasing a service). Similarly, our partners may use cookies to determine whether an advertisement has been shown, its performance, or to inform us about how you interact with it. We may work with our partners to show you advertisements after you visit a partner’s website or application.

Cookies help us understand how our website and plugins perform in different locations. We also use cookies to understand, develop, and research our products, features, and services when you access them from other websites, applications, or your business computer or mobile device.

Please note that third parties (including external service providers such as web traffic analysis services) may also use cookies, and we have no control over these cookies. These cookies are generally analytical/performance cookies or targeting cookies.

You can prevent the use of cookies by activating settings in your browser that refuse the use of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies), you may not be able to access all or parts of our website.

By continuing to browse our website, you are deemed to have accepted our use of cookies. By continuing to use our website, you consent to the placement of cookies on your device. If you do not wish to accept cookies regarding your use of our website, you must either change your browser settings to block all or some cookies or discontinue using our website.

Policy Updates

We may update this Cookie Policy from time to time to reflect legal, regulatory, technical, or operational changes. Where material updates occur, we will take appropriate steps to inform users, including website notifications or renewed consent requests where required.

Contact

If you have any questions regarding our use of cookies or this Cookie Policy, you may contact us at:

Cap Havacılık Denizcilik Turizm Sanayi ve Ticaret Ltd. Şti.
Portakal Çiçeği Bulv. No:32/B Muratpaşa, Antalya, Türkiye
Email: info@Capavia.com.tr
Phone: 444 0 977

Capavia processes personal data on behalf of its corporate clients in accordance with Article 28 of the EU General Data Protection Regulation (“GDPR”) and the Turkish Personal Data Protection Law No. 6698 (“KVKK”), both of which require that a written contract be in place between the data controller and the data processor (data handler).

Under Article 28 GDPR and the corresponding provisions of KVKK, a data processing agreement must:

• Specify the subject matter and duration of processing
• Outline the nature and purpose of the processing
• Define the type of personal data and categories of data subjects
• Set out the obligations and rights of the data controller

Capavia’s DPA ensures that:

• Personal data is processed only on documented instructions from the controller (GDPR Article 28(3)(a); KVKK Article 12)
• Persons authorized to process the data are subject to confidentiality obligations (GDPR Article 28(3)(b))
• Appropriate technical and organizational security measures are implemented (GDPR Article 28(3)(c); KVKK Article 12)
• The controller is assisted in fulfilling its data protection obligations (GDPR Article 28(3)(f))

--------

Data Processing Agreement (DPA)

This Data Processing Agreement (the “Agreement”) is entered into between the Customer (the “Data Controller”) and Cap Havacılık Denizcilik Turizm Sanayi ve Ticaret Ltd. Şti., a company duly incorporated under the laws of the Republic of Türkiye, with its registered address at Portakal Çiçeği Bulv. No:32/B Muratpaşa, Antalya, Türkiye (the “Data Processor”), collectively referred to as the “Parties.”

This Agreement governs the processing of personal data by Capavia on behalf of the Data Controller in accordance with the EU General Data Protection Regulation (GDPR), the Turkish Personal Data Protection Law No. 6698 (KVKK), and applicable secondary legislation.

In accordance with GDPR Article 28 and KVKK data processing provisions, a written contract is required whenever a data controller engages a data processor. Such contract must stipulate the subject matter and duration of processing, the nature and purpose of processing, the categories of personal data, the categories of data subjects, and the obligations and rights of the controller.

Capavia, acting as Data Processor, agrees to:

• Process personal data only on documented instructions from the Data Controller;
• Ensure that persons authorized to process personal data have committed themselves to confidentiality or are under statutory confidentiality obligations;
• Implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk;
• Assist the Data Controller in responding to requests from data subjects exercising their rights under GDPR and KVKK;
• Make available all information necessary to demonstrate compliance with processor obligations;
• Delete or return all personal data to the Data Controller upon termination of services, unless retention is required under applicable law.

--------

Security and Confidentiality

Capavia shall maintain the confidentiality of all personal data processed under this Agreement and shall ensure that appropriate technical and organizational measures are implemented to protect such data in compliance with GDPR Article 32 and KVKK Article 12, including safeguards against unauthorized access, loss, alteration, or unlawful disclosure.

Sub-processors

Capavia shall not engage another processor (sub-processor) without prior written authorization of the Data Controller. In the case of general written authorization, Capavia shall inform the Data Controller of any intended changes concerning the addition or replacement of sub-processors, thereby giving the Controller the opportunity to object.

All approved sub-processors shall be contractually bound by data protection obligations equivalent to those set forth in this Agreement and required under GDPR and KVKK, including cross-border data transfer safeguards where applicable.

Data Subject Rights

Capavia shall, insofar as legally and technically feasible, assist the Data Controller in fulfilling its obligation to respond to requests for exercising data subject rights as set out in GDPR Chapter III and KVKK Article 11, including rights of access, rectification, erasure, restriction, objection, and data portability where applicable.

Termination and Deletion

Upon termination or expiry of the Agreement, Capavia shall, at the choice of the Data Controller, delete or return all personal data and securely delete existing copies, unless retention of such data is required by European Union law, Turkish law, or other applicable regulatory obligations.

Article 28 – Processor

“Where processing is to be carried out on behalf of a controller, the controller shall use only processors providing sufficient guarantees to implement appropriate technical and organizational measures…”

Capavia acts as a data processor on behalf of its corporate clients and complies fully with the requirements set out in Article 28 of the GDPR and relevant provisions of KVKK. This includes executing written Data Processing Agreements (DPAs) with each client, clearly defining the roles, responsibilities, and scope of processing activities.

In accordance with Article 28(3), each DPA executed by Capavia ensures that:

• Personal data is processed only on documented instructions from the controller
• Personnel involved in processing are bound by confidentiality obligations
• Technical and organizational measures are implemented to ensure data security
• Sub-processors are engaged only with prior authorization and are bound by equivalent obligations
• The processor assists the controller in ensuring compliance with obligations under GDPR Articles 32–36 and KVKK breach notification and compliance requirements
• At the end of the provision of services, all personal data is either returned or securely deleted

Capavia also maintains and regularly updates a register of approved sub-processors and ensures that all third-party vendors provide equivalent levels of data protection and regulatory compliance.

Article 32 – Security of Processing

“Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing… the controller and the processor shall implement appropriate technical and organizational measures…”

Capavia is committed to safeguarding personal data through the implementation of advanced technical and organizational security controls in line with GDPR Article 32 and KVKK data security obligations.

These measures include, but are not limited to:

• Data encryption at rest and in transit using industry-standard cryptographic protocols
• Access controls based on least-privilege principles and multi-factor authentication for critical systems
• Regular security audits and vulnerability assessments
• Secure software development and vendor integration practices
• Incident response and breach notification procedures compliant with GDPR and KVKK timelines
• Employee training on data protection, confidentiality, and secure data handling

Capavia continuously monitors, reviews, and enhances its security framework in alignment with evolving cyber threats, regulatory developments, and industry best practices, ensuring that client and traveler personal data is processed with the highest standards of integrity, confidentiality, and protection.

1. Data Controller Identification

In accordance with the EU General Data Protection Regulation (“GDPR”) and the Turkish Personal Data Protection Law No. 6698 (“KVKK”), your personal data may be processed by Cap Havacılık Denizcilik Turizm Sanayi ve Ticaret Ltd. Şti. (“Capavia” or “the Company”), acting in the capacity of Data Controller, within the scope described below.

Registered Address: Portakal Çiçeği Bulv. No:32/B Muratpaşa, Antalya, Türkiye

Phone: 444 0 977 / +90 242 322 82 85

Email: info@Capavia.com.tr

2. Scope of Personal Data Subject to Explicit Consent

Subject to your explicit consent where legally required, Capavia may process the following categories of personal data:

• Identity information (name, surname, date of birth, passport/ID details)
• Contact information (email address, phone number, company details)
• Travel information (flight, hotel, visa, itinerary, loyalty program data)
• Financial and billing information (payment data, invoicing details)
• Corporate affiliation and employment data (company, title, department)
• Marketing and communication preferences
• Special service requests (meal preferences, accessibility needs, where voluntarily provided)

Special categories of personal data (if shared), such as health or accessibility information necessary for travel arrangements, will be processed only upon separate and explicit consent where required by law.

3. Purposes of Processing Requiring Explicit Consent

Your personal data may be processed, upon your explicit consent, for the following purposes:

• Execution and management of corporate travel, accommodation, transportation, and event services
• Creation and management of traveler profiles and booking records
• Communication regarding reservations, itinerary updates, and operational notifications
• Provision of customer support and traveler assistance services
• Financial processing, invoicing, and reporting
• Sending marketing communications, newsletters, campaigns, and service announcements
• Conducting customer satisfaction surveys and service quality assessments
• Improving digital platforms, booking tools, and user experience

Where processing is based on contractual necessity or legal obligation, explicit consent may not be required; however, Capavia will always rely on consent where mandated under GDPR or KVKK.

4. Transfer of Personal Data

Subject to your explicit consent where required, personal data may be transferred domestically or internationally to:

• Airlines, air charter operators, and aviation authorities
• Hotels, accommodation providers, and destination management companies
• Ground transportation and transfer providers
• Event venues and event service partners
• Visa processing and immigration service providers
• Technology infrastructure and reservation system providers (GDS, booking tools)
• Financial institutions and payment processors
• Authorized public authorities where legally required

International transfers will be conducted in compliance with GDPR Chapter V and KVKK cross-border data transfer provisions, using appropriate safeguards such as Standard Contractual Clauses, adequacy decisions, or explicit consent where necessary.

5. Method and Legal Basis of Data Collection

Personal data is collected through digital platforms, booking systems, corporate agreements, email communications, call centers, mobile applications, and physical documentation channels.

Processing activities are carried out based on:

• Explicit consent
• Contractual necessity
• Legal obligations
• Legitimate business interests (where applicable and proportionate)

6. Data Subject Rights

Under GDPR (Articles 12–23) and KVKK (Article 11), you have the right to:

• Learn whether your personal data is processed
• Request information regarding processing activities
• Learn the purpose of processing and whether data is used accordingly
• Know third parties to whom data is transferred
• Request correction of incomplete or inaccurate data
• Request deletion or destruction of data where legal conditions are met
• Object to processing results produced solely by automated systems
• Claim compensation for damages arising from unlawful processing

Requests may be submitted via email to info@Capavia.com.tr in accordance with applicable data subject request procedures.

7. Retention and Destruction

Personal data processed based on explicit consent will be retained for the duration necessary to fulfill the stated purposes and in line with statutory retention periods under Turkish and EU legislation. Upon expiry, data will be deleted, destroyed, or anonymized in accordance with Capavia’s Data Retention and Destruction Policy.

8. Consent Declaration

By approving this Explicit Consent Statement, you acknowledge and declare that:

• You have been informed about the processing of your personal data in a clear and transparent manner.
• You understand the purposes, scope, legal basis, and transfer conditions of processing.
• You freely consent to the processing and transfer of your personal data as described above.
• You are aware that you may withdraw your consent at any time without affecting the lawfulness of prior processing activities.

Your consent may be withdrawn by contacting Capavia via the communication channels listed above.

Cap Havacılık Denizcilik Turizm Sanayi ve Ticaret Ltd. Şti. (“Capavia”) provides travel booking, coordination, consultancy, and corporate travel management services as an independent intermediary between its clients and third-party travel service providers, including but not limited to airlines, air charter operators, hotel chains, accommodation providers, venue operators, ground transportation companies, destination management companies, and event service firms.
While Capavia exercises reasonable professional diligence to ensure that all information presented to clients is accurate, current, and sourced from reliable suppliers, Capavia does not own, operate, manage, or control the actual delivery of transportation, accommodation, event, or other travel-related services. Accordingly, Capavia shall not be held liable for any errors, omissions, delays, disruptions, service deficiencies, or operational failures arising from the acts, omissions, negligence, or contractual breaches of third-party suppliers. Capavia provides its services based on the information provided to it and accepts no liability for any consequences arising from the misrepresentation of customer information.

This limitation of liability includes -but is not limited to- the following circumstances:

• Flight delays, schedule changes, or cancellations imposed by airlines or aviation authorities
• Hotel overbookings, accommodation standard deficiencies, or service quality disputes
• Changes in itineraries, routing, or service scope imposed by providers
• Venue unavailability, technical failures, or event service disruptions
• Visa refusals, consular processing delays, customs restrictions, or denied boarding decisions by official authorities
• Lost, delayed, or damaged baggage handled by air carriers or transport operators

Carrier liabilities, passenger rights, and compensation claims remain subject to the contractual terms of the relevant airline, hotel, or service provider, as well as applicable international conventions, aviation regulations, and Turkish civil aviation and consumer legislation where applicable.

Capavia further disclaims responsibility for service interruptions, travel disruption, or financial losses resulting from force majeure events beyond its reasonable control. Such events include -but are not limited to- natural disasters, pandemics, epidemics, political unrest, civil disturbances, labor strikes, acts of terrorism, adverse weather conditions, infrastructure failures, or unforeseen governmental or regulatory restrictions affecting travel operations.

In the occurrence of such events, the contractual terms, cancellation rules, and operational policies of the relevant supplier shall prevail. Capavia shall act solely in a facilitative, coordinative, and advisory capacity, assisting clients in communication, rebooking efforts, refund applications, or alternative arrangements where commercially and operationally feasible. However, Capavia cannot guarantee outcomes, processing timelines, or financial recoveries, nor shall it assume financial liability for the acts or omissions of third parties beyond its control.

Clients are strongly advised to obtain comprehensive travel insurance coverage, including but not limited to trip cancellation, medical coverage, travel interruption, baggage protection, and force majeure contingencies, in order to mitigate financial and operational risks associated with corporate or individual travel.

Cap Havacılık Denizcilik Turizm Sanayi ve Ticaret Ltd. Şti. (“Capavia”) is committed to ensuring that its website and digital services are accessible to the broadest possible audience, regardless of physical ability, sensory limitation, cognitive difference, or the technologies used to access our content. We recognize accessibility as an essential component of an inclusive, equitable, and professionally responsible digital presence.

Our ongoing accessibility efforts are guided by the principles set out in the Web Content Accessibility Guidelines (WCAG) 2.1, and we aim to meet or exceed Level AA compliance standards wherever technically and operationally feasible. This commitment includes, but is not limited to:

• Ensuring sufficient color contrast between text and background elements
• Providing descriptive alternative text for meaningful images and visual components
• Structuring pages using clear headings and semantic HTML compatible with screen readers
• Enabling full keyboard navigation without loss of functionality
• Designing forms with appropriate labels, instructions, and accessible error messaging
• Avoiding or limiting content that may trigger seizures, including flashing visuals or disruptive animations

Our website infrastructure is developed with responsive design principles and is tested across major browsers, operating systems, and device formats to ensure consistent accessibility performance.

Where third-party services or embedded tools are used—including but not limited to maps, booking engines, analytics interfaces, or supplier platforms—Capavia collaborates with such providers to encourage alignment with recognized accessibility standards, to the extent that technical integration frameworks permit.

Capavia acknowledges accessibility obligations under international best practices as well as applicable national frameworks, including the principles of equal access reflected in the legislation of the Republic of Türkiye concerning the rights of persons with disabilities and digital service accessibility. Capavia is not responsible for errors in such conditions provided under the framework of its cooperation.

If you encounter any barriers while using our website—such as difficulty navigating content, accessing information, or completing digital transactions—we encourage you to notify our team. User feedback plays a critical role in our continuous accessibility improvement processes.

Please contact us at info@Capavia.com.tr with a description of the issue encountered, the relevant page or feature, and, if possible, the assistive technology, device, or browser configuration being used. We will make all reasonable efforts to investigate and resolve the matter in a timely and compliant manner.

Capavia
Legal Entity: Cap Havacılık Denizcilik Turizm Sanayi ve Ticaret Ltd. Şti.
Address: Portakal Çiçeği Bulv. No:32/B Muratpaşa, Antalya, Türkiye
Phone: 444 0 977 / +90 242 322 82 85
Email: info@Capavia.com.tr
TÜRSAB: 8086
IATA: 88218594
MERSİS: 0203031835600001

At Capavia, we are committed to maintaining the highest standards of service and professionalism in every aspect of our work. We value feedback from our clients and view it as an opportunity to continuously improve our services and strengthen our relationships.

If you are dissatisfied with any part of your experience—whether it concerns a booking, communication, support interaction, or any service facilitated through Capavia—we encourage you to inform us so that we can address your concerns promptly and effectively.

How to Submit a Complaint or Feedback

You may contact us at: info@Capavia.com.tr

To help us investigate and respond efficiently, please include:

• A clear and detailed description of the issue
• Any relevant booking references, dates, or passenger names
• Supporting documentation or screenshots, if available

Upon receiving your message, our team will:

• Acknowledge receipt within 5 business days
• Conduct a thorough internal review
• Provide a response and/or proposed resolution, typically within 10–15 business days

Our goal is to treat every case with fairness, transparency, and professionalism. We aim to resolve issues promptly and to the satisfaction of all parties, wherever possible.

If additional clarification is required during our review, we may contact you for further information. All complaints are handled confidentially, and we strive to ensure that you feel heard, respected, and supported throughout the process.

Dispute Resolution and Applicable Law

Any dispute, controversy, or claim arising out of or in connection with these Terms—including their validity, formation, interpretation, performance, breach, or termination—shall be finally resolved through arbitration under the Istanbul Arbitration Centre (ISTAC) Fast Track Arbitration Rules. The language of arbitration shall be Turkish. The seat of arbitration shall be Istanbul, Türkiye, and the substantive law applicable to the dispute shall be Turkish Law.

All content available on this website -including but not limited to text, branding elements, logos, icons, graphics, images, illustrations, audio clips, downloadable files, databases, and underlying source code- is the intellectual property of Capavia or its licensed content providers and is protected under the Turkish Law on Intellectual and Artistic Works No. 5846, as well as applicable international intellectual property conventions and treaties to which the Republic of Türkiye is a party.

Capavia retains full ownership rights over its proprietary content, systems, and service structures. Unless otherwise explicitly stated, all rights are reserved.

The following actions are strictly prohibited without prior written authorization from Capavia:

• Republishing, reproducing, or redistributing any part of this website or its contents
• Commercial use, resale, or sublicensing of Capavia’s digital assets or booking tools
• Modifying or reverse-engineering any functionality or system provided by Capavia
• Copying or extracting content for use on third-party websites, platforms, or printed materials

Any unauthorized use, duplication, or exploitation of our intellectual property will be considered a violation of applicable copyright legislation and may result in legal action, including but not limited to injunctive relief, compensation claims, and the pursuit of all available legal remedies before competent courts and enforcement authorities.

Capavia also respects the intellectual property rights of others. If you believe that any content published on this site infringes upon your copyright or that of a third party, please contact us immediately at info@capavia.com.tr with a detailed description of the alleged infringement so that we may review the matter and take appropriate action.