DATA PROTECTION AGREEMENT (DPA)

TILLO TURISTIC SERVICES TRAVEL
DATA PROTECTION AGREEMENT (DPA)

This Data Protection Agreement (“Agreement”) is entered into by and between:

Company: Tillo Turistic Services Travel (“Data Controller / Company”)
Address: [Company Address]
Contact: [Company Email / Phone]

Partner / Client: [Full Name] (“Data Processor / Recipient”)
Address: [Partner / Client Address]
Contact: [Partner / Client Email / Phone]

Collectively referred to as the “Parties.”

1. Purpose

The purpose of this Agreement is to ensure that all personal, sensitive, and business-related data shared between the Parties is collected, stored, processed, and shared in accordance with applicable data protection laws, including but not limited to the Turkish Personal Data Protection Law (KVKK) and EU GDPR where applicable.

2. Definitions

  • Personal Data: Any information relating to an identified or identifiable natural person.

  • Processing: Any operation performed on personal data, including collection, storage, usage, disclosure, or deletion.

  • Confidential Information: Includes personal, financial, and operational data shared between the Parties.

3. Obligations of the Data Controller (Company)

  • Ensure that personal data is collected lawfully, transparently, and only for specified purposes.

  • Provide clear instructions to the Data Processor regarding the processing of personal data.

  • Notify the Data Processor of any breaches or incidents affecting personal data.

4. Obligations of the Data Processor (Partner / Client)

  • Process personal data only in accordance with the instructions provided by the Company.

  • Implement technical and organizational measures to ensure the confidentiality, integrity, and security of personal data.

  • Not share, sell, or disclose personal data to unauthorized third parties.

  • Immediately inform the Company of any data breaches, unauthorized access, or loss.

  • Assist the Company in fulfilling requests from data subjects, such as access, correction, or deletion of personal data.

5. Data Retention

  • Personal data shall be retained only as long as necessary for the purposes for which it was collected.

  • After the retention period expires, the Data Processor shall securely delete or return all personal data to the Company.

6. Confidentiality

  • Both Parties shall ensure that employees, contractors, or sub-processors handling personal data are bound by confidentiality obligations.

  • Unauthorized disclosure of personal data shall be considered a breach of this Agreement and may lead to legal liability.

7. Security Measures

  • The Data Processor shall implement appropriate technical and organizational measures, including encryption, access controls, and regular audits, to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access.

8. Liability

  • Each Party is responsible for its compliance with applicable data protection laws.

  • Any damages caused by breach of this Agreement or mishandling of personal data may result in compensation claims and legal action.

9. Governing Law and Jurisdiction

This Agreement shall be governed by the laws of the Republic of Turkey. Any disputes arising shall be resolved by the courts and enforcement offices in Istanbul, Turkey.

10. Acceptance

By signing below, both Parties acknowledge that they have read, understood, and agreed to the terms of this Data Protection Agreement.

Company: Tillo Turistic Services Travel

WhatsApp Instagram Phone Reservation