MBL TURİZM VE ARAÇ KİRALAMA ANONİM ŞİRKETİ
GDPR PRIVACY NOTICE FOR THE PROCESSING OF CUSTOMER PERSONAL DATA
In accordance with the General Data Protection Regulation (“GDPR”), this Privacy Notice (“Notice”) is provided to inform you about how your personal data is collected, processed, stored, transferred, and protected by MBL TURİZM VE ARAÇ KİRALAMA ANONİM ŞİRKETİ, as well as your rights regarding your personal data.
1) Identity of the Data Controller
The Data Controller is MBL TURİZM VE ARAÇ KİRALAMA ANONİM ŞİRKETİ, registered with the Istanbul Trade Registry under registration number 352167-5 and MERSIS number 0613179930500001, with its registered office located at:
Esentepe Mah. Harman 1 Sok.
Harmancı Giz Plaza No:5/38
İstanbul / Türkiye
Registered Electronic Mail (KEP): mblturizm@hs06.kep.tr
2) Purpose and Legal Basis for Processing Personal Data
Your personal data is processed in accordance with the GDPR and applicable data protection legislation for the following purposes:
- To perform and manage vehicle rental agreements and related services,
- To fulfill contractual obligations between the Company and the customer,
- To improve customer satisfaction and customer experience,
- To manage customer requests, complaints, and support processes,
- To comply with legal and regulatory obligations,
- To protect the legitimate interests of the Company where applicable.
The legal bases for processing personal data include:
- Performance of a contract,
- Compliance with legal obligations,
- Legitimate interests pursued by the Company,
- Explicit consent where required by law.
3) Transfer of Personal Data
Your personal data may be shared with public authorities, regulatory bodies, business partners, or service providers where necessary to fulfill legal obligations and contractual services.
Such transfers may include:
- Sharing identity information of vehicle renters with law enforcement authorities in accordance with applicable Turkish legislation,
- Maintaining records within transportation monitoring systems required by governmental authorities,
- Sharing data with payment providers, insurance companies, legal advisors, IT infrastructure providers, or operational partners strictly within the scope necessary for service delivery and legal compliance.
Where personal data is transferred internationally, appropriate safeguards and security measures in accordance with GDPR requirements shall be implemented.
4) Methods of Collecting Personal Data
Your personal data is collected directly from you through:
- Vehicle rental agreements,
- Reservation forms,
- Customer communication channels,
- Payment and invoicing processes,
- Digital platforms and website inquiries where applicable.
The Company processes only the personal data necessary for the purposes specified in this Notice and does not process personal data beyond legal and contractual requirements.
5) Data Retention Period
Personal data shall be retained only for as long as necessary to fulfill the purposes for which it was collected, including compliance with legal, accounting, taxation, and regulatory obligations.
Once the retention period expires or the processing purpose no longer exists, personal data shall be securely deleted, destroyed, or anonymized in accordance with applicable legislation.
6) Your Rights Under the GDPR
Under the GDPR, you have the following rights regarding your personal data:
- The right to access your personal data,
- The right to request correction of inaccurate or incomplete personal data,
- The right to request erasure of your personal data (“right to be forgotten”),
- The right to restrict processing,
- The right to object to processing based on legitimate interests,
- The right to data portability,
- The right to withdraw consent at any time where processing is based on consent,
- The right to lodge a complaint with a competent supervisory authority.
To exercise your rights, you may contact the Company in writing through the contact details provided above.
7) Data Security
MBL TURİZM VE ARAÇ KİRALAMA ANONİM ŞİRKETİ implements appropriate technical and organizational security measures to protect personal data against unauthorized access, loss, misuse, disclosure, alteration, or destruction.
All reasonable precautions are taken to ensure the confidentiality, integrity, and availability of personal data processed by the Company.