Home

Privacy Policy

At Tolerance Seyahat Turizm ve Organizasyon Anonim Şirketi (“Lufer Tour”) we are committed to protecting the privacy of information you share when using our reservation services on lufertour.com. This policy complements our KVKK Privacy Notice and explains the privacy practices specific to our services.

Data Controller / Seller: Tolerance Seyahat Turizm ve Organizasyon Anonim Şirketi (operating under the “Lufer Tour” brand)

Address: Orhan Veli Kanık Caddesi No: 53/1 Kavacık / Beykoz / İstanbul

Tax Office / No: Beykoz Vergi Dairesi / 8490698779

MERSIS No: 925051342600018

E-mail: [email protected]

Phone: +90 530 088 44 88

Website: lufertour.com

1. Information We Collect

  • Account info: first/last name, e-mail, phone, hashed password.
  • Reservation info: selected tour, date/time, party size, communication preference, billing details.
  • Payment info: All card transactions are processed through the PCI-DSS certified Iyzico infrastructure. Lufer Tour does not store, view or receive card numbers, CVVs or expiry dates.
  • Usage data: IP, browser, session logs, page views.
  • Cookies / analytics: GA4 and Meta Pixel only with consent.

2. How We Use the Information

  • Creating reservations, processing payments, sending confirmations and change notifications.
  • Customer support, request and complaint management.
  • Securing your account and preventing fraud.
  • Compliance with legal obligations (tax, manifest, commercial law).
  • Subject to your consent: e-mail/SMS marketing, campaign notifications, GA4/Meta Pixel analytics.

3. Sharing with Third Parties

  • Iyzico (payments & refunds)
  • Resend / Gmail SMTP (e-mail delivery)
  • Google Ireland Ltd. (consent-only, GA4)
  • Meta Platforms Ireland Ltd. (consent-only, Meta Pixel)
  • Public authorities (where required by law)

We do not sell or rent your data to advertising partners.

4. Security Measures

  • All connections are encrypted with HTTPS / TLS.
  • Passwords are stored hashed with modern algorithms (bcrypt-class).
  • Payment data is processed on Iyzico's PCI-DSS compliant infrastructure; no card data resides on our servers.
  • Role-based access control and admin audit logs guard against unauthorised access.

5. Children's Privacy

Our services are not directed at users under 18 to make reservations independently. Children's data is provided only by the booking parent/guardian and is used solely for manifest/age-category purposes.

6. Retention and Deletion

Your data is retained for the periods set out in Article 6 of our KVKK Privacy Notice and is then deleted, destroyed or anonymised.

7. Your Rights and Contact

To exercise your KVKK Article 11 rights or for any privacy-related request please contact [email protected].

Last updated: 2026-04-28

🇹🇷 Türkçe versiyon:/gizlilik-politikasi

Last updated: 4/28/2026