Legal

Privacy Policy
BBN HAVA YOLLARI VE TAŞIMACILIK A.Ş.
PRIVACY NOTICE ON PROCESSING OF PERSONAL DATA FOR THE PURPOSE OF WEBSITE CONTACT REQUEST
We appreciate your interest in our official website and thank you for reaching out to us.
At BBN HAVA YOLLARI VE TAŞIMACILIK A.Ş. (“Company”), we may process your personal data, as described below, in accordance with the Code 6698 on Protection of Personal Data (“KVK Code”) and the relevant legislation. This Privacy Notice has been issued in accordance with the KVK Code and the Communique on Principles and Procedures in Fulfilment of Notification Liabilities (“Communique”), published on March 10, 2018.

Collection and Processing of Personal Data and Data Controller
Your personal data may be collected by our Company automatically or via non-automated methods, such as email, websites, and apps that enable communication requests, either in digital or electronic format, based on and limited to your contact request. If your communication request exists, we may create, update, and process your personal data.
Your personal data will be processed in compliance with relevant legislation for the assessment of your contact request, through which you disclose your personal data to us, and to get in touch with you accordingly, within the personal data processing conditions and purposes set forth in the KVK Code.
The trade name of the Data Controller with regard to your personal data to be processed for the aforementioned purposes is BBN HAVA YOLLARI VE TAŞIMACILIK A.Ş., with its headquarters at the address of Sultan Selim Mah. Hümeyra Sk. Pasha Plaza Blok No: 2 door No: 5 Kağıthane/Istanbul.

Purpose and Legal Grounds for Processing Personal Data
Your personal data will be processed to assess, perform, and finalize your contact request, and to get in touch with you accordingly. Furthermore, we will ensure the fulfillment of our company’s legal liabilities within the personal data processing conditions and purposes set forth in clauses 5 and 6 of the KVK Code, as long as the performance of the matter you have addressed.

The legal grounds for processing your personal data are as follows:
Explicit requirement by laws;
the necessity to process your personal data as those are directly related to communication with you following your request;
liability to process data in order to establish, exercise and protect your rights;
essentiality to enable Data Controller to fulfill its legal liabilities; and
liability to process data for the legitimate benefits of the Data Controller provided that your fundamental rights and liberties are not damaged.

Transfer of Personal Data
Your personal data collected may be transferred to public authorities and legal persons, legally competent public offices, and departments, all our consultants, and contractual service providers, including our business partners, within the scope of personal data processing conditions and purposes set forth by the KVK Code.

Rights of Personal Data Subjects
As personal data subjects, you have the right to make written requests related to your rights listed under clause 11 of the KVK Code. You may send your requests to us using the contact details provided in the Communique on Procedures and Principles for Application to Data Controller.
We are committed to protecting your personal data and ensuring that our processing activities are following applicable laws and regulations. If you have any questions or concerns about our privacy practices or this Privacy Notice, please do not hesitate to contact us.

Click HERE to download the brochure in English and Turkish.

*If you have not prepared your luggage, left your luggage unattended, or if you don’t carry your baggage, please inform us immediately!

Note: One box of matches or one cigarette lighter can be carried on the person but are not allowed in the hold baggage.

Passengers and Cabin Baggage:
Without prejudice to applicable safety rules, passengers are not permitted to carry the following articles into security-restricted areas and on
board an aircraft:
Guns, firearms, and other devices that discharge projectiles: Pistols, revolvers, rifles, shotguns, toy guns, replicas and imitation firearms capable
of being mistaken for real weapons, component parts of firearms, excluding telescopic sights, compressed air and CO 2 guns, pellet guns, signal
flare pistols and starter pistols, bows, crossbows and arrows, harpoon guns and spear guns, slingshots and catapults.
Stunning devices: stun guns, tasers and stun batons, animal stunners, and animal killers, disabling and incapacitating chemicals, gases, and
sprays, such as mace, pepper sprays, capsicum sprays, tear gas, acid sprays, and animal repellent sprays.
Objects with a sharp point or sharp edge — objects with a sharp point or sharp edge capable of being used to cause serious injury:
items designed for chopping, such as axes, hatchets and cleavers, ice axes and ice picks, razor blades, box cutters, knives with blades of more
than 6 cm, scissors with blades of more than 6 cm as measured from the fulcrum, martial arts equipment with a sharp point or sharp edge, swords,
and sabers.
Workmen’s tools: as a weapon, such as screwdrivers and chisels, — saws, including cordless portable power saws, blowtorches, bolt guns, and
nail guns;
Blunt instruments — objects capable of being used to cause serious injury: baseball and softball bats, clubs, and batons, such as billy clubs,
blackjack, nightsticks, and martial arts equipment.

Passengers are not permitted to carry the following articles in their hold baggage:
Explosives and incendiary substances and devices — explosives and incendiary substances and devices capable, or appearing capable, of being
used to cause serious injury or to pose a threat to the safety of aircraft, including ammunition, blasting caps, detonators and fuses, replica or
imitation explosive devices, mines, grenades, and other explosive military stores, fireworks, and other pyrotechnics, smoke-generating canisters
and smoke-generating cartridges, dynamite, gunpowder, and plastic explosives.

The following dangerous goods are also completely exempt from transportation as cabin or hold baggage:
Butane lighter gas, lighter fuel, blue flame or cigar lighters, strike anywhere matches, bleach, peroxide, poison, oxygen generators, radioactive
material, corrosive materials like acids, mercury, and wet cell batteries as well as filled scuba diving bottles, fuel containers, and camping stoves
that are not emptied and cleaned, dry ice in quantities of more than 2.5 kg per person and strong magnets, combustion engines, and flammable
materials like paint, lacquers, and solvents, security-type briefcases, or attached cases incorporating lithium batteries or pyrotechnical devices.

BBN Hava Yolları ve Taşımacılık Anonim Şirketi offers charter passenger services and ACMI operations, dependable and economical air cargo transport solutions across Europe, the Middle East, and Africa.

As an organization, we are committed to making a positive impact on the world by actively minimizing its environmental footprint, ensuring a safe, inclusive, and engaging working environment, supporting the communities in which it operates, and adhering to trusted, transparent, and compliant business practices.

Our collective goal, in collaboration with our stakeholders, is to contribute to a more sustainable, responsible, and inclusive aviation industry. To achieve this, we place significant importance on our suppliers and have established a Sustainable Procurement strategy based on the Supplier Code of Conduct (SCoC).

This Code is based on our corporate values and adheres to the principles of the United Nations Global Compact.

The SCoC reflects our corporate values and adheres to the principles of the United Nations Global Compact, which sets out the essential requirements expected from our suppliers in accordance with internationally recognized standards and conventions.

We hold all our suppliers, including subcontractors who conduct business with the company to the same high standards of responsible business practices and ethical behavior. Regardless of their location, all business activities should be conducted in full compliance with the SCoC.

We anticipate that you will integrate these principles throughout your supply chain and demonstrate exemplary practices in social and environmental responsibility, as well as business ethics. For this purpose, the company has produced this Supplier Code of Conduct (SCoC), which sets the minimum standards for doing business with our company or Business Unit.

By working together, we aim to create a more sustainable, responsible, and inclusive aviation industry.

Click HERE to download the complete Supplier Code of Conduct.

 

PRIVACY NOTICE

FOR THE COUNTERPARTY ONBOARDING AND DUE DILIGENCE

1.   Introduction

Avia Solutions Group (ASG) is one of the largest global aerospace businesses holding offering aviation services worldwide. We take a zero-tolerance approach to money laundering and terrorism financing and are committed to the highest level of openness, integrity, and accountability. Seeking legitimacy and being reliable ASG and its subsidiaries seek to conduct business only with reputable counterparties whose funds are derived from legitimate sources and who have no imposed sanctions on them. In order to achieve the above, we implement the Know Your Customer (KYC) principle in our business, which allows you to know your customer: the identity of the customer, the customer’s representatives or other authorized persons, the beneficial owners, the activities carried out, the sources of funds, etc. To implement the KYC principle, we use the Know Your Customer form (paper or electronic version), which we ask you to complete before any of Avia Solutions Group companies[1] is intending to start a legally binding relationship with you or your represented legal entity.

Avia Solutions Group is committed to ensuring that the KYC process is based on the most up-to-date and relevant information, and therefore Avia Solutions Group regularly reviews and updates the data and information you provide in the Know Your Customer form. Normally, the update of the data provided in the Know Your Customer form takes place once a year, but in any case, we will inform you in advance when the data and/or other information provided by you needs to be updated.

This Privacy Notice applies to the processing of personal data in relation to counterparty onboarding and due diligence when we ask you to complete the Know Your Customer form.

In this Privacy Notice you find information about how we process your personal data and what rights you have as a data subject. You can also find here the contact details of the responsible data controller, with whom you may exercise your rights.

If you provide us with personal information other than your own (for example, identifying other natural persons as manager, beneficiary, representative, etc.), please inform them of this Privacy Notice and its contents and make sure they do not object to providing personal data on their behalf and processing it in accordance with privacy statements below.

2. Data Controller and How to Contact us?

Avia Solutions Group companies act as joint controllers when processing your personal data for the purposes set out in this Privacy Notice.

The contact details of each Avia Solutions Group company can be found here: https://aviasg.com/en/the-group/general-contacts.

If you have any questions, comments, or complaints regarding how we handle information about you, or if you want to assert any of your rights, please contact: [email protected]

If you have any questions regarding the Onboarding and Due Diligence Procedure, please contact: [email protected]

3.   What PERSONAL DATA do we collect and for what purpose and legal basis?

Purpose Personal Data Categories Legal Basis
Counterparty Onboarding and Due Diligence Procedure

 

When a counterparty is a natural person: ·         Name, surname, date of birth, nationality, occupation

·         valid ID/passport number

·         data on whether the client is a politically exposed person

·         residential and registered address details

·         phone number, e-mail address

·         bank information (account number)

·         relationship with the third party (if payment will be made by the third party)

·         source of funds/wealth (if payment will be made in cash)

·         signature.

·   Our legal obligation to monitor and implement the international and/or national sanctions (Article 6 Part 1. c) of the GDPR).

 

·   Our legitimate interest to fulfill the requirements for money laundering and financing terrorism prevention, prevention of corruption, bribery, and fraud to be legitimate, reliable, and reputable business to our counterparties and authorities (Article 6 Part 1. f) of the GDPR).

When a counterparty is a legal entity: ·         The authorized person to fill the Know Your Customer Form: name, surname, title, signature

·         Ultimate beneficial owner: name, surname, address, occupation, date of birth, nationality, data on whether the person is a politically exposed person

·         Shareholder: name, surname, address, date of birth, nationality, data on whether the person is a politically exposed person

·         Controlling person (e.g., a Chief Executive Officer, Chief Financial Officer, Managing Member): name, surname, address, country of residence, date of birth, nationality, data on whether the person is a politically exposed person, role/position of the person

·         Member of the board of directors: name, surname, data on whether the person is a politically exposed person

·         Authorised representative: name, surname, address, country of residence, date of birth, email, phone, role/position.

Personal data collected within provided copies of the following documents: ·         Identity Card or Passport.

·         Official documents of authorities verifying the identity and the place of residence.

·         Documentation proving the source of funds/wealth.

·         Articles of Association authorizing the representative of a legal entity.

·         Certificate of Incorporation or its equivalent.

·         Certificate of Directors or copy of CEO (or other principal management body) appointment document.

Defend our rights and interests If you get involved in a dispute with us or we need to otherwise defend, enforce, exercise, and uphold our rights or legitimate interests, we collect, use and store the data that is necessary for the specific case. ·   Our legitimate interest to protect our business interests and defend or enforce legal claims (Article 6 Part 1. (f) of the GDPR)

 

4.  How long do we store your personal data?

We will process your personal data collected during the Onboarding and Due Diligence Procedure for 5 years after the last Onboarding/Due Diligence procedure, unless longer storage of personal data and related documents will be required by applicable laws, legal regulations, or institutional/state authorities, or will be necessary for the defense in the judicial process. We ensure and take all necessary measures to avoid storing outdated or unnecessary personal data about you.

5.  How do we collect your personal data?

We collect your personal data via:

  • The KYC Form and the provided copies of documents by you or the authorized person.
  • Consolidated lists of sanctions managed by institutional authorities (e. g.).
  • Other commercially available/public sources on the internet (e. g.).

6.  To whom do we disclose your personal data?

As the Onboarding and Due Diligence Procedure is implemented groupwide we share your personal data described in this Privacy Notice with Avia Solutions Group as the parent company on the joint controllership of personal data basis. The result of the Onboarding and Due Diligence Procedure and some personal data may be shared with other Avia Solutions Group companies[2] in case any of them is intending to start a legally binding relationship with you or your represented legal entity. Therefore, in certain cases, personal data may be transferred to third countries (outside the European Economic Area (EEA), such as United Kingdom, United States of America). For such transfers, we have entered into Standard Contractual Clauses approved by the European Commission, or we follow other grounds and conditions set out in the GDPR or decisions of the European Commission.

We also may share some of your personal data with:

  • Companies acting on our behalf as IT/electronic security service processors.
  • Our professional advisors, auditors, lawyers, and/or financial, and accounting advisers.
  • Law enforcement authorities at their request or on our own initiative if there is a suspicion that a criminal offense has been committed, as well as courts and other dispute resolution bodies.
  • Banks or other financial service providers who are subject to money laundering, sanctions, and prevention of financing terrorism, corruption, bribery, and fraud.

7.  Do we apply automated decision-making or profiling?

Your personal data will not be used for automated decision-making including profiling.

8.  Rights guaranteed to you

We guarantee the implementation of the following rights and the provision of any related information at your request or in case of your query:

  • right of access – You have the right to ask us for copies of your personal information.
  • right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
  • right to erasure – You have the right to ask us to erase your personal information in certain circumstances.
  • right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances.
  • right to object to processing – You have the right to object to the processing where the processing is based on legitimate interests. You have the right to object to the processing of your personal data where the processing is based on our legitimate interests, but if we have compelling legitimate grounds, we will process your data without your consent. To exercise this right, please contact: [email protected]
  • right to data portability – You have the right to ask that we transfer the personal information you gave us to another organization, or to you, in certain circumstances.

9.   How to complain

If you disagree with our actions or the response to your request, you have the right at any time to lodge a complaint with the data protection supervisory authority, in particular in the EU Member State where you are resident or where the alleged breach of the GDPR occurred, and to seek judicial remedies (the list of supervisory authorities by each EU countries: https://edpb.europa.eu/about-edpb/board/members_en). In all cases, we recommend that you contact us before making a formal complaint so that we can find the right solution.

10.  Updates

We may change this Privacy Notice from time to time. We encourage you to review this Privacy Notice periodically.

The Privacy Notice was last updated on 21 August 2025

11.  Türkiye specific addendum

This Türkiye-Specific Addendum supplements the Privacy Notice for Counterparty Onboarding and Due Diligence of BBN Hava Yolları ve Taşımacılık A.Ş. (Hereinafter, BBN Airlines Türkiye) a company based in Türkiye and part of the Avia Solutions Group. This Addendum applies exclusively to the processing of personal data within Türkiye and complies with the Law on Personal Data Protection No. 6698.

For counterparties conducting business with our group company in Türkiye, BBN Airlines Türkiye acts as the data controller under Law No. 6698. Personal data collected within the scope of counterparty onboarding and due diligence procedures will be processed by BBN Airlines Türkiye in compliance with the legal obligations set forth under the law. Personal data is processed on the legal basis of compliance with a legal obligation of the data controller under Article 5/2(ç) and processing necessary for the legitimate interests pursued by the data controller under Article 5/2(f) of the Law.

As part of the Avia Solutions Group, personal data may be transferred to Avia Solutions Group companies located outside Türkiye. For such transfers, BBN Airlines Türkiye has entered into Standard Contractual Clauses approved by the Turkish Data Protection Authority and complies with the conditions set out in Law No. 6698 and the decisions of the Turkish Data Protection Board.

Pursuant to Article 11 of Law No. 6698, you have certain rights regarding your personal data, including the right to access, rectify, delete, and object to the processing of your data. You can submit your requests regarding these rights by filling out the Data Subject Application Form and sending it to [email protected]

This Addendum is intended to align the Privacy Notice with the requirements of Turkish data protection laws. If there are any discrepancies between this Addendum and the Privacy Notice, the provisions of this Addendum shall prevail for personal data processing activities conducted in Türkiye. For any questions regarding this Addendum, please contact us at [email protected]