Skip to main content

Legal

PRIVACY POLICY

WHO ARE WE AND HOW YOU CAN CONTACT US

Contact details of the Data Controller:  BBN Hava Yolları ve Taşımacılık Anonim Şirketi (BBN Airlines), registration number: 348620-5, address: Sultan Selim Mah. Hümeyra Sok. Pasha Plaza Blok No:2 İç Kapı No:5 Kağıthane/Istanbul, Türkiye (hereinafter “We”, “Ours”, “Company”) process the personal data of its’ customers, potential customer, employees, candidates to employees, suppliers, partners etc. (hereinafter – you, your) personal data in accordance with the provisions of the legal acts regulating the legal protection of personal data and applying the highest technical and legal standards of protection and taking all necessary measures to prevent possible breaches of personal data protection. This Privacy Policy (hereinafter referred to as the “Privacy Policy“) sets out the basic rules for the collection, processing and storage of your personal data and other information related to you, the scope, purposes, sources, recipients of your personal data and your rights as a personal data subject and other important aspects of your use of the Company’s services. This information is important, so we hope you will read it carefully.

As used in this Privacy Policy, the term “personal data” (the “Personal Data”) means any information about you relating to you as a natural person, a data subject whose identity is known or can be directly or indirectly identified through the use of certain data (e.g. name, surname, personal identification number, address, telephone number, etc.).

In processing the personal data, we responsibly comply with the Law on Protection of Personal Data No. 6698 (the “Law”), applicable regulations and communiques, the decisions of the Personal Data Protection (the “KVKK”) Board of Türkiye and other directly applicable legal acts regulating the protection of personal data, as well as instructions from competent authorities.

In the event that you provide us with personal information other than your own (for example, identifying another person as a beneficiary), please inform them of this Privacy Policy and its contents.

If the user of the services is a legal entity, this Privacy Policy applies to natural persons whose personal data is transferred to us by a legal entity. The user must duly comply with Article 10 of the Law to inform data subjects (managers, beneficiaries, representatives, etc.) about the transfer of their personal data to the Company.

If you have any questions regarding this Privacy Policy or requests regarding the processing of your personal data, please contact us by email [email protected].

By visiting the Company’s websites and / or using the information contained therein and / or our services, you acknowledge and confirm that you have read and understood this Privacy Policy.

TO WHOM THE PRIVACY POLICY APPLIES

This Privacy Policy applies to our website https://bbnairlines.aero/ (regardless of which device you are using) and any service provided by the Company or other activities of the Company where personal data is being process.

This Privacy Policy does not apply to links to other entities websites provided on our websites; therefore, we recommend that you read the personal data processing rules applied on such websites.

WHAT PRINCIPLES DO WE COMPLY TO?

When processing your personal data, we:

  • comply with current and applicable legislation, including the Law;
  • we will process your personal data in a lawful, fair and transparent manner;
  • we will collect your personal data for specified, clearly defined and legitimate purposes and will not continue to process it in a way incompatible with those purposes, except to the extent permitted by law;
  • take all reasonable steps to ensure that personal data which are inaccurate or incomplete, having regard to the purposes for which they are processed, are rectified, supplemented, suspended or destroyed without delay;
  • we will keep them in such a form that your identity can be established for no longer than is necessary for the purposes for which the personal data are processed;
  • we will not disclose personal data to third parties except as provided in the Privacy Policy or applicable law;
  • ensure that your personal data is processed in such a way as to ensure the appropriate security of personal data through appropriate technical or organizational measures, including protection against unauthorized or unlawful processing of personal data and against unintentional loss, destruction or damage. Contact details is [email protected].

WHAT PERSONAL DATA, FOR WHAT PURPOSE AND BASIS DO WE PROCESS

The purpose of the processing of personal data. Why we process personal data? The categories of processed personal data. What kind of categories of personal data we process? On what legal basis do we process personal data? The period of processing
Administration of our website When you visit our website, data about your browsing is collected using cookies. We use necessary/technical cookies to ensure the proper functioning of the Website and/or other third-party cookies to improve your browsing experience (i.e., to consider your needs, to improve the website continuously and to make offers that suit your interests). Data using cookies and similar technologies related to Internet browsing, etc., are collected (processed) in accordance with the Guidance on Cookie Practices published by KVKK Authority and, where applicable, KVKK Board Decision 2022/229 (March 10, 2022) and in accordance with Article 6 Part 1. a) of the GDPR. i.e., with your consent (except for strictly necessary cookies).  

You can find more information about cookies and their storage terms on our website

https://bbnairlines.aero/cookie-policy/  

Responding to your general enquiries or requests for information Our website or other public business channels provide communication channels, where you can contact us to consult us on issues that concern you. We will accept, review, and respond to all your messages. If you contact us by e-mail, regular mail, or phone, we may process the following personal data of yours: name, surname, e-mail, postal address, and the text of the correspondence and/or attached documents. This data will be processed for the administration of your enquiry. Please note that we may need to contact you to respond to your enquiry, so be sure to provide accurate contact information. All personal data you provide when communicating with us is used only for the purposes of reviewing and responding to messages, administering (managing) communication flows and providing you with a response. We will process the said personal data in accordance with Article 5(2)(f) of the Law, based on our legitimate interest in responding to your inquiries and providing necessary support when you contact us by e-mail, mail, or phone. Communication with you will be handled until the enquiry is fully processed and stored for one year from the date of the last communication with you, unless there is another legitimate purpose for storing it longer (e.g., a business contract with you has been concluded and communication material can be considered as proof of negotiation).
Drawing up and executing contracts for the purchase and sale of services We may process your name, surname, contact information, position in the company you represent, signature, and other information required for negotiations, contract conclusion, and contract performance. We will process in accordance with Article 5/2(c) of the Law, to conclude and perform a contract to which you are a party, as well as Article 5/2(ç) of the Law, to comply with our legal obligations (e.g., retention of contracts and accounting records in accordance with tax and commercial laws), and Article 5/2(f) of the Law, based on our legitimate interests, such as establishing, exercising, or defending legal claims, provided that your fundamental rights and freedoms are not harmed. Contracts and accounting documents (in physical and electronic form) are kept for 10 years from the date of full performance of the contract.
Onboarding and due diligence procedure for counterparties Depending on whether a counterparty is a natural person or a legal entity, and if the latter, depending on your status in the company, we may process the following personal data:

Name, surname, date of birth, nationality, occupation, valid ID/passport number, data on whether the client is a politically exposed person, residential and registered address details, phone number, e-mail address, bank information (account number), relationship with the third party (if the third party will make payment), source of funds/wealth (if payment will be made in cash), signature, role/position in the company, occupation, information about reputation from public sources.

We also process personal data collected within provided copies of documents: Identity Card or Passport; Official documents of authorities verifying the identity and the place of residence; Documentation proving the source of funds/wealth; Articles of Association authorizing the representative of a legal entity; Certificate of Incorporation or its equivalent; Certificate of Directors or copy of CEO (or other principal management body) appointment document.

Personal data for onboarding and due diligence is processed in accordance with:

Article 5(2)(ç) of the Law – to fulfill our legal obligations, including compliance with national and/or international sanctions regulations.

– Article 5(2)(f) of the Law – based on our legitimate interests, in order to meet the requirements related to the prevention of money laundering and terrorist financing, anti-corruption, anti-bribery, and anti-fraud, and to maintain our legitimacy, reliability, and reputation before our counterparties and competent authorities.

– Article 5(2)(f) of the Law – based on our legitimate interest to protect our business interests and defend or enforce legal claims (If you get involved in a dispute with us or we need to otherwise defend, enforce, exercise, and uphold our rights or legitimate interests, we collect, use and store the data that is necessary for the specific case).

We will process your personal data collected during the onboarding and due diligence process for 5 years after the completion of onboarding and due diligence, unless longer storage of personal data and related documents will be required by applicable laws, legal regulations, or institutional/state authorities, or will be necessary for the defense in the judicial process.

For more details of personal data processing for onboarding and due diligence please check the Onboarding and Due Diligence Privacy Notice

https://bbnairlines.aero/legal/

Selection of candidates for employees (recruiting) Considering the requirements of the position applied we may collect, assess, and store the following personal data about you: name, surname, age or date of birth, your e-mail address, phone number, address of the place of residence, information on language proficiency, computer skills, information about expected salary, educational background, profession, working experience and projects you have been involved with, attended courses, training sessions, seminars, development of qualification, licenses held, accumulated hours on A/C and other information regarding flights (for pilots and cabin crew), social media accounts, pictures and other information that you may wish to provide in your CV, motivation letter, interviews, also our remarks and assessment of your suitability to perform the duties of a particular position. We will process the said personal data in accordance with:

– Article 5(1) of the Law, i.e., with your consent to have a common and coordinated policy on the selection of personnel and human resources management.

Article 5(1) of the Law, i.e., with your consent to the further sharing of your data within all Avia Solutions Group companies, or you provide your candidacy information for future opportunities.

We use a global web-based application provided by Avia Solutions Group with servers located abroad to collect job applications. To ensure the protection of the personal data in the context of cross-border transfers, we implement the Standard Contractual Clauses issued by the Turkish Personal Data Protection Board and submit the required filings to the Turkish Personal Data Protection Authority.

We will process your personal information for the recruiting process from the time you submit your application until the selection process is complete.

When you are unsuccessful in your application for a concrete position and you consent to further sharing your data within all Avia Solutions Group companies, or you provide your candidacy information for future opportunities, your personal data will be stored for 2 years from the end of the selection process for the position you applied for or from receiving the data.

For more details of personal data processing for the selection of candidates, please check the Privacy notice (https://careers.aviasg.com/en/candidate-privacy-policy ).

Video surveillance (for the safety of individuals and property) Image and other objects relating to personal data Video recording and storing is processed in accordance with Article 5(2)(f) of the Law, i.e., our legitimate interest to protect the safety of property and individuals and to have evidential material for incident or fraud investigation. Video records are stored for up to 30 days.
Providing news, promotions, newsletters, information about products and invitations to events (direct marketing) When we obtain your explicit consent, we will use your e-mail address and/or telephone number for direct marketing.

 

When you are our customer and have not objected to direct marketing of similar services or products, we will process your e-mail address.

Personal Data for direct marketing is processed in accordance with Article 5(1) of the Law, i.e., with your consent or Article 5(2)(f) of the Law, i.e., our legitimate interest to offer you similar goods/services to ones you have purchased from us and to get your feedback about purchased goods/services. Your data will be used for direct marketing purposes for 3 years after your consent is obtained or until you withdraw your consent. We consider you to be our customer: 3 years after your order or purchase of our product or service.

 

Please be additionally advised that if you do not provide personal data, the provision of which to the Company is necessary to ensure compliance with the requirements of legal acts and / or the conclusion and / or performance of the contract, we will not be able to provide you with services or conclude another transaction.

We also particularly note that when your contact details are processed for direct marketing, you may at any time refuse our newsletters or other promotional messages by clicking on a link in our outgoing newsletters and/or messages or by writing to [email protected].

Please know that “Legitimate interest” means our interest to enhance our services, products, to manage the processes of businesses and activities. We consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests.

Be informed as well that we will retain your personal data for as long as necessary to achieve and fulfil the purposes following the terms set out in this Privacy Policy,  unless longer storage of personal data and related documents is required by applicable laws and regulations or is required for the defense of the Company’s legitimate interests in judicial, other public institutions, etc. We ensure and take all necessary measures to avoid storing outdated or unnecessary personal data about you.

HOW DO WE PROTECT YOUR DATA?

We responsibly implement appropriate organizational and technical personal data security measures intended for the protection of personal data against accidental or unlawful destruction, alteration and disclosure as well as against any other unlawful processing. The security measures we implement include the protection of personnel, information, IT infrastructure, internal and public networks as well as office buildings and technical equipment.

In the event of a personal data breach of security that could seriously jeopardize your rights or freedoms and determine the circumstances under which unauthorized access to personal data has been obtained, we will immediately inform you about it.

TO WHOM IS YOUR DATA ARE DISCLOSED

We may share some of your personal data with the following categories of third parties:

  • any Avia Solutions Group company (listed at https://aviasg.com/en/the-group/general-contacts) for the purposes set out in this Privacy Policy (for example, for the purposes of performance of contracts and the management of relationships with customers, onboarding and due diligence of the counterparty, whistleblowing policy, recruitment);
  • representatives acting on our behalf with respect to the promotion of our services in particular territories;
  • companies providing data centers, hosting, cloud, site administration and related services, software developers, providing, maintaining and developing companies, companies providing information technology infrastructure services, companies providing communication services;
  • credit and debit card companies used to facilitate payment transactions related to the provision of our services, banks and other credit and/or payment companies;
  • our professional advisors, auditors, lawyers and/or financial advisers;
  • our other service providers (data processors) or our subcontractors (for example, recruiters, lectors, etc.).
  • notaries, if the contract concluded with you requires a notarial form;
  • judicial officers, entities providing legal s and/or debt recoveries services, subrogator of claim right;
  • companies providing advertising and marketing services;
  • companies providing archiving, physical and / or electronic security, asset management and/or other business services;
  • in accordance with the laws to state institutions, establishments, etc.;
  • law enforcement authorities at their request or on our own initiative if there is a suspicion that a criminal offense has been committed, as well as courts and other dispute resolution bodies; tax administrators
  • in the event of a company restructuring, transfer / acquisition and / or business transfer / acquisition, to a third party acquiring the business and processing personal data for the same purposes as specified in this Privacy Policy and/or doing the due diligence by our and/or their legal and/or financial advisors, etc.

DATA TRANSFER OUTSIDE THE REPUBLIC OF TÜRKIYE

As a general rule, your personal data will be processed within the borders of the Republic of Türkiye. However, in certain cases, your personal data may be transferred to countries outside Türkiye.

Please note that in countries outside Türkiye, the level of personal data protection may differ from that provided under Turkish law. We carefully evaluate the conditions under which such data will be processed and stored after being transferred abroad.

If the Personal Data Protection Board of Türkiye has issued an adequacy decision regarding a country or an international organization, your personal data may be transferred to that country or organization in accordance with the same level of protection provided within Türkiye.

In cases where there is no adequacy decision, we take all necessary measures to ensure the secure transfer of your personal data, including signing a Standard Contractual Clause (SCC) approved by the Personal Data Protection Board of Türkiye. In certain cases, we may ask for your explicit consent before transferring your data outside Türkiye.

DO WE APPLY AUTOMATED DECISION-MAKING OR PROFILING?

As a rule, we do not use fully automated decision-making processes, including profiling, that produce legal effects or significantly affect the individual, within the meaning of the Law on Protection of Personal Data No. 6698, when initiating or executing contractual relationships. Should we apply such procedures in specific cases, we will inform you separately, in accordance with our legal obligations.

RIGHTS GUARANTEED TO YOU

We guarantee the implementation of these rights and the provision of any related information at your request or in case of your query:

  • know (be informed) about the processing of your personal data;
  • to get access to your personal data which are processed by the Data Controller;
  • request correction or addition, adjustment of your inaccurate, incomplete personal data;
  • require the destruction of personal data when they are no longer necessary for the purposes for which they were collected;
  • request the destruction of personal data if they are processed illegally or when you withdraw your consent to the processing of personal data or do not give such consent, when is necessary;
  • disagree with the processing of personal data or withdraw the previously agreed consent;
  • request to provide, if technically possible, the provision of your personal data in an easily readable format according to your consent or for the purpose of performing the contract, or request the transfer of data to another data controller.

In order to exercise your rights, please send us the request by email [email protected].

Upon receipt of your request, we may ask you to provide proof of your identity or other identifying information to ensure that we are exercising your rights as a data subject and to prevent unauthorised disclosure of personal data or information to others who are not entitled to it. If we are unable to identify you, we will not be able to exercise your rights as a data subject.

We provide information about the processing of your personal data free of charge. If your request is unfounded, repetitive or disproportionate, we may charge a fee commensurate with our administrative costs.

Upon receipt of your request, we will respond to you within 30 calendar days of receipt of your claim and the due date for submission of all documents necessary to prepare the answer.

If we think we need to, we will stop processing your personal data, except for storage, until your application is resolved. If you have legally waived your consent, we will immediately terminate the processing of your personal data and within no more than 30 calendar days, except in the cases provided for in this Privacy Policy and in the cases provided for by law when further processing of your personal data is binding on us by the legislation in force, the legal obligations we are facing, court judgements or binding instructions from the authorities. The response will be provided in the same way as your request was received.

By refusing to comply with your requirement, we will clearly indicate the grounds for such refusal.

If you disagree with our actions or the response to your request regarding your personal data, you may file a complaint with the Personal Data Protection Authority (KVKK). You can find more information on the KVKK website: www.kvkk.gov.tr. In all cases, we recommend that you contact us before making a formal complaint so that we can find the right solution.

WHAT HAPPENS IF OUR BUSINESS CHANGES HANDS?

We may, from time to time, expand or reduce the scope of our business operations, which may involve the sale and/or transfer of control of all or part of our business. Any personal data that you have provided will, where it is relevant to any part of our business that is being transferred, be transferred along with that part, and the new owner or newly controlling party will, under the terms of this notice, be permitted to use that data only for the same purposes for which it was originally collected by us.

LINKS TO OTHER WEBSITES

Our website may contain links to other websites, which we do not operate. We have no control over how your data is collected, stored, or used by other websites, and we advise you to check their privacy policies before providing any data to them.

SOCIAL NETWORKS

When you visit social networks, your personal data is processed by a specific social network, and we start processing your personal data when you visit BBN Airlines on social networks. Through various social media channels, we want to introduce you to our wide range of services/products and exchange ideas and opinions with you on important topics.

Your personal data provided on the social network is processed for the following purposes:

  • communicate with our social network visitors;
  • respond to visitor inquiries;
  • obtaining statistical information;
  • conducting customer surveys, marketing campaigns, market analysis, lotteries, competitions or similar actions or events;
  • if necessary, defending the legitimate interests of the Company in institutions and in other cases.

Unless explicitly stated otherwise, the legal basis for data processing is our legitimate interest in accordance with Article 5(2)(f) of the Law on Protection of Personal Data No. 6698. Our legitimate interests are to be able to answer your messages or questions and analyze our availability on social networks, to present our products and services. To the extent that you wish to enter into a contractual relationship with us with your request, the legal basis for such processing is Article 5(2)(c) of the Law.

If we intend to process your personal data for any other purpose not mentioned above, we will notify you prior to such processing.

Our pages on social networks are managed by specific social networks, so when you visit them, the processing of personal data is based on the social network’s privacy policies. With some social networks, depending on the social network policy, the purposes and scope of the processing, we are considered as joint data controllers.

Currently, we use these social networks:

FB: https://www.facebook.com/bbnairlinesturkiye/

Linkedin: https://tr.linkedin.com/company/bbn-airlines-turkiye

Instagram: https://www.instagram.com/bbnairlinesturkiye/

Youtube https://www.youtube.com/@BBNAirlinesTurkiye/featured

Twitter https://x.com/BbnTurkiye

Name of the social network and its Privacy Policy Personal Data we process Personal Data we process as joint data controllers
Facebook

You can read their privacy policy by clicking here: https://www.facebook.com/policy.php  

Your Facebook username, when you comment, react to the publication, share posts, write us messages, your activities on our site, e.g. your page views, duration statistics, query, comment information, and more. We use statistical information (visits to our website, range of contributions, visits and average video transmission times, information about the countries and cities from which our visitors come, age range, gender). We receive anonymous statistics from Facebook through their service. The data controllers’ agreement can be found here: https://www.facebook.com/legal/terms/page_controller_addendum
Instagram

You can read their privacy policy by clicking here: https://help.instagram.com/519522125107875/?helpref=uf_share

Your Instagram username, when you comment, react to the publication, share posts, share content in the stories section, write us messages, your activities on our site, e.g. your page views, duration statistics, query, comment information, and more. We use statistical information (visits to our website, range of contributions, visits and average video transmission times, information about the countries and cities from which our visitors come, age range, gender). We receive anonymous statistics from Instagram through their service. The data controllers’ agreement can be found here: https://help.instagram.com/494561080557017/?helpref=hc_fnav
LinkedIn

You can read their privacy policy by clicking here: https://www.linkedin.com/legal/privacy-policy

Your LinkedIn username, when you comment, react to the publication, share posts, write us messages, your location indicated on the personal account, your activities on our site, e.g. your page views, duration statistics, query, comment information, and more. We use statistical information (visits to our website, range of contributions, visits and average video transmission times, information about the countries and cities from which our visitors come, age range, gender). We receive anonymous statistics from LinkedIn through their service. The data controllers’ agreement can be found here: https://www.linkedin.com/legal/l/dpa
Twitter

You can read their privacy policy by clicking herehttps://twitter.com/en/privacy

Your Twitter username, when you tweet, retweet (share) the tweet, quote, mention, write us messages, your activities on our site, e.g. your page views, duration statistics, query, comment information, and more. We use statistical information (visits to our website, range of contributions, visits and average video transmission times, information about the countries and cities from which our visitors come, age range, gender). We receive anonymous statistics from Twitter through their service. The data controllers’ agreement can be found here: https://gdpr.twitter.com/en/controller-to-controller-transfers.html
YouTube

You can read their privacy policy by clicking here:  https://www.youtube.com/howyoutubeworks/our-commitments/protecting-user-data/

 

Your YouTube username, when you comment and interact with content. If you are logged in with YouTube, you agree to YouTube’s terms of use, privacy and cookie policies and to YouTube’s processing of your personal data, over which we have no control. If you are not registered with YouTube, YouTube may still perform statistical analysis of your personal data when you access our YouTube channel and provide us with anonymized statistics on this.

We use statistical information. Processed data types:

– Inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers);

– Content data (videos, etc.);

– Usage data (e.g. websites visited, interest in content, access times, video views, video likes, comments, purchases, etc.), meta/communication data (e.g. device information, IP addresses).

Video Statistics:

– Number of subscribers and changes

– Watch time data (duration, stoppage time, retention rate)

– Demographics (gender distribution, age, places of origin, use of devices, etc.)

We receive anonymous statistics from YouTube through their service. The data controllers’ agreement can be found here: https://business.safety.google/controllerterms/

CHANGES TO OUR PRIVACY POLICY

We reserve the right to change this Privacy Policy unilaterally from time to time (for example, if the law changes). Any changes will be immediately posted on our websites. We recommend that you check this page regularly to keep up to date.

This Privacy Policy applies from the date it is posted on the Websites. Last review of the Privacy Policy: 16.10.2025.

Click HERE to download the brochure in English and Turkish.

*If you have not prepared your luggage, left your luggage unattended, or if you don’t carry your baggage, please inform us immediately!

Note: One box of matches or one cigarette lighter can be carried on the person but are not allowed in the hold baggage.

Passengers and Cabin Baggage:
Without prejudice to applicable safety rules, passengers are not permitted to carry the following articles into security-restricted areas and on
board an aircraft:
Guns, firearms, and other devices that discharge projectiles: Pistols, revolvers, rifles, shotguns, toy guns, replicas and imitation firearms capable
of being mistaken for real weapons, component parts of firearms, excluding telescopic sights, compressed air and CO 2 guns, pellet guns, signal
flare pistols and starter pistols, bows, crossbows and arrows, harpoon guns and spear guns, slingshots and catapults.
Stunning devices: stun guns, tasers and stun batons, animal stunners, and animal killers, disabling and incapacitating chemicals, gases, and
sprays, such as mace, pepper sprays, capsicum sprays, tear gas, acid sprays, and animal repellent sprays.
Objects with a sharp point or sharp edge — objects with a sharp point or sharp edge capable of being used to cause serious injury:
items designed for chopping, such as axes, hatchets and cleavers, ice axes and ice picks, razor blades, box cutters, knives with blades of more
than 6 cm, scissors with blades of more than 6 cm as measured from the fulcrum, martial arts equipment with a sharp point or sharp edge, swords,
and sabers.
Workmen’s tools: as a weapon, such as screwdrivers and chisels, — saws, including cordless portable power saws, blowtorches, bolt guns, and
nail guns;
Blunt instruments — objects capable of being used to cause serious injury: baseball and softball bats, clubs, and batons, such as billy clubs,
blackjack, nightsticks, and martial arts equipment.

Passengers are not permitted to carry the following articles in their hold baggage:
Explosives and incendiary substances and devices — explosives and incendiary substances and devices capable, or appearing capable, of being
used to cause serious injury or to pose a threat to the safety of aircraft, including ammunition, blasting caps, detonators and fuses, replica or
imitation explosive devices, mines, grenades, and other explosive military stores, fireworks, and other pyrotechnics, smoke-generating canisters
and smoke-generating cartridges, dynamite, gunpowder, and plastic explosives.

The following dangerous goods are also completely exempt from transportation as cabin or hold baggage:
Butane lighter gas, lighter fuel, blue flame or cigar lighters, strike anywhere matches, bleach, peroxide, poison, oxygen generators, radioactive
material, corrosive materials like acids, mercury, and wet cell batteries as well as filled scuba diving bottles, fuel containers, and camping stoves
that are not emptied and cleaned, dry ice in quantities of more than 2.5 kg per person and strong magnets, combustion engines, and flammable
materials like paint, lacquers, and solvents, security-type briefcases, or attached cases incorporating lithium batteries or pyrotechnical devices.

BBN Hava Yolları ve Taşımacılık Anonim Şirketi offers charter passenger services and ACMI operations, dependable and economical air cargo transport solutions across Europe, the Middle East, and Africa.

As an organization, we are committed to making a positive impact on the world by actively minimizing its environmental footprint, ensuring a safe, inclusive, and engaging working environment, supporting the communities in which it operates, and adhering to trusted, transparent, and compliant business practices.

Our collective goal, in collaboration with our stakeholders, is to contribute to a more sustainable, responsible, and inclusive aviation industry. To achieve this, we place significant importance on our suppliers and have established a Sustainable Procurement strategy based on the Supplier Code of Conduct (SCoC).

This Code is based on our corporate values and adheres to the principles of the United Nations Global Compact.

The SCoC reflects our corporate values and adheres to the principles of the United Nations Global Compact, which sets out the essential requirements expected from our suppliers in accordance with internationally recognized standards and conventions.

We hold all our suppliers, including subcontractors who conduct business with the company to the same high standards of responsible business practices and ethical behavior. Regardless of their location, all business activities should be conducted in full compliance with the SCoC.

We anticipate that you will integrate these principles throughout your supply chain and demonstrate exemplary practices in social and environmental responsibility, as well as business ethics. For this purpose, the company has produced this Supplier Code of Conduct (SCoC), which sets the minimum standards for doing business with our company or Business Unit.

By working together, we aim to create a more sustainable, responsible, and inclusive aviation industry.

Click HERE to download the complete Supplier Code of Conduct.

 

PRIVACY NOTICE

FOR THE COUNTERPARTY ONBOARDING AND DUE DILIGENCE

1.   Introduction

Avia Solutions Group (ASG) is one of the largest global aerospace businesses holding offering aviation services worldwide. We take a zero-tolerance approach to money laundering and terrorism financing and are committed to the highest level of openness, integrity, and accountability. Seeking legitimacy and being reliable ASG and its subsidiaries seek to conduct business only with reputable counterparties whose funds are derived from legitimate sources and who have no imposed sanctions on them. In order to achieve the above, we implement the Know Your Customer (KYC) principle in our business, which allows you to know your customer: the identity of the customer, the customer’s representatives or other authorized persons, the beneficial owners, the activities carried out, the sources of funds, etc. To implement the KYC principle, we use the Know Your Customer form (paper or electronic version), which we ask you to complete before any of Avia Solutions Group companies[1] is intending to start a legally binding relationship with you or your represented legal entity.

Avia Solutions Group is committed to ensuring that the KYC process is based on the most up-to-date and relevant information, and therefore Avia Solutions Group regularly reviews and updates the data and information you provide in the Know Your Customer form. Normally, the update of the data provided in the Know Your Customer form takes place once a year, but in any case, we will inform you in advance when the data and/or other information provided by you needs to be updated.

This Privacy Notice applies to the processing of personal data in relation to counterparty onboarding and due diligence when we ask you to complete the Know Your Customer form.

In this Privacy Notice you find information about how we process your personal data and what rights you have as a data subject. You can also find here the contact details of the responsible data controller, with whom you may exercise your rights.

If you provide us with personal information other than your own (for example, identifying other natural persons as manager, beneficiary, representative, etc.), please inform them of this Privacy Notice and its contents and make sure they do not object to providing personal data on their behalf and processing it in accordance with privacy statements below.

2. Data Controller and How to Contact us?

Avia Solutions Group companies act as joint controllers when processing your personal data for the purposes set out in this Privacy Notice.

The contact details of each Avia Solutions Group company can be found here: https://aviasg.com/en/the-group/general-contacts.

If you have any questions, comments, or complaints regarding how we handle information about you, or if you want to assert any of your rights, please contact: [email protected]

If you have any questions regarding the Onboarding and Due Diligence Procedure, please contact: [email protected]

3.   What PERSONAL DATA do we collect and for what purpose and legal basis?

Purpose Personal Data Categories Legal Basis
Counterparty Onboarding and Due Diligence Procedure

 

When a counterparty is a natural person: ·         Name, surname, date of birth, nationality, occupation

·         valid ID/passport number

·         data on whether the client is a politically exposed person

·         residential and registered address details

·         phone number, e-mail address

·         bank information (account number)

·         relationship with the third party (if payment will be made by the third party)

·         source of funds/wealth (if payment will be made in cash)

·         signature.

·   Our legal obligation to monitor and implement the international and/or national sanctions (Article 6 Part 1. c) of the GDPR).

 

·   Our legitimate interest to fulfill the requirements for money laundering and financing terrorism prevention, prevention of corruption, bribery, and fraud to be legitimate, reliable, and reputable business to our counterparties and authorities (Article 6 Part 1. f) of the GDPR).

When a counterparty is a legal entity: ·         The authorized person to fill the Know Your Customer Form: name, surname, title, signature

·         Ultimate beneficial owner: name, surname, address, occupation, date of birth, nationality, data on whether the person is a politically exposed person

·         Shareholder: name, surname, address, date of birth, nationality, data on whether the person is a politically exposed person

·         Controlling person (e.g., a Chief Executive Officer, Chief Financial Officer, Managing Member): name, surname, address, country of residence, date of birth, nationality, data on whether the person is a politically exposed person, role/position of the person

·         Member of the board of directors: name, surname, data on whether the person is a politically exposed person

·         Authorised representative: name, surname, address, country of residence, date of birth, email, phone, role/position.

Personal data collected within provided copies of the following documents: ·         Identity Card or Passport.

·         Official documents of authorities verifying the identity and the place of residence.

·         Documentation proving the source of funds/wealth.

·         Articles of Association authorizing the representative of a legal entity.

·         Certificate of Incorporation or its equivalent.

·         Certificate of Directors or copy of CEO (or other principal management body) appointment document.

Defend our rights and interests If you get involved in a dispute with us or we need to otherwise defend, enforce, exercise, and uphold our rights or legitimate interests, we collect, use and store the data that is necessary for the specific case. ·   Our legitimate interest to protect our business interests and defend or enforce legal claims (Article 6 Part 1. (f) of the GDPR)

 

4.  How long do we store your personal data?

We will process your personal data collected during the Onboarding and Due Diligence Procedure for 5 years after the last Onboarding/Due Diligence procedure, unless longer storage of personal data and related documents will be required by applicable laws, legal regulations, or institutional/state authorities, or will be necessary for the defense in the judicial process. We ensure and take all necessary measures to avoid storing outdated or unnecessary personal data about you.

5.  How do we collect your personal data?

We collect your personal data via:

  • The KYC Form and the provided copies of documents by you or the authorized person.
  • Consolidated lists of sanctions managed by institutional authorities (e. g.).
  • Other commercially available/public sources on the internet (e. g.).

6.  To whom do we disclose your personal data?

As the Onboarding and Due Diligence Procedure is implemented groupwide we share your personal data described in this Privacy Notice with Avia Solutions Group as the parent company on the joint controllership of personal data basis. The result of the Onboarding and Due Diligence Procedure and some personal data may be shared with other Avia Solutions Group companies[2] in case any of them is intending to start a legally binding relationship with you or your represented legal entity. Therefore, in certain cases, personal data may be transferred to third countries (outside the European Economic Area (EEA), such as United Kingdom, United States of America). For such transfers, we have entered into Standard Contractual Clauses approved by the European Commission, or we follow other grounds and conditions set out in the GDPR or decisions of the European Commission.

We also may share some of your personal data with:

  • Companies acting on our behalf as IT/electronic security service processors.
  • Our professional advisors, auditors, lawyers, and/or financial, and accounting advisers.
  • Law enforcement authorities at their request or on our own initiative if there is a suspicion that a criminal offense has been committed, as well as courts and other dispute resolution bodies.
  • Banks or other financial service providers who are subject to money laundering, sanctions, and prevention of financing terrorism, corruption, bribery, and fraud.

7.  Do we apply automated decision-making or profiling?

Your personal data will not be used for automated decision-making including profiling.

8.  Rights guaranteed to you

We guarantee the implementation of the following rights and the provision of any related information at your request or in case of your query:

  • right of access – You have the right to ask us for copies of your personal information.
  • right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
  • right to erasure – You have the right to ask us to erase your personal information in certain circumstances.
  • right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances.
  • right to object to processing – You have the right to object to the processing where the processing is based on legitimate interests. You have the right to object to the processing of your personal data where the processing is based on our legitimate interests, but if we have compelling legitimate grounds, we will process your data without your consent. To exercise this right, please contact: [email protected]
  • right to data portability – You have the right to ask that we transfer the personal information you gave us to another organization, or to you, in certain circumstances.

9.   How to complain

If you disagree with our actions or the response to your request, you have the right at any time to lodge a complaint with the data protection supervisory authority, in particular in the EU Member State where you are resident or where the alleged breach of the GDPR occurred, and to seek judicial remedies (the list of supervisory authorities by each EU countries: https://edpb.europa.eu/about-edpb/board/members_en). In all cases, we recommend that you contact us before making a formal complaint so that we can find the right solution.

10.  Updates

We may change this Privacy Notice from time to time. We encourage you to review this Privacy Notice periodically.

The Privacy Notice was last updated on 21 August 2025

11.  Türkiye specific addendum

This Türkiye-Specific Addendum supplements the Privacy Notice for Counterparty Onboarding and Due Diligence of BBN Hava Yolları ve Taşımacılık A.Ş. (Hereinafter, BBN Airlines Türkiye) a company based in Türkiye and part of the Avia Solutions Group. This Addendum applies exclusively to the processing of personal data within Türkiye and complies with the Law on Personal Data Protection No. 6698.

For counterparties conducting business with our group company in Türkiye, BBN Airlines Türkiye acts as the data controller under Law No. 6698. Personal data collected within the scope of counterparty onboarding and due diligence procedures will be processed by BBN Airlines Türkiye in compliance with the legal obligations set forth under the law. Personal data is processed on the legal basis of compliance with a legal obligation of the data controller under Article 5/2(ç) and processing necessary for the legitimate interests pursued by the data controller under Article 5/2(f) of the Law.

As part of the Avia Solutions Group, personal data may be transferred to Avia Solutions Group companies located outside Türkiye. For such transfers, BBN Airlines Türkiye has entered into Standard Contractual Clauses approved by the Turkish Data Protection Authority and complies with the conditions set out in Law No. 6698 and the decisions of the Turkish Data Protection Board.

Pursuant to Article 11 of Law No. 6698, you have certain rights regarding your personal data, including the right to access, rectify, delete, and object to the processing of your data. You can submit your requests regarding these rights by filling out the Data Subject Application Form and sending it to [email protected]

This Addendum is intended to align the Privacy Notice with the requirements of Turkish data protection laws. If there are any discrepancies between this Addendum and the Privacy Notice, the provisions of this Addendum shall prevail for personal data processing activities conducted in Türkiye. For any questions regarding this Addendum, please contact us at [email protected]