Security Policy

Security Policy

This policy summarises the technical and organisational security measures taken by Prime VIP Transfer to protect our website, reservation systems, payment infrastructure and personal data in connection with VIP transfer and tour services, in accordance with Turkish Data Protection Law (KVKK), the Electronic Commerce Law and related legislation.

1. Technical Security

SSL/TLS encryption, firewalls and intrusion prevention, regular security updates, access control and authorisation, encryption of sensitive data and secure backup are applied.

2. Payment Security

Payments are processed via PCI-DSS compliant or authorised payment institutions. Card details are not stored directly on our servers; tokenisation or payment provider infrastructure is used.

3. User and Access Management

Password policies, multi-factor authentication (where implemented) and account lockout mechanisms reduce unauthorised access. Staff access is limited on a need-to-know basis.

4. Incident Response and Notification

In the event of a security breach or data breach, notification is made to the Personal Data Protection Board and to data subjects as required by KVKK and applicable law. Incident response procedures are in place.

5. Continuous Improvement

Security risks are assessed periodically; penetration testing and internal/external audits may be carried out. This policy is updated as necessary.

Last updated: February 2026