Privacy Policy

We only collect the information strictly necessary to provide our travel services. This includes:

• Identification data: full name, date of birth, nationality and gender.
• Contact data: email address, phone number, postal address and preferred language.
• Passport and identity document data: passport number, issue and expiry date, issuing country — collected only when required for hotel check-in, domestic flight booking, border crossings, or tours with restricted-access areas.
• Booking data: tour selections, travel dates, number of travellers, special requests, dietary restrictions and accessibility needs.
• Payment data: processed directly by our PCI-DSS compliant payment provider; we do not store full card numbers on our servers.
• Account data: username, hashed password and account preferences when you register a My Account profile.
• Technical data: IP address, device information, browser type, pages visited and timestamps, collected for security, fraud prevention and website analytics.

Your personal data is used to:

• process bookings and issue vouchers, tickets and invoices;
• confirm reservations with hotels, airlines, guides and local service providers;
• communicate with you before, during and after the tour (itinerary updates, pickup times, weather alerts);
• provide customer support and handle complaints or refunds;
• comply with legal, tax and border-control obligations;
• detect and prevent fraud or abuse of our services;
• send newsletters and promotional offers — only if you have opted in.

Passport information is considered sensitive and is handled with particular care. We only request it when legally or operationally required (hotel registration, domestic flights, restricted sites such as border areas or specific museums).

Passport data is transmitted over encrypted TLS connections and stored with strong encryption at rest. Access is limited to authorized staff on a strict need-to-know basis.

You remain in full control of this data at any time: from your My Account > Travellers > Passport Details page you can view, update or permanently delete any passport record you have saved. Deletion is immediate and cannot be undone.

If a booking requires passport data that you have deleted, our team will simply ask you to provide it again prior to travel.

We do not sell or rent your personal data. We share it only with the following categories of recipients and only to the extent strictly necessary:

• Travel partners — hotels, airlines, transfer companies, local guides and excursion providers that need traveller details to deliver the purchased services.
• Payment processors — PCI-DSS certified providers that handle card transactions.
• IT and hosting providers — bound by data processing agreements and appropriate technical and organizational measures.
• Accountants, auditors and tax authorities — when required by law.
• Law enforcement or judicial authorities — only in response to a valid legal request.

All partners established outside the European Economic Area process data under Standard Contractual Clauses approved by the European Commission or equivalent safeguards.

Because our tours take place in Türkiye and our servers and partners may be located in Türkiye or other countries, some of your personal data is transferred outside the European Economic Area. Whenever this happens we rely on appropriate safeguards such as Standard Contractual Clauses, adequacy decisions or your explicit consent, so that your data continues to benefit from the protection guaranteed by EU law.

Our website uses cookies and similar technologies to keep you logged in, remember your preferences, analyse traffic and improve the booking experience.

Essential cookies are always active because the website cannot function without them. Analytics and marketing cookies are loaded only after you give your consent through our cookie banner. You can change your choices at any time from the cookie-settings link in the website footer.

No personally identifiable information is stored inside our cookies.

We apply strict technical and organizational measures to protect your personal data against unauthorized access, loss, alteration or disclosure. These include TLS/SSL encryption on every page, encryption at rest for sensitive fields (including passport details), hashed and salted passwords, firewalls, intrusion-detection systems, role-based access control, regular security audits and staff confidentiality training.

In the unlikely event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify the competent supervisory authority within 72 hours and inform affected users without undue delay, as required by GDPR Articles 33 and 34.

We keep personal data only as long as needed for the purposes for which it was collected:

• booking and invoice records: up to 10 years, as required by tax and tourism regulations;
• passport details stored in My Account: until you delete them yourself or close your account;
• marketing contact details: until you unsubscribe or withdraw consent;
• account data: until you delete your account, after which it is permanently erased within 30 days except for data we must keep by law;
• website analytics: anonymised or deleted within 26 months.

As a data subject in the European Union you are entitled to the following rights:

• Right of access (Art. 15) — obtain a copy of the personal data we hold about you.
• Right to rectification (Art. 16) — correct inaccurate or incomplete data.
• Right to erasure / right to be forgotten (Art. 17) — request deletion of your data when it is no longer necessary.
• Right to restriction of processing (Art. 18) — limit how we use your data in certain situations.
• Right to data portability (Art. 20) — receive your data in a structured, machine-readable format.
• Right to object (Art. 21) — oppose processing based on our legitimate interests or for direct marketing.
• Right to withdraw consent at any time, without affecting the lawfulness of earlier processing.
• Right to lodge a complaint with the data-protection authority of your country of residence.

You can exercise most of these rights directly from My Account or by writing to info@toursce.com. We will respond within 30 days.

You can remove saved passport records at any time and without contacting support:

1. Sign in to your account at toursce.com.
2. Open My Account > Travellers > Passport Details.
3. Click the Delete button next to the record you want to remove.
4. Confirm the deletion in the pop-up dialog.

The record is erased immediately from our live database. Encrypted backups are rotated and overwritten within 30 days.

You have the right to close your account and erase your personal data at any time:

1. Sign in to toursce.com.
2. Go to My Account > Settings > Privacy.
3. Click Delete my account.
4. Follow the on-screen confirmation; we will send a verification email to make sure the request is genuine.

After confirmation, your account is disabled immediately and all personal data is permanently erased within 30 days — with the exception of information we are legally required to keep (for example, invoices and accounting records kept for up to 10 years in compliance with tax law). Such residual data is stored in restricted archives and is not used for any other purpose.

You will only receive newsletters, travel offers or promotional content if you have explicitly opted in. Every marketing email includes a one-click unsubscribe link. You can also manage your preferences from My Account > Settings > Communications at any time.

Our services are intended for adults. We do not knowingly collect personal data directly from children under 16. When a booking involves minors, the data is provided by a parent or legal guardian who accepts this Privacy Policy on the child's behalf.

We may update this Privacy Policy from time to time to reflect changes in the law, our services or our internal practices. The "last updated" date at the top of the page always indicates the latest revision. Significant changes will be notified by email or through a notice on our website.