GENERAL PRIVACY NOTICE
ON THE PROTECTION OF PERSONAL DATA
We, SIGNATURE GARDEN AVANOS HOTEL & SPA (“Hotel”), are attribute great importance to the personal data of our dear guests, potential guests, website users, suppliers, suppliers’ employees and other third parties in relation with our Hotel; therefore, we take high security measures in order to protect your personal data from unauthorized access. In order to protect your fundamental rights and freedoms, especially the right to privacy, we process your personal data within the scope of the Law on the Protection of Personal Data numbered 6698 (“LPPD”) and secondary regulations enacted based on the same, the Identity Reporting Law numbered 1774, the Tax Procedural Law numbered 213, the Turkish Commercial Law numbered 6102, European Union General Data Protection Regulation (“GDPR”) and other relevant legislations in line with the explanations stated below.
Pursuant to the LPPD, TURMALİN OTELCİLİK VE TURİZM SANAYİ TİCARET ANONİM ŞİRKETİ (“Company”), has the title of “Data Controller”. Our company wish to inform you regarding purpose of processing your personal data, to whom your personal data can be transferred and purpose of transfer of your personal data, the method and legal grounds for collection of your personal data and your legal rights by this Privacy Notice that has been prepared for the purposes of fulfilling our obligation to inform within the scope of the *Obligation of the Data Controller to Inform" under Article 10 of the LPPD and "Rights of the Data Subject" under article 11 of the LLPD, our institution reserves the right to revise this "General Privacy Notice on the Protection of Personal Data" at all times in line with the changes that may occur in the current legislation.
Your Identity Information: Name-Surname, identification Number, Place of Birth, Date of Birth, Passport Number, Signature
Your Contact Information: Email address, Phone number, Address
Your Customer Transaction Information: Call Centre Records, Order Information, Request Information, Records of your Instructions and Instructions
Physical Environment Security Information: Closed-circuit camera image and sound recording, entrance-exit recording information taken in common areas during Hotel Entry-Exit and stay time
Your Transaction Security Information: Mac address information, access IP Information and data from according to Law 5651
Information about those traveling with you: Name-Surname, ID Number, Passport Number, Date of Birth
Your Financial Information: Credit card information, mail order information, bank account information if required
Your Marketing Data: Surveys
Your Special Categories of Personal Data: Special categories of your health data if you have stated and gave explicit consent (such as allergen information, previous diseases), information on race and ethnicity
Other Information: (including the collected information via communication channels on the website) Information and Records Received About Your Requests About Products and Services, Hotel Entry-Exit Dates, Satisfaction surveys made to you to be used for marketing purposes, Information and Records Collected About Person's Complaints About Products and Services, Special Day Information, Vehicle Plate
Your personal data, that you provide in person or indirectly to our institution within the scope of the services that we provide may be collected via oral, written or electronic platforms. Your personal data may be collected during performance of the room reservation process, contacts with tour operators and travel agencies, stages of entering the Hotel and performance of payment transactions, notification of your requests and complaints, process of filling in customer satisfaction and questionnaire forms and participation in trainings, seminars or organizations organized by the Hotel for any purpose. Your personal data can be processed in the following cases as stated under Article 5 of the LPPD;
Your health data under special categories of personal data, can be processed based on the conditions provided under article 6 of the LPPD) or your explicit consent. Special categories of personal data are the data that may lead to aggrievement in the person in case of disclosure. Data related to the race, ethnicity, political opinion, philosophical belief, religious sect or other beliefs, costume and outfit, association/foundation or union membership, health, sexual life, criminal conviction and security decision together with the biometric and genetic data of such persons constitute special categories of personal data. In principle, as a ruse, special categories of personal data can only be processed based on the consent of the data stilled. Personal data concerning health and sexual life such as blood group, allergen information, information on previous diseases may only be processed, without seeking explicit consent of the data subject, by the persons subject to secrecy obligation or competent public institutions and organizations, for the purposes of protection of public health, operation of preventive medicine, medical diagnosis, treatment and nursing services, planning and management of health-care services as well as their financing.
Adequate measures shall be taken while processing the special categories of personal data. Additionally, our guests can request customized services by sharing their current conditions with our Company and consequently may share their special categories of personal data for this purpose. (In case our guest requests special service by sharing their special categories of personal data, for example, requesting a thin pillow due to neck hernia, requesting a room on the ground floor due to heart disease, requesting us to prepare a dessert without nuts due to peanut allergy, etc.). In order for us to provide customized services to our guests’ needs that they define by sharing their special categories of personal data, our Company will process the special categories of sensitive personal data only by receiving explicit consent from the data subject and only for the collection purposes.
For the purpose of performing room reservation proceedings, fulfilment of legal and regulatory requirements, solving possible legal issues between the parties that may arise in the future, ensuring the management of guest relations, conduction and audit of financial transactions, protection of guests and public health, providing health care services, ensuring occupational safety and physical security; management, monitoring, control of hotel entrances and exits, ensuring the security of the common areas, ensuring administrative management and cyber security of the Internet data network, providing quality improvement activities, ensuring risk management, performing routine inspections arising from laws, conduction of advertising campaign/ promotion activities, conduction of marketing analysis studies, conduction of activities for customer satisfaction, execution of customer relationship management processes, conduction of sale of goods/services processes, conduction of post-sales support service processes for goods/services, conduction of activities regarding ensuring business continuity, receiving and evaluating suggestions with respect to improvement of business processes, carrying out commitment processes to firms/products/services.
Your personal data that have been processed within the scope of the indicated purposes may be transferred mainly to our business partners, suppliers, shareholders, third parties that are connected within the scope of brokerage/agency activities, domestic or foreign third parties of which our company provides or receives support services, legally authorized public institutions and private persons in accordance with the fundamental principles stipulated under LPPD and within the scope of the Article 8 and 9 of the law for the requirements of our activities and for the purposes as stated within the purpose of process of personal data section. These persons are not limited to the aforementioned ones but can be counted mainly as transportation companies, accommodation facilities, private insurance companies, private security companies, third party supplier companies providing concierge services, official /administrative authorities.
Your personal data can be transferred abroad through receiving explicit consent in consideration of the principles stated under Article 4/2 of the LPPD or without seeking the explicit consent of the data subject only in presence of the conditions set forth under Article 5/2 and 6/3 of the LPPD in accordance with the rules under article 9 upon announcement of the countries where sufficient level of protection is provided by the Personal Data Protection Board provided that the personal data will be transferred only to the persons and institutions located within those countries and for the countries where sufficient protection is determined to be not provided on the other hand, your personal data can be transferred provided that the controllers in Turkey and in the related foreign country guarantee a sufficient protection in writing and the Board has authorized such transfer. Your personal data may be disclosed to the public authorities only in case it is requested by the official authorities and in case of presence of obligation to disclose the same as per the imperative provisions of the legislation. Our Company does not use or sell your personal data other than those purposes, scope and activities. All necessary technical and administrative measures are being taken by us for the purpose of prevention of unlawful process and unlawful access and maintaining safe storage of your personal data.
Period of time for Storage of Personal Data
Your personal data shall be erased, destructed or anonymized in case of ex officio by the Company periodically at the latest of at the end of 6 months of periodical terms upon disappearance and cease of purposes which require the process or upon completion of the prescription period for process of personal data set forth under relevant legislation or within 30 days upon your request. All transactions with respect to erasure, destruction and anonymization of your personal data shall be recorded and such records shall be retained for 3 (three) years as of the transaction date for the purpose of submitting to the Ministry when necessary.
Rights of the Data Subject
You have the right to demand the following through applying to our Company as the "Data Controller in accordance with the article 11 of the LPPD:
The Company will keep your personal data for as long as required by the above-mentioned processing purposes. You can send your requests within the scope of the Article 11 of the Law regulating the rights of the data owner to our e-mail address info.garden@signaturehotels.com.tr writing “Information Request within the scope of the Law on the Protection of Personal Data” in the subject part of the e-mail and using the Data Owner Application Form available at www.signaturegardenavanos.com/en/applicationform.pdf internet address. You can send it via e-mail after signing the form with the “secure electronic signature” according to the Electronic Signature Law numbered 5070 or to the address ÇAT BELDESİ CUMHURİYET MAH. 50.YIL SK. NO: 3 MERKEZ / NEVŞEHİR by writing “Information Request within the scope of the Law on the Protection of Personal Data,” originally signed personally, by posting or through notary. We will conclude your request shortly depending on the nature of the request and within 30 days at the latest free of charge. However, in case your request requires additional costs, the tariff determined by the Personal Data Protection Board shall be charged from yourselves.
You can access our Personal Data Protection, Processing, Storage and Disposal Policy on www.signaturegardenavanos.com/en/datapolicy for the detailed information about the processes mentioned within the scope of this clarification text.
Regards,
SIGNATURE GARDEN AVANOS HOTEL & SPA