Fika Otel

KVKK

 

TEXT OF CLARİFİCATİON AND CONSENT ON THE PROTECTİON OF PERSONAL DATA

 

As Fika Hotel, we are aware of the importance of the personal data of our valued guests; therefore, we take high security measures to protect your personal data from unauthorized access. In order to protect your fundamental rights and freedoms, especially the right to privacy, we process your personal data as explained below within the framework of the Personal Data Protection Law No. 6698 and secondary regulations issued in accordance with this law, Identity Notification Law No. 1774, Tax Procedure Law No. 213, Turkish Commercial Code No. 6102 and other relevant legislation.

Identity of the data controller;

 

Pursuant to Law No. 6698 on the Protection of Personal Data, Fika Otel Turizm San.Ve Tic. Ltd. Şti. has the title of "data controller".

 

Within the scope of the "Disclosure Obligation of the Data Controller" in Article 10 of the KVKK and the "Rights of the Data Subject" in Article 11 of the KVKK; For what purpose your personal data will be processed, to whom and for what purpose your processed personal data can be transferred, the method and legal reason for collecting your personal data and your rights, Fika Otel Turizm San. And Tic. Ltd. Şti. as the data controller, we would like to inform you with this "Clarification and Consent Text on the Protection of Personal Data" prepared with the aim of fulfilling our obligation to inform our guests, visitors, business partners and real or legal persons with whom we communicate.

 

* Our organization reserves the right to revise this "Clarification and Consent Text on the Protection of Personal Data" at any time within the framework of changes that may occur in the legislation in force.

Your personal data we process;

Your identity information (such as name-surname, Turkish ID number)

your contact information (such as e-mail address, phone number),

your location information (such as address),

information about your children (such as age and date of birth),

your financial information (information about your payment transactions),

Your wishes, complaints or comments during or after your stay in our hotels.

** We are able to obtain the name, surname, nationality and date of birth information of minors under the age of 18 through you in accordance with the principle of limited number.

Moments of collection of your personal data;

Your personal data, within the framework of the services we provide, your personal data provided by you personally or indirectly to our organization; It is collected in all kinds of verbal, written or electronic media.

During hotel activities;

Making room reservations, establishing dialogues with tour operators and travel agencies, checking in and making payments, reporting your requests and complaints, filling out customer satisfaction and questionnaire forms

Your personal data may be collected during your participation in trainings, seminars or organizations organized for any purpose and during your visit to our internet website.

The method and legal reason for collecting personal data

Your personal data may be processed in the following cases as set out in Article 5 of the Personal Data Protection Law No. 6698;

1. Explicit consent,

2. It is explicitly stipulated by law.

3. It is necessary for the protection of the life or physical integrity of the person who is unable to disclose his/her consent due to actual impossibility or whose consent is not legally valid.

4. It is necessary to process personal data belonging to the parties to the contract, provided that it is directly related to the establishment or performance of a contract.

5. It is mandatory for the data controller to fulfill its legal obligation.

6. It has been made public by the data subject himself/herself.

7. Data processing is mandatory for the establishment, exercise or protection of a right.

8. Data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject.

Your health data, which is in the category of special categories of personal data, can be processed depending on the fulfillment of the conditions specified in Article 6 of the Personal Data Protection Law No. 6698 or your explicit consent.

Processing of your special categories of personal data

Sensitive personal data are data that may cause victimization in case of disclosure. Data relating to race, ethnic origin, political opinion, philosophical belief, religious sect or other beliefs, appearance and dress, membership to associations, foundations or trade unions, health, sexual life, criminal convictions and security measures, and biometric and genetic data are sensitive personal data. As a rule, sensitive personal data can only be processed with the consent of the data subject.

Your personal data as set out in Article 6 of the Personal Data Protection Law No. 6698,

Personal data other than health and sexual life may be processed without the explicit consent of the data subject in cases stipulated by law. Your special categories of personal data such as blood type, allergen information, information on previous diseases and personal data related to health and sexual life can only be processed by persons or authorized institutions and organizations under the obligation of confidentiality for the protection of public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing, without seeking the explicit consent of the data subject.

Adequate measures determined by the Board must be taken in the processing of special categories of personal data.

Purposes of processing your personal data

- Performing room reservation procedures

- Fulfillment of legal and regulatory requirements,

- Ensuring quality improvement activities,

- Ensuring risk management,

- Ensuring the management of guest relations,

- Identification and implementation of commercial business and strategies,

- Realization of marketing and sales operations,

- Conducting routine inspections,

- Execution and supervision of financially sourced transactions,

- Planning, auditing and execution of information security processes,

- Preventing misconduct and unauthorized transactions that may arise from employees,

- Evaluating and responding to suggestions, requests and complaints to be communicated by customers through all kinds of channels and carrying out improvement works in accordance with the notifications

Duration of storage of personal data

In cases where the purpose requiring processing is eliminated or when the data processing timeout periods are completed within the scope of the relevant legislation, your personal data will be deleted, destroyed or anonymized and will continue to be used.

Rights of the personal data owner

Any person concerned may apply to the data controller and request the following rights regarding him/her;

1. Learn whether personal data is being processed,

2. Request information if personal data has been processed,

3. To learn the purpose of processing personal data and whether they are used in accordance with their purpose,

4. To know the third parties to whom personal data are transferred domestically or abroad,                  

(in order to fulfill this request, the legal purpose of processing personal data must have disappeared, the legal retention periods must have expired or the relevant statute of limitations must have expired. Your request for deletion will not be fulfilled before these periods expire).

5. To request correction of personal data in case of incomplete or incorrect processing,

6. To request the deletion or destruction of personal data within the framework of the conditions stipulated in Article 7,

7. To request notification of the transactions made pursuant to Articles V. and VI. to third parties to whom personal data are transferred,

8. To object to the emergence of a result to the detriment of the person himself/herself by analyzing the processed data exclusively through automated systems,

9. In case of damage due to unlawful processing of personal data, to demand compensation for the damage.