TEXT OF CLARİFİCATİON AND CONSENT ON THE
PROTECTİON OF PERSONAL DATA
As Fika
Hotel, we are aware of the importance of the personal data of our valued
guests; therefore, we take high security measures to protect your personal data
from unauthorized access. In order to protect your fundamental rights and
freedoms, especially the right to privacy, we process your personal data as
explained below within the framework of the Personal Data Protection Law No.
6698 and secondary regulations issued in accordance with this law, Identity
Notification Law No. 1774, Tax Procedure Law No. 213, Turkish Commercial Code
No. 6102 and other relevant legislation.
Identity of
the data controller;
Pursuant to
Law No. 6698 on the Protection of Personal Data, Fika Otel Turizm San.Ve Tic.
Ltd. Şti. has the title of "data controller".
Within the
scope of the "Disclosure Obligation of the Data Controller" in
Article 10 of the KVKK and the "Rights of the Data Subject" in Article
11 of the KVKK; For what purpose your personal data will be processed, to whom
and for what purpose your processed personal data can be transferred, the
method and legal reason for collecting your personal data and your rights, Fika
Otel Turizm San. And Tic. Ltd. Şti. as the data controller, we would like to
inform you with this "Clarification and Consent Text on the Protection of
Personal Data" prepared with the aim of fulfilling our obligation to
inform our guests, visitors, business partners and real or legal persons with
whom we communicate.
* Our
organization reserves the right to revise this "Clarification and Consent
Text on the Protection of Personal Data" at any time within the framework
of changes that may occur in the legislation in force.
Your
personal data we process;
Your
identity information (such as name-surname, Turkish ID number)
your contact
information (such as e-mail address, phone number),
your
location information (such as address),
information
about your children (such as age and date of birth),
your
financial information (information about your payment transactions),
Your wishes,
complaints or comments during or after your stay in our hotels.
** We are
able to obtain the name, surname, nationality and date of birth information of
minors under the age of 18 through you in accordance with the principle of
limited number.
Moments of
collection of your personal data;
Your
personal data, within the framework of the services we provide, your personal
data provided by you personally or indirectly to our organization; It is
collected in all kinds of verbal, written or electronic media.
During hotel
activities;
Making room
reservations, establishing dialogues with tour operators and travel agencies,
checking in and making payments, reporting your requests and complaints,
filling out customer satisfaction and questionnaire forms
Your
personal data may be collected during your participation in trainings, seminars
or organizations organized for any purpose and during your visit to our
internet website.
The method
and legal reason for collecting personal data
Your
personal data may be processed in the following cases as set out in Article 5
of the Personal Data Protection Law No. 6698;
1. Explicit
consent,
2. It is
explicitly stipulated by law.
3. It is
necessary for the protection of the life or physical integrity of the person
who is unable to disclose his/her consent due to actual impossibility or whose
consent is not legally valid.
4. It is
necessary to process personal data belonging to the parties to the contract,
provided that it is directly related to the establishment or performance of a
contract.
5. It is
mandatory for the data controller to fulfill its legal obligation.
6. It has
been made public by the data subject himself/herself.
7. Data
processing is mandatory for the establishment, exercise or protection of a
right.
8. Data
processing is mandatory for the legitimate interests of the data controller,
provided that it does not harm the fundamental rights and freedoms of the data
subject.
Your health
data, which is in the category of special categories of personal data, can be
processed depending on the fulfillment of the conditions specified in Article 6
of the Personal Data Protection Law No. 6698 or your explicit consent.
Processing
of your special categories of personal data
Sensitive
personal data are data that may cause victimization in case of disclosure. Data
relating to race, ethnic origin, political opinion, philosophical belief,
religious sect or other beliefs, appearance and dress, membership to
associations, foundations or trade unions, health, sexual life, criminal
convictions and security measures, and biometric and genetic data are sensitive
personal data. As a rule, sensitive personal data can only be processed with
the consent of the data subject.
Your
personal data as set out in Article 6 of the Personal Data Protection Law No.
6698,
Personal
data other than health and sexual life may be processed without the explicit
consent of the data subject in cases stipulated by law. Your special categories
of personal data such as blood type, allergen information, information on
previous diseases and personal data related to health and sexual life can only
be processed by persons or authorized institutions and organizations under the
obligation of confidentiality for the protection of public health, preventive
medicine, medical diagnosis, treatment and care services, planning and
management of health services and financing, without seeking the explicit
consent of the data subject.
Adequate
measures determined by the Board must be taken in the processing of special
categories of personal data.
Purposes of
processing your personal data
- Performing
room reservation procedures
-
Fulfillment of legal and regulatory requirements,
- Ensuring
quality improvement activities,
- Ensuring
risk management,
- Ensuring
the management of guest relations,
-
Identification and implementation of commercial business and strategies,
-
Realization of marketing and sales operations,
- Conducting
routine inspections,
- Execution
and supervision of financially sourced transactions,
- Planning,
auditing and execution of information security processes,
- Preventing
misconduct and unauthorized transactions that may arise from employees,
- Evaluating
and responding to suggestions, requests and complaints to be communicated by
customers through all kinds of channels and carrying out improvement works in
accordance with the notifications
Duration of
storage of personal data
In cases
where the purpose requiring processing is eliminated or when the data
processing timeout periods are completed within the scope of the relevant
legislation, your personal data will be deleted, destroyed or anonymized and
will continue to be used.
Rights of
the personal data owner
Any person
concerned may apply to the data controller and request the following rights
regarding him/her;
1. Learn whether personal data is being processed,
2. Request information if personal data has been processed,
3. To learn the purpose of processing personal data and
whether they are used in accordance with their purpose,
4. To know the third parties to whom personal data are
transferred domestically or abroad,
(in order to fulfill this request, the legal purpose of
processing personal data must have disappeared, the legal retention periods
must have expired or the relevant statute of limitations must have expired.
Your request for deletion will not be fulfilled before these periods expire).
5. To request correction of personal data in case of
incomplete or incorrect processing,
6. To request the deletion or destruction of personal data
within the framework of the conditions stipulated in Article 7,
7. To request notification of the transactions made pursuant
to Articles V. and VI. to third parties to whom personal data are transferred,
8. To object to the emergence of a result to the detriment
of the person himself/herself by analyzing the processed data exclusively
through automated systems,
9. In case of damage due to unlawful processing of personal
data, to demand compensation for the damage.