Reservierung

General Disclosure Text

General Disclosure Text

 

GENERAL DISCLOSURE TEXT

UNDER THE LAW NO. 6698 ON THE PROTECTION OF PERSONAL DATA

 

  1. Purpose

As AYDIN ÜNLÜER TURİZM GIDA TİC VE SAN AŞ (COMPANY) located at 'Horozluhan OSB Mahallesi Cibi Sokak No-4/1 Selçuklu/KONYA', this Clarification Text (Clarification Text) has been prepared within the scope of the Personal Data Protection Law No. 6698 (PDPL) in order to fulfill the obligation stipulated by the Personal Data Protection Law (PDPL), taking into account the importance we attach to fundamental human rights and the superior value of personal data.

Pursuant to PDPL, the COMPANY, as the Data Controller, informs its employees, employee candidates, supplier employees, visitors and 3rd parties whose personal data will be processed as follows and enlightens them as follows within the scope specified in Article 10 of PDPL.

 

  1. Definitions

Company: "Horozluhan OSB Mahallesi Cibi Sokak No-4/1 Selçuklu/KONYA" located at the address AYDIN ÜNLÜER TURİZM GIDA TİC VE SAN AŞ     

Explicit Consent: It refers to the consent regarding a specific subject, based on information and expressed with free will.

Relevant User: Persons who process personal data within the organization of the data controller or in accordance with the authorization and instruction received from the data controller, except for the person or unit responsible for the technical storage, protection and backup of the data.

Contact Person: The real person notified by the data controller during the registration to the Registry for the communication to be established with the Authority regarding the obligations of legal entities resident in Turkey and non-resident legal entity data controller representative within the scope of PDPL and secondary regulations to be issued based on this Law.

(The contact person is not authorized to represent the Data Controller. As the name suggests, it is only the person assigned to ensure the communication "liaison" between the data controller and the relevant persons and the Authority).

PDPL: Personal Data Protection Law dated March 24, 2016 and numbered 6698, published in the Official Gazette dated April 7, 2016 and numbered 29677.

Recording Medium: Any medium in which personal data processed by fully or partially automated or non-automated means, provided that it is part of any data recording system.

Personal Data: Any information relating to an identified or identifiable natural person.

Processing of Personal Data: All kinds of operations performed on personal data such as obtaining, recording, storing, preserving, modifying, reorganizing, disclosing, transferring, taking over, making available, classifying or preventing the use of personal data by fully or partially automatic means or by non-automatic means provided that they are part of any data recording system.

Anonymization of Personal Data: Making personal data impossible to be associated with an identified or identifiable natural person under any circumstances, even by matching with other data.

Deletion of Personal Data: Making personal data inaccessible and non-reusable in any way for the Relevant Users.

Destruction of Personal Data: The process of making personal data inaccessible, unrecoverable and unusable by anyone in any way.

Board: Personal Data Protection Board.

Institution: Personal Data Protection Authority.

Personal Data of Special Nature: Data relating to race, ethnic origin, political opinions, philosophical beliefs, religion, sect or other beliefs, appearance and dress, foundation or trade union membership, health, sexual life, criminal convictions and security measures, and biometric and genetic data.

Data Processor: The natural or legal person who processes personal data on behalf of the data controller based on the authorization granted by the data controller.

Data Recording System: Recording system where personal data is structured and processed according to certain criteria.

Data Owner/Related Person: The natural person whose personal data is processed.

Data Controller: The natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system.  

    

  1. Clarification Text Flow
    1. Purposes of Processing Personal Data, Your Personal Data We Process, Collection Methods and Legal Reasons

 

      1. Processing Purposes

Your personal data will be used to fulfill the purposes specified in the COMPANY's articles of association, in compliance with the limits stipulated in the PDPL and in accordance with the relevant laws;

  1. Fulfilling the obligations regarding all activities and audits stipulated in the Personal Data Protection Law No. 6698, the Turkish Code of Obligations No. 6098, the Identity Reporting Law No. 1774, the Information Acquisition Law No. 4982, the Labor Law No. 4857 and similar laws,
  2. Establishment of rights arising from all activities to be carried out within the scope of the above-mentioned legislation,
  3. Carrying out the necessary work by the relevant units for you to benefit from the services offered by our COMPANY,                                             
  4. Contacting you for the purpose of promoting our COMPANY and its activities through your communication channels you have shared with us,                        
  5. Recruitment of personnel in the areas required by the COMPANY, fulfillment of rights and obligations within the scope of the legislation regulating business life, especially Labor Law No. 4857, Occupational Health and Safety Law No. 6331 and Social Security and General Health Insurance Law No. 5510,        
  6. Salary payment, provision of allowances, realization of revolving fund payments etc. activities related to the personnel, conducting internal correspondence within the COMPANY,  
  7. Providing information-documents to authorized public institutions and organizations and judicial authorities within the conditions specified in the laws,                                               
  8. Ensuring the functionality of the organization and event (seminars, conferences, meetings, trainings, symposiums, etc.) management processes in the COMPANY and announcing them to the public, ensuring the continuity of the website and social media accounts with up-to-date data in order to ensure the public awareness of the COMPANY and to keep it up-to-date, managing the promotion and advertising processes,
  9. Keeping an archive in accordance with the procedures specified in the legislation in order to carry out storage and archive activities and to create annual unit activity reports,
  10. Creation and follow-up of visitor records,
  11. Ensuring building, personnel and visitor security,               
  12. Data can be anonymized and used in statistical activities for research purposes,
  13.  Receiving and responding to interested person applications to be made within the scope of PDPL.

 

      1. Your Personal Data We Process

You can access VERBIS, which contains the personal data we process on the basis of data categories, at Data Controller Information Inquiry from VERBIS (kvkk.gov.tr).

Identity Information: Data that clearly belong to an identified or identifiable natural person; processed partially or completely automatically or non-automatically as part of a data recording system; containing information about the identity of the person; documents such as driver's license, identity card and passport containing information such as name-surname, TR identity number, nationality information, mother's name-father's name, place of birth, date of birth, gender, and information such as tax number, SSI number, signature information, vehicle license plate etc.

Contact Information: Information such as telephone number, address, e-mail address, fax number, IP address, which clearly belongs to an identified or identifiable natural person; processed partially or completely automatically or non-automatically as part of the data recording system.

Location Data: Information that clearly belongs to an identified or identifiable natural person; processed partially or completely automatically or non-automatically as part of the data recording system; information that determines the location of the Personal Data Owner within the framework of the operations carried out by the business units of the COMPANY, during the use of the products and services of the group companies or while using the COMPANY vehicles of the employees of the institutions with which it cooperates; GPS location, travel data etc.

Personal Data: All kinds of personal data that clearly belong to an identified or identifiable natural person; processed partially or completely automatically or non-automatically as part of the data recording system; processed to obtain information that will be the basis for the formation of the personal rights of natural persons who are in a working relationship with the COMPANY.

Legal Transaction Information: Data processed within the scope of the COMPANY's legal obligations with the determination and follow-up of its legal receivables and rights and the performance of its debts.

Customer Transaction Information: Call center records, invoice, promissory note, check information, information in box office receipts, order information, request information etc.

Physical Space Security Information: Personal data clearly belonging to an identified or identifiable natural person; processed partially or completely automatically or non-automatically as part of a data recording system; personal data relating to records and documents taken at the entrance to the physical space, during the stay in the physical space; camera recordings and records taken at the security point etc.

Transaction Security Information: Personal data processed regarding the technical, administrative, legal and commercial security of both the Personal Data Owner and the COMPANY while carrying out the activities of the COMPANY.

Risk Management: Information processed to manage commercial, technical, administrative risks etc.

Financial Information: Personal data that clearly belongs to an identified or identifiable natural person; processed partially or completely automatically or non-automatically as part of the data recording system; personal data processed regarding information, documents and records showing all kinds of financial results created according to the type of legal relationship established by the COMPANY with the Personal Data Owner and data such as bank account number, IBAN number, credit card information, financial profile, asset data, income information.

Vocational Experience Information: Diploma information, courses attended, vocational training information, certificates, transcript information etc.

Marketing Information: Shopping history information, survey, cookie records, information obtained through campaign work etc.

Visual/Audio-Visual Information: Data contained in documents that clearly belong to an identified or identifiable natural person; photographs and camera recordings (except for recordings within the scope of Physical Space Security Information), audio recordings and documents that are copies of documents containing personal data.

Information on Philosophical Beliefs, Religion, Sect and Other Beliefs: Information on other beliefs, information on religious affiliation, information on philosophical beliefs, information on sectarian affiliation etc.

Health Information: Information on disability status, blood type information, personal health information, device and prosthesis information etc.

Information on criminal convictions and security measures: Information on criminal convictions, information on security measures etc.

Request/Complaint Management Information: Personal data clearly belonging to an identified or identifiable natural person; processed partially or completely automatically or non-automatically as part of the data recording system; personal data regarding the receipt and evaluation of any request or complaint addressed to the COMPANY.

Other Information: Data types to be determined by the user etc

 

      1. Methods of Collecting Your Personal Data

Your personal data, member registration form, registration/application forms filled out over the internet, receipt and expenditure documents, video and audio recording devices used in events, security camera records and the COMPANY's official e-mail addresses info@aydinbeyhotels.com.tr and sales@aydinbeyhotels.com.tr, any e-mail address of the COMPANY using the @aydinbeyhotels.com.tr extension, aydinunlueras@hs03.kep.tr KEP address or fax address 0332 248 09 68 are collected through the aforementioned communication channels.

Personal data is also collected by physically sending documents, physically filling in a document provided by the COMPANY, calling the telephone lines belonging to the company or other internal numbers belonging to the COMPANY.

Your personal data is also collected automatically through cookies used in www.aydinbeyhotels.com address and extensions, mobile hotel information applications. These cookies are only necessary for the visitor to use the site with full efficiency and are used to remember the visitor's preferences and do not provide any other personal data. Cookie Policy is available at www.aydinbeyhotels.com.

 

      1. Legal Grounds for Processing Personal Data

PDPL lists the conditions for processing personal data in the 2nd paragraph of the 5th article. If the purposes of processing personal data by a data controller can be assessed within the framework of the personal data processing conditions listed in the PDPL, that data controller may process personal data lawfully. In this context, personal data processing activities are carried out by the COMPANY in cases where the COMPANY activity can be evaluated within the scope of the personal data processing conditions regulated in the PDPL. The COMPANY does not engage in any personal data processing activities that do not fall within the scope of personal data processing conditions.

 

The personal data processing conditions in the PDPL are as follows;

  • Explicit consent of the person concerned,
  • That it is clearly stipulated in the laws,
  • If it is mandatory for the protection of the life or physical integrity of the person himself/herself or someone else who is unable to disclose his/her consent due to actual impossibility or whose consent is not legally valid,
  • It is necessary to process personal data belonging to the parties to the contract, provided that it is directly related to the conclusion or performance of a contract,
  • It is mandatory for the data controller to fulfill its legal obligation,
  • It has been made public by the data subject himself/herself,
  • Data processing is mandatory for the establishment, exercise or protection of a right,
  • Data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject.

 

The basic processing condition for Special categories of personal data is explicit consent and the COMPANY does not intend to process special categories of personal data. However, your sensitive personal data that we need to process due to our activities or that you have given your explicit consent are also processed in a measured manner within the scope of the legislation.

 

The conditions listed in PDPL for the processing of special categories of personal data are as follows;

  • Explicit consent of the person concerned,
  • Explicitly stipulated in the laws for sensitive personal data other than health and sexual life,

 

Personal data relating to health and sexual life can only be processed in the following cases;

  • Protection of public health,
  • Preventive medicine,
  • Medical diagnosis,
  • Carrying out treatment and care services,
  • Planning and management of health services and financing ,
  • By persons under the obligation to keep secrets or authorized institutions and organizations without seeking the explicit consent of the person concerned.

 

There may be one or more personal data processing conditions that make a personal data processing activity lawful at the same time.

In order to realize our aforementioned purposes, it is necessary to process your data mentioned above. When transferring identity information to our Company, data that are not actually within our processing purposes may also be transferred to us. Within the scope of administrative and technical measures, we delete and/or anonymize such data at the end of the periods stipulated in the legislation.

Personal Data Retention and Destruction Policy can be accessed at www.aydinbeyhotels.com .

 

    1. Transfer of Personal Data

Domestic transfer: As it is known, pursuant to Article 8/2-a and b of PDPL, it is possible to transfer personal data domestically without obtaining explicit consent if the personal data is processed within the scope of Articles 5/2 and 6/3 of PDPL. Transfers are made by the COMPANY to third parties in accordance with the relevant provisions, and in the event that it is not within the scope of the said provisions, the explicit consent of the relevant persons is applied.

Overseas transfer: It may be possible that the data and documents processed by the COMPANY are kept on computers located outside the COMPANY, e-mails are sent and records are accessed from such computers, and the systems and/or e-mail providers' databases where these data are kept and transferred are located abroad. In addition, it may be necessary to transfer personal data abroad, especially in international organizations, event arrangements, hotel accommodations, obtaining visas, obtaining airline tickets, conducting and planning events abroad. In this case, the transfer shall be made in accordance with the provisions of Article 9 of the PDPL.

Your personal data is shared with authorized public institutions and organizations, judicial authorities, enforcement authorities, law enforcement authorities, police units, and suppliers, business partners and shareholders from whom contracted products and services are purchased, for the purposes and by the means indicated in this Clarification Text. Below is the table showing the shared parties-

 

Persons to whom data can be transferred

Description

Purpose

Business Partner

Parties with whom the COMPANY establishes business partnerships while conducting its commercial activities

Sharing of personal data limited to the purpose of ensuring the fulfillment of the purposes for which the business partnership was established

Shareholders

 

Shareholders who are authorized to design the strategies and audit activities regarding the commercial activities of the COMPANY in accordance with the provisions of the relevant legislation

Sharing of personal data limited to the design of strategies regarding the commercial activities of the COMPANY and for audit purposes

COMPANY Officials

Board members and other authorized persons

Sharing of personal data limited to the design of strategies regarding the commercial activities of the COMPANY, ensuring its management at the highest level and for audit purposes

Legally Authorized Private Law Persons

Private law persons legally authorized to obtain information and documents from the COMPANY

Sharing data limited to the purpose requested by the relevant private law persons within their legal authority

Legally Authorized Public Institutions and Organizations

Public institutions and organizations legally authorized to receive information and documents from the COMPANY

Sharing personal data limited to the purpose of requesting information by the relevant public institutions and organizations

 

No data transfer is made that does not concern the purposes of the COMPANY. For example; even if we have obtained it with your consent, your IP address information or your vehicle license plate information is not shared with any third party, including the persons and institutions shown above. The exception to this determination is when the transfer of the data in question is required by legislation, or is mandatory for a criminal investigation, or is requested by an official authority based on legislation and with justification.

 

3.4. Rights of the Relevant Person

Within the scope of Article 11 titled "Rights of the data subject" of the Law No. 6698 on the Protection of Personal Data;

  1. Learning whether your personal data are processed,
  2. Request information if your personal data has been processed,
  3. Learning the purpose of processing your personal data and whether they are used in accordance with their purpose,
  4. To know the third parties to whom your personal data is transferred domestically or abroad,
  5. To request correction of your personal data in case of incomplete or incorrect processing, to request the deletion or destruction of your personal data in accordance with the conditions set out in the Law No. 6698 on the Protection of Personal Data,
  6. To request correction of your incomplete or incorrectly processed personal data and to request notification of the deletion or destruction of your personal data to third parties to whom personal data has been transferred,
  7. To object to this result in case a result arises against you by analyzing your processed data exclusively through automated systems,
  8. In case you suffer damage due to unlawful processing of your personal data, to demand the compensation of the damage

you have rights.

 

How Can You Exercise Your Rights?

Data subjects may communicate their rights listed above to our COMPANY by filling out the Personal Data Subject Application Form published at www.aydinbeyhotels.com by the following methods.

In the application procedure, the COMPANY carries out its transactions within the scope of the Communiqué on the Procedures and Principles of Application to the Data Controller. In this context, the application must be made in accordance with Article 5 of the aforementioned communiqué.

 

Form must be filled in completely and should be sent to us;

  • By submitting a wet signed copy of the fully completed Personal Data Owner Application Form together with a document that will ensure identification to AYDIN ÜNLÜER TURİZM GIDA TİC VE SAN AŞ/Horozluhan OSB Mahallesi Cibi Sokak No-4/1 Selçuklu/KONYA in person,
  • By sending a wet signed copy of the fully completed Personal Data Owner Application Form together with a document to ensure identification to AYDIN ÜNLÜER TURİZM GIDA TİC VE SAN AŞ/Horozluhan OSB Mahallesi Cibi Sokak No-4/1 Selçuklu/KONYA via notary public,
  • By signing the Personal Data Owner Application Form with the "secure electronic signature" defined in the Electronic Signature PDPL numbered 5070 and sending it to kvkk@aydinunluer.com.tr,
  • By filling out and signing the Personal Data Owner Application Form and scanning the wet signed form and uploading it to the computer , sending an e-mail to kvkk@aydinunluer.com.tr,
  • By sending it to aydinunlueras@hs03.kep.tr via Registered Electronic Mail (KEP) account via KEP or by using other methods to be determined by the Board.

 

The COMPANY shall finalize the requests of the relevant persons regarding their rights listed above in writing or by other methods to be determined by the Board as soon as possible and within thirty days at the latest after the date of transmission.

 

Replies to applications made by the person concerned under the rights set out in Article 11 of the Law shall be provided free of charge. Although the basic principle is to provide the response free of charge, if the response to be given requires an additional cost, the fees shown in Article 7 of the Communiqué on the Procedures and Principles of Application to the Data Controller may be requested by the COMPANY from the relevant person. The relevant article reads as follows-

Wage

ARTICLE 7 - (1) If the relevant person's application is to be answered in writing, no fee is charged for up to ten pages. A transaction fee of 1 Turkish Lira may be charged for each page over ten pages.

(2) If the response to the application is given in a recording medium such as CD, flash memory, the fee that may be requested by the data controller cannot exceed the cost of the recording medium.

In order to respond to the applications made by the data owners, the COMPANY may request additional information and documents in order to verify the identity of the applicant, to prevent the unlawful transmission of another person's personal data to unrelated persons and to clarify the applicant's request. If such information and documents are not shared, the application of the data subject may not be answered.

It is crucial to verify that the application has been submitted by the "identity holder" and/or authorized person. Likewise, while the purpose is to protect personal data, providing personal data to third parties due to the inability to verify identity and taking actions within the scope of the rights explained in Article 11 of the PDPL will damage the interest of the person concerned that needs to be protected. For this reason, we hope that you will understand our sensitivity in terms of identity verification procedures and that you will help our COMPANY.

The COMPANY finalizes the requests as soon as possible and within 30 days at the latest. The result of the evaluation shall be notified to the relevant person in writing or electronically, and if the request is accepted, the requirements shall be fulfilled in accordance with the PDPL.

In cases where the applications of the data subjects are rejected, the response is deemed inadequate or the application is not responded to in due time, the data subject may file a complaint to the Personal Data Protection Board within 30 days from the date of receipt of the response in accordance with Article 14 of the PDPL.

 

This Clarification Text may be revised by our Company when deemed necessary.

 

3.5. Data Controller Identity

As stated in this Clarification Text, the COMPANY is the data controller in accordance with PDPL.

 

Data Controller

AYDIN ÜNLÜER TURİZM GIDA TİC VE SAN AŞ

Address

Horozluhan OSB Mahallesi Cibi Sokak No-4/1 Selçuklu/KONYA

Telephone

0332 248 19 22

Fax

0332 248 09 68

E-mail