KVKK

PROCESSING AND PROTECTION OF PERSONAL DATA

ABOUT INFORMATION TEXT

Gönen Turizm İnşaat ve Otelcilik A.Ş. (“GÖNEN”), as the data controller, attaches great importance to the legal acquisition, processing and protection of your personal data within the scope of the Law on the Protection of Personal Data No. 6698 (“Law”) and the relevant sub-legislation, as well as the General Data Protection Regulation GDPR (General Data Protection Regulation) and valid for all categories of persons. This Disclosure Text on the Processing and Protection of Personal Data (“Text”) has been prepared in order to inform you about the sources from which we obtain your personal data, our legal reasons for obtaining and processing personal data, the purposes for which we obtain and process your personal data, whether we transfer personal data and to whom we transfer it for which purposes, and your legal rights under the Law. GÖNEN processes your personal data in accordance with the law, prevents your personal data from being processed unlawfully and from being accessed unlawfully, and has taken all necessary technical and administrative measures to ensure the most appropriate level of security in order to ensure the preservation of personal data. New parag PERSONS WHOSE DATA WE PROCESS GÖNEN, as the data controller, processes personal data limited to the following groups of people. 1-Our Workers, 2-Our Worker Candidates (Including reference persons declared by job applicants), 3-Our Interns and On-the-Job Training Trainees, 4-Our Guests Subject to Accommodation Activities (Including Guests Under 18 Years of Age Accommodating with Their Approval), 5-Parties of All Kinds of Commercial Activities or Authorized or Employees of Persons or Companies with Which We Collaborate or Will Collaborate Due to Commercial Activities (Supply, Advertising, Support, Marketing, Accommodation, Transportation, Reference Sources, etc.), 6-Shareholders or Persons with Whom Shareholding Meetings Are Held, 7-Legal Advisors, Lawyers and Consultants or Authorized or Employees of Consulting Companies, 8-Visitors 9-Legal Representatives, Parents, Guardians or Guardians of All Data Owners, 10-Persons Who Are Parties in Legal Proceedings and Their Legal Representatives, 11-Commercial Relations with Our Company or Third Parties with whom we have contacted even though we have no legal connection. PERSONAL DATA WE PROCESS GÖNEN, as the data controller, processes the following personal health data, general and special personal data in accordance with the principles of “compliance with the law”, “necessity”, “suitability for the purpose” and “limitation”. 1. Identity Data and Personally Identifiable Data All identity-related data such as the name-surname, nationality, Turkish identity number, passport number and information if not a Turkish citizen or temporary Turkish identity number, place and date of birth, marital status, and gender of the persons whose data will be processed. Data such as signature and handwriting are data that identify the person. Personal data to be processed regarding persons under the age of 18 are name-surname, age and degree of relationship to the parent. Personal data regarding these persons are not obtained from the minor himself/herself but from his/her legal representative. 2. Communication Data All communication data such as residence address, correspondence address, mobile phone number, e-mail address. 3. Visual and Audio Data Images and audio recordings taken by closed-circuit camera systems recorded by company security cameras, voice conversation records kept when you contact our call center or switchboard. 4. Personnel Data All data processed pursuant to law or employment contract regarding personnel transactions such as workers' starting date, wage, number of working days per month. 5. Education Data Data regarding the educational status of workers, candidate workers, interns or on-the-job training trainees or other relevant persons working in the company. 6. Job and Occupation Data All data regarding work or occupation for workers, candidate workers, interns or on-the-job training trainees or other relevant persons working in the company. (Including professional experience, diploma, course data) 7. Accommodation Data Information such as the room where the guests stayed, the number of nights stayed, the room type, the amount of expenses and expense items, check-in and check-out dates, the arrival and departure dates of the hotel. Reporting of inappropriate behaviors during the accommodation to the internal operations (Internal List Application) is within this scope. 8. Accommodation Preference and Need Data Smoking or non-smoking room preferences, newspapers, magazines, items or furnishings reported within the scope of special requests requested to be in the rooms, etc. are within this scope. 9. Comment and Complaint Data Comment and complaint data transmitted to our Company with approval and consent through the website or other channels (Trip Advisor, Hotel score, etc. platforms) in order to evaluate the services we offer. 10. Advantage and Point Data Memberships or scoring data evaluated within the framework of guest loyalty programs are included in this scope. 11. Location or Location Data Address or location data that individuals transmit by any means and with their own consent. 12. Transaction Security Data (IP Data and Cookies) IP address, browser information, website login-login and password information (Mac ID, IP address information, website login-login and password information) are included in this scope. 13. Legal Data All data and enforcement data regarding individuals being plaintiffs and defendants. Data regarding employees working in the company and any person who has a lawsuit or enforcement proceedings with the company. 14. Financial Data Individuals' bank account number, IBAN number, accommodation and other expense information, credit card number and other information (including CVV, CVV2, expiration date) data as the basis for mail order documents, payment information, nationality and language information, 15. Health Data Health reports and other medical documents in the personnel files of workers, job candidates, interns and people subject to on-the-job training programs are also within this scope. 16. Vehicle and License Plate Data In case of use of the company's parking lot or private valet service, the vehicle and its license plate data are within this scope. 17. Customer Transaction Data Call center records, invoices, promissory notes, checks, toll booth receipts, order information, request information, etc. are data within this scope. 18. Clothing Data Body data, etc. 19. Biometric Data Palm information, fingerprint, retina scan, facial recognition, etc. data are within this scope. This data can only be processed to monitor the attendance process of workplace employees or interns or on-the-job training trainees. 20. Risk Management Data Data processed to manage commercial, technical and administrative risks are within this scope. 21. Physical Space Security Entry and exit record information of employees and visitors, security camera recordings are within this scope. 22. Special Personal Data During the verification of the identity of the guests staying/who will stay, the religion information and blood group information recorded on the identity document are within this scope. In addition, blood group information that may be included in the health reports and other legally required medical documents of workers, interns, and on-the-job training trainees is included in this scope. III. PROCESSING OF PERSONAL DATA A. OBTAINING PERSONAL DATA 1. How and Through Which Channels Are Personal Data Collected Your Personal Data; 1.1. As a result of the guest candidate applying for accommodation in person, 1.2. As a result of the sharing of personal data by the persons who will stay or the person who made the reservation in the reservation made through our website or tourist accommodation platforms, 1.3. As a result of the reservations made by the agencies that assist and mediate the accommodation, 1.4. As a result of the personal data being included on the contracts and other commercial activity documents of the persons and companies authorized or employees of the relevant companies with whom the business relationship is established as a requirement of the commercial activity, and on the communication platforms, 1.5. As a result of the personal data being included on the contracts or other commercial activity documents of our Legal Advisors (SMMM and YMM), Lawyers and Consultants or authorized or employees of the consultancy companies or the necessity of keeping the data in order to communicate with them, 1.6. As a result of the request for a mobile phone number for personal data and encryption requested by the legislation in the wireless network (Wi-Fi) broadcast special for the guests staying within the scope of the wireless internet service, in order to connect to the broadcast, 1.7. MAC As a result of obtaining data in the form of recording the ID (Device Identification Information), 1.8. As a result of information such as Turkish identity number, mobile phone number, room number and verification information that must be legally obtained from the user when connecting to the Internet in paid or free Wi-Fi services, 1.9. As a result of creating the records and documents that must be included in the employee's personnel file due to the legality and establishment of an employment contract in case of employment as a worker, 1.10. As a result of creating the records and documents that must be prepared legally regarding interns or on-the-job training trainees, 1.11. As a result of obtaining the necessary personal information that will be useful for selecting employees during job applications from candidate employees, 1.12. In case we contact GÖNEN despite having no commercial or legal connection with it or if we are contacted, as a result of personal data being included in the communication platforms of 3rd parties, 1.13. As a result of cookies used on the company website, 1.14. As a result of access to other legal data in a similar manner, It can be obtained. B. PURPOSES OF PROCESSING PERSONAL DATA AND LEGAL REASONS 1. Purposes of Collecting and Processing Personal Data Your personal data and special personal data specified above will be processed for the following purposes: 1. To verify your identity, 2. To fulfill legal obligations and to carry out all kinds of work and transactions within the scope of the activity within the legal framework (For example, the notification obligation to be made by hotels to law enforcement officers within the framework of the Identity Notification Law, notifications to be made to the Tax Office and SSI and all official institution transactions are within this scope) 3. To fulfill the provisions of the contract (The performance of the accommodation service contract is within this scope) 4. To create and store financial records and documents in accordance with accounting standards, 5. Commercial activity and business requirements, 6. To be able to carry out accommodation service operations: - Hotel check-in procedures and accommodation - Carrying out the procedures regarding the continuation of the stay, - Carrying out the check-out procedures from the hotel, - Monitoring, accounting and collection of the accommodation fee and other expenses and paid services received, - Billing of the accommodation service and management of payment processes, - Following up and concluding the complaints, - Ensuring the security of the hotel, - Carrying out studies on controlling and improving the service quality, - Ensuring the improvement of the hotel website, - Carrying out studies on determining the general customer preferences, - Managing access to the rooms, - Reporting of inappropriate behaviors during the stay to the internal operations. (Internal List Application) 7. Training provided by human resources management and quality departments, 8. Monitoring and prevention of misuse or unauthorized transactions by internal audit and information technology departments, 9. Performance of risk management and quality development activities by quality and information technology departments, 10. Performance of training and activities by educational institutions with which the company management cooperates, 11. In order to provide better service to the staying guests, within the scope of need personalization, guests' hobbies, whether they smoke or not, holiday activities, personal activities, special nutrition program can be applied, 2. Legal Reasons for Collection and Processing of Personal Data Your personal data specified above and special personal data; -Law on Protection of Personal Data No. 6698, -Hotel and accommodation legislation and commercial requirements, -Identity Notification Law No. 1774, -Labor Law No. 4857, -Tax Legislation, -Social Insurance and General Health Insurance Law No. 5510, -Other relevant legislation, It will be processed for legal reasons. C. TRANSFER OF PERSONAL DATA Your personal data, -Law on Protection of Personal Data No. 6698 and all relevant sub-legislation, -Identity Notification Law No. 1774, -Labor Law No. 4857, -Social Insurance and General Health Insurance Law No. 5510, -Tax Legislation, -Other relevant legislation, -Hotel and accommodation legislation, Within the framework of its provisions and in line with the purposes explained above; -Banks and financial institutions, -Credit card companies and third-party payment service providers, -Private insurance companies (health, life insurance and similar), -Social Security Institution, -Tax Offices, -Ministry of Family, Labor and Social Policies, -General Directorate of Security and other law enforcement agencies, -Ministry of Culture and Tourism, Central and Provincial Organization, -All other authorized official institutions and organizations, -Judicial authorities, enforcement offices, mediators, -Legal representatives, parents and guardians authorized in writing, -All real or legal persons from whom we receive consultancy services, including lawyers, independent auditing organizations, private auditing companies, tax consultants and auditors with whom we work under contract, -Notaries, -Hospitals and health institutions, -Regulatory and supervisory institutions, -Banks where our workers, interns or people who have a relationship with our company under any contract have accounts, -Compulsory or voluntary - Individual retirement companies that we work with within the scope of BES (Individual Retirement System), - Our suppliers whose services we benefit from or with whom we cooperate, all our support service providers, - Business partners, - Gönen group hotels in the country, - Shareholders and real or legal persons with whom shareholding negotiations are held, - Company officials and relevant and authorized hotel personnel, - Outsourcing service providers, - Cargo or courier companies, - Air, land or sea passenger transportation companies, - Companies that organize and provide accommodation services to their employees or shareholders, - Agencies, - Websites that mediate accommodation services, - Archive companies, - Organization and event owners who have a business relationship with our hotel, It may be shared with. IV. OUR PRECAUTIONS AND COMMITMENTS FOR THE PROTECTION OF PERSONAL DATA GÖNEN, as the data controller, protects the personal and special personal data specified above (limited to the purpose and person group) in its own physical and electronic environments with great sensitivity and in full compliance with the provisions of the legislation, by taking all kinds of administrative and technical measures. GÖNEN has taken all kinds of administrative and technical measures for the protection of your personal data, as recorded in VERBİS and included in the Personal Data Inventory. GÖNEN undertakes to protect all personal data in advance. Technical and administrative measures are carried out using various methods and security technologies to prevent the unlawful processing and access of personal data and to ensure the protection of personal data, in order to ensure the appropriate level of security. GÖNEN will not disclose the personal data it obtains to anyone else in violation of the provisions of the Law No. 6698 on the Protection of Personal Data and will not use it for purposes other than processing and will not transfer it for purposes other than those intended. GÖNEN has prepared and ensured that all warning and consent statements and commitments are signed for transfer groups in cases where it is mandatory and necessary to share (transfer) personal data with outsourcing service providers and suppliers, consultants or lawyers and has implemented control activities in this regard. V. PROCESSING OF PERSONAL DATA COLLECTED THROUGH COOKIES GÖNEN does not place limited cookies on its website. During the use of our website, IP address, browser information (Mac ID, IP address information, website login and exit and password information) can be obtained. VI. YOUR RIGHTS REGARDING THE PROTECTION OF PERSONAL DATA In accordance with Article 11 of the Law on the Protection of Personal Data, you may exercise your rights regarding the processing and protection of your personal data by applying to GÖNEN as the Data Controller through the methods specified below, provided that you verify/prove your identity. A. YOUR RIGHTS REGARDING YOUR PERSONAL DATA If you are within the group of persons whose personal data is processed; 1. Learning whether your personal data has been processed, 2. Requesting information if your personal data has been processed, 3. Learning the purpose of processing your personal data and whether it has been processed in accordance with its purpose, 4. Knowing the third parties to whom your personal data has been transferred, whether in the country or abroad (there is no transfer of personal data abroad), 5. Requesting correction of personal data if it is processed incompletely or incorrectly, 6. Requesting deletion or destruction of personal data (Those processed by law or pursuant to any contract and those whose processing/storage period has not expired are not included in this scope) 7. In the event that your personal data has been transferred to third parties, requesting correction of your personal data if it is processed incompletely or incorrectly, and requesting that the relevant third party be notified of the deletion or destruction of personal data, and that this request be communicated, 8. Objecting to the emergence of a result against the person by analyzing the processed data exclusively through automated systems, 9. Unlawful processing of personal data In cases where you suffer damage due to this, you have the right to request compensation for the damage by presenting documents proving the damage. You may request GÖNEN to destroy (delete, destroy or anonymize) your personal data within the framework of the conditions stipulated in Article 7 of the Personal Data Protection Law. However, our company will evaluate your destruction request and determine which method is appropriate according to the circumstances of the concrete case. In this context, you can always request information from GÖNEN about why we have chosen the destruction method we have chosen. CASES OUTSIDE THE SCOPE OF THE RIGHT TO APPLY Pursuant to Article 28 of the Personal Data Protection Law, since the following situations are excluded from the scope of the Personal Data Protection Law, it will not be possible for personal data owners to assert their right to apply: -Processing of personal data for purposes such as research, planning and statistics by making them anonymous with official statistics. -Processing of personal data for artistic, historical, literary or scientific purposes or within the scope of freedom of expression, provided that it does not violate national defense, national security, public safety, public order, economic security, privacy of private life or personal rights or does not constitute a crime. -Processing of personal data within the scope of preventive, protective and intelligence activities carried out by public institutions and organizations authorized by law to ensure national defense, national security, public safety, public order or economic security. -Processing of personal data by judicial authorities or enforcement authorities in relation to investigation, prosecution, trial or execution proceedings. In accordance with Article 28, paragraph 2 of the Law on the Protection of Personal Data, except for the right to demand compensation for damages, it is not possible to assert rights in the following cases: - Personal data processing is necessary for the prevention of a crime or for the investigation of a crime, - Personal data made public by the relevant person, - Personal data processing is necessary for the execution of supervisory or regulatory duties by authorized public institutions and organizations and professional organizations with the status of public institution, based on the authority granted by law, and for disciplinary investigations or prosecutions. - Personal data processing is necessary for the protection of the economic and financial interests of the State in relation to budget, tax and financial matters. B. WAYS TO CONTACT OUR COMPANY TO EXERCISE YOUR RIGHTS You can exercise your rights under the Law on the Protection of Personal Data; 1- By coming to the address of Yenibosna Merkez Mahallesi Değirmenbahçe Cad. No:15 Bahçelievler/İSTANBUL where our company's headquarters is located, by filling out the Application Form for Processing and Protection of Personal Data to be obtained from the Human Resources Management department or another relevant department or from the company's www.gonenhotels.com address and personally delivering it to the Company against signature of the person who is the recipient, 2- By sending the detailed and appropriate application letter that you will prepare to the Company through the Notary, 3- By sending an e-mail to the registered e-mail address with secure electronic or mobile signature to the address gonenturizmotel@hs01.kep.tr. Depending on the nature of your request and your application method, the Company may request additional verifications (such as sending a message to your registered phone, calling you) in order to determine whether the application belongs to you and thus protect your rights. For example, if you apply using your registered e-mail address, the Company may reach you using another communication method registered with the Company and may request confirmation of whether the application belongs to you. The requests in your application will be finalized free of charge, as a rule, within thirty business days at the latest, depending on the nature of the request. However, if the transaction results in an additional cost for the Company, the Company may request a fee not exceeding 50 (Fifty) TL in total, as specified in the Communiqué on the Procedures and Principles of Application to the Data Controller published in the Official Gazette dated 10.03.2018 and numbered 30356 by the Personal Data Protection Authority. If your application is due to the error of our Company, the Data Controller, the fee you have paid, if any, will be refunded to you. Only your requests in accordance with the procedure regarding the Protection of Personal Data will be taken into consideration. CONSENT and APPROVAL When you read this Disclosure Text, you are deemed to have accepted, declared and undertaken that you have full and complete information about the fact that Gönen Turizm İnşaat ve Otelcilik A.Ş. is carrying out a data processing process within this scope and that you have been informed about the processing processes of your personal data and that you consent to the processing of your personal data. CONTACT INFORMATION Gönen Turizm İnşaat ve Otelcilik A.Ş. Mersis No: 4080011286 Contact Link: www.gonenhotels.com E-Mail: info@gonenhotels.com Address: Yenibosna Merkez Mahallesi Değirmenbahçe Cad. No:15 Bahcelievler / ISTANBUL Phone: 0212 4546666