Personal Data Protection Law
ALAN PDM OTEL VE TURİZM YATIRIM İŞLETMECİLİĞİ A.Ş.
PERSONAL DATA PROTECTION AND PROCESSING POLICY
PURPOSE OF DATA PROTECTION
Within the scope of the Personal Data Protection Law , we provide transparency by informing the persons whose personal data are processed by our Company, in particular our Employees, Company Shareholders, Company Officials, Visitors, Employees, Shareholders and Authorities of the Collaborating Institutions and Third Parties. However, we take the necessary protection measures in accordance with the relevant law in the processing of your personal information.
PERSONAL DATA PROTECTION POLICY
*Personal Data Processing Clarification Text:
In accordance with provisions of Article 10 of the Personal Data Protection Law No. 6698 (“KVKK”) named ‘Clarification Obligation of the Data Supervisor’ , Alan PDM Otel ve Turizm Yatırım İşletmeciliği A.Ş. is obliged to inform the related persons (ie ‘data holders’)as a ‘Data Supervisor’, regarding the identity of the data supervisor, the purposes of personal data processing, the persons to whom the personal data are transferred, and the purposes of the transfer of personal data, the legal reasons and methods of the collection of personal data; and the rights to be claimed by personal data holder to the data supervisor as listed in Article 11 of KVKK. In this context;
a) Identity of the Data Supervisor
Article 10, paragraph 1 (a) of the KVKK named Clarification Obligation of the Data Supervisor, obliges data supervisors to provide information about the identity of them. In paragraph (i) of paragraph 1 of Article 3 of the KVKK, the data supervisor is defined as real or legal persons who determine the purposes and means of processing personal data and are responsible for the establishment and management of the data recording system ’. Regarding the implementation of KVKK, Alan PDM Otel ve Turizm Yatırım İşletmeciliği A.Ş. may be a “data supervisor”. In this context ” the identity of the data supervisor” is Alan PDM Otel ve Turizm Yatırım İşletmeciliği A.Ş , joint-stock company established in the Republic of Turkey in accordance with its laws and has a presence in uninterrupted manner, registered to Istanbul Trade Registry Office with 782 893 registery number having 0048053662200028 Mersis number, located in Halaskargazi Mah. Suleyman Nazif Sok. Duruman Business Center No: 56 Şişli – ISTANBUL.
b) Purpose of Processing Personal Data
Your Personal Data is processed in accordance with the personal data processing principles set out in Article 4 of the KVKK, based on one or more of the personal data processing conditions specified in Article 5 of the KVKK. In all personal data processing activities carried out by Alan PDM Otel ve Turizm Yatırım İşletmeciliği A.Ş., company acts in compliance with the obligations required by all relevant legislation one of which is KVKK. The purpose of processing your personal data is to carry out the necessary activities by our business units in order to benefit you from the products and services offered by our Company in accordance with the personal data processing conditions and purposes specified in Articles 5 and 6 of KVKK; customizing the products and services offered by our company according to your taste, usage habits and needs; ensuring the legal and commercial security of our Company and the persons who have business relations with the Company and determining and implementing our Company’s commercial and business strategies.
Based on the legitimate interest of Alan PDM Otel ve Turizm Yatırım İşletmeciliği A.Ş., provided that it does not harm the basic rights and freedoms of the customers / guests specified in Article 5/2, f of KVKK;
- Recording the arrival / departure dates of the customers / guests and providing the necessary preparations in order to provide the best service to the customers / guests and to ensure customer / guest satisfaction,
- To examine and evaluate the complaints, suggestions, requests of customers / guests,
- Monitoring of hotel building entrances / exits with CCTV cameras in order to take necessary health and safety measures in our hotel,
- To register the hotel’s entrance and identification information in order to fulfill the requirements of the legislation (Identification Act) and to provide it to law enforcement officers upon request.
- In this context and in line with the relevant legal regulations, personal data processed and processing purposes may vary according to the nature of the services provided.
c) To whom and for what purpose personal data can be transferred:
Your personal data is collected and processed by our business units in order to benefit you from the products and services offered by our Company; customizing the products and services offered by our company according to your taste, usage habits and needs; for the purpose of ensuring the legal and commercial security of our Company and the persons in business relations with us and determining and implementing the commercial and business strategies of our Company, we provide information to our business partners, suppliers, shareholders, legally authorized public institutions and private you can reach the website www.moltonhotels.com in accordance with the processing conditions and purposes of Alan PDM Otel ve Turizm Yatırım İşletmeciliği A.Ş. Personal Data Processing and Protection Policy.
d) Method and Legal Reason for Collecting Your Personal Data:
In order to conduct our commercial activities, your personal data will be transferred to Alan PDM Otel ve Turizm Yatırım İşletmeciliği A.Ş. by different channels and legal reasons. Personal data, especially identification documents of customers / guests or forms transmitted in digital and / or physical environment, are collected and required to request the filling of missing information by recording accommodation information to customers / guests in accordance with Article 23 of the Regulation on the application of the Identity Reporting Law and the obligation to record this information in the accommodation book. Your personal data may also be processed and transmitted for the purposes specified in this Clarification Text within the scope of the personal data processing conditions and purposes set forth in Articles 5 and 6 of the KVKK.
e) Rights of Personal Data Holder as stated in Article 11 of KVKK
As personal data holders, you may submit your claims regarding your rights shared with public in the website of www.moltonhotels.com Personal Data Processing and Protection Policy. Your request will be concluded as soon as possible and free of charge within thirty days at the latest. However, pursuant to Article 7 of the Communiqué on the Procedures and Principles of Application to the Data Supervisor published by the KVK Institution, if the related person’s application is to be answered in writing, no fee will be charged up to 10 (ten) pages, and for each page above 10 (ten) pages 1 Turkish Lira transaction fee may be charged. If the answer to the application is given on a recording medium such as an external memory, the fee that may be requested by our company shall not exceed the cost of the recording medium.
The rights of real persons whose personal data are processed in accordance with Article 11 of KVKK are as follows;
- To learn whether personal data is processed,
- To request information if the personal data has been processed,
- To learn the purpose of processing personal data and whether they are used appropriately,
- To know the third parties to whom personal data is transferred at home or abroad,
- To request correction of personal data in case of incomplete or incorrect processing and to inform the third parties to whom the personal data is transferred,
- To requesting the deletion or destruction of personal data in the event that the reasons that require processing are eliminated, although it has been processed in accordance with the provisions of KVKK and other related laws,
- To object to the occurrence of a result against the person by analyzing the processed data exclusively through automated systems,
- To request for damages in case of damage due to unlawful processing of personal data.
CATEGORIZATION OF THE PERSONAL DATA
Under this Policy, the Company processes the personal data of the Customers / Guests and Employees in the following categories.
- Identification Information
- Contact information
- Physical space safety information
- Audio / visual information
- Financial information
- Personal information
- Sensitive personal data
- Request / complaint management information
STORAGE TIME OF PERSONAL DATA
The obligations of legal regulations are taken into consideration when determining the storage period of personal data. Apart from legal regulations, the storage period is determined by considering the purpose of processing personal data. If the purpose of data processing is disappeared, the data will be deleted, destroyed or made anonymous, unless there is any other legal reason or basis for data storage.
If the purpose of processing personal data is over; if the related legislation and the storage periods determined by the Company have been reached; personal data can only be stored in order to provide evidence in case of possible legal disputes or to assert the relevant right to personal data or to establish defense. Although the prescription periods and the prescription periods for the right to be asserted in the establishment of these periods are exceeded, the storage periods are determined based on the examples in the requests submitted to the Company in the same subjects. In this case, the stored personal data is not accessed for any other purpose and is only provided when it is required to be used in the relevant legal dispute. Again, after the expiry of this period, personal data is deleted, destroyed or anonymized.
SECURITY OF PERSONAL DATA
In order to ensure the security of personal data, reasonable precautions are taken to prevent unauthorized access risks, accidental data loss, intentional deletion of data or damage to the data. All kinds of technical and physical precautions are taken in order to prevent the access of personal data to persons from authorized persons. In this context, in particular, the authorization system is designed in such a way that no one will be able to access more personal data than necessary. While securing personal data such as health data, strict measures are taken compared to other personal data. Authorized persons undergo necessary security checks. They are also trained about their duties and responsibilities. Records of access to personal data are kept to the extent permitted by the technical means and these records are reviewed at regular intervals. In case of unauthorized access, an investigation is initiated immediately.