Law on Protection of Personal Data General Clarification Statement
The terms in this clarification text;
General Data Protection Regulation: General Data Protection Regulation (“GDPR:”)
The Regulation, which was adopted in 2016 after being passed by the European Parliament and entered into force on 25 May 2018, is mandatory for all organizations to comply with.
Personal Data: refers to any information relating to an identified or identifiable natural person,
Personal Data Protection Law ("KVKK"): refers to the Law No. 6698 on the Protection of Personal Data, which entered into force after being published in the Official Gazette on 7 April 2016,
Data Processor: Refers to the natural or legal person who processes Personal Data on behalf of the data controller based on the authorization granted by the data controller,
Data Controller: The natural or legal person who determines the purposes and means of processing Personal Data and who is responsible for the establishment and management of the data recording system.
Related Person: Refers to the natural person whose personal data is processed.
As ALTIN YUNUS ÇEŞME TURİSTİK TESİSLER A.Ş. ("Our Company"), protection of fundamental rights and freedoms, protection of privacy regarding private lives, ensuring and protecting information security, respect for ethical values are among our prioritized principles. Accordingly, the following explanations are presented for your information within the scope of fulfilling our clarification obligation in accordance with Article 10 of the Law on the Protection of Personal Data ("PDPL") and Article 12 of the General Data Protection Regulation ("GDPR ");
"Data Controller" in terms of your personal data is "ALTIN YUNUS ÇEŞME TURİSTİK TESİSLER A.Ş.", registered with the registration number 557741 at İZMİR Trade Registry, Central Registration System no. 0066000932900016, company headquarters.
Relevant Persons Whose Data is Collected
Within the scope of PDPL, we collect the data of the following parties who have a business relationship with our Company. These are;
• Our employees and employee candidates,
• Family members and relatives of our employees and employee candidates,
• Our Customers,
• Our suppliers,
• Our Consultants,
• Our business partners,
• Our Shareholders,
• Our company officials,
• Our company proxies,
• The person(s) with whom we have a contractual relationship and their employees
• Person(s) who are the addressee(s) of legal transactions,
• Survey participants,
• Our visitors.
Data Collected and Processed by Our Company from Relevant Persons
Within the scope of Articles 5 and 6 of the PDPL and Articles 5, 6, 7, 8, 9, 10 and 11 of the GDPR, our Company collects and processes the following data. These are;
• Family and social life information,
• Education and training information,
• Employment information,
• Information on request/complaint management,
• Information on legal affairs,
• Information on ethical values and compliance with the law,
• Financial information,
• Audit information,
• Information on the use of electronic media,
• Information on goods and services provided and supplied,
• Information on work activities,
• Information on trade and other licences and permits,
• Physical space security information,
• Visual and audio information (photographs, camera, sound recordings),
• Telecommunication records,
• E-mail and information systems services usage records,
• Entry records,
• Health information declared by the relevant person for the allergen management process,
• Information declared by the relevant person for the reservation,
• Customer information shared by tourism agencies,
• Relevant person information shared for the organizations held within the hotel
Data Collection Purposes of our Company
Within the scope of Articles 5 and 6 of the PDPL and Articles 5 to 11 of the GDPR, we collect and process personal data in order to fulfil our Company purposes stated below, provided that they are limited to the relevant purposes. These are;
• Realization of our company's commercial activities.
• Being able to fulfil business processes related to commercial activities,
• Management and execution of relations with business partners and/or suppliers,
• Technical management of our company's websites,
• Customer management and follow-up of complaints,
• Product/Service surveys and follow-up of the questions you send to our Company,
• Carrying out the necessary work by our business units in order to benefit you from the products and services offered by our company,
• Planning and execution of sales, marketing and after sales processes of products and/or services,
• Providing information about the content of products and services,
• Sending commercial electronic messages by obtaining separate approval in accordance with the legal legislation,
• Conducting competitions, events and other organizations,
• Carrying out legal and commercial relations with our Company and persons who have business relations with our Company and ensuring the security of these relations,
• Administrative operations for communication carried out by our Company,
• Employee administration and management
• Ensuring the physical security and auditing of the company's locations,
• Planning of logistics activities,
• Conducting reputation research processes,
• Compliance with ethical values and law and execution of legal affairs and procedures,
• Follow-up of contract processes and/or legal requests,
• Planning and execution of Human Resources and personnel recruitment processes and monitoring and realization of education and training activities,
• Planning and/or execution of occupational health and/or safety processes,
• Planning and execution of corporate communication and corporate governance activities,
• Carrying out information security management services,
• Monitoring and auditing financial and/or accounting affairs and carrying out activities to identify financial risks of customers,
• Determining and implementing the commercial and business strategies of our company,
• Creation and follow-up of visitor records,
• For other purposes or purposes to be notified to the relevant person at the time of obtaining the information
• Fulfilment of legal obligations as required or obliged by the relevant legislation.
Transfer of Data Collected and Processed by Our Company within the Purposes
Your personal data collected by our Company within the scope of the personal data processing conditions and purposes specified in Articles 8 and 9 of the PDPL and Articles 44 to 50 of the GDPR may be shared with our affiliates, shareholders, business partners, legally authorized public institutions and private persons within the scope of our purposes detailed above.
Method and Legal Reason for Collecting Data by Our Company
Your personal data are collected, used, recorded, stored and processed by our Company through the portal interface by providing verbal, written and/or electronic information to the personal data owners in a clear and understandable manner and obtaining their explicit consent when necessary, in accordance with the law and good faith, in connection with and limited to the legitimate purposes clearly stated above, within the scope of the principle of proportionality.
We assure that your personal data will not be processed by our Company for purposes other than those specified in this clarification document, will not be transferred to third parties domestically and internationally, and will not be stored.
Storage Period of the Data Collected by our Company
Your personal data are stored for the storage periods specified in the relevant legal regulations, if no period is specified in the relevant legal regulations, your data are stored for 10 years in accordance with the practices and customs of our Company's practices and commercial life or for the period required by the above-mentioned processing purposes, and then deleted, destroyed or anonymized in accordance with Article 7 of the PDPL and the regulations in the GDPR.
Security of Your Data Collected and Processed by Our Company
In order to ensure that your personal data are not exposed to unauthorized access, lost and damaged in the environments where they are processed and stored, the technical and administrative measures of the Information Security Management System (ISO 27001 and 27701 Standard) promoted by our company, as well as the requirements of the Information Security Notification published by the Capital Markets Board and the requirements of the Personal Data Security Guide published by the PDP Board are continuously operated and developed within the scope of continuous improvement.
Rights of the Relevant Person Whose Data is Collected and Processed
Pursuant to Article 11 of the PDPL and Articles 12 to 23 of the GDPR, everyone has the following rights regarding himself/herself by applying to the data controller;
a) To learn whether personal data is processed or not,
b) To request information if personal data has been processed,
c) To learn the purpose of processing personal data and whether they are used in accordance with their purpose,
ç) To know the third parties to whom personal data are transferred domestically or internationally,
d) To request correction of personal data in case of missing or incorrect processing,
e) To request the deletion or destruction of personal data within the scope of the conditions stipulated in Article 7,
f) To request notification of the transactions made pursuant to subparagraphs (d) and (e) to third parties to whom personal data are transferred,
g) To object to the occurrence of a result to the detriment of the person himself/herself by analyzing the processed data exclusively through automated systems,
ğ) To demand compensation for damages in case of damage due to unlawful processing of personal data.
Application Methods within the Scope of the Interested Person's Rights
In accordance with the first paragraph of Article 13 of the GDPR and PDPL, you can make your request to exercise your rights mentioned above with the following methods and information in accordance with the "Notification on the Procedures and Principles of Application to the Data Controller" published on 10 March 2018, numbered 30356.
Information required in the application content;
1. Name and surname information of the applicant.
2. the applicant is a citizen of the Republic of Türkiye, T.R. ID No. If not, Passport no with nationality or ID no, if any.
3. The applicant's residential or business address for Notification.
4. Applicant's e-mail address, telephone or fax address for notification.
5. Applicant's Request subject.
6. Information and documents related to the request subject of the applicant.
1. The applicant can personally fill in the "Application Form" on our company website to ALTIN YUNUS ÇEŞME TURİSTİK TESİSLER A.Ş. and deliver it to the information office by hand with a sealed envelope and a note "Information Request in accordance with the Law on the Protection of Personal Data" on the envelope.
2. The applicant may send a notification to ALTIN YUNUS ÇEŞME TURİSTİK TESİSLER A.Ş. address via Notary Public, but the note "Information Request in accordance with the Law on the Protection of Personal Data" must be added on the notification envelope.
3. With the "Secure Electronic Signature" defined in the Electronic Signature Law No. 5070, the applicant can personally apply to firstname.lastname@example.org, which is our company's Registered Electronic Mail, with the note "Information Request in accordance with the Law on the Protection of Personal Data" in the subject section.
4. Our company can apply to email@example.com e-mail address with the requested information
* Altın Yunus Mahallesi 3215 Sok. No:38 Pk. 35930 Çeşme/İZMİR
You can find detailed information about the application and complaint process regarding your rights mentioned above by clicking here