KVKK Privacy Policy

WEB PRIVACY AND PROTECTION OF PERSONAL DATA LIGHTING TEXT

1. PURPOSE AND SCOPE

This Privacy and Personal Data Protection Principles (“Principles”) regulate the principles accepted by Antik Hotel Istanbul (Demir İnşaat San. , Customer, Employee Candidate, 3rd Person, Online Visitor (“Person Groups”) determines the personal data processing principles regarding the processing of personal data and aims to enlighten these groups of persons.

2. PRINCIPLES ON THE PROCESSING OF PERSONAL DATA

As a Data Controller, we process your personal data within the framework of the following principles.

2.1 Legal and Integrity Processing

In the processing of your personal data, we act in accordance with the principles brought by legal regulations and the general rule of trust and honesty.

2.2 Ensuring Personal Data Are Accurate and Up-to-Date When Necessary

Taking into account your legitimate interests, periodic controls and updates are made to ensure that the processed data is accurate and up-to-date, and necessary measures are taken accordingly. In this context, systems for checking the accuracy of personal data and making necessary corrections are established within the Company.

2.3 Processing for Specific, Clear and Legitimate Purposes

Your personal data is processed based on clear, specific and legitimate data processing purposes.

2.4 Relevance, Limitation, and Responsibility for the Purpose for which they are Processed

Your personal data is processed in a measured, purpose-related and limited manner in order to achieve the foreseen purpose/purposes, and the processing of personal data that is not relevant or needed for the realization of the purpose is avoided.

2.5 Retention for the Time Required for the Purpose of Processing or Envisioned in the Relevant Legislation

Your personal data is retained only for as long as required by the relevant legislation or for the purpose for which they are processed. In this context, first of all, it is determined whether a period is foreseen for the storage of personal data in the relevant legislation, if a period is determined, this period is acted upon. In the event that the period expires or the reasons requiring its processing are eliminated, your personal data is deleted, destroyed or anonymized in accordance with the Company’s Personal Data Storage and Disposal Policy, unless there is a legal reason allowing them to be processed for a longer period of time.

3. TERMS OF PROCESSING PERSONAL DATA

Your personal data is processed by the Company within the framework of the following conditions.

3.1 Explicitly Provided in Laws

Your personal data may be processed in cases where the laws expressly stipulate the processing of personal data.

3.2 Failure to Obtain Explicit Consent of the Related Person Due to Actual Impossibility

Your personal data may be processed if it is necessary to protect the life or bodily integrity of the person or another person, who is unable to express his or her consent due to actual impossibility or whose consent cannot be validated.

3.3 Direct Concern with the Establishment or Performance of the Contract

Provided that it is directly related to the establishment or performance of the contract, your personal data may be processed if it is necessary to process the personal data of the parties to the contract.

3.4 Fulfilling the Company’s Legal Obligation

Your personal data may be processed if it is necessary to fulfill legal obligations as a data controller.

3.5 Making Personal Data Public

If your personal data has been made public by you, it may be processed.

3.6 Requirement of Data Processing for the Establishment or Protection of a Right

Your personal data may be processed if data processing is necessary for the establishment, exercise or protection of a right.

3.7 Processing of Data Based on Legitimate Interest

Your personal data may be processed if data processing is necessary for the legitimate interests of the company.

3.8 Consent-Based Processing

In cases where your personal data cannot be processed based on any of the conditions set forth in these Principles, it is processed based on express consent.

4. CATEGORIZATION OF PERSONAL DATA

• PURPOSE OF PROCESSING PERSONAL DATA

Within the personal data processing conditions specified in Article 5 of the Law No. 6698, personal data can be processed for the following purposes, according to the relevant person group.

5.1 CUSTOMER

Customer personal data, within the scope of personal data processing conditions specified in Article 5 of Law No. 6698, execution of necessary business and operational processes in order to benefit from the products and services offered by the company , execution of the contract, follow-up of finance and accounting works, customer relations management and customer satisfaction activities. planning and execution of contract processes, follow-up of contract processes and customer demands and complaints, follow-up of contract processes and customer demands and complaints, planning and execution of sales processes of services, planning and execution of after-sales support services activities, execution of marketing processes, planning and execution of transfer processes, It can be processed for the purposes of planning information security processes, creating and managing the infrastructure, auditing and execution .

5.2 CANDIDATE CUSTOMER

Planning and executing the activities necessary for the personal data of the Prospective Customer, within the personal data processing conditions specified in Article 5 of the Law No. 6698, to customize the products and services offered by the Company according to the tastes, usage habits and needs of the relevant persons, and to recommend and introduce them to the relevant persons, Carrying out the necessary work for the realization of the commercial activities carried out by the Company and conducting the related business processes, carrying out the necessary work and related business processes to benefit from the products and services offered by the Company, planning and executing the activities necessary for the customization and promotion of the products and services offered by the Company, execution of marketing processes, planning and execution of customer relationship management processes.  

5.3 VISITOR

Visitor personal data, within the scope of personal data processing conditions specified in Article 5 of Law No. 6698, ensuring the security of buildings and facility campuses and/or facilities, creating and tracking visitor records, ensuring the security of fixtures and/or resources, technical and commercial occupational safety. It can be processed for the purposes of ensuring the security of corporate operations, providing information to authorized institutions and organizations based on the legislation.

5.4 EMPLOYEE CANDIDATES 

Employee candidate personal data may be processed for the purposes of planning and executing human resources processes, executing personnel activities, fulfilling obligations arising from legislation, planning and executing benefits, executing personnel procurement processes, within the personal data processing conditions specified in Article 5 of Law No. 6698.

• THIRD PERSON

Third Party personal data may be processed for the purposes of conducting business activities and conducting communication activities, within the personal data processing conditions specified in Article 5 of the Law No. 6698.

• ONLINE VISITOR

Online Visitor personal data may be processed for the purposes of conducting marketing analysis studies, conducting advertisement / campaign / promotion processes, conducting communication activities, developing products and services, fulfilling legal obligations, within the personal data processing conditions specified in Article 5 of Law No. 6698. .

• TRANSFER OF PERSONAL DATA

Your personal data; to our business partners and dealers, suppliers, subsidiaries, group companies, legally authorized public institutions and private persons, the principles and purposes set forth in Articles 3 and 5 of these Principles and the personal data processing conditions specified in Articles 8 and 9 of Law No. 6698. and may be transferred on a limited basis within the framework of its purposes.

• METHOD AND LEGAL REASON FOR PERSONAL DATA COLLECTION

Your personal data transmitted to the company electronically are processed as follows according to the relevant person groups.

7.1 CUSTOMER

Customer personal data is defined in Article 5 of the Law No. 6698, “provided that it is directly related to the establishment or performance of a contract, it is necessary to process the personal data of the parties of the contract”, “it is necessary for the data controller to fulfill its legal obligation”, “the relevant To be taken from the person or third party in person or as part of the data recording system, in physical and electronic media, in written or verbal data transmission tools, based on legal reasons and within the scope of your express consent, on the basis of legal grounds “that it is necessary to process data for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the person”. processed automatically.

7.2 CANDIDATE CUSTOMER

The personal data of the Prospective Customer is defined in Article 5 of the Law No. 6698 as “the data subject has been made public by himself”, “the data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject”, “the legal It is processed automatically, based on legal reasons and within your express consent, in physical and electronic media, by written or verbal data transfer tools, and as part of the data recording system, from the person or third party.

7.3 VISITOR

Visitor personal data, in Article 5 of the Law No. 6698; Based on the legal reason “it is mandatory for the data controller to fulfill its legal obligations” and “the data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject”, the entrance doors, building façades, meeting rooms and events in our service building areas, dining areas, cafeteria, entrance waiting area, parking lot, elevators and floor corridors are recorded and processed automatically by means of security cameras located in the service area.

7.4. EMPLOYEE CANDIDATES

Employee Candidate personal data is defined in Article 5 of the Law No. 6698, in the context of a possible employment contract, “provided that it is directly related to the establishment or performance of a contract, it is necessary to process the personal data of the parties to the contract”, “the fundamental rights and freedoms of the person concerned”. It is processed automatically, by filling out an application form in electronic environment, by filling in a physical form, by taking it from the person or third party as part of the data recording system, based on the legal grounds of “obligatory data processing for the legitimate interests of the data controller, provided that it does not harm.”

7.5. THIRD PERSON

Third Party personal data can be collected in physical form by filling out an application form in electronic environment, based on the legal reasons stated in Article 5 of the Law No. It is processed automatically as part of the data recording system by filling in the data recording system from the person or third party.

7.6. ONLINE VISITOR

Online Visitor, personal data, the Law No. 5651 on the Regulation of Broadcasts Made on the Internet and Combating Crimes Committed Through These Broadcasts and Article 5 of the Law No. 6698, “explicitly stipulated in the laws”, “not to harm the fundamental rights and freedoms of the person concerned. It is processed automatically based on legal reasons, provided that data processing is mandatory for the legitimate interests of the data controller and that it is necessary for the data controller to fulfill its legal obligations.

8. SECURITY OF PERSONAL DATA

8.1 Administrative Measures Taken for the Security of Personal Data

• Personal Data Processing Inventory has been prepared and a Risk Inventory has been prepared to determine the current risks and threats related to this inventory.
• Employees are given training on personal data security and awareness activities are carried out.
• A Confidentiality Commitment is received from the employees.
• The Employee Personal Data Protection and Processing Policy for the employees is prepared and signed by the employees.
• Use and Access Policy, Storage and Disposal Policy, Data Protection Policy, WEB Privacy and KVK Principles documents regarding personal data security are prepared and implemented.
• The personal data processed by the Company is tried to be reduced as much as possible in the light of the principles set forth in Article 4 of the Law.
• Confidentiality Agreement regarding data security is made and Confidentiality Commitments are received in order to manage the relations with the persons and institutions contracted as data processors.
• Before starting to process personal data, the Company fulfills its obligation to inform the relevant persons.
• Periodic and random inspections are carried out within the company and the results of the inspections provide input as corrective and preventive action. In this way, risks are reduced by continuous improvement.

8.2 Technical Measures Taken for the Security of Personal Data

• Network security and application security are provided.
• A closed system network is used for personal data transfers via the network.
• The security of personal data stored in the cloud is ensured.
• Institutional policies on access, information security, use, storage and destruction have been prepared and started to be implemented.
• The authorizations of employees who have a change of job or quit their job in this field are removed.
• Current anti-virus systems are used.
• Firewalls are used.
• Personal data security policies and procedures have been determined.
• Personal data security issues are reported quickly.
• Personal data security is monitored.
• Necessary security measures are taken regarding entry and exit to physical environments containing personal data.
• Physical environments containing personal data are secured against external risks (fire, flood, etc.).
• The security of environments containing personal data is ensured.
• Personal data is backed up and the security of the backed up personal data is also ensured.
• User account management and authorization control system are implemented and these are also followed.
• Log records are kept without user intervention.
• Protocols and procedures for special quality personal data security have been determined and implemented.
• If sensitive personal data is to be sent via e-mail, it must be sent in encrypted form and using a KEP or corporate mail account.
• APPLICATION PROCEDURES AND PRINCIPLES

If you, as the person concerned, have a request regarding your rights in Article 11 of the Law No. 6698; By completing the Application Form on the Protection of Personal Data, which you can obtain from our website, and in any case, meeting the minimum conditions stipulated in the Communiqué on Application Procedures and Principles to the Data Controller; marpera.turizm@hs01.kep.tr with a message you send to our KEP address to our e-mail address kvkk@marsanholding.com with your e-mail address registered in our system or with a secure e-signature to our address Asmalı Mescit Mahallesi Meşrutiyet Cadde No: 103/ Beyoğlu Istanbul You can apply in writing in person or through a notary public. As the Company, we will finalize your application free of charge as soon as possible and within thirty days at the latest, depending on the nature of your request. However, if the transaction requires a separate cost, the fee in the tariff determined by the Personal Data Protection Board will be charged by the Company.

In this context, we would like to point out your rights as a person concerned;

• Learning whether personal data is processed or not,
• If personal data has been processed, requesting information about it,
• Learning the purpose of processing personal data and whether they are used in accordance with the purpose,
• Knowing the third parties to whom personal data is transferred at home or abroad,
• Requesting correction of personal data in case of incomplete or incorrect processing,
• Requesting the deletion or destruction of personal data within the framework of the conditions stipulated in the relevant legislation,
• Requesting notification of third parties to whom personal data has been transferred,
• Objecting to the emergence of a result against the person himself by analyzing the processed data exclusively through automated systems,
• In case of loss due to unlawful processing of personal data, it is to demand the compensation of the damage.

Demir İnşaat San. Trade Inc.
EXPLANATION TEXT ON THE PROCESSING OF PERSONAL DATA

This Clarification Text is for the ……………………………….. Company (“the “Company”) to enlighten the Company’s customers regarding the processing of their personal data by the Company within the scope of the Law on the Protection of Personal Data No. 6698 (“Law”). was prepared for the purpose.

For detailed information on the processing of your personal data within the scope of this Clarification Text, Demir İnşaat San. Trade Inc. You can access the Personal Data Protection and Processing Policy. (“ Demir İnşaat San. Tic. A.Ş. ”) , we show maximum sensitivity to the security of your personal data. With this awareness, as the Company, we attach great importance to the processing and preservation of all kinds of personal data belonging to all persons transmitted to us in accordance with the Law on the Protection of Personal Data No. 6698 (“KVK Law”) .    

Collection, Processing and Processing Purposes of Personal Data

Your personal data, the management and administration of employment by our Company, our company’s ability to fulfill its obligations within the scope of employment, the necessity of data processing for the establishment of a right, your ability to benefit from customer services, consumer rights and other opportunities, and/or commercial, financial, legal liability related to them. It will be collected and used if your personal data needs to be processed for the fulfillment of obligations, ensuring the security of our Company or for the legitimate purposes of our Company.

To Whom The Processed Personal Data Can Be Transferred And For What Purpose

In cases where your collected personal data is necessary for the above-mentioned purposes; Our company to our business partners, affiliates, group companies, company officials, suppliers, persons performing services, legally authorized public institutions and private persons and/or other countries within the framework of the personal data processing conditions and purposes specified in Articles 8 and 9 of the KVK Law. can be transferred.

Method and Legal Reason for Personal Data Collection

Your personal data is obtained in all kinds of verbal, written or electronic media (including cookies on our site), in order to fully and accurately fulfill the contractual and legal responsibilities of our Company in line with the above-mentioned purposes. Your personal data collected for this legal reason can be processed and transferred within the scope of the purposes specified in articles (1) and (2) of this text, in line with the personal data processing conditions and purposes specified in Articles 5 and 6 of the KVK Law.

Data security

Our company protects your personal data in full compliance with all reasonable technical and administrative security controls to be taken in accordance with information security standards and procedures, and at an appropriate level against possible risks.

Rights of Personal Data Owners Listed in Article 11 of the KVK Law

As personal data owners, if you submit your requests regarding your rights to our Company through the methods set forth in this Disclosure Statement, our Company will respond to the request free of charge within 30 days at the latest, depending on the nature of the request. However, if the written response to your application exceeds 10 pages, a processing fee of 1 Turkish Lira may be charged for each page over 10 pages. If the response to the application is given in a recording medium such as CD or flash memory, a fee may be charged as much as the cost of the recording medium.

In this context, personal data owners;

• Learning whether personal data is processed or not,
• If personal data has been processed, requesting information about it,
• To learn the purpose of processing personal data and whether they are used in accordance with the purpose,
• Knowing the third parties to whom personal data is transferred in the country or abroad,
• Requesting correction of personal data in case of incomplete or incorrect processing and requesting notification of the transaction made within this scope to the third parties to whom the personal data has been transferred,
• Requesting the deletion or destruction of personal data in the event that the reasons requiring its processing have disappeared, although it has been processed in accordance with the provisions of the KVK Law and other relevant laws, and requesting the notification of the transaction made within this scope to the third parties to whom the personal data has been transferred,
• Objecting to the emergence of a result against the person himself by analyzing the processed data exclusively through automated systems,
• It has the right to demand the compensation of the damage in case of loss due to unlawful processing of personal data.

In accordance with paragraph 1 of Article 13 of the KVK Law, your request regarding the exercise of your rights stated above, by filling out the application form on our Site at the address …………………………….com ; In writing, you can forward it to the addresses in the application form by using a registered e-mail ……………………………… (KEP) address, secure electronic signature, mobile signature or e-mail address.