GDPR Information

PRINCIPLES OF WEB PRIVACY AND PROTECTION OF PERSONAL DATA

1. PURPOSE AND SCOPE

These Privacy and Protection of Personal Data Principles (the “Principles”) govern the rules that Fine Hotel Turizm İşletmecilik A.Ş., its business partners and group companies (hereinafter referred to as the “Company” or “Data Controller”) apply with regard to the protection and processing of the personal data of job applicants, guests, customers, prospective customers, suppliers, third persons, online visitors (“Groups of Persons”) and aim to inform these Groups of Persons.

2. PRINCIPLES OF PROCESSING PERSONAL DATA

We, as the company, process your personal data under the following principles as Data Controller.

2.1 Processing in accordance with the Law and Principles of Good Faith

We comply with the principles set forth by legal regulations and the general rules of good faith when processing your personal data.

2.2 Ensuring Accuracy and Currency of Personal Data

Taking into account your legitimate interests, periodic controls and updates are made to ensure that the data processed is accurate and current, and appropriate measures are taken as necessary. In this context, systems for controlling the accuracy of personal data and making the necessary corrections are being established within the Company.

2.3 Data Processing only for Specific, Explicit and Legitimate Purposes

Your personal data are only processed for explicit, specific and legitimate purposes.

2.4 Relevance and Proportionality

Your personal data are processed exclusively for the intended purpose and only to the extent necessary for achieving the intended purpose(s). There is no processing of any irrelevant personal data.

2.5 Legal and Specific Retention Time

Your personal data will only be retained for the time required by the relevant legislation or for the purpose for which it is processed. In this context, first, the relevant legislation is checked to determine whether or not the personal data have to be retained for a certain period of time. If such a period exists, it has to be complied with. In the absence of a legal retention period, the personal data have to be retained for the period as required by the specific processing purpose. At the end of this period or in the event that the reasons that require the processing of personal data no longer exist, your personal data are deleted, destroyed or anonymized in accordance with the company’s Personal Data Retention and Disposal Policy, unless there is another legal basis for the processing of such data for a longer period of time.

3. CONDITIONS FOR PROCESSING PERSONAL DATA


Your Personal Data are processed by the Company under the following terms.

3.1 Explicitly Set Forth by Law

Your personal data may be processed when laws explicitly stipulate personal data processing.

3.2 Failure to Obtain Express Consent due to Actual Impossibility

Your personal data may be processed in the event that it is compulsory to process the personal data of the relevant person or another person who is unable to disclose his/her consent due to the actual impossibility or whose consent cannot be validated, to protect the life or physical integrity of the relevant person or of another person.

3.3 Being Directly Related with the Establishment or Performance of the Contract

Your personal data may be processed if it is necessary to process the personal data of the parties to the contract, provided that it is directly related to the establishment or performance of the contract.

3.4 Fulfilling the Company's Legal Obligation

Your personal data may be processed if the processing is mandatory to meet the legal obligations as data controller.

3.5 Public Availability of Personal Data

Your personal data may be processed when you yourself made it publicly available.

3.6 Mandatory Requirement of Data Processing for the Establishment, Usage or Protection of a Right

Your personal data may be processed in case it is mandatory for the establishment, usage or protection of a right.

3.7 Processing Data based on Legitimate Interest

Your personal data may be processed if data processing is necessary for the legitimate interests of the Company.

3.8 Data Processing based on Express Consent

In all cases in which your personal data cannot be processed based on any of the terms set forth in these Principles, they are processed based on express consent.

5-PURPOSES OF PERSONAL DATA PROCESSING


In accordance with the personal data processing requirements specified in Articles 5 and 6 of Law No. 6698, personal data may be processed for the relevant Group of Persons for the following purposes.

5.1 CUSTOMER

In accordance with the personal data processing requirements specified in Articles 5 and 6 of Law No. 6698, personal data of customers may be processed for the purposes of carrying out the necessary business and operational processes in order for the relevant person to benefit from the products and services offered by the company, and for the performance of the contract, follow-up of finance and accounting affairs, planning and execution of the customer relationship management and customer satisfaction activities, monitoring of contract processes, follow-up of customer claims and complaints, planning and execution of transfer processes, planning of information security processes, establishing and managing its infrastructure, inspection and execution of the information security processes.

5.2 JOB APPLICANT

In accordance with the personal data processing requirements specified in Articles 5 and 6 of Law No. 6698, personal data of job applicants may be processed for the purposes of planning and executing human resources work, conducting personnel matters, meeting legal obligations, planning and providing social benefits and for personnel recruitment processes.

5.3 PROSPECTIVE CUSTOMER

In accordance with the personal data processing requirements specified in Articles 5 and 6 of Law No. 6698, personal data of prospective customers may be processed for the purposes of customizing the products and services offered by the Company according to the tastes, usage habits and needs of the relevant persons, planning and execution of the activities required for the products and services to be offered and promoted to the relevant persons, conducting the necessary works for the realization of the commercial activities carried out by the Company and conducting the related business processes, conducting the necessary works and managing the related business processes in order for the relevant person to benefit from the products and services offered by the Company, planning and execution of the activities required for the customization, offering and promoting the products and services offered by the Company, planning and execution of customer relationship management processes.

5.4 GUEST

In accordance with the personal data processing requirements specified in Articles 5 and 6 of Law No. 6698, personal data of guests may be processed for the purposes of ensuring the security of premises and facilities, creating and monitoring of visitor records, ensuring the security of fixtures and/or resources, ensuring technical and commercial occupational safety, ensuring the operational security of the organization, forwarding information to authorized institutions and organizations as required by law.

5.5 THIRD PERSON

In accordance with the personal data processing requirements specified in Articles 5 and 6 of Law No. 6698, personal data of third persons may be processed for the purposes of carrying out the necessary business and operational processes in order for the relevant person to benefit from the products and services offered by the company, conducting the necessary works for the realization of the commercial activities carried out by the Company and conducting the related business processes, conducting the necessary works and managing the related business processes in order for the relevant person to benefit from the products and services offered by the Company, customizing, offering and promoting the products and services offered by the Company, and the performance of the contract.

5.6 SUPPLIER/BUSINESS PARTNER/TENANT

In accordance with the personal data processing requirements specified in Articles 5 and 6 of Law No. 6698, personal data of suppliers, business partners and tenants may be processed for the purposes of carrying out the necessary business and operational processes in order for the relevant person to benefit from the products and services offered by the company, conducting the necessary works for the realization of the commercial activities carried out by the Company and conducting the related business processes, conducting the necessary works and managing the related business processes in order for the relevant person to benefit from the products and services offered by the Company.

5.7 ONLINE VISITOR

In accordance with the personal data processing requirements specified in Articles 5 and 6 of Law No. 6698, personal data of online visitors may be processed for the purposes of conducting marketing studies and analysis, conducting advertising campaigns, promotional activities and communication initiatives, developing products and services and meeting legal obligations.

6-TRANSFER OF PERSONAL DATA


In accordance with the principles and purposes of Articles 3 and 5 of the Principles herein and the personal data processing requirements and purposes set forth in Articles 8 and 9 of Law No. 6698, your personal data may be transferred in a limited fashion to our affiliates, domestic and foreign business partners, customers, suppliers, legally authorized public institutions and legally authorized private persons.

7-METHODS OF AND LEGAL REASON FOR COLLECTING PERSONAL DATA

Any personal data transmitted electronically to the Company may be processed for the relevant Group of Persons as stated below.

7.1 CUSTOMER

Personal data of customers, obtained from the person or a third party, are processed automatically by written or verbal data transfer tools as part of the data recording system, in physical and electronic environments, based on the legal reasons stipulated in Article 5 of Law No. 6698 that “the personal data of the parties to the contract are required to be processed, provided that it is directly related to the establishment or performance of a contract”, “it is compulsory for the data controller to fulfill its legal obligation”, “data processing is compulsory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedom of the relevant person”.

7.2 JOB APPLICANT

Within the context of a likely to be established employment contract personal data of job applicants, obtained from the applicant or a third party by filling in the application form electronically or on paper are processed automatically as part of the data recording system and as stipulated in Article 5 of Law No. 6698 that “the personal data of the parties to the contract are required to be processed, provided that it is directly related to the establishment or performance of a contract”, “it is compulsory for the data controller to fulfill its legal obligation”, “data processing is compulsory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedom of the relevant person”.

7.3 PROSPECTIVE CUSTOMER

Personal data of prospective customers, obtained from the prospective customer or a third party, are processed automatically by written or verbal data transfer tools as part of the data recording system, in physical and electronic environments and based on the legal principles stipulated in Article 5 of Law No. 6698 that “the personal data is revealed to the public by the relevant person”, “data processing is mandatory for the establishment, use or protection of a right”, “data processing is compulsory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedom of the relevant person”, “it is compulsory for the data controller to fulfill its legal obligation”.

7.4 GUEST

Personal data of guests are processed automatically by recording videos through security cameras located in the service areas, the entrance doors, building exteriors, meeting rooms and event areas, dining areas, cafeteria, entrance waiting area, parking lot, elevators and floor corridors in our service building, based on the legal principles stipulated in Article 5 of Law No. 6698 that “it is compulsory for the data controller to fulfill its legal obligation”, “data processing is compulsory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedom of the relevant person”.

7.5 THIRD PERSON

Personal data of third persons, obtained from the person herself/himself or a third party, are processed automatically by written or verbal data transfer tools as part of the data recording system, in physical and electronic environments and based on the legal principles stipulated in Article 5 of Law No. 6698 that “data processing is compulsory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedom of the relevant person”, and based on the personal data processing requirements stipulated in Article 6 of the same Law.

7.6 SUPPLIER/BUSINESS PARTNER/TENANT

Personal data of suppliers, business partners and tenants, obtained from the person herself/himself or a third party are processed automatically by written or verbal data transfer tools as part of the data recording system in physical and electronic environments and based on the legal principles stipulated in Article 5 of Law No. 6698 that “the personal data of the parties to the contract are required to be processed, provided that it is directly related to the establishment or performance of a contract”, “it is compulsory for the data controller to fulfill its legal obligation”, “data processing is compulsory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedom of the relevant person”.

7.7 ONLINE VISITOR

Personal data of online visitors are processed automatically based on the legal principles stipulated in Law No. 5651 on the Regulation of the Publications Made on the Internet and the Fight Against Crimes Committed through these Publications, and in Article 5 of Law No. 6698 that “data processing is compulsory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedom of the relevant person” and “it is compulsory for the data controller to fulfill its legal obligation”.

8-SECURITY OF PERSONAL DATA


8.1 In order to ensure the security of personal data and to prevent unlawful processing of personal data, the Company takes reasonable measures to prevent the risks of unauthorized access to, accidental loss of, intentional deletion of or damage to the data.

8.2 All required technical and physical measures are taken so that only authorized persons have access to personal data. In this context, the authorization system is specifically set up in such a way that no one will be able to access more personal data than strictly necessary.

8.3 The Company conducts audits and has audits conducted in its own organizations and institutions to ensure the implementation of the provisions of Law No. 6698.

9-COMMITMENT RELATING TO THIRD-PARTY PERSONAL DATA

The Group of Relevant Persons accepts and consents that the personal data relating to third persons transmitted by the Group of Relevant Persons may be processed by the Company. The Group of Relevant Persons also undertakes that it has provided the necessary information to, and obtained the necessary permissions from the persons whose data have been transmitted with regard to their data in accordance with Law No. 6698 on the protection of personal data. Otherwise, the damages to be incurred shall remain with the Group of Relevant Persons.

10-APPLICATION PROCEDURES AND PRINCIPLES

If you, as the relevant person, have a claim regarding your rights set out in Article 11 of Law No. 6698, you can make your application by filling out the Application Form for the Protection of Personal Data, which you can obtain from our website (www.rixos.com), in accordance with the specified procedures and principles, or with your application that meets the minimum conditions stipulated by the Communiqué on the Procedures and Principles of Application to the Data Controller, to our fineotel@hs02.kep.tr REM address, kvkk@rixos.com e-mail address, or in writing through your e-mail address that is registered in our system or via a mobile-signed or e-signed message that you can forward to us, or you can submit your written application with wet signature in person or through a notary public to the address of Meltem Mahallesi, Sakıp Sabancı Bulvarı, No: 3 Muratpaşa/Antalya. We, as the Company, will process your application as soon as possible and within thirty days at the latest, according to the nature of your claim and free of charge. However, if the transaction requires additional cost, a fee in the amount determined by the Personal Data Protection Board shall be charged by the Company.

As a relevant person, you have the following rights;

  • To learn whether or not your personal data have been processed;
  • To request information as to the processing, if your data have been processed;
  • To learn the purpose for which your personal data have been processed and whether the data are being used in accordance with their purpose;
  • To find out who the third parties at home and abroad are to whom your personal data have been transferred;
  • To request the correction of your personal data if it is incomplete or incorrectly processed,
  • To request the deletion or destruction of personal data in accordance with the provisions set forth in Article 7 of the Law;
  • To request that the third parties to whom your personal data have been transferred are being notified about the matters in accordance with paragraphs (d) and (e),
  • To object to any result that is to the relevant person’s detriment due to the analysis of processed personal data exclusively by automated systems;
  • To demand compensation if the relevant person incurs damages due to the unlawful processing of personal data.