PERSONAL DATA PROTECTION
Atay Turizm Otomotiv İnşaat Sanayi ve Ticaret Ltd. Şti. As (Gezi Hotel) , we value your privacy and the safety of your personal data. For us, the protection of your personal data and privacy is not just about fulfilling a legal obligation, but it is our basic undertaking towards all our guests and business partners in order for our business model to be carried out of safely and satisfactorily.
1.Methods and Legal Grounds for the Collection of Personal Data
Gezi Hotel collects personal data mainly from its own website and other websites and mobile applications, social media accounts, physical visits to locations, call centers, messages sent to the email addresses of Gezi Hotel, through cookies, notifications sent via fax, post, IPTV, from legal authorities and administrative authorities, in audio, electronic or written form, in line with the personal data processing conditions specified in the Law.
Your personal data is processed differently depending on the nature of the legal relationship between you and Gezi Hotel (such as guest, employee, potential employee, visitor, supplier, etc.). Also, depending on the nature of the process (whether via use of the Internet site or while registering a guest), we collect different types of personal data.
We are sharing details with you about legal grounds, collected data categories, and details of other processing activities within a public context in our disclosure text.
Disclosure Text for Employees
Fitness & SPA Disclosure Text
Disclosure Text for Potential Employees
Disclosure Text for Supplier Employees
Fitness & SPA Disclosure Text
Disclosure Text for Physical Visitors
Disclosure Text for the Processing of Personal Data within the Scope of Webee Solutions
2.Purposes of Processing Personal Data
At Gezi Hotel, we strive to ensure that all activities in all processes are carried out in line with the applicable legislation, and to offer you the best possible service. Gezi Hotel processes personal data for different sub-purposes depending on the process in which the personal data is processed, and for different individual groups for which personal data is processed. Each disclosure text includes details about the purposes of processing personal data. Please use the applicable disclosure texts as a reference.
3.To Whom and for What Purposes Personal Data May Be Transferred
In line with “need to know” and “need to use” principles, Gezi Hotel conducts the required data minimization and tries to process data by taking the required technical and administrative security precautions. However, since performance of business activities or audits thereof, ensuring business continuity, and the operation of digital infrastructure renders constant data flow with different stakeholders necessary, we must transfer personal data to third parties for certain purposes. In addition, in order to fulfill contractual and legal liabilities, your personal data should be accurate and up-to-date. In order to achieve this, we have to cooperate with various business partners and service providers. In all circumstances, personal data transfers are carried out in a secure environment and via secure channels.
Your personal data is transferred internally when needed for the purpose of processing, and is limited to this purpose, and is shared with real persons or private legal entities, business partners, affiliates and subsidiaries, suppliers, authorized public institutions and authorities under the rules specified in the Law. Each disclosure text includes details about the purposes of processing personal data and why it is transferred to third parties. Please use the applicable disclosure texts as a reference.
4.Technical and Administrative Measures Taken to Ensure the Security of Personal Data
Gezi Hotel undertakes to take any and all necessary technical and administrative measures, and to show due care in order to ensure the confidentiality, integrity and security of your personal data. In this respect, we take the necessary precautions to prevent the misuse of personal data, its illegal processing, the unauthorized access to data, and its disclosure, alteration or destruction.
Gezi Hotel takes the following technical and administrative precautions to prevent illegal access to the processed personal data, to prevent the illegal processing of such data, and to maintain personal data:
Anti-Virus: All PCs and servers contained in the information technology infrastructure of Gezi Hotel have a periodically updated anti-virus application.
Firewall: The data centers hosted by Gezi Hotel servers are protected by uploaded firewalls that are periodically updated, and all new-generation firewalls check the Internet connections of the entire staff to ensure protection against viruses and similar threats.
VPN: An IP-SEC VPN is used to connect to our server systems, and traffic between two points is transferred in an encrypted manner.
User Definitions and Need to Know: The access of Gezi Hotel and its staff and officers to Gezi Hotel’s systems are limited to their job descriptions, and in case any authority or descriptions change, system authorizations are updated as soon as possible. Information Security and Confidentiality Undertakings have also been concluded with employees.
Information Security Threat and Event Management: Events occurring on Gezi Hotel servers and firewalls are transferred to the “Information Security Threat and Event Management” system. This system warns responsible staff members if a security threat emerges, thus ensuring a rapid response to the threat.
SSL: All fields on the website for obtaining personal data are protected by SSL.
Infiltration Test: An infiltration test is periodically applied manually by a supplier company to all the servers, computers and sample applications on Gezi Hotel's systems. Vulnerabilities observed as a result of this test are eliminated, and a verification test to ensure that such vulnerabilities are eliminated is carried out.
Training Portal: Awareness training is organized periodically in order to enhance the awareness of Gezi Hotel staff regarding various information security violations and to minimize the effect of human error in information violation incidents; all employees receive training in the protection of personal data and information security.
The Clean Desk Principle: Employees are obliged to abide by the “clean desk principle” in line with the internal rules of Gezi Hotel. All personal data on a printed paper medium must be maintained in locked cabinets, and can only be accessed by authorized persons.
In case of damage or access by unauthorized third parties to personal data despite the precautions for information security taken by Gezi Hotel as a result of attacks on platforms operated by Gezi Hotel or on the system of Gezi Hotel, Gezi Hotel will immediately inform you and the Board of Protection of Personal Data and take all necessary precautions.
5.Terms and Conditions for the Maintenance, Deletion, Destruction and Anonymization of Personal Data
Gezi Hotel retains the personal data it processes for the periods stipulated in the relevant legislation or which is required for processing purposes in accordance with the Law. Such periods are laid out in the Maintenance and Destruction of Personal Data Policy.
Gezi Hotel retains the personal data it obtains through physical, electronic, website, or email channels during business processes for the periods stipulated in Articles 7 and 17 of the Law and Article 138 of the Turkish Criminal Code and/or for periods required for the purpose of processing. At the end of such periods, it will delete, destroy or anonymize such personal data according to the provisions of the Regulation on Deletion, Destruction or Anonymization of Personal Data and the Deletion, Destruction or Anonymization of Personal Data Guide.
Gezi Hotel has included the methods for deletion, destruction and anonymization, and the technical and administrative precautions it has taken in this regard in detail, in the Personal Data Retention and Destruction Policy issued under the Regulation on Deletion, Destruction or Anonymization of Personal Data.
6.Rights of the Data Subject
The rights of the data subject under Article 11 of the Law are as follows:
- To learn whether or not your personal data is being processed,
- To request information on the procedure if personal data has been processed,
- To obtain information regarding the purpose of processing personal data, and to find out whether personal data has been used in line with this purpose,
- To obtain information about third parties to whom your personal data has been transferred domestically or abroad,
- To request the correction of personal data that may have been incompletely or inaccurately processed,
- To request the deletion or destruction of personal data within the scope of provisions set forth in Article 7 of the Law,
- To request that the third parties to whom personal data is transferred are informed of the operations carried out pursuant to sub-paragraphs (d) and (e),
- To object to any outcome detrimental to the data subject as a result of analysis of the data processed exclusively through automatic systems,
- To request indemnification of damages in the case that damages are sustained as a result of the unlawful processing of personal data.
As data subjects, you can fill out the Contact Form, which you can access through the Corporate website and send the “Data Subject Application Form” to the official email address of the Company firstname.lastname@example.org and through the official phone line number +90 212 393 2700 or to the address of the Company Mete Ave. No:34 Beyoğlu / Istanbul and request necessary changes, updates and/or deletions and other requests in order to inform the Company of your demands regarding your rights as they obtain to your personal data. In requests delivered by phone, you will be directed to other application methods following such request.
Gezi Hotel will conclude your application on a free-of-charge basis within the shortest time possible depending on the nature of the request, within no later than thirty days once you deliver your request to us via the specified methods. However, in the case that the process requires any additional cost, Gezi Hotel shall charge the fee in the tariff specified by the Board of Protection of Personal Data.
Your application to exercise any of your above-mentioned rights, including your remarks about the right you wish to exercise, should clearly state your request, should be personally related to you (or if you act on behalf of another person, then you should be specifically authorized in this regard and capable of certifying such authorization), and should include your ID and address details, and supporting identification documents.
Data Subject Application Form