Atay Turizm Otomotiv İnşaat Sanayi ve Ticaret Ltd. Şti.

Disclosure Text for Physical Visitors

The Law on Protection of Personal Data no. 6698 (Law) came into force on April 7, 2017. This law includes all kinds of regulations on processing all kinds of data belonging to real persons with known identities or which can be detected. 

This text includes the declarations and remarks of the Company for processing personal data belonging to visitors who visit physical locations where the Company is engaged under the Law. In this respect, the implementation field of this text is related to the processing stages of personal data belonging to physical visitors to the Company. Please carefully read this disclosure text and examine the applicable procedures for your processed data. Under the law, your personal data will be processed by Atay Turizm Otomotiv İnşaat Sanayi ve Ticaret Ltd. Şti. (Company) within the scope as stated below. The following terms shall have the following meanings in this text;

Explicit Consent: Approval freely given, specific, informed, clear and limited consent.

Anonymization: To render it impossible for personal data to be associated in any manner with the identity of a real person who is identified or identifiable, even if they are matched with other data.

Personal Data Subject (Data Subject): A real person whose personal data is processed;

Personal Data: Any information relating to an identified or identifiable real person,

Special Categories of Personal Data: Data of persons in relation to their race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, appearance, membership in associations, foundations or unions, health, sexual life, criminal convictions and security measures, and biometric and genetic data.

Processing of Personal Data: Any transaction carried out in relation to the data, such as obtaining, recording, storage, preservation, alteration, reorganization, disclosure, transfer, takeover, making available, classifying personal data or preventing its usage by fully or partly automatic means or by non-automatic means, provided they are part of a data recording system.

Data Controller: A real or legal person who determines the purposes and means of processing personal data, and who is responsible for the establishment and management of the data recording system.

Visitor: Any real person visiting the locations where the Company is physically engaged for any purpose.


Data Categories and Data Types


Physical Location Security

Camera Recordings

Visual Recordings

Camera Recordings

Transaction Security

MAC information, Access Records and related log records


Methods and Legal Grounds for the Collection of Personal Data


Your personal data derived from internet use is collected and processed within the scope of public common internet access providers to fulfill their obligation to establish systems that will define the users, mainly Law No. 5651 on Regulation of Publications Made Online and Intervention of Crimes Committed Through These Publications, Electronic Communication Law No. 5809, and Regulations on Collective Internet Providers.

Our Company acquires personal data directly from visitors, the IPTV system in the hotel, its annexes, inspection areas, yards-gardens, entry doors, hotel entrances, lobby, restaurant, floor corridors, and in other service areas, from traffic/log records in case of internet access and other communication channels, in an audio, electronic or written format. Your personal data acquired in this manner is processed on legal grounds explicitly mentioned in the Laws (for example, processing of internet traffic records as stipulated in Law no. 5651), for fulfilling a legal obligation (for example, to ensure that occupational health/safety rules are followed and to prevent unauthorized access to work areas in order to ensure information security), if it is in the legitimate interest of the data controller (for example, keeping camera records to ensure the safety of physical locations and to determine and investigate violations of workplace rules).

We process your personal data based on the grounds that it is necessary to fulfill our legal obligations, to establish your rights, to let you use such rights and to protect such rights, and so as not to harm your fundamental rights and liberties, and on whether such processing is obligatory for our legitimate interests. In this respect, in cases in which data processing is obligatory under the applicable regulations, we process your personal data mainly under the provisions of Law No. 5651 on Regulation of Publications Made Online and Intervention of Crimes Committed Through These Publications, Electronic Communication Law No. 5809, and provisions of Turkish Criminal Code no. 5237, in order to fight crime, prevent content that may be criminal, protect families and children, prevent crime and identify perpetrators, take precautions against access to criminal content, prevent access and ensure the efficiency of filtering systems, and to manage traffic.


Purpose of Processing Personal Data

Physical Location Security

Visual Recordings

Camera Recordings

  • Informing Authorized Persons, Authorities and Organizations

  • Security of Data Controller Operations

  • Conducting Storage and Archiving Activities

  • Performance of Business Continuity Activities

  • Performance/Audit of Business Activities

  • Physical Location Security

  • Performance of Activities in Accordance with Legislation

  • Audit / Execution of Ethics Activities

  • Execution of Emergency Management Processes


Transaction Security

MAC information, Access Records and related log records

  • Informing Authorized Persons, Authorities and Organizations

  • Security of Data Controller Operations

  • Execution of Marketing Processes of Products / Services

  • Ensuring Security of Movable Properties and Resources

  • Performance of Contractual Processes

  • Performance of Customer Relations Management Processes

  • Performance of Goods / After Sales Support Services

  • Conducting Goods / Services Purchase Processes

  • Performance / Audit of Business Activities

  • Conducting Company / Product / Service Loyalty Processes

  • Performance of Activities in Accordance with Legislation

  • Audit / Execution of Ethics Activities

  • Performance of Information Security Processes


To Whom and for What Purposes Processed Personal Data May Be Transferred

Personal data collected for the aforementioned purposes, and limited to these purposes alone, can be shared with internet service providers and solution partners that provide infrastructure for Wifi service, our service providers, legally authorized public institutions and authorities, our suppliers, the Information and Communication Technologies Board, public prosecution offices, law enforcement officers, courts and related legal and administrative authorities, our business partners, suppliers, legally authorized public institutions and private persons or institutions and third persons in Turkey or abroad, limited only to the personal data processing conditions stated in Articles 8 and 9 of the Law and for the purposes stated above.


Your Rights as a Data Subject


As data subjects, in order to specify your requests with regards to your rights and to use your rights regarding your personal data, you can request the necessary changes, updates and/or deletions and other related requests by filling out the Contact Form, which you can access on the website of the Company and send as “Data Subject Application Form” to the official email of the company at, or via the official phone number of the Company, +90 212 393 2700, or deliver it to the address of the Company at Gümüşsuyu Mah. Mete Cad. No: 34 Beyoğlu / Istanbul. In requests delivered by phone, you will be directed to other application methods following such request.


Gezi Hotel will conclude your application on a free-of-charge basis within the shortest time possible depending on the nature of the request, within no later than thirty days once you deliver your request to us via the specified methods. However, in case the process requires any additional cost, the Company shall charge the fee in the tariff specified by the Board of Protection of Personal Data. In this context, personal data subjects are entitled:


  1. To learn whether or not your personal data is being processed,

  2. To request information on the procedure if personal data has been processed,

  3. To obtain information regarding the purpose of processing personal data, and to find out whether personal data has been used in line with this purpose,

c) To obtain information on the third parties with whom personal data was shared domestically or abroad,

  1. To request the correction of personal data that may have been incompletely or inaccurately processed,

  2. To request the deletion or destruction of personal data within the scope of provisions set forth in Article 7 of the Law,

  3. To request that the third parties to whom personal data is transferred are informed of the operations carried out pursuant to sub-paragraphs (d) and (e),

  4. To object to any outcome detrimental to the data subject as a result of analysis of the data processed exclusively through automatic systems,

  5. To request indemnification of damages in the case that damages are sustained as a result of the unlawful processing of personal data.


Your application to exercise any of your above-mentioned rights, including your remarks about the right you wish to exercise, should clearly state your request, should be personally related to you (or if you act on behalf of another person, then you should be specifically authorized in this regard and capable of certifying such authorization), and should include your ID and address details, and supporting identification documents.