You can access the details about the explanations in this clarification text, which was prepared in accordance with the Law on Protection of Personal Data No. 6698 (PDP Law) and the PDPL Policy which was prepared and put into force in this accommodation facility, SPA, sauna and massage parlour businesses (hereinafter referred to as KIRMAN BELAZUR) belonging to KİRMAN KEMAL OTELCİLİK TURİZM İNŞAAT VE TİCARET ANONİM ŞİRKETİ , which is the data controller, through the Data Controller’s PDPL Policy and the documents attached thereto. Accordingly;
1. Your Processed Personal Data
a) Identity and Family Details [Name-surname, Turkish ID No, Passport No, place – date of birth, marital status, gender, child’s name, number, age and date of birth, signature, voucher (travel card) details and register card (accommodation card details), room type and number, flight number, hotel where they stayed, accommodation dates and amount]
b) Contact Details [address, phone number, e-mail address]
c) Customer Transaction Details [(Vehicle license plate, survey form, records of product and service submission, requests, instructions, photos, marriage, birthday, special days anniversary, invoice details, order details, request details]
d) Physical Space Security Details [Entry-exit registration details of customers and visitors, camera records,]
e) Transaction Security Details [IP address, hotspot records, password and keyword details, website login and exit details, log and digital traffic records]
f) Financial Details [Credit card number, cvc code, expiration date]
g) Audio-Visual Records and Information [Visual and audio recordings and information]
h) Health Details [Details about disability, chronic diseases, past diseases, asthma, diabetes, heart, blood pressure diseases, personal health details,]
2. Collection Method of Your Personal Data and Legal Reasons
According to this clarification text, your personal data is obtained verbally, in writing or electronically through information, documents and similar means that are transmitted by you or by third parties that we have contracted and provided services as a requirement of engaging with solution partners in cooperation and contractual relationship by automatic means or non-automatic means provided that it is a part of the data recording system.
This data can be processed directly due to your explicit consent within the framework of Article 5 of the PDP Law No. 6698, and in cases where your explicit consent is not required, if:
a) It is expressly provided for by the laws.
b) It is necessary for the protection of life or physical integrity of the person himself/herself or of any other person, who is unable to explain his/her consent due to the physical disability or whose consent is not deemed legally valid.
c) Processing of personal data of the parties of a contract is necessary, provided that it is directly related to the establishment or performance of the contract.
d) It is necessary for compliance with a legal obligation to which the data controller is subject.
e) Personal data have been made public by the data subject himself/herself.
f) Data processing is necessary for the establishment, exercise or protection of any right.
g) Processing of data is necessary for the legitimate interests pursued by the data controller, provided that this processing shall not violate the fundamental rights and freedoms of the data subject.
Within the scope of Article 6 of the PDPL No. 6698, your personal data of special nature, excluding those about health and sexual life, can be processed based on your explicit consent or in accordance with the provisions of the same article, where it is stipulated by the laws. In the absence of your explicit consent, your personal data regarding health and sexual life can only be processed by persons or authorized institutions and organizations that are under the obligation of keeping the confidentiality for the purposes of protecting public health, performing preventive medicine, medical diagnosis, treatment and care services, planning and managing health services and financing.
3. Purposes of Processing Your Personal Data
Your personal data are processed within the scope of the following purposes, taking into account the principles of complying with the law and the rules of honesty, being accurate and up-to-date when necessary, being processed for specific, clear and legitimate purposes, being connected, limited and proportional to the purpose for which they are processed, storing for the period required for the purpose for which they are processed or stipulated in the relevant legislation, in accordance with Articles 4, 5 and 6 of the PDP Law No. 6698.
1. Conducting Emergency Management Processes
2. Conducting Information Security Processes
3. Conducting Activities in Compliance with the Legislation
4. Conducting Financial and Accounting Affairs
5. Conducting Company / Product / Service Loyalty Processes
6. Providing Physical Space Security
7. Follow-up and Conducting Legal Affairs
8. Conducting Communication Activities
9. Conducting Good / Service Sales Processes
10. Conducting Goods / Services Production and Operation Processes
11. Conducting Customer Relationship Management Processes
12. Conducting Activities for Customer, Guest Satisfaction and Service Quality
13. Organization and Event Management
14. Conducting Advertising / Campaign / Promotion Processes
15. Carrying out Custody and Archive Activities
16. Conducting Contract Processes
17. Tracking Requests / Complaints
18. Ensuring the Security of Data Controller Operations
19. Conducting Investment Processes
20. Providing information to Authorized Persons, Institutions and Organizations
21. Carrying out Management Activities
22. Creating and Tracking Visitor Records
Your personal data is not processed other than for the purposes shown above. All kinds of technical and administrative measures are taken by the enterprise to prevent the illegal processing or accessing of personal data.
4. Transfer of Your Personal Data
According to Articles 8 and 9 of the PDP Law No. 6698, your personal data may be transferred within the country or abroad if the following conditions are met.
The personal data that are received due to the existence of the conditions in Article 5 of the PDP Law No. 6698 or in line with your explicit consent can be transferred to third parties from whom service is received or to whom service is provided, to the persons and companies with whom cooperation is made, to persons and institutions that are interacted with, such as shareholders, suppliers, for the above-mentioned purposes and also in order to carry out the activities mentioned above, in accordance with the provisions of Articles 8 and 9 of the Law.
Provided that sufficient measures are taken, your personal data concerning health may only be transferred, without seeking explicit consent of the data subject, by the persons subject to secrecy obligation or competent public institutions and organizations, for the purposes of protection of public health, operation of preventive medicine, medical diagnosis, treatment and nursing services, planning and management of health-care services as well as their financing.
Your personal data can be transferred abroad without your explicit consent, provided that it is clearly stipulated in the law, it is compulsory for the protection of the life or physical integrity of the person or another person, who is unable to express his consent due to actual impossibility or whose consent is not legally valid, it is directly related to the conclusion or performance of a contract, it is necessary to process the personal data of the parties to the contract, it is mandatory for the data controller to fulfil its legal obligation, data has been made public, data processing is mandatory for the establishment, exercise or protection of a right, provided that it does not harm your fundamental rights and freedoms, in cases where data processing is necessary for the legitimate interests of the data controller and also the protection of public health, for carrying out preventive medicine, medical diagnosis, treatment and care services, for the planning and management of health services and its financing, provided that it is fulfilled by persons or authorized institutions and organizations under the obligation to keep secrets, having adequate protection for your personal data abroad, and in the absence of adequate protection, provided that the data controllers in Turkey and in the relevant foreign country undertake an adequate protection in writing and have the permission of the PDP Board.
PDP Board decides on whether there is sufficient protection in the foreign country and whether transfer abroad will be allowed, by evaluating the international conventions to which Turkey is a party, the reciprocity of data transfer between the country requesting personal data and Turkey, the nature of the personal data, the purpose and duration of its processing regarding each concrete personal data transfer, the relevant legislation and practice of the country to which the personal data will be transferred, the measures undertaken by the data controller in the country where the personal data will be transferred and, by taking the opinions of the relevant institutions and organizations if needed. Without prejudice to the provisions of international agreements, in cases where interest of Turkey or you will seriously get harmed, your personal data may only be transferred abroad upon the authorisation to be given by the Board after receiving the opinions of relevant public institutions and organizations.
In this context, your personal data can be transferred;
1. To the competent public institutions and organizations
2. To the company partners and officials,
3. To business and solution partners,
4. To supplier persons and companies,
5. To the real or legal persons engaged with, for the following purposes, namely for;
6. Conducting Emergency Management Processes
7. Conducting Information Security Processes
8. Conducting Activities in Compliance with the Legislation
9. Conducting Financial and Accounting Affairs
10. Conducting Company / Product / Service Loyalty Processes
11. Providing Physical Space Security
12. Follow-up and Conducting Legal Affairs
13. Conducting Communication Activities
14. Conducting Good / Service Sales Processes
15. Conducting Goods / Services Production and Operation Processes
16. Conducting Customer Relationship Management Processes
17. Conducting Activities for Customer, Guest Satisfaction and Service Quality
18. Organization and Event Management
19. Conducting Advertising / Campaign / Promotion Processes
20. Carrying out Custody and Archive Activities
21. Conducting Contract Processes
22. Tracking Requests / Complaints
23. Ensuring the Security of Data Controller Operations
24. Conducting Investment Processes
25. Providing information to Authorized Persons, Institutions and Organizations
26. Carrying out Management Activities
27. Creating and Tracking Visitor Records.
5. Your Rights as Personal Data Owner
Within the scope of the law, the data owner, that is, the data subject has the right to:
a) Learn whether personal data is processed or not,
b) If the personal data is processed, to request information,
c) To learn the purpose of processing the personal data and whether it is used in accordance with the intended purpose or not,
d) To know the third parties to whom personal data is transferred domestically or abroad,
e) To request correction of your personal data if they are incomplete or incorrectly processed,
f) To request the erasure or destruction of his/her personal data under the conditions referred to in Article 7 of PPDL,
g) To request notification to third parties about the personal data that has been processed incorrectly and requested to be corrected and the personal data that is requested to be destroyed,
h) To object to the emergence of a result against the person himself by analyzing the processed data exclusively through automated systems,
i) To request the remedial of the damage, if one incurs a damage due to illegal processing of the personal data
In order for you to exercise your complaint rights as a personal data owner, you must first apply to the personal data controller through the following communication channels. It is not possible to file a complaint to the PDP Board before this method is exhausted.
Your request is answered by our company as the data controller as soon as possible and within 30 days at the latest, depending on the nature of the request.
In the event that your application is rejected or the answer is found to be insufficient or your application is not answered in due time, you can use your right to file a complaint to the PDP Board or apply directly to the judiciary means.
Application Address and contact details:
COMPANY TITLE |
ADDRESS |
E- MAIL |
TELEPHONE |
KİRMAN KEMAL OTELCİLİK TURİZM İNŞAAT VE TİCARET |
Boğazkent Mah. 31. Sok. No:8 Serik / Antalya |
kvkk@belazur.com.tr |
+90 242 731 03 03 |
6. Retention Period of Your Personal Data
Your personal data, which must be processed in line with the above-mentioned methods and purposes, are stored for the period specified in the data inventory, taking into account the statute of limitations and foreclosure periods. In the event that the reasons for the processing of your data disappear or the periods required for the processing of your data in accordance with the legislation expire, they are deleted, destroyed or anonymized by any of the destruction methods by our Company ex officio in six-month periods at the latest, or within thirty days at the latest upon your request.
Deletion of your personal data is the process of making it inaccessible and unusable for the relevant users in any way.
Destroying your personal data is the process of making personal data inaccessible, unrecoverable and unusable by anyone in any way.
Anonymization of your personal data is making the data unrelated to an identified or identifiable natural person, even through the use of appropriate techniques.
The transactions regarding the deletion, destruction and anonymization of your personal data are recorded in the minutes. Considering the public requirements, such minutes are kept for 5 years.
We submit for your information with respect.
7. Identity of Data Controller
COMPANY TITLE |
ADDRESS |
TAX OFFICE AND NUMBER |
KİRMAN KEMAL OTELCİLİK TURİZM İNŞAAT VE TİCARET |
Boğazkent Mah. 31. Sok. No:8 Serik / Antalya |
Manavgat Taxation Office: 5630645061 |