INFORMATION ON PERSONAL DATA PROTECTION LAW NO. 6698:
Purpose of the legislation:
Article 1 of Law no. 6698 states that “The purpose of this Law is to protect the fundamental rights and freedoms of persons, privacy of personal life in particular, while personal data are processed, and to set forth obligations of natural and legal persons who process personal data and procedures and principles to comply with for the same.”
Legal cause of informing:
This information is given on the basis of legal obligation and transparency because of the fact that article 10 of law no. 6698 contains below provisions:
(1) Data controller or the person it authorized is obligated to inform the data subjects while collecting the personal data with regard to;
a) The identity of the data controller and if any, its representative,
b) The purposes for which personal data will be processed,
c) The persons to whom processed personal data might be transferred and the purposes for the same,
ç) The method and legal cause of collection of personal data,
d) The rights set forth under article 11.
POINT HOTEL MANAGEMENT TURİZM A.Ş. ensures maximum security of its information systems infrastructure and internet servers in order to protect confidentiality of personal information received from its guests-customers.
What does processing of personal data mean:
Article 2 paragraph e of Law no. 6698 describes it as “Any operation which is performed upon personal data such as collection, recording, storage, preservation, alteration, adaptation, disclosure, transfer, retrieval, making available for collection, categorization or blocking its use by wholly or partly automatic means or otherwise than by automatic means which form part of a filing system”.
Principles taken into consideration while personal data is processed:
Personal data, in compliance with the law and good faith, may be processed with the explicit consent of the data subject, provided they are stored for true and current, specific, clear and lawful purposes, in connection with the purposes they are processed for, limited and prudently, and upto the period stipulated in the related legislation or required for the purpose they are processed for.
Purpose of processing of personal data:
We are processing the identification data of all our guests who checked in to our hotel to fulfill our obligations pursuant to the legislation, to ensure security of our guests, and due to contract relationship between us and our guests and similar guest, public and establishment interests.
We are recording identification data of our employees pursuant to labor and social security legislation.
We are processing identification data of working candidates to evaluate job applications, and;
We are processing identification data of visitors, suppliers, contractors and persons with whom we have similar business relations for commercial requirement and to ensure security of our guests and our establishment.
Personal data collection and legal cause:
We are recording identification, address, phone number, payment information, if required, and other information pursuant to the obligations arising from the legislation,
And for the purpose of being determinant in disputes pursuant to the contract between us and our guests,
Informing our guests with respect to their forgotten articles and similar situations,
Giving all kinds of information to our guests about our establishment, and offering products and services requested.
Sharing, transferring overseas of personal data:
Personal data cannot be transferred without explicit consent of the data subject, as specified in article 8 of Law no. 6698. They can be shared in the manner and conditions specified in the law, in exceptional circumstances stated in the law.
Personal data cannot be transferred overseas without explicit consent of the data subject, as specified in article 9 of Law no. 6698. They can be transferred in the manner and conditions specified in the law, in exceptional circumstances stated in the law.
Data Controller – Representative:
POINT HOTEL MANAGEMENT TURİZM A.Ş. is Data Controller, in its capacity as the data controller, within the scope of Law no. 6698.
The representative of Data Controller which shall be appointed by POINT HOTEL MANAGEMENT TURİZM A.Ş., shall be announced in the Data Controller’s Registry when legal infrastructure is ensured, pursuant to article 16 and related articles of PDPL.
Rights of data subject:
Pursuant to article 11 of Law no. 6698 (1) Everyone, in connection with herself/himself, has the right to;
a) Learn whether or not her/his personal data have been processed,
b) Request information as to processing if her/his data have been processed,
c) Learn the purpose of processing of the personal data and whether data are used in accordance with their purpose,
ç) Know the third parties in the country or abroad to whom personal data have been transferred,
d) Request rectification in case personal data are processed incompletely or inaccurately,
e) Request deletion or destruction of personal data within the framework of the conditions set forth under article 7,
f) Request notification of the operations made as per indents (d) and (e) to third parties to whom personal data have been transferred,
g) Object to occurrence of any result that is to her/his detriment by means of analysis of personal data exclusively through automated systems,
ğ) Request compensation for the damages in case the person incurs damages due to unlawful processing of personal data,
by applying to the data controller.
You may send your requests relating to the enforcement of Law no. 6698 to the address Topçu Cad. No : 2 34437 Taksim/Istanbul in written or via e-mail at the address www.pointhotelmanagement.com together with documents revealing your identity.
Application to Data Controller:
In accordance with article 11 of Law no. 6698:
(1) The data subject shall convey her/his requests relating to the enforcement of this Law to the data controller in writing or by other means designated by the Board.
(2) The data controller shall conclude the requests included in the application free of charge and as soon as possible considering the nature of the request and within 30 days at the latest. However, in case the operation necessitates a separate cost, the fee in the tariff designated by the Board may be collected.
(3) The data controller shall accept the request or reject it by explaining the reason and notify the data subject of its reply in writing or electronically. In case the request included in the application is accepted, it shall be fulfilled by the data controller accordingly. In case the request is resulted from the fault of the data controller, the collected fee shall be returned to the data subject’’
In case the application is rejected, replied insufficiently, or not replied in due time; the data subject may file a complaint with the Board within 30 days following the date he/she learns the reply of the data controller and in any event, within 60 days following the date of application.
Storage of Personal Data:
Pursuant to article 7 of Law no. and related legal regulations:
Your personal data can be stored within the legal period and within the periodsw required for processing. Personal data that is processed in accordance with this Law or relevant other laws shall be deleted, destroyed or anonymised either ex officio or upon request by the data subject in case the reasons necessitating their processing cease to exist. Provisions of other laws relating to deletion, destruction, and anonymization of personal data are reserved.