MarmaraParkAvenue

NY / Park Avenue

linus-mimietz-a9bLObiMPJ4-unsplash

Istanbul / Taksim

Istanbul / Pera

Bodrum

Antalya

Istanbul / Sisli

gokhan-polat-on5DERknRqo-unsplash (1)

Istanbul / Suadiye

despina-galani-k5yE2uTuyys-unsplash (1)

Istanbul / Esma Sultan

Personal Data Protection Law

CLARIFICATION TEXT ON THE PROCESSING OF PERSONAL DATA IN THE USE OF THE AI CHATBOT 

ISTANBUL TURİZM OTELCİLİK A.Ş. 

Pursuant to Law No. 6698 on the Protection of Personal Data ("KVKK"), we would like to inform you about the processing of your personal data by İSTANBUL TURİZM OTELCİLİK A.Ş. as the data controller. 

1. Data Controller 

Your data is processed by İSTANBUL TURİZM OTELCİLİK A.Ş. as the data controller. 

2. Your Processed Personal Data 

The following personal data may be processed during your use of the chatbot: 

  • Telephone number 
     
  • Email address 
     
  • Chat content (your messages, questions and answers) 
     
  • (Optional) Name-surname 
     
     

3. Purposes of Processing Personal Data 

Your collected personal data is processed for the following purposes: 

  • Utilising the chatbot service, 
     
  • Faster and more accurate response to your requests, 
     
  • Improvement of service quality, 
     
  • Analysing, reporting and user experience improvement studies, 
     
  • Fulfilment of legal obligations if necessary. 
     
     

 

 

4. Transfer of Personal Data 

Data collected: 

  • ISTANBUL TURİZM OTELCİLİK A.Ş. systems, 
     
  • To the service provider providing the chatbot infrastructure (in line with technical requirements) 
     
  • It can be transferred to artificial intelligence services (e.g. ChatGPT, Claude, etc.) that work integrated with this infrastructure. 
     can be transferred. 
     

Technical details regarding whether the infrastructure provider or integrated artificial intelligence tools used are engaged in data collection or storage activities on the system for certain periods of time are determined by the service provider, and precise information on this issue can only be accessed through the relevant providers. 
 İSTANBUL TURİZM OTELCİLİK A.Ş. is in cooperation with the relevant departments to make the necessary technical and legal evaluations regarding the personal data processing processes of these providers. 

5. Method and Legal Grounds for Collection of Personal Data 

Your data is collected electronically by automatic means through the chatbot interface: 

  • Based on your express consent, 
     
  • It is processed for the purpose of providing the service and meeting your requests. 
     

6. Storage Period 

Your data will be stored for a period proportionate to the purpose for which it is processed and for a maximum of 2 years, after which it will be anonymised, deleted or destroyed in accordance with the legislation. 
 The platform used and the integrated artificial intelligence tools may also retain the data in their own systems for 2 years. Clear information on these periods is contained in the data retention policies of the respective providers. 

7. Your Rights under KVKK 

Pursuant to Article 11 of the LPPD, you have the following rights: 

  • To learn whether your personal data is being processed, 
     
  • If processed, to request information about it, 
     
  • To learn the purpose of processing and whether it is used in accordance with its purpose, 
     
  • To know the third parties to whom the data is transferred, 
     
  • Request correction if incomplete or incorrectly processed, 
     
  • Request deletion/destruction in accordance with the legislation, 
     
  • Request notification to third parties to whom these transactions are transferred, 
     
  • Do not object to analyses performed by automated systems, 
     
  • Claim compensation if you have suffered damage due to data processing. 
     
     

You can send your requests regarding these rights to kvkk@themarmarahotels.com. 

  1. Use of Artificial Intelligence and Disclosure Responsibility

The chatbot service offered by İSTANBUL TURİZM OTELCİLİK A.Ş. is supported by artificial intelligence technologies and responses are automatically generated through large language models such as ChatGPT and Claude. 

For this reason: 

  • The accuracy of the content provided by the chatbot is not guaranteed, 
     
  • Answers may occasionally be incomplete, inaccurate or misleading, 
     
  • These contents are for general information purposes only and are not binding or advisory. 
     

Users should contact İSTANBUL TURİZM OTELCİLİK A.Ş. directly if they receive information on an important or critical issue. İSTANBUL TURİZM OTELCİLİK A.Ş. does not accept any responsibility for any negativities that may occur due to responses based on artificial intelligence. 

 

 

PERSONAL DATA PROCESSING PROCEDURE FOR AI CHATBOT INTERACTIONS 

1. Objective 

This procedure has been prepared in order to ensure that the personal data collected through the artificial intelligence supported chatbot integrated in the website and digital platforms of İSTANBUL TURİZM OTELCİLİK A.Ş. are processed, stored and transferred when necessary in accordance with the relevant legislation, especially the Law No. 6698 on the Protection of Personal Data (KVKK). 

 

2. Scope 

This procedure relates to personal data obtained during the use of chatbots on the digital platforms of ISTANBUL TURİZM OTELCİLİK A.Ş. 

 

3. Collected Data 

The following personal data are collected from the user through the artificial intelligence supported chatbot: 

  • Name-surname (optional) 
  • Email address 
  • Telephone number 
  • Message and conversation contents (chat history) 
     

4. Data Collection Method 

  • Users are required to provide phone number and e-mail information in order to benefit from the chatbot service. 
     
  • The content shared during the chat is automatically saved by the system. 
     
  • All data are collected through the chatbot platform (application) used and transferred to the system of İSTANBUL TURİZM OTELCİLİK A.Ş. manually or automatically at certain intervals. 
     
     

 

 

 

5. Purposes of Data Processing 

The personal data collected are processed for the following purposes: 

  • To be able to respond to user requests faster and more accurately 
     
  • To increase service quality and improve user experience 
     
  • Collect feedback and make analyses 
     
  • Fulfilment of legal obligations 
     
  • Fulfilment of obligations to authorised public authorities (where necessary) 
     

6. Data Transfer 

  • Personal data are temporarily kept on the servers of the chatbot infrastructure provider and are periodically taken from the system by İSTANBUL TURİZM OTELCİLİK A.Ş. and transferred to internal systems. 
     
  • The data are shared only with the service provider and the employees authorised to process data within İSTANBUL TURİZM OTELCİLİK A.Ş. 
     
  • The platform/application used and artificial intelligence tools (e.g. ChatGPT, Claude, etc.) that work integrated with this application can also collect data on the system and/or store the data for 2 years. These periods are determined by the providers and the exact information is monitored separately by the relevant departments. 
     
  • Data is not transferred abroad; if it is to be done, explicit consent will also be obtained. 

 

7. Data Retention Period 

  • Personal data collected by İSTANBUL TURİZM OTELCİLİK A.Ş. will be stored for 2 years in accordance with the purposes of processing within the framework of the relevant legislation; at the end of this period, it will be anonymised or deleted/destroyed in accordance with the legislation. 
     
  • The platform/application used and integrated artificial intelligence tools may also store data in their systems for 2 years; details of these retention periods are included in the providers' own privacy policies. 
     
     

8. User Rights 

Users, in accordance with KVKK; 

  • To learn whether their personal data is being processed or not, 
     
  • If processed, to request information about it, 
     
  • Learning whether it is used for its intended purpose, 
     
  • Know if they have been transferred to third parties, 
     
  • To request correction of their data in case of incomplete or incorrect processing, 
     
  • Request the erasure or destruction of their data, 
     has rights. These requests can be submitted by sending an e-mail to [kvkk@....com]. 

 

  1. Artificial Intelligence Systems and Disclosure Responsibility

The chatbot infrastructure used by İSTANBUL TURİZM OTELCİLİK A.Ş. is based on advanced artificial intelligence technologies. The responses given through the chatbot are automatically generated by outsourced large language models (e.g. ChatGPT, Claude, etc.). 

In this direction: 

  • The complete accuracy of the answers provided by artificial intelligence cannot be guaranteed. 
     
  • Information may be incomplete, inaccurate or misleading. 
     
  • Chatbot responses are for general information purposes only and do not constitute legal or technical guidance. 

 

It is recommended that users act in consideration of this situation and contact İSTANBUL TURİZM OTELCİLİK A.Ş. directly regarding critical content. İSTANBUL TURİZM OTELCİLİK A.Ş. cannot be held responsible for any damages that may arise due to artificial intelligence-derived content. 

 

10. Process to be Followed in Case of Data Breach 

  • ISTANBUL TURİZM OTELCİLİK A.Ş. considers this situation as a data breach in cases such as the acquisition, disclosure, loss, alteration or deletion of personal data by unauthorised persons. 
     
  • As soon as a data breach is detected, the Personal Data Protection Authority and the affected persons are notified as soon as possible, depending on the nature and extent of the breach. 
     
  • Where necessary, those affected by the breach are also informed about the measures taken and the recommended security steps. 
     
  • After the data breach, the process is finalised by internal audit and technical evaluation; if necessary, data processing processes are updated. 
     

11. Enforcement 

This procedure enters into force as of the date of approval by the management of İSTANBUL TURİZM OTELCİLİK A.Ş. and may be updated when necessary. 

 

 

EXPLICIT CONSENT TEXT FOR PROCESSING PERSONAL DATA VIA AI-SUPPORTED CHATBOT 

The chatbot service you are using is supported by outsourced artificial intelligence technologies (e.g. ChatGPT, Claude, etc.). These systems generate automatic content in the responses given to you. 

Due to the nature of artificial intelligence technologies: 

  • The information provided may not always be complete, accurate and up-to-date. 
     
  • Information may be misleading, incomplete or inaccurate. 
     
  • The content provided is for information purposes only and should not be considered as a commitment or guidance. 

For this reason, it is recommended to evaluate the responses given during the use of the chatbot in a controlled manner and to contact İSTANBUL TURİZM OTELCİLİK A.Ş. directly on important issues. 

Within the scope of the Clarification Text Regarding the Processing of Personal Data presented to me; 
 In accordance with the Law No. 6698 on the Protection of Personal Data ("KVKK"), I hereby declare that I expressly consent to the processing of my personal data by İSTANBUL TURİZM OTELCİLİK A.Ş. within the scope specified below: 

  1. My personal data such as name-surname (optional), telephone number, e-mail address and message contents that I transmit via artificial intelligence supported chatbot; 
     
  1. To be collected in order for me to benefit from chatbot services provided by İSTANBUL TURİZM OTELCİLİK A.Ş, 
     
  1. To be analysed in order to improve service quality and to provide better service to my party, 
     
  1. It can be processed domestically and technically abroad through third-party chatbot infrastructures and integrated artificial intelligence systems (ChatGPT, Claude, etc.), 
     
  1. To store my personal data for 2 years and to delete, destroy or anonymise them at the end of this period, 
     
  1. Notification to the Personal Data Protection Authority and relevant public institutions when deemed necessary 

I give my express consent. 

(In the digital environment, it is also valid with the "I approve" box). 

PERSONAL DATA PROTECTION LAW NO. 6698 (PDPL)

E -COMMERCIAL MESSAGE CLARIFICATION TEXT

 

This Clarification Text has been prepared in order to fulfill the obligation to inform within the scope of the Personal Data Protection Law No. 6698 (KVKK) and other relevant legislation in order to be presented to persons who accept to receive e-commercial messages from İstanbul Turizm ve Otelcilik A.Ş. with the Mersis number 0481-0040-8810-0025 in the capacity of Data Controller located at Osmanlı Sokak No:9 Taksim-Beyoğlu-İstanbul.

  1. METHOD OF COLLECTING PERSONAL DATA

Our company obtains e-commercial message approval digitally by providing information verbally and in writing. The personal data obtained are processed partially or completely by automatic means within the scope specified in this Clarification Text or by non-automatic methods provided that they are part of the data recording system

  1. PURPOSES AND LEGAL REASON FOR PROCESSING PERSONAL DATA

Processing is defined in Article 3 of the PDPL as the processes of recording, storing, preserving, changing, reorganizing, disclosing, transferring, taking over, making available and classifying personal data. Your personal data obtained is processed by our Company for the following purposes and legal reasons.

Legal Reason

Data Category

Personal Data

Purpose of Processing

KVKK 5/1 -Explicit Consent

Contact Data

E-Mail Address

Execution of Advertising-Campaign and Promotion Processes , Execution of Marketing Processes of Products/Services

KVKK 5/2.ç -It is mandatory for the data controller to fulfill its legal obligation

Contact Data

 

E-Mail Address

Providing information to Authorized Persons, Institutions and Organizations

KVKK 5/1 -Explicit Consent

Identity Data

Name,Surname

Execution of Advertising-Campaign and Promotion Processes , Execution of Marketing Processes of Products/Services

 

  1. TO WHOM AND FOR WHAT PURPOSES PERSONAL DATA MAY BE TRANSFERRED

Our Company pays attention to process your personal data in accordance with the principles of "need to know" and "need to use", by ensuring the necessary data minimization and taking the necessary technical and administrative security measures. Your personal data will be processed within the framework of the personal data processing conditions and purposes specified in Articles 8 and 9 of the PDPL, but will be transferred to the specified 3rd Parties in the following cases.

 

Buyer / Buyer Groups

Reason for Transfer

Transferred Data

İYS Registration and Authorized Persons Public Instutions and Organizations ,Judical and Administrative Authorities upon Request

Providing information to Authorized Persons, Institutions and Organizations

Contact Data (E-Mail Address)

 

  1. RIGHTS OF THE RELATED PERSON and METHOD OF EXERCISING THEIR RIGHTS

Within the scope of Article 11 of the PDPL No. 6698, everyone has the right to apply to our Company in the following matters in the capacity of data controller:

 

  1. Everyone has the following rights by applying to the data controller
    1.  
    1. To learn whether personal data is being processed,
    2. To request information if personal data has been processed,
    3. c) To learn the purpose of processing personal data and whether they are used in accordance with their purpose,

    ç) To know the third parties to whom personal data are transferred domestically or abroad,

    1. d) To request correction of personal data in case of incomplete or incorrect processing,
    2. e) To request the deletion or destruction of personal data within the framework of the conditions stipulated in Article 7 of Law No. 6698,
    3. f) To request notification of the transactions made pursuant to sub-paragraphs (d) and (e) to third parties to whom personal data are transferred,
    4. g) To object to the occurence of a result to the detriment of the person himself/herself by analyzing the processed data exclusively through automated systems,

    ğ) To demand compensation for the damage, in case of damage due to unlawful processing of personal data.

  3.  

 

Applications for the rights listed above can be made by the following methods in accordance with the relevant legislation:

  • In writing,
  • With secure electronic signature,
  • With the Registered Electronic Mail (REM) address,
  • With mobile signature,
  • By using the e-mail address registered in our Company's system as the data controller.

The following points must be included in the application:

 

  • Name, Surname and if the application is in writing, signature,
  • TR ID number for citizens of the Republic of Türkiye, nationality, passport number or ID number, if any, for foreigners,
  • Residential or workplace address for notification,
  • Electronic mail address, telephone and fax number for notification, if any,
  • Subject of the request.

 

Information and documents related to the subject are attached to the application if available. Depending on the nature of the request, your applications will be finalized free of charge as soon as possible and within thirty days at the latest, but if the transaction requires an additional cost, you may be charged a fee according to the tariff to be determined by the Personal Data Protection Board.

Pursuant to Article 4 titled "Right to Apply" of the Communiqué on the Procedures and Principles of Application to the Data Controller, natural persons whose personal data are processed have the right to apply to the data controller. Data subjects may exercise this right by making their applications in Turkish.

 

Contact Email Address    : kvkk@themarmarahotels.com

Rem Address                     : istanbulturizmveotelcilikas@hs01.kep.tr

 

PERMISSION-BASED DATABASE REGISTRATION AND ELECTRONIC COMMERCIAL MESSAGE CONSENT TEXT

Our company; [İstanbul Turizm ve Otelcilik Aş. ], with MERSIS number [ 0481-0040-8810-0025] and located at [Osmanlı Sokak No:9 Taksim-Beyoğlu-İstanbul ], has obtained your consent for sending electronic newsletters and/or commercial messages to your email address regarding the products and services offered by [Company Name], including promotions, advertisements, campaigns, and similar innovations.

Your explicit consent can be withdrawn at any time. Your personal data will be processed within the scope of the Electronic Commercial Message Information Text provided to you.

 

In accordance with the Law on Regulation of Electronic Commerce No. 6563 and the Law on Protection of Personal Data No. 6698; the consent/explicit consent will be recorded, along with the content of the commercial electronic message and other records related to the sending, and will be kept for 10 years, except for cases where the validity of the consent ends or in case of any legal dispute, to be presented to the relevant Ministry and/or judicial authorities. After this period, your personal data will be destroyed or anonymized.

You may revoke your consent/explicit consent. If you no longer wish to receive messages sent for promotional or informative purposes, you can immediately perform the opt-out process through the methods provided in the messages sent to you.

 

Your removal from the permission-based database does not terminate the contracts you have signed with our company, but it will stop the sending of electronic commercial messages to you.

PERSONAL DATA PROTECTION LAW NO. 6698 (PDPL)

CAMERA RECORDING CLARIFICATION TEXT

 

This Clarification Text has been prepared by Istanbul Turizm ve Otelcilik A.Ş. with the Mersis number 0481-0040-8810-0025, located at Osmanlı Sokak No:9 Taksim-Beyoğlu-İstanbul as the Data Controller, within the scope of the Personal Data Protection Law No. 6698(PDPL) and the relevant legislation; in order to fulfill the obligation to inform regarding the processing of personal data obtained from the relevant persons.

A. METHOD OF COLLECTING PERSONAL DATA

This Camera Recording Clarification Text informs you that video surveillance equipment is installed in other areas of our building where there is a warning sign. The video surveillance system records and processes images of individuals and items passing within range of these systems. The system operates continuously 24 hours a day, 7 days a week. Visual information and camera recordings are processed through the video surveillance system. Your personal data are processed partially or completely by automatic means within the scope specified in this Clarification Text or by non-automatic methods provided that they are part of the data recording system.

B. PURPOSES AND LEGAL REASON FOR PROCESSING PERSONAL DATA

Processing is defined in Article 3 of the PDPL as the processes of recording, storing, preserving, changing, reorganizing, disclosing, transferring, taking over, making available and classifying personal data. Your personal data obtained is processed by our Company for the following purposes and legal reasons.

 

Legal Reason

Data Category

Personal Data

Purpose of Processing

Clearly stipulated in the law on the protection of personal data article 5 clause f paragraph 2a

 

Physical Location Security Information

Recorded images with camera recordings

Ensuring Physical Space Security

The Law on the Protection of Personal Data article 5 clause f paragraph 2ç ; Obligation to Fulfill Legal Liability

Physical Location Security Information

Recorded images with camera recordings

Ensuring Physical Space Security,

 

The Law on the Protection of Personal Data article 5 clause f paragraph 2f ; the necessity of processing data for the legitimate interests of the data principal

Physical Location Security Information

Recorded images with camera recordings

Ensuring Physical Space Security,

Ensuring the security of movable goods and resources,

Ensuring the security of data controller operations

 

 

 

C. TO WHOM AND FOR WHAT PURPOSES PERSONAL DATA MAY BE TRANSFERRED

Our Company pays attention to process your personal data in accordance with the principles of "need to know" and "need to use", by ensuring the necessary data minimization and taking the necessary technical and administrative security measures. Your personal data will be processed within the framework of the personal data processing conditions and purposes specified in Articles 8 and 9 of the PDPL, but will be transferred to the specified 3rd Parties in the following cases.

 

Buyer / Buyer Groups

Reason for Transfer

Transferred Data

Judicial and Administrative Jurisdictions, Authorized Lawyers

Monitoring and execution of legal affairs

Recorded images with camera recordings

Authorized Person, Public Institutions and Organizations, Judicial and Administrative Authorities

Providing Information to Authorized Persons, Institutions and Organizations

Recorded images with camera recordings

 

D. RIGHTS OF THE RELATED PERSON and METHOD OF EXERCISING THEIR RIGHTS

Within the scope of Article 11 of the PDPL No. 6698, everyone has the right to apply to our Company in the following matters in the capacity of data controller:

 

(1) Everyone has the following rights by applying to the data controller,

 

  1. a) To learn whether personal data is being processed,
  2. b) To request information if personal data has been processed,
  3. c) To learn the purpose of processing personal data and whether they are used in accordance with their purpose,

ç) To know the third parties to whom personal data are transferred domestically or abroad,

  1. d) To request correction of personal data in case of incomplete or incorrect processing,
  2. e) To request the deletion or destruction of personal data within the framework of the conditions stipulated in Article 7 of Law No. 6698,
  3. f) To request notification of the transactions made pursuant to sub-paragraphs (d) and (e) to third parties to whom personal data are transferred,
  4. g) To object to the occurence of a result to the detriment of the person himself/herself by analyzing the processed data exclusively through automated systems,

ğ) To demand compensation for the damage, in case of damage due to unlawful processing of personal data.

Applications for the rights listed above can be made by the following methods in accordance with the relevant legislation:

  • In writing,
  • With secure electronic signature,
  • With the Registered Electronic Mail (REM) address,
  • With mobile signature,
  • By using the e-mail address registered in our Company's system as the data controller.

The following points must be included in the application:

 

  • Name, Surname and if the application is in writing, signature,
  • TR ID number for citizens of the Republic of Türkiye, nationality, passport number or ID number, if any, for foreigners,
  • Residential or workplace address for notification,
  • Electronic mail address, telephone number for notification, if any,
  • Subject of the request.

 

Information and documents related to the subject are attached to the application if available. Depending on the nature of the request, your applications will be finalized free of charge as soon as possible and within thirty days at the latest, but if the transaction requires an additional cost, you may be charged a fee according to the tariff to be determined by the Personal Data Protection Board.

Pursuant to Article 4 titled "Right to Apply" of the Communiqué on the Procedures and Principles of Application to the Data Controller, natural persons whose personal data are processed have the right to apply to the data controller. Data subjects may exercise this right by making their applications in Turkish.

Contact Email Address    : kvkk@themarmarahotels.com

Rem Address                    : istanbulturizmveotelcilikas@hs01.kep.tr

chatsimple