Hoşgeldin
pdpl documents and policies
CLARIFICATION TEXT ON THE PROCESSING OF PERSONAL DATA IN THE USE OF THE AI CHATBOT
ISTANBUL TURİZM OTELCİLİK A.Ş.
Pursuant to Law No. 6698 on the Protection of Personal Data ("KVKK"), we would like to inform you about the processing of your personal data by İSTANBUL TURİZM OTELCİLİK A.Ş. as the data controller.
1. Data Controller
Your data is processed by İSTANBUL TURİZM OTELCİLİK A.Ş. as the data controller.
2. Your Processed Personal Data
The following personal data may be processed during your use of the chatbot:
- Telephone number
- Email address
- Chat content (your messages, questions and answers)
- (Optional) Name-surname
3. Purposes of Processing Personal Data
Your collected personal data is processed for the following purposes:
- Utilising the chatbot service,
- Faster and more accurate response to your requests,
- Improvement of service quality,
- Analysing, reporting and user experience improvement studies,
- Fulfilment of legal obligations if necessary.
4. Transfer of Personal Data
Data collected:
- ISTANBUL TURİZM OTELCİLİK A.Ş. systems,
- To the service provider providing the chatbot infrastructure (in line with technical requirements)
- It can be transferred to artificial intelligence services (e.g. ChatGPT, Claude, etc.) that work integrated with this infrastructure.
can be transferred.
Technical details regarding whether the infrastructure provider or integrated artificial intelligence tools used are engaged in data collection or storage activities on the system for certain periods of time are determined by the service provider, and precise information on this issue can only be accessed through the relevant providers.
İSTANBUL TURİZM OTELCİLİK A.Ş. is in cooperation with the relevant departments to make the necessary technical and legal evaluations regarding the personal data processing processes of these providers.
5. Method and Legal Grounds for Collection of Personal Data
Your data is collected electronically by automatic means through the chatbot interface:
- Based on your express consent,
- It is processed for the purpose of providing the service and meeting your requests.
6. Storage Period
Your data will be stored for a period proportionate to the purpose for which it is processed and for a maximum of 2 years, after which it will be anonymised, deleted or destroyed in accordance with the legislation.
The platform used and the integrated artificial intelligence tools may also retain the data in their own systems for 2 years. Clear information on these periods is contained in the data retention policies of the respective providers.
7. Your Rights under KVKK
Pursuant to Article 11 of the LPPD, you have the following rights:
- To learn whether your personal data is being processed,
- If processed, to request information about it,
- To learn the purpose of processing and whether it is used in accordance with its purpose,
- To know the third parties to whom the data is transferred,
- Request correction if incomplete or incorrectly processed,
- Request deletion/destruction in accordance with the legislation,
- Request notification to third parties to whom these transactions are transferred,
- Do not object to analyses performed by automated systems,
- Claim compensation if you have suffered damage due to data processing.
You can send your requests regarding these rights to kvkk@....com.
- Use of Artificial Intelligence and Disclosure Responsibility
The chatbot service offered by İSTANBUL TURİZM OTELCİLİK A.Ş. is supported by artificial intelligence technologies and responses are automatically generated through large language models such as ChatGPT and Claude.
For this reason:
- The accuracy of the content provided by the chatbot is not guaranteed,
- Answers may occasionally be incomplete, inaccurate or misleading,
- These contents are for general information purposes only and are not binding or advisory.
Users should contact İSTANBUL TURİZM OTELCİLİK A.Ş. directly if they receive information on an important or critical issue. İSTANBUL TURİZM OTELCİLİK A.Ş. does not accept any responsibility for any negativities that may occur due to responses based on artificial intelligence.
PERSONAL DATA PROCESSING PROCEDURE FOR AI CHATBOT INTERACTIONS
1. Objective
This procedure has been prepared in order to ensure that the personal data collected through the artificial intelligence supported chatbot integrated in the website and digital platforms of İSTANBUL TURİZM OTELCİLİK A.Ş. are processed, stored and transferred when necessary in accordance with the relevant legislation, especially the Law No. 6698 on the Protection of Personal Data (KVKK).
2. Scope
This procedure relates to personal data obtained during the use of chatbots on the digital platforms of ISTANBUL TURİZM OTELCİLİK A.Ş.
3. Collected Data
The following personal data are collected from the user through the artificial intelligence supported chatbot:
- Name-surname (optional)
- Email address
- Telephone number
- Message and conversation contents (chat history)
4. Data Collection Method
- Users are required to provide phone number and e-mail information in order to benefit from the chatbot service.
- The content shared during the chat is automatically saved by the system.
- All data are collected through the chatbot platform (application) used and transferred to the system of İSTANBUL TURİZM OTELCİLİK A.Ş. manually or automatically at certain intervals.
5. Purposes of Data Processing
The personal data collected are processed for the following purposes:
- To be able to respond to user requests faster and more accurately
- To increase service quality and improve user experience
- Collect feedback and make analyses
- Fulfilment of legal obligations
- Fulfilment of obligations to authorised public authorities (where necessary)
6. Data Transfer
- Personal data are temporarily kept on the servers of the chatbot infrastructure provider and are periodically taken from the system by İSTANBUL TURİZM OTELCİLİK A.Ş. and transferred to internal systems.
- The data are shared only with the service provider and the employees authorised to process data within İSTANBUL TURİZM OTELCİLİK A.Ş.
- The platform/application used and artificial intelligence tools (e.g. ChatGPT, Claude, etc.) that work integrated with this application can also collect data on the system and/or store the data for 2 years. These periods are determined by the providers and the exact information is monitored separately by the relevant departments.
- Data is not transferred abroad; if it is to be done, explicit consent will also be obtained.
7. Data Retention Period
- Personal data collected by İSTANBUL TURİZM OTELCİLİK A.Ş. will be stored for 2 years in accordance with the purposes of processing within the framework of the relevant legislation; at the end of this period, it will be anonymised or deleted/destroyed in accordance with the legislation.
- The platform/application used and integrated artificial intelligence tools may also store data in their systems for 2 years; details of these retention periods are included in the providers' own privacy policies.
8. User Rights
Users, in accordance with KVKK;
- To learn whether their personal data is being processed or not,
- If processed, to request information about it,
- Learning whether it is used for its intended purpose,
- Know if they have been transferred to third parties,
- To request correction of their data in case of incomplete or incorrect processing,
- Request the erasure or destruction of their data,
has rights. These requests can be submitted by sending an e-mail to [kvkk@....com].
- Artificial Intelligence Systems and Disclosure Responsibility
The chatbot infrastructure used by İSTANBUL TURİZM OTELCİLİK A.Ş. is based on advanced artificial intelligence technologies. The responses given through the chatbot are automatically generated by outsourced large language models (e.g. ChatGPT, Claude, etc.).
In this direction:
- The complete accuracy of the answers provided by artificial intelligence cannot be guaranteed.
- Information may be incomplete, inaccurate or misleading.
- Chatbot responses are for general information purposes only and do not constitute legal or technical guidance.
It is recommended that users act in consideration of this situation and contact İSTANBUL TURİZM OTELCİLİK A.Ş. directly regarding critical content. İSTANBUL TURİZM OTELCİLİK A.Ş. cannot be held responsible for any damages that may arise due to artificial intelligence-derived content.
10. Process to be Followed in Case of Data Breach
- ISTANBUL TURİZM OTELCİLİK A.Ş. considers this situation as a data breach in cases such as the acquisition, disclosure, loss, alteration or deletion of personal data by unauthorised persons.
- As soon as a data breach is detected, the Personal Data Protection Authority and the affected persons are notified as soon as possible, depending on the nature and extent of the breach.
- Where necessary, those affected by the breach are also informed about the measures taken and the recommended security steps.
- After the data breach, the process is finalised by internal audit and technical evaluation; if necessary, data processing processes are updated.
11. Enforcement
This procedure enters into force as of the date of approval by the management of İSTANBUL TURİZM OTELCİLİK A.Ş. and may be updated when necessary.
EXPLICIT CONSENT TEXT FOR PROCESSING PERSONAL DATA VIA AI-SUPPORTED CHATBOT
The chatbot service you are using is supported by outsourced artificial intelligence technologies (e.g. ChatGPT, Claude, etc.). These systems generate automatic content in the responses given to you.
Due to the nature of artificial intelligence technologies:
- The information provided may not always be complete, accurate and up-to-date.
- Information may be misleading, incomplete or inaccurate.
- The content provided is for information purposes only and should not be considered as a commitment or guidance.
For this reason, it is recommended to evaluate the responses given during the use of the chatbot in a controlled manner and to contact İSTANBUL TURİZM OTELCİLİK A.Ş. directly on important issues.
Within the scope of the Clarification Text Regarding the Processing of Personal Data presented to me;
In accordance with the Law No. 6698 on the Protection of Personal Data ("KVKK"), I hereby declare that I expressly consent to the processing of my personal data by İSTANBUL TURİZM OTELCİLİK A.Ş. within the scope specified below:
- My personal data such as name-surname (optional), telephone number, e-mail address and message contents that I transmit via artificial intelligence supported chatbot;
- To be collected in order for me to benefit from chatbot services provided by İSTANBUL TURİZM OTELCİLİK A.Ş,
- To be analysed in order to improve service quality and to provide better service to my party,
- It can be processed domestically and technically abroad through third-party chatbot infrastructures and integrated artificial intelligence systems (ChatGPT, Claude, etc.),
- To store my personal data for 2 years and to delete, destroy or anonymise them at the end of this period,
- Notification to the Personal Data Protection Authority and relevant public institutions when deemed necessary
I give my express consent.
(In the digital environment, it is also valid with the "I approve" box).
PERSONAL DATA PROTECTION
CUSTOMER CLARIFICATION TEXT ON THE PROCESSING OF PERSONAL DATA
Data Officer: İstanbul Turizm ve Otelcilik Aş.
Osmanlı Sokak No: 9 Taksim-Beyoğlu-İstanbul
İSTANBUL TURİZM VE OTELCİLİK ANONİM ŞİRKETİ which is the operator of The Marmara Hotels and The Marmara Esma Sultan Mansion, with registered office address Osmanlı Sokak No:9 Beyoğlu- İstanbul and the taxpayer to the Büyük Mükellefler Tax Office with number 4810040881, Data Supervisor with Mersis number 0481004088100015 attaches great importance to ensuring the security of your personal information you have provided to them.
As İstanbul Turizm ve Otelcilik Aş. (“The Marmara Collection”) , we have prepared this disclosure text to inform you, our valued customers, regarding the processing, storage and transfer of your personal data within the framework of the Law No. 6698 on Protection of Personal Data (“KVKK”), EU General Data Protection Regulation (GDPR) and related legislation and legal regulations.
What personal data is being processed and what are the purposes for which your personal data is being processed?
Within the scope of our activities, we collect your data below from our customers and process them for the purposes specified.
2. Data Categorization :
Credentials |
Name, surname, TR ID number, date of birth, birthplace, marital status, Passport information, Nationality information, license plate information, Province, county, Volume, Serial No |
Contact Information |
Phone number, e-mail address, address, Kep address |
Financial Information |
Tax identification number, credit card information, Bank IBAN number, bank account number, billing information |
Physical Space Safety Information |
Recorded images with camera recordings |
Gender Data |
Gender Data |
Family Members and Relatives Information |
Family members and relatives information |
Audio and visual recordings |
Photo(s) taken at events and posted on the website |
Legal Process Information |
İnformation found in judicial correspondence with authorized public bodies |
Customer transaction information |
Order Information, request information, Complaint Information |
Marketing Data |
Data obtained by survey work |
Health Data |
Health related data such as Food alergy,Height ,Weight ,Body Mass Index |
3.3. The Purposes For Which Personal Data Is Processed
Data Category |
Purpose Of Data Processing |
Legal Reason For Data Processing |
Physical Location Security Information |
|
Clearly stipulated in the law on the protection of personal data article 5 clause f paragraph 2a |
Credentials, Contact Information |
|
The law on the protection of personal data article 5 clause f paragraph 2 c; Establishment and Conclusion of the Contract
|
Credentials, Contact Information, Financial Information |
|
The law on the protection of personal data article 5 clause f paragraph 2 c; Establishment and Conclusion of the Contract |
Customer Transaction Information |
|
The law on the protection of personal data article 5 clause f paragraph 2 c; Establishment and Conclusion of the Contract |
Gender |
|
The law on the protection of personal data article 5 clause f paragraph 2 c; Establishment and Conclusion of the Contract |
Family Members and Relatives Information |
|
The law on the protection of personal data article 5 clause f paragraph 2 c; Establishment and Conclusion of the Contract |
Audio and visual recordings |
|
The law on the protection of personal data article 5 clause f paragraph 2 c; Establishment and Conclusion of the Contract |
Identity |
|
The Law on the Protection of Personal Data article 5 clause f paragraph 2ç ; Obligation to Fulfill Legal Liability |
Physical Location Security Information |
|
The Law on the Protection of Personal Data article 5 clause f paragraph 2ç ; Obligation to Fulfill Legal Liability |
Legal Process |
|
The Law on the Protection of Personal Data article 5 clause f paragraph 2ç ; Obligation to Fulfill Legal Liability |
Identity, Transaction Security |
|
The Law on the Protection of Personal Data article 5 clause f paragraph 2ç ; Obligation to Fulfill Legal Liability |
Family Members and Relatives Information |
|
The Law on the Protection of Personal Data article 5 clause f paragraph 2ç ; Obligation to Fulfill Legal Liability |
Finance
|
|
The Law on the Protection of Personal Data article 5 clause f paragraph 2ç ; Obligation to Fulfill Legal Liability |
Contact Information |
|
The Law on the Protection of Personal Data article 5 clause f paragraph 2ç ; Obligation to Fulfill Legal Liability |
Cender |
|
The Law on the Protection of Personal Data article 5 clause f paragraph 2f ; the necessity of processing data for the legitimate interests of the data principal |
Physical Location Security Information |
|
The Law on the Protection of Personal Data article 5 clause f paragraph 2f ; the necessity of processing data for the legitimate interests of the data principal |
Audio and visual recordings |
|
The Law on the Protection of Personal Data article 5 clause f paragraph 2f ; the necessity of processing data for the legitimate interests of the data principal |
Healthcare
|
|
The Law on the Protection of Personal Data article 5 clause 1 with your explicit consent, |
Healthcare |
|
The Law on the Protection of Personal Data article 5 clause 1 with your explicit consent, |
Identity Data, Communication Data, Marketing |
|
The Law on the Protection of Personal Data article 5 clause 1 with your explicit consent, |
4. To whom and for what purpose personal data may be transferred
Recipient Group |
Transfer Purpose |
Legal Reason For The Transfer |
Authorized public institutions and organizations |
|
The Law on the Protection of Personal Data article 5 clause f paragraph 2ç ; Obligation to Fulfill Legal Liability |
Business Partner (Banks, financial advisors) |
|
The law on the protection of personal data article 5 clause f paragraph 2 c; Establishment and Conclusion of the Contract |
Business partner (financial advisor) |
|
The Law on the Protection of Personal Data article 5 clause f paragraph 2ç ; Obligation to Fulfill Legal Liability |
Business Partner (Broker Insurance Company) |
|
The law on the protection of personal data article 5 clause f paragraph 2 c; Establishment and Conclusion of the Contract |
Business Partner (external law firms) |
|
The law on the protection of personal data article 5 clause f paragraph 2 c; Establishment and Conclusion of the Contract |
Supplier (e-mail service supplier) |
|
The law on the protection of personal data article 5 clause f paragraph 2 c; Establishment and Conclusion of the Contract |
Supplier (Car Rental Company, tour company, Transportation Company) |
|
The law on the protection of personal data article 5 clause f paragraph 2 c; Establishment and Conclusion of the Contract |
Supplier (Information Systems supplier company) |
|
The law on the protection of personal data article 5 clause f paragraph 2 c; Establishment and Conclusion of the Contract |
Shareholders |
|
The law on the protection of personal data article 5 clause f paragraph 2 c; Establishment and Conclusion of the Contract |
Supplier (Measurement and Evaluation Specialist) |
|
The Law on the Protection of Personal Data article 5 clause 1 Explicit Consent |
5. Methods Of Collecting Your Personal Data
Your personal data as set out above ; printed/electronic forms, contracts/agreements, E-Mail, reports, contacts, events, Wi-Fi ,security cameras, car license plate, partners, and face to face interviews depending on the method by means of physical or electronic form will be collected and processed within the purposes specified above, and is transmitted.
6. What are the rights of contacts to their personal data and how they can exercise those rights
By applying to us as the person concerned in accordance with the Law on the Protection of Personal Data article 11 you have the rights;
- To learn whether personal data is processed or not,
- To request information about personal data if it has been processed,
- To learn the purpose of processing personal data and whether they are used conforming the purpose,
- To know the third parties which personal data is transferred domestically or abroad,
- If your personal data is incomplete or improperly processed, request that they be corrected and that the transaction in this context be notified to third parties that your personal data has been transferred,
- In the event that the reasons for processing your personal data for consideration within the scope of the purpose, duration and constitutional principles are eliminated, you must request the deletion or destruction of your personal data and request that the transaction carried out in this context be notified to third parties to whom the personal data was transferred, even though it has been processed in accordance with,
- To object the occurrence of a result against the person himself/herself by analyzing the processed data exclusively through automated systems,
- To claim damages in the event of a corruption due to the processing of personal data in a way that violates the law.
By using the Application Form if you wish, your applications and requests regarding your personal data can be:
- By sending a petition with an original signature and a photocopy of identity to the address of Osmanlı Sokak No: 9 Taksim-Beyoğlu-Istanbul,
- By applying to our company's commercial center address, Osmanlı Sokak No: 9 Taksim-Beyoğlu-Istanbul, with a valid ID card.,
- By sending it to our registered e-mail address electronic signature and electronic signature istanbulturizmveotelcilikas@hs01.kep.tr ,
In accordance with the communiqué on the procedures and principles of application to the data officer, the person concerned, name, last name in the application, if the application is written signature, T.R. ID number (in case of foreign applicant, passport number), notification mainly residential or business address on the basis of the notification e-mail address, telephone number, and fax number on the topic of demand information should be available.
The person concerned must clearly and explicitly state their claims in the application, which includes explanations of their rights to exercise the above-mentioned rights. Information and documents regarding the application must be attached to the application. Pursuant to Article 4 titled "Right to Apply" of the Communiqué on the Procedures and Principles of Application to the Data Controller, natural persons whose personal data are processed have the right to apply to the data controller. Data subjects may exercise this right by making their applications in Turkish.
Although the subject of the request must be related to applicant, if the applicant is acting on behalf of someone else, the applicant must be specially authorized in this regard and this authority must be documented (special power of attorney). In addition, the application must contain identity and address information and documents confirming the identity must be attached to the application.
Requests made by unauthorized third parties on behalf of someone else will not be taken into consideration.
7. How Long Will Your Requests Regarding Processing Your Personal Data Be Answered
Your requests regarding your personal data will be evaluated and answered within 30 days at the latest starting from the date they reach us. If your request is evaluated negatively, the reasons for the rejection are sent to the address you specified in the application via e-mail or mail.
Personal data may be gathered at all meeting or contact points. In addition to other optional information which you may choose to share with us, this personal data may include the following:
Name, Surname, Contact Information, Date of Birth, Preferred Means of Communication, Title, Address, Credit Card Information, Flight and Travel Schedule, Dates of Arrival and Departure, Room Choices, Information Related to Airline and Car Rental Packages.
Personal data will only be used with the intention of offering services demanded from The Marmara Collection and provide the following transactions:
Reservations; purchasing holiday packages or time shares; purchasing transactions made from The Marmara Collection store; flight ticket bookings and car rental transactions and other transactions. Personal data shall also be used to provide information in relation with planning of meetings and events and administrative purposes.
In addition, the said data may also be used in order to further the quality of the following:
Developing the services offered by The Marmara Collection; increasing the quality level and making our website more user friendly and attractive. The personal data may also be used to send you bulletins, promotions, special products and organizing online surveys, lotteries and other competitions via e-mail, telephone or mail.
In case of a visit to or an interaction with our site, contracted third parties, may gather non-personal data (e.g., list of pages visited).
Like many other websites, our website uses “cookies” and other technology in order to provide our clients with content that may attract their interest, proceed with their bookings and requests and/or analyze the details of their visits. Cookies cannot be used to disclose your personal identity. Cookies help our servers to recognize your web browser, not you, when you visit our website. If you want to remove the cookies from your computer, you may delete them using your web browser (see the “help” menu of your web browser to find out how to delete cookies).
We may gather data using “pixel tags,” “web beacon,” “clear GIFs” or similar methods (collectively, “pixel tags”) to find out when you visit our website. We gather non-personal or collective information (e.g., domain name, version of your web browser and your URL) which may be used to improve your online experience and understand the traffic patterns (time and frequency of visit by customers) via pixel tags.
Please be informed that we may use advertising and media companies in order to advertise on various websites. Please note that these advertising/media companies may use cookies, pixel tags and other technologies as well as other methods to record which advertisements are viewed by your web browser and which pages are being viewed when the advertisements have been placed. The Marmara Collection has no control over the use of such technology or the information gathered, and shall not be held responsible for the actions and policies of these companies.
Since the non-personal data does not identify you personally, we may use or disclose such data for any purpose. In some cases, we may integrate the non-personal and personal data (e.g., adding e-mail addresses to cookies). If we integrate any non-personal data with any personal data, the integrated data shall be deemed as personal data by us in within the framework of this Policy.
PERSONAL DATA PROTECTION LAW NO. 6698 (PDPL)
E -COMMERCIAL MESSAGE CLARIFICATION TEXT
This Clarification Text has been prepared in order to fulfill the obligation to inform within the scope of the Personal Data Protection Law No. 6698 (KVKK) and other relevant legislation in order to be presented to persons who accept to receive e-commercial messages from İstanbul Turizm ve Otelcilik A.Ş. with the Mersis number 0481-0040-8810-0025 in the capacity of Data Controller located at Osmanlı Sokak No:9 Taksim-Beyoğlu-İstanbul.
- METHOD OF COLLECTING PERSONAL DATA
Our company obtains e-commercial message approval digitally by providing information verbally and in writing. The personal data obtained are processed partially or completely by automatic means within the scope specified in this Clarification Text or by non-automatic methods provided that they are part of the data recording system
- PURPOSES AND LEGAL REASON FOR PROCESSING PERSONAL DATA
Processing is defined in Article 3 of the PDPL as the processes of recording, storing, preserving, changing, reorganizing, disclosing, transferring, taking over, making available and classifying personal data. Your personal data obtained is processed by our Company for the following purposes and legal reasons.
Legal Reason |
Data Category |
Personal Data |
Purpose of Processing |
KVKK 5/1 -Explicit Consent |
Contact Data |
E-Mail Address |
Execution of Advertising-Campaign and Promotion Processes , Execution of Marketing Processes of Products/Services |
KVKK 5/2.ç -It is mandatory for the data controller to fulfill its legal obligation |
Contact Data
|
E-Mail Address |
Providing information to Authorized Persons, Institutions and Organizations |
KVKK 5/1 -Explicit Consent |
Identity Data |
Name,Surname |
Execution of Advertising-Campaign and Promotion Processes , Execution of Marketing Processes of Products/Services |
- TO WHOM AND FOR WHAT PURPOSES PERSONAL DATA MAY BE TRANSFERRED
Our Company pays attention to process your personal data in accordance with the principles of "need to know" and "need to use", by ensuring the necessary data minimization and taking the necessary technical and administrative security measures. Your personal data will be processed within the framework of the personal data processing conditions and purposes specified in Articles 8 and 9 of the PDPL, but will be transferred to the specified 3rd Parties in the following cases.
Buyer / Buyer Groups |
Reason for Transfer |
Transferred Data |
İYS Registration and Authorized Persons Public Instutions and Organizations ,Judical and Administrative Authorities upon Request |
Providing information to Authorized Persons, Institutions and Organizations |
Contact Data (E-Mail Address) |
- RIGHTS OF THE RELATED PERSON and METHOD OF EXERCISING THEIR RIGHTS
Within the scope of Article 11 of the PDPL No. 6698, everyone has the right to apply to our Company in the following matters in the capacity of data controller:
- Everyone has the following rights by applying to the data controller
-
- To learn whether personal data is being processed,
- To request information if personal data has been processed,
- c) To learn the purpose of processing personal data and whether they are used in accordance with their purpose,
ç) To know the third parties to whom personal data are transferred domestically or abroad,
- d) To request correction of personal data in case of incomplete or incorrect processing,
- e) To request the deletion or destruction of personal data within the framework of the conditions stipulated in Article 7 of Law No. 6698,
- f) To request notification of the transactions made pursuant to sub-paragraphs (d) and (e) to third parties to whom personal data are transferred,
- g) To object to the occurence of a result to the detriment of the person himself/herself by analyzing the processed data exclusively through automated systems,
ğ) To demand compensation for the damage, in case of damage due to unlawful processing of personal data.
Applications for the rights listed above can be made by the following methods in accordance with the relevant legislation:
- In writing,
- With secure electronic signature,
- With the Registered Electronic Mail (REM) address,
- With mobile signature,
- By using the e-mail address registered in our Company's system as the data controller.
The following points must be included in the application:
- Name, Surname and if the application is in writing, signature,
- TR ID number for citizens of the Republic of Türkiye, nationality, passport number or ID number, if any, for foreigners,
- Residential or workplace address for notification,
- Electronic mail address, telephone and fax number for notification, if any,
- Subject of the request.
Information and documents related to the subject are attached to the application if available. Depending on the nature of the request, your applications will be finalized free of charge as soon as possible and within thirty days at the latest, but if the transaction requires an additional cost, you may be charged a fee according to the tariff to be determined by the Personal Data Protection Board.
Pursuant to Article 4 titled "Right to Apply" of the Communiqué on the Procedures and Principles of Application to the Data Controller, natural persons whose personal data are processed have the right to apply to the data controller. Data subjects may exercise this right by making their applications in Turkish.
Contact Email Address : kvkk@themarmarahotels.com
Rem Address : istanbulturizmveotelcilikas@hs01.kep.tr
PERMISSION-BASED DATABASE REGISTRATION AND ELECTRONIC COMMERCIAL MESSAGE CONSENT TEXT
Our company; [İstanbul Turizm ve Otelcilik Aş. ], with MERSIS number [ 0481-0040-8810-0025] and located at [Osmanlı Sokak No:9 Taksim-Beyoğlu-İstanbul ], has obtained your consent for sending electronic newsletters and/or commercial messages to your email address regarding the products and services offered by [Company Name], including promotions, advertisements, campaigns, and similar innovations.
Your explicit consent can be withdrawn at any time. Your personal data will be processed within the scope of the Electronic Commercial Message Information Text provided to you.
In accordance with the Law on Regulation of Electronic Commerce No. 6563 and the Law on Protection of Personal Data No. 6698; the consent/explicit consent will be recorded, along with the content of the commercial electronic message and other records related to the sending, and will be kept for 10 years, except for cases where the validity of the consent ends or in case of any legal dispute, to be presented to the relevant Ministry and/or judicial authorities. After this period, your personal data will be destroyed or anonymized.
You may revoke your consent/explicit consent. If you no longer wish to receive messages sent for promotional or informative purposes, you can immediately perform the opt-out process through the methods provided in the messages sent to you.
Your removal from the permission-based database does not terminate the contracts you have signed with our company, but it will stop the sending of electronic commercial messages to you.
Our website may include links to third-party websites. Please note that we shall not be held liable for the said third-parties gathering, using, keeping, sharing or disclosing the said data and information.
In case you provide any information to third-party websites, the privacy policies and service conditions of that website shall prevail. We recommend that you read the privacy policies of the websites you visit before giving your personal data.
The Marmara Collection will take necessary steps to ensure the following: (i) protecting the personal data gathered from unauthorized access, disclosure, falsification or destruction, and (ii) keeping the personal data in an accurate and updated manner pursuant to the applicable law. Moreover, we strive to ensure that our affiliates and service providers make the effort to keep your personal data confidential. We use technology for protecting the personal data you send to us via our website for online transactions. Unfortunately no security system or online data transmission system can be considered to be completely safe.
For the purpose of protecting the privacy of your personal data, we recommend that you do not include your important personal data in any e-mail you may send to us. Kindly do not send us your credit card number or other important data via e-mail.
This Policy may be subject to amendments from time to time. In case of any material amendments to this policy, the amended policy shall be published on the website. The date on the top of the Policy indicates the date of latest update to the Policy. The amendments to the Policy shall enter into force following the publication of the amended Policy on the website. The use of the website following the publication of these types of amendments shall signify your approval of the amended Policy in force.
PERSONAL DATA PROTECTION LAW NO. 6698 (PDPL)
CAMERA RECORDING CLARIFICATION TEXT
This Clarification Text has been prepared by Istanbul Turizm ve Otelcilik A.Ş. with the Mersis number 0481-0040-8810-0025, located at Osmanlı Sokak No:9 Taksim-Beyoğlu-İstanbul as the Data Controller, within the scope of the Personal Data Protection Law No. 6698(PDPL) and the relevant legislation; in order to fulfill the obligation to inform regarding the processing of personal data obtained from the relevant persons.
A. METHOD OF COLLECTING PERSONAL DATA
This Camera Recording Clarification Text informs you that video surveillance equipment is installed in other areas of our building where there is a warning sign. The video surveillance system records and processes images of individuals and items passing within range of these systems. The system operates continuously 24 hours a day, 7 days a week. Visual information and camera recordings are processed through the video surveillance system. Your personal data are processed partially or completely by automatic means within the scope specified in this Clarification Text or by non-automatic methods provided that they are part of the data recording system.
B. PURPOSES AND LEGAL REASON FOR PROCESSING PERSONAL DATA
Processing is defined in Article 3 of the PDPL as the processes of recording, storing, preserving, changing, reorganizing, disclosing, transferring, taking over, making available and classifying personal data. Your personal data obtained is processed by our Company for the following purposes and legal reasons.
Legal Reason |
Data Category |
Personal Data |
Purpose of Processing |
Clearly stipulated in the law on the protection of personal data article 5 clause f paragraph 2a
|
Physical Location Security Information |
Recorded images with camera recordings |
Ensuring Physical Space Security |
The Law on the Protection of Personal Data article 5 clause f paragraph 2ç ; Obligation to Fulfill Legal Liability |
Physical Location Security Information |
Recorded images with camera recordings |
Ensuring Physical Space Security,
|
The Law on the Protection of Personal Data article 5 clause f paragraph 2f ; the necessity of processing data for the legitimate interests of the data principal |
Physical Location Security Information |
Recorded images with camera recordings |
Ensuring Physical Space Security, Ensuring the security of movable goods and resources, Ensuring the security of data controller operations
|
C. TO WHOM AND FOR WHAT PURPOSES PERSONAL DATA MAY BE TRANSFERRED
Our Company pays attention to process your personal data in accordance with the principles of "need to know" and "need to use", by ensuring the necessary data minimization and taking the necessary technical and administrative security measures. Your personal data will be processed within the framework of the personal data processing conditions and purposes specified in Articles 8 and 9 of the PDPL, but will be transferred to the specified 3rd Parties in the following cases.
Buyer / Buyer Groups |
Reason for Transfer |
Transferred Data |
Judicial and Administrative Jurisdictions, Authorized Lawyers |
Monitoring and execution of legal affairs |
Recorded images with camera recordings |
Authorized Person, Public Institutions and Organizations, Judicial and Administrative Authorities |
Providing Information to Authorized Persons, Institutions and Organizations |
Recorded images with camera recordings |
D. RIGHTS OF THE RELATED PERSON and METHOD OF EXERCISING THEIR RIGHTS
Within the scope of Article 11 of the PDPL No. 6698, everyone has the right to apply to our Company in the following matters in the capacity of data controller:
(1) Everyone has the following rights by applying to the data controller,
- a) To learn whether personal data is being processed,
- b) To request information if personal data has been processed,
- c) To learn the purpose of processing personal data and whether they are used in accordance with their purpose,
ç) To know the third parties to whom personal data are transferred domestically or abroad,
- d) To request correction of personal data in case of incomplete or incorrect processing,
- e) To request the deletion or destruction of personal data within the framework of the conditions stipulated in Article 7 of Law No. 6698,
- f) To request notification of the transactions made pursuant to sub-paragraphs (d) and (e) to third parties to whom personal data are transferred,
- g) To object to the occurence of a result to the detriment of the person himself/herself by analyzing the processed data exclusively through automated systems,
ğ) To demand compensation for the damage, in case of damage due to unlawful processing of personal data.
Applications for the rights listed above can be made by the following methods in accordance with the relevant legislation:
- In writing,
- With secure electronic signature,
- With the Registered Electronic Mail (REM) address,
- With mobile signature,
- By using the e-mail address registered in our Company's system as the data controller.
The following points must be included in the application:
- Name, Surname and if the application is in writing, signature,
- TR ID number for citizens of the Republic of Türkiye, nationality, passport number or ID number, if any, for foreigners,
- Residential or workplace address for notification,
- Electronic mail address, telephone number for notification, if any,
- Subject of the request.
Information and documents related to the subject are attached to the application if available. Depending on the nature of the request, your applications will be finalized free of charge as soon as possible and within thirty days at the latest, but if the transaction requires an additional cost, you may be charged a fee according to the tariff to be determined by the Personal Data Protection Board.
Pursuant to Article 4 titled "Right to Apply" of the Communiqué on the Procedures and Principles of Application to the Data Controller, natural persons whose personal data are processed have the right to apply to the data controller. Data subjects may exercise this right by making their applications in Turkish.
Contact Email Address : kvkk@themarmarahotels.com
Rem Address : istanbulturizmveotelcilikas@hs01.kep.tr
Should you have any questions regarding this Policy or how The Marmara Collection uses your personal data, please do not hesitate to contact us via our e-mail address taksim-info@themarmarahotels.com or mail address Osmanlı Sokak No 23 Taksim 34437 Istanbul TURKEY.
- Please keep your furry friend on a leash when outside your room.
- In common areas, kindly use the designated pet-friendly spaces as directed by our staff.
- During housekeeping, we request that you do not leave your furry friend unattended in the room.
- We kindly ask that you accept responsibility for any personal injuries or damage to hotel property may be caused by your furry friend. The hotel management does not accept liability for such incidents, and our establishment cannot be held responsible. In case of any damage, the hotel reserves the right to charge the cost to your account.
- Please have your furry friend’s current health records and vaccination certificates with you, as these may be requested by hotel management during your stay.