pdpl documents and policies

PERSONAL DATA PROTECTION

CUSTOMER CLARIFICATION TEXT ON THE PROCESSING OF PERSONAL DATA

Data Officer: İstanbul Turizm ve Otelcilik Aş.

Osmanlı Sokak No: 9 Taksim-Beyoğlu-İstanbul

İSTANBUL TURİZM VE OTELCİLİK ANONİM ŞİRKETİ which is the operator of The Marmara Hotels and The Marmara Esma Sultan Mansion, with registered office address Osmanlı Sokak No:9 Beyoğlu- İstanbul and the taxpayer to the Büyük Mükellefler Tax Office with number 4810040881, Data Supervisor with Mersis number 0481004088100015 attaches great importance to ensuring the security of your personal information you have provided to them.

As İstanbul Turizm ve Otelcilik Aş. (“The Marmara Collection”) , we have prepared this disclosure text to inform you, our valued customers, regarding the processing, storage and transfer of your personal data within the framework of the Law No. 6698 on Protection of Personal Data (“KVKK”), EU General Data Protection Regulation (GDPR) and related legislation and legal regulations.

What personal data is being processed and what are the purposes for which your personal data is being processed?

Within the scope of our activities, we collect your data below from our customers and process them for the purposes specified.

2. Data Categorization :

3.3. The Purposes For Which Personal Data Is Processed

4. To whom and for what purpose personal data may be transferred

5. Methods Of Collecting Your Personal Data

Your personal data as set out above ; printed/electronic forms, contracts/agreements, E-Mail, reports, contacts, events, Wi-Fi ,security cameras, car license plate, partners, and face to face interviews depending on the method by means of physical or electronic form will be collected and processed within the purposes specified above, and is transmitted.

6. What are the rights of contacts to their personal data and how they can exercise those rights

By applying to us as the person concerned in accordance with the Law on the Protection of Personal Data article 11 you have the rights;

• To learn whether personal data is processed or not,
• To request information about personal data if it has been processed,
• To learn the purpose of processing personal data and whether they are used conforming the purpose,
• To know the third parties which personal data is transferred domestically or abroad,
• If your personal data is incomplete or improperly processed, request that they be corrected and that the transaction in this context be notified to third parties that your personal data has been transferred,
• In the event that the reasons for processing your personal data for consideration within the scope of the purpose, duration and constitutional principles are eliminated, you must request the deletion or destruction of your personal data and request that the transaction carried out in this context be notified to third parties to whom the personal data was transferred, even though it has been processed in accordance with,
• To object the occurrence of a result against the person himself/herself by analyzing the processed data exclusively through automated systems,
• To claim damages in the event of a corruption due to the processing of personal data in a way that violates the law.

By using the Application Form if you wish, your applications and requests regarding your personal data can be:

• By sending a petition with an original signature and a photocopy of identity to the address of Osmanlı Sokak No: 9 Taksim-Beyoğlu-Istanbul,
• By applying to our company's commercial center address, Osmanlı Sokak No: 9 Taksim-Beyoğlu-Istanbul, with a valid ID card.,
• By sending it to our registered e-mail address electronic signature and electronic signature istanbulturizmveotelcilikas@hs01.kep.tr ,

In accordance with the communiqué on the procedures and principles of application to the data officer, the person concerned, name, last name in the application, if the application is written signature, T.R. ID number (in case of foreign applicant, passport number), notification mainly residential or business address on the basis of the notification e-mail address, telephone number, and fax number on the topic of demand information should be available.

The person concerned must clearly and explicitly state their claims in the application, which includes explanations of their rights to exercise the above-mentioned rights. Information and documents regarding the application must be attached to the application. Pursuant to Article 4 titled "Right to Apply" of the Communiqué on the Procedures and Principles of Application to the Data Controller, natural persons whose personal data are processed have the right to apply to the data controller. Data subjects may exercise this right by making their applications in Turkish.

Although the subject of the request must be related to applicant, if the applicant is acting on behalf of someone else, the applicant must be specially authorized in this regard and this authority must be documented (special power of attorney). In addition, the application must contain identity and address information and documents confirming the identity must be attached to the application.

Requests made by unauthorized third parties on behalf of someone else will not be taken into consideration.

7. How Long Will Your Requests Regarding Processing Your Personal Data Be Answered

Your requests regarding your personal data will be evaluated and answered within 30 days at the latest starting from the date they reach us. If your request is evaluated negatively, the reasons for the rejection are sent to the address you specified in the application via e-mail or mail.

Personal data may be gathered at all meeting or contact points. In addition to other optional information which you may choose to share with us, this personal data may include the following:

Name, Surname, Contact Information, Date of Birth, Preferred Means of Communication, Title, Address, Credit Card Information, Flight and Travel Schedule, Dates of Arrival and Departure, Room Choices, Information Related to Airline and Car Rental Packages.

Personal data will only be used with the intention of offering services demanded from The Marmara Collection and provide the following transactions:

Reservations; purchasing holiday packages or time shares; purchasing transactions made from The Marmara Collection store; flight ticket bookings and car rental transactions and other transactions. Personal data shall also be used to provide information in relation with planning of meetings and events and administrative purposes.

In addition, the said data may also be used in order to further the quality of the following:

Developing the services offered by The Marmara Collection; increasing the quality level and making our website more user friendly and attractive. The personal data may also be used to send you bulletins, promotions, special products and organizing online surveys, lotteries and other competitions via e-mail, telephone or mail.

In case of a visit to or an interaction with our site, contracted third parties, may gather non-personal data (e.g., list of pages visited).

Like many other websites, our website uses “cookies” and other technology in order to provide our clients with content that may attract their interest, proceed with their bookings and requests and/or analyze the details of their visits. Cookies cannot be used to disclose your personal identity. Cookies help our servers to recognize your web browser, not you, when you visit our website. If you want to remove the cookies from your computer, you may delete them using your web browser (see the “help” menu of your web browser to find out how to delete cookies).

We may gather data using “pixel tags,” “web beacon,” “clear GIFs” or similar methods (collectively, “pixel tags”) to find out when you visit our website. We gather non-personal or collective information (e.g., domain name, version of your web browser and your URL) which may be used to improve your online experience and understand the traffic patterns (time and frequency of visit by customers) via pixel tags.

Please be informed that we may use advertising and media companies in order to advertise on various websites. Please note that these advertising/media companies may use cookies, pixel tags and other technologies as well as other methods to record which advertisements are viewed by your web browser and which pages are being viewed when the advertisements have been placed. The Marmara Collection has no control over the use of such technology or the information gathered, and shall not be held responsible for the actions and policies of these companies.

Since the non-personal data does not identify you personally, we may use or disclose such data for any purpose. In some cases, we may integrate the non-personal and personal data (e.g., adding e-mail addresses to cookies). If we integrate any non-personal data with any personal data, the integrated data shall be deemed as personal data by us in within the framework of this Policy.

PERSONAL DATA PROTECTION LAW NO. 6698 (PDPL)

E -COMMERCIAL MESSAGE CLARIFICATION TEXT

This Clarification Text has been prepared in order to fulfill the obligation to inform within the scope of the Personal Data Protection Law No. 6698 (KVKK) and other relevant legislation in order to be presented to persons who accept to receive e-commercial messages from İstanbul Turizm ve Otelcilik A.Ş. with the Mersis number 0481-0040-8810-0025 in the capacity of Data Controller located at Osmanlı Sokak No:9 Taksim-Beyoğlu-İstanbul.

1. METHOD OF COLLECTING PERSONAL DATA

Our company obtains e-commercial message approval digitally by providing information verbally and in writing. The personal data obtained are processed partially or completely by automatic means within the scope specified in this Clarification Text or by non-automatic methods provided that they are part of the data recording system

1. PURPOSES AND LEGAL REASON FOR PROCESSING PERSONAL DATA

Processing is defined in Article 3 of the PDPL as the processes of recording, storing, preserving, changing, reorganizing, disclosing, transferring, taking over, making available and classifying personal data. Your personal data obtained is processed by our Company for the following purposes and legal reasons.

1. TO WHOM AND FOR WHAT PURPOSES PERSONAL DATA MAY BE TRANSFERRED

Our Company pays attention to process your personal data in accordance with the principles of "need to know" and "need to use", by ensuring the necessary data minimization and taking the necessary technical and administrative security measures. Your personal data will be processed within the framework of the personal data processing conditions and purposes specified in Articles 8 and 9 of the PDPL, but will be transferred to the specified 3rd Parties in the following cases.

1. RIGHTS OF THE RELATED PERSON and METHOD OF EXERCISING THEIR RIGHTS

Within the scope of Article 11 of the PDPL No. 6698, everyone has the right to apply to our Company in the following matters in the capacity of data controller:

1. Everyone has the following rights by applying to the data controller
   1.  
2. 1. To learn whether personal data is being processed,
   2. To request information if personal data has been processed,
   3. c) To learn the purpose of processing personal data and whether they are used in accordance with their purpose,

   ç) To know the third parties to whom personal data are transferred domestically or abroad,

   1. d) To request correction of personal data in case of incomplete or incorrect processing,
   2. e) To request the deletion or destruction of personal data within the framework of the conditions stipulated in Article 7 of Law No. 6698,
   3. f) To request notification of the transactions made pursuant to sub-paragraphs (d) and (e) to third parties to whom personal data are transferred,
   4. g) To object to the occurence of a result to the detriment of the person himself/herself by analyzing the processed data exclusively through automated systems,

   ğ) To demand compensation for the damage, in case of damage due to unlawful processing of personal data.

3.  

Applications for the rights listed above can be made by the following methods in accordance with the relevant legislation:

• In writing,
• With secure electronic signature,
• With the Registered Electronic Mail (REM) address,
• With mobile signature,
• By using the e-mail address registered in our Company's system as the data controller.

The following points must be included in the application:

• Name, Surname and if the application is in writing, signature,
• TR ID number for citizens of the Republic of Türkiye, nationality, passport number or ID number, if any, for foreigners,
• Residential or workplace address for notification,
• Electronic mail address, telephone and fax number for notification, if any,
• Subject of the request.

Information and documents related to the subject are attached to the application if available. Depending on the nature of the request, your applications will be finalized free of charge as soon as possible and within thirty days at the latest, but if the transaction requires an additional cost, you may be charged a fee according to the tariff to be determined by the Personal Data Protection Board.

Pursuant to Article 4 titled "Right to Apply" of the Communiqué on the Procedures and Principles of Application to the Data Controller, natural persons whose personal data are processed have the right to apply to the data controller. Data subjects may exercise this right by making their applications in Turkish.

Contact Email Address    : kvkk@themarmarahotels.com

Rem Address                     : istanbulturizmveotelcilikas@hs01.kep.tr

Our website may include links to third-party websites. Please note that we shall not be held liable for the said third-parties gathering, using, keeping, sharing or disclosing the said data and information.

In case you provide any information to third-party websites, the privacy policies and service conditions of that website shall prevail. We recommend that you read the privacy policies of the websites you visit before giving your personal data.

The Marmara Collection will take necessary steps to ensure the following: (i) protecting the personal data gathered from unauthorized access, disclosure, falsification or destruction, and (ii) keeping the personal data in an accurate and updated manner pursuant to the applicable law. Moreover, we strive to ensure that our affiliates and service providers make the effort to keep your personal data confidential. We use technology for protecting the personal data you send to us via our website for online transactions. Unfortunately no security system or online data transmission system can be considered to be completely safe.

For the purpose of protecting the privacy of your personal data, we recommend that you do not include your important personal data in any e-mail you may send to us. Kindly do not send us your credit card number or other important data via e-mail.

This Policy may be subject to amendments from time to time. In case of any material amendments to this policy, the amended policy shall be published on the website. The date on the top of the Policy indicates the date of latest update to the Policy. The amendments to the Policy shall enter into force following the publication of the amended Policy on the website. The use of the website following the publication of these types of amendments shall signify your approval of the amended Policy in force.

PERSONAL DATA PROTECTION LAW NO. 6698 (PDPL)

CAMERA RECORDING CLARIFICATION TEXT

This Clarification Text has been prepared by Istanbul Turizm ve Otelcilik A.Ş. with the Mersis number 0481-0040-8810-0025, located at Osmanlı Sokak No:9 Taksim-Beyoğlu-İstanbul as the Data Controller, within the scope of the Personal Data Protection Law No. 6698(PDPL) and the relevant legislation; in order to fulfill the obligation to inform regarding the processing of personal data obtained from the relevant persons.

A. METHOD OF COLLECTING PERSONAL DATA

This Camera Recording Clarification Text informs you that video surveillance equipment is installed in other areas of our building where there is a warning sign. The video surveillance system records and processes images of individuals and items passing within range of these systems. The system operates continuously 24 hours a day, 7 days a week. Visual information and camera recordings are processed through the video surveillance system. Your personal data are processed partially or completely by automatic means within the scope specified in this Clarification Text or by non-automatic methods provided that they are part of the data recording system.

B. PURPOSES AND LEGAL REASON FOR PROCESSING PERSONAL DATA

Processing is defined in Article 3 of the PDPL as the processes of recording, storing, preserving, changing, reorganizing, disclosing, transferring, taking over, making available and classifying personal data. Your personal data obtained is processed by our Company for the following purposes and legal reasons.

C. TO WHOM AND FOR WHAT PURPOSES PERSONAL DATA MAY BE TRANSFERRED

Our Company pays attention to process your personal data in accordance with the principles of "need to know" and "need to use", by ensuring the necessary data minimization and taking the necessary technical and administrative security measures. Your personal data will be processed within the framework of the personal data processing conditions and purposes specified in Articles 8 and 9 of the PDPL, but will be transferred to the specified 3rd Parties in the following cases.

D. RIGHTS OF THE RELATED PERSON and METHOD OF EXERCISING THEIR RIGHTS

Within the scope of Article 11 of the PDPL No. 6698, everyone has the right to apply to our Company in the following matters in the capacity of data controller:

(1) Everyone has the following rights by applying to the data controller,

1. a) To learn whether personal data is being processed,
2. b) To request information if personal data has been processed,
3. c) To learn the purpose of processing personal data and whether they are used in accordance with their purpose,

ç) To know the third parties to whom personal data are transferred domestically or abroad,

1. d) To request correction of personal data in case of incomplete or incorrect processing,
2. e) To request the deletion or destruction of personal data within the framework of the conditions stipulated in Article 7 of Law No. 6698,
3. f) To request notification of the transactions made pursuant to sub-paragraphs (d) and (e) to third parties to whom personal data are transferred,
4. g) To object to the occurence of a result to the detriment of the person himself/herself by analyzing the processed data exclusively through automated systems,

ğ) To demand compensation for the damage, in case of damage due to unlawful processing of personal data.

Applications for the rights listed above can be made by the following methods in accordance with the relevant legislation:

• In writing,
• With secure electronic signature,
• With the Registered Electronic Mail (REM) address,
• With mobile signature,
• By using the e-mail address registered in our Company's system as the data controller.

The following points must be included in the application:

• Name, Surname and if the application is in writing, signature,
• TR ID number for citizens of the Republic of Türkiye, nationality, passport number or ID number, if any, for foreigners,
• Residential or workplace address for notification,
• Electronic mail address, telephone number for notification, if any,
• Subject of the request.

Information and documents related to the subject are attached to the application if available. Depending on the nature of the request, your applications will be finalized free of charge as soon as possible and within thirty days at the latest, but if the transaction requires an additional cost, you may be charged a fee according to the tariff to be determined by the Personal Data Protection Board.

Pursuant to Article 4 titled "Right to Apply" of the Communiqué on the Procedures and Principles of Application to the Data Controller, natural persons whose personal data are processed have the right to apply to the data controller. Data subjects may exercise this right by making their applications in Turkish.

Contact Email Address    : kvkk@themarmarahotels.com

Rem Address                    : istanbulturizmveotelcilikas@hs01.kep.tr

Should you have any questions regarding this Policy or how The Marmara Collection uses your personal data, please do not hesitate to contact us via our e-mail address taksim-info@themarmarahotels.com or mail address Osmanlı Sokak No 23 Taksim 34437 Istanbul TURKEY.

• Please keep your furry friend on a leash when outside your room.
• In common areas, kindly use the designated pet-friendly spaces as directed by our staff.
• During housekeeping, we request that you do not leave your furry friend unattended in the room.
• We kindly ask that you accept responsibility for any personal injuries or damage to hotel property may be caused by your furry friend. The hotel management does not accept liability for such incidents, and our establishment cannot be held responsible. In case of any damage, the hotel reserves the right to charge the cost to your account.
• Please have your furry friend’s current health records and vaccination certificates with you, as these may be requested by hotel management during your stay.