Diana Otel Yatırımları ve İşletmeciliği A.Ş.
Illumination Text for the Processing of Personal Data
Dear Guests and Visitors,
We as Diana Otel Yatırımları ve İşletmeciliği A.Ş. (“The Corporation”) are highly concerned and exercise due diligence for the security of your personal data. Acting with this awareness as the Corporation, we, emphasize for the processing and retention of all sorts of personal data of our entire guests and visitors including the beneficiaries of our products and services in accordance with the law on protection of personal data numbered 6698 (“Law on Protection of Personal Data”). With full understanding of our responsibility, we process your personal data as Data Officer, as described below, and within the limits prescribed by the legislation.
- Collection, Processing and Purposes of Processing Personal Data
Our Corporation processes the personal data of its guests and visitors to be specified hereby with this Illumination Text, primarily during the conclusion of contracts. The personal data processed within this scope are limited with the, identity information, contact information and bank account information as well as the camera records that records 24-hour videos for the general security of our guests within the facility and these data is processed within the scope of express consent or due to the legal reasons for the establishment and performance of the relevant contract or the fulfillment of its legal obligations. This data is maintained and retained for the purposes of conducting the processes of service procurement, contract management, accounting and security purposes, and personal data processed within this scope, unless there is a legal requirement for the retention, are deleted or destroyed after the expiry of the commercial relationship-based contract. However, within the scope of possible commercial disputes, the data that may be required by our Corporation to be retained as a means of proof are maintained and retained with our Corporation throughout the lapse of time. In the storage of personal data, the principles and procedures determined by the Personal Data Protection Authority's decision no. 2018/10 are followed accordingly.
Identity information of real persons entering the administrative center and facilities of our Corporation as visitors and guests, entry and exit times to/from the center and facilities, vehicle plates, the purpose of the visit and the names of the people they visited and the video records on the security cameras are processed to protect the legitimate interests of our Corporation, to ensure the safety of our guests and visitors as well as our Corporation and to provide services to guests and visitors with confidence based on the legal reasons. The data is also processed in order to ensure the safety of the facilities and employees and are kept in written, partly electronic and digital platform for the required period in accordance with the legislation. The personal data collected within this scope are not used for purposes other than those listed, and they are processed based on the legal reason of the legitimate interest of the person responsible for the data regulated by the Law on Protection of Personal Data.
Pursuant to legal grounds for the fulfillment of legal obligations, establishment and maintenance of service contract and protection of legitimate interests, our Corporation collects the information such as name, telephone number, e-mail address, date of birth, other identity information, business information, contact person and credit card information shared and disclosed by the guests and visitors on the website as well as other information that can be collected automatically by the website such as traffic information which can be considered as personal data and some of these are maintained only in physical environment, some in social media channels and some in both physical and digital environments.
All sorts of administrative and technical measures are taken by our Corporation in order to ensure the security of the data stated above and shared by the Corporation via the website. All personal data taken through the Corporation's website are collected and processed only for the following purposes:
- Enabling the purchase of service on our website, make reservations and to establish contracts and perform and execute customer service activities related to our purchased or requested services,
- Responding to questions about our services and our website,
- Sending information about advertisements, sweepstakes, promotions, announcements and campaigns that we think may be of interest to our guests upon the their approval who visits the website and by analyzing these activities determining the product preferences of the guests within this scope and ensure the receipt of information content that may be of interest to our guest,
- Activities for improving the functionality of our website such as data analysis, security, testing, improving our services, upgrading or changing them, determining usage trends,
- Perform accounting, billing, reconciliation and collection activities.
In addition, your collected personal data, legal and commercial security (such as the administrative operations carried out by our Corporation for communication, ensuring the physical security and control of the lotions of the Corporation, business partner/customer /supplier (authorized person or employees) evaluation processes, legal compliance process, financial affairs etc.) will be processed in accordance with the personal data processing conditions and purposes specified in Articles 5 and 6 of the Law on Protection of Personal Data for the purpose of determining and implementing the commercial and business strategies of our Corporation and ensuring the execution of the Corporation's human resources policies.
- To Whom and for What Purpose the Processed Personal Data can be Transferred
All personal data stored by the Corporation can only be accessed by the personnel and managers who have access permission within the scope of the Authorization Matrix set within the Corporation. Personal data within the Corporation cannot be copied unless absolutely necessary even by those who have access. In order to ensure the security of the personal data it retains; the Corporation uses servers that are subject to periodic leakage tests and continuously monitors the physical security and accessibility of server rooms and other places where personal data is located.
All kinds of administrative and technical measures are taken by the Corporation to prevent unauthorized personnel from accessing personal data and all personnel holding key positions are trained to increase the sensitivity related to personal data within the Corporation. The Corporation does not transfer its personal data to third parties except as provided in Articles 8 and 9 of Law on Protection of Personal Data. The Corporation's data transfers in this scope are limited to business partners including the ones abroad, suppliers, Diana Hotel Yatırımları ve İşletmeciliği A.Ş. Group companies, shareholders, legally authorized public institutions and private individuals, audit firms, insurance agencies, lawyers and accountants, banks and public institutions and organizations.
- Method and Legal Grounds of Personal Data Collection
Your personal data is obtained from all verbal, written or electronic platforms in order to provide the products and services offered by the Corporation within the legal framework determined in accordance with the above-mentioned purposes and to ensure that our Corporation fulfills its contractual and legal responsibilities entirely and accurately. The personal data collected for these legal reasons may be processed and transmitted for the purposes specified in Articles (1) and (2) of this text within the scope of the personal data processing conditions and purposes specified in Articles 5 and 6 of the Law on Protection of Personal Data.
- The Rights of the Personal Data Holder as enumerated in Article 11 of the Law on Protection of Personal Data
As personal data owners, if you submit your claims regarding your rights to our Corporation with the following methods below hereby with this Illumination Text, our Corporation will conclude the request free of charge within thirty days at the latest according to the nature of the request. However, if a fee is foreseen by the Personal Data Protection Board, the fee in the tariff determined by our Corporation shall be charged. In this context, personal data owners shall have the following rights;
To acknowledge whether personal data is processed,
To request information if personal data is processed,
To acknowledge why the personal data is processed and whether they are used properly,
To acknowledge the third-parties within the country or abroad that the personal data is transferred,
To request correction of personal data in case of incomplete or incorrect processing and to inform the third parties to whom the personal data has been transferred about the correction,
Although it has been processed in accordance with the provisions of the Law on Protection of Personal Data and other relevant laws, to request the deletion or destruction of personal data in case of the reasons requiring its processing are eliminated, and to request the notification to the third parties to whom the personal data has been transferred,
To file objection against the occurrence of a result against the person himself by analyzing the processed data exclusively through automated systems
In the event of suffering a loss due to unlawful processing of the personal data, to exercise the right to claim for damage. Pursuant to Article 13, paragraph 1 of the Law on Protection of Personal Data, you may submit your request for the exercise of your rights in writing or other methods determined by the Personal Data Protection Board.
In this context, the channels and procedures for submitting your application in writing to the Corporation within the scope of Article 11 of the Law on Protection of Personal Data are explained below.
In order to exercise your above-cited rights, you may send your request including your explanation related to the right you claim to exercise among the ones set forth in Article 11 of the Law on Protection of Personal Data your identification particulars to firstname.lastname@example.org with secured electronic signature.
Diana Otel Yatırımları ve İşletmeciliği A.Ş.