PDPL

PERSONAL DATA PROTECTION AND PRIVACY POLICY

Contents

  1. PURPOSE AND SCOPE
  2. POLICY PRINCIPLES
  3. DEFINITION AND ABBREVIATIONS
  4. PERSONAL DATA CATEGORY TABLE
  5. ISSUES RELATED TO THE PROCESSING OF PERSONAL DATA
     
    1. Processing of Personal Data in accordance with the Principles Provided in the Legislation

Processing in accordance with the Law and the Rules of Honesty:

Ensuring Personal Data is Accurate and Up to Date When Necessary

Processing for Specific, Clear, and Legitimate Purposes

Being Related to the Purpose for Processing, Limited and Proportionate

Preservation for the Period Envisaged in the Relevant Legislation or Necessary for the Purpose for which they are Processed

  1. Conditions for Processing Personal Data
  2. Processing of Special Personal Data

Special Personal Data Except for Health and Sexual Life,

Special Personal Data Regarding Health and Sexual Life

  1. PERSONAL DATA CATEGORIES AND PROCESSING PURPOSES

Purposes of Processing Personal Data;

Our Personal Data Processing Purpose and Data Category Table:

  1. TRANSFER OF PERSONAL DATA

Situations Requiring Personal Data Transfer

  1. CLARIFICATION OF THE PERSONAL DATA OWNER
  2. EXPRESS CONSENT OF THE PERSONAL DATA OWNER
  3. PROCESSING OF VIDEO RECORDS
  1. ISSUES RELATED TO THE PROTECTION OF PERSONAL DATA

Administrative Measures Taken by the Company to Ensure Lawful Processing of Personal Data and Prevent Unlawful Access to Personal Data;

Technical Measures Taken by the Company to Ensure Lawful Processing of Personal Data and Prevent Unlawful Access to Personal Data;

  1. RIGHTS OF PERSONAL DATA OWNERS AND THE USE OF THESE RIGHTS

Rights of Personal Data Owner:

Exercise of Personal Data Owner’s Rights;

Situations Excluded from the Rights of Personal Data Owners According to the Legislation

  1. OUR COMPANY’S ANSWER TO APPLICATIONS
  2. CONDITIONS FOR DELETION, DESTRUCTION AND ANONYMIZATION OF PERSONAL DATA

Physical Destruction

Secure Deletion from Software;

Techniques for Anonymizing Personal Data:

  1. PROTECTION OF PERSONAL DATA AND UPDATE OF PRIVACY POLICY;
  2. ENFORCEMENT

Melekona Tourism and Hotel Management Joint Stock Company (Melekona)
Personal Data Protection and Privacy Policy

  1. PURPOSE AND SCOPE

 

MELEKONA TURIZM VE OTEL İŞLETMELERİ ANONİM ŞİRKETİ ( MELEKONA ) (Company), in line with its information security policy, to comply with the principles and rules developed by the Constitution of the Republic of Turkey, the Law on the Protection of Personal Data No. 6698 (KVKK) and other legislation regarding the protection of personal data and MELEKONA TURIZM AND OTEL İŞLETMELERİ ANONİM ŞİRKETİ (MELEKONA) is committed to protecting the rights of individuals whose data is processed by it. For this purpose, the Company has adopted a written Personal Data Protection and Privacy Policy system to be implemented and developed.

 

This personal data protection and privacy policy (Policy) has been prepared to inform you about the processes and principles of collection, use, sharing, and storage of personal data by the Company. In this policy, the principles regarding the processing of personal data of the company’s data owners are included following the KVKK, and these explanations cover our Company’s employees, guests, visitors, and other natural persons who have a relationship with the company.

 

As a company, we take care to ensure that this policy, which is open to the public, is understandable and easily accessible. This policy and our processes are reviewed periodically and updated when necessary.

 

  1. POLICY PRINCIPLES

 

The Policy is published on the Company’s website http://www.melekonahotel.com/. In parallel with the changes and innovations to be made in the legislation, the changes to be made in the policy will be made accessible in a way that data owners can easily access.

 

  1. DEFINITION AND ABBREVIATIONS

ABBREVIATIONS

DEFINITIONS

 

Explicit Consent

Consent regarding a specific subject is based on information and expressed with free will.

 

Related person

Persons who process personal data within the data controller organization or in line with the authority and instructions received from the data controller, excluding the person or unit responsible for the technical storage, protection, and backup of the data.

 

Destruction

Deletion, destruction, and anonymization of personal data.

 

KVKK

Personal Data Protection Law No. 6698

Personal Data

Any information regarding an identified or identifiable natural person

 

Processing of Personal Data

Obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making available, classifying, or using personal data by fully or partially automatic or non-automatic means provided that it is part of any data recording system. Any action performed on data, such as blocking.

 

Anonymization of Personal Data

Making personal data impossible to identify with an identified or identifiable natural person under any circumstances, even by matching it with other data.

 

Deletion of Personal Data

Deletion of personal data; The process of making personal data inaccessible and unusable in any way for Relevant Users.

 

Destruction of personal data

Making personal data inaccessible, irretrievable, and unusable by anyone in any way

 

Board

Personal Data Protection Board

 

Special Personal Data

Data regarding people’s race, ethnic origin, political thought, philosophical belief, religion, sect or other beliefs, appearance and clothing, association, foundation or union membership, health, sexual life, criminal conviction, and security measures, as well as biometric and genetic data.

 

Data owner/ Related person

A real person whose personal data is processed

Data Processor

Natural or legal person who processes personal data on behalf of the data controller, based on the authority given by the data controller

 

Data Controller

A natural or legal person who determines the purposes and means of processing personal data and is responsible for establishing and managing the data recording system

 

Regulation

Regulation on Deletion, Destruction or Anonymization of Personal Data published in the Official Gazette on 28 October 2017.

 

  1. PERSONAL DATA CATEGORY TABLE

PERSONAL DATA CATEGORIES

EXPLANATION

DATA FEATURE

 

Identity Information

It refers to data containing information regarding the identity of the person. (Documents such as driver’s license, identity card, and passport containing information such as name-surname, TR ID number, nationality information, mother’s name, father’s name, place of birth, date of birth, gender, and tax number, etc.)

 

Personal Data

 

Communication Information

 

It means phone number, address, e-mail, and similar contact information.

 

Personal Data

Financial Information

 

It means personal data processed regarding information, documents, and records showing all kinds of financial results created according to the type of legal relationship our company has established with the personal data owner, and data such as bank account number, IBAN, credit card information, financial profile, asset data, income information.

 

Personal Data

 

Customer Transaction Information

 

It means information such as records regarding the use of our products and services and our customers’ instructions and requests regarding the use of our products and services.

 

Personal Data

 

Transaction Security Information

 

It means personal data (e.g. log records) processed to ensure our technical, administrative, legal, and commercial security while carrying out our commercial activities.

 

Personal Data

 

Risk Management Information

 

It refers to personal data processed to minimize risks by our company’s policies and regulatory obligations (e.g. the credibility of individuals).

 

Personal Data

 

Legal Action and Compliance Information

It means personal data processed within the scope of determining and pursuing our legal receivables and rights, fulfilling our debts, and complying with our legal obligations and our Company’s policies.

 

Personal Data

 

Request / Complaint Management Information

It means personal data regarding the receipt and evaluation of any requests and/or complaints directed to our company.

 

Personal Data

 

Visual and Audio Data

Photos, videos, etc. It means data of a visual or auditory nature.

 

Personal Data

 

Physical Space Security

Personal data regarding records and documents received upon entry to the physical location and during the stay in the physical location; means data such as camera records and visitor records.

 

Personal Data

 

Employee Candidate Information

It refers to the CV information of our employee and/or intern candidates who have applied for a job at our company by any means.

 

Personal Data

 

Vehicle Information

It means information about vehicles (e.g. license plate) associated with the data subject.

 

Personal Data

 

Information on Family Members and Relatives

It means information about our customers, collateral providers, employees, employee candidates, and/or family members and relatives of our suppliers’ employees.

 

Personal Data

 

Marketing Information

It means the personal data processed for the marketing of our products and services by customizing them in line with the usage habits, tastes, and needs of the personal data owner and the reports and evaluations created as a result of this processing.

 

Personal Data

 

Location Information

Location information of the current location, etc.

 

Personal Data

 

Personnel File Information

 

Payroll information, disciplinary investigation, employment document records, property declaration information, CV information, performance evaluation reports, etc.

 

Personal Data

Professional Experience

Diploma information, courses attended, in-service training information, certificates, transcript information, etc.

 

Personal Data

 

Health Information

Information regarding disability status, blood type information, personal health information, device and prosthesis information used, etc.

 

Special Qualified

Personal Data

 

Criminal Conviction and Security Information

Information regarding criminal convictions, information regarding security measures, etc.

 

Special Qualified

Personal Data

 

Biometric Data

 

Palm information, Fingerprint information, Retina scan information, Face recognition information, etc.

 

Special Qualified

Personal Data

 

Genetic Data

Genetic Data etc.

 

Special Qualified

Personal Data

 

  1. ISSUES RELATED TO THE PROCESSING OF PERSONAL DATA
  2. Processing of Personal Data by the Principles Provided in the Legislation

Processing Following The Law And The Rule Of Honesty: Personal data is processed by the general rule of trust and honesty, without harming the fundamental rights and freedoms of individuals.

 

Ensuring that Personal Data is Accurate and Up-to-Date When Necessary: Necessary measures are taken to ensure that the personal data processed by our company is accurate and up-to-date, and necessary opportunities are provided to data owners by providing information to ensure that the data being processed reflects the real situation.

 

Processing for Specific, Clear, and Legitimate Purposes: Our company processes personal data only for clearly and precisely determined legitimate purposes and does not engage in data processing activities other than these purposes. In this context, the Company processes personal data only in connection with and if necessary for the business relationship established with the data owners.

 

Being Relevant, Limited, and Proportionate to the Purpose for which they are Processed: Our company collects personal data only to the extent and nature required by its business activities and processes it limited to the specified purposes.

 

Retention for the Period Envisaged in the Relevant Legislation or Necessary for the Purpose of Processing: Personal data processed by our Company are retained only for the period foreseen in the relevant legislation or necessary for the purpose for which they are processed. In this context, if there is a period stipulated in the relevant legislation for the storage of data, it complies with this period; If there is no such period, it retains the data only for the period necessary for the purpose for which it is processed. Our company does not store data based on the possibility of future use.

 

  1. Conditions for Processing Personal Data

Explicit consent of the personal data owner is only one of the legal bases that enable the lawful processing of personal data, and in case one of the following conditions is met, personal data is processed by our Company without seeking the explicit consent of the data owner.

 

  • It is clearly provided for in the law
  • Failure to obtain the express consent of the person concerned due to actual impossibility
  • Being directly related to the establishment or execution of the contract
  • Fulfillment of the company’s legal obligations
  • Personal data owner making his/her personal data public
  • Data processing is mandatory for the establishment or protection of a right
  • Data processing is mandatory for the legitimate interest of our company

c.Processing of Special Personal Data

Special importance has been attached to personal data that is sensitive within the scope of the law, due to the risk of causing victimization or discrimination when processed unlawfully. These “special quality” personal data include data regarding race, ethnic origin, political thought, philosophical belief, religion, sect or other beliefs, appearance and dress, association, foundation or union membership, health, sexual life, criminal convictions, and security measures. biometric and genetic data.

Special categories of personal data are processed by our Company by the principles specified in this Policy and by taking all necessary technical and administrative measures, including the methods determined by the Board, and if the following conditions are met;

 

Special Personal Data Other than Health and Sexual Life may be processed without the explicit consent of the data owner, if it is clearly provided for in the law, in other words, if there is a clear provision in the relevant law regarding the processing of personal data. Otherwise, explicit consent of the data owner will be obtained.

 

Special Personal Data Regarding Health and Sexual Life can be collected without explicit consent by persons under the obligation of confidentiality or authorized institutions and organizations for the purposes of protection of public health, preventive medicine, medical diagnosis, treatment, and care services, planning of health services and financing, and management purposes. can be processed. Otherwise, explicit consent of the data owner will be obtained.

 

  1. PERSONAL DATA CATEGORIES AND PROCESSING PURPOSES

It is possible to access detailed information about the categories of personal data processed by our Company within the framework of the purposes and conditions specified in this Policy by the Law and other relevant legislative provisions, from the document of this Policy (“Personal Data Category”).

 

DATA OWNER

DATA CATEGORY

EXPLANATION

 

WORKER CANDIDATE

 

Personnel                                                          The information contained in the Job Application Form, C.V.

 

Identity Information                                      Identity card information

 

Personnel

 

Professional Experience                               Vocational Education, Certificates, University, High School, High School Diplomas.

 

Certificate of Professional Competence

 

WORKER

 

Communication Information                      Telephone, address, e-mail addresses

 

Salary payment                                               Bank account IBAN No.

 

Certificated Identity Card Sample            Side Benefits for Dependents

 

Criminal Conviction                                        Criminal Record

 

 

SHAREHOLDER / PARTNER

 

Communication information                      Telephone, address, e-mail addresses

 

Salary payment                                               Bank account IBAN No.

 

Legal action                                                       Correspondence with judicial authorities

 

Identity Information                                      Identity card information

 

INTERN

 

Professional Competence Certificates   Internship Documents

 

Identity Information                                      Identity card information

 

SUPPLIER (EMPLOYEE AND OFFICIAL)

 

Communication information                      Telephone, address, e-mail addresses

 

Location                                                              Location Information

 

Customer Transaction                                   Invoice Information, Tax number

 

SERVICE RECEIVER

Identity Information                                      Identity card information

 

(PARENT, GUARDIAN)

Contact information                                      Telephone and address information required to ensure customer communication

 

VISITOR

Visual Data                                                        Camera Recordings

 

CENTRE SECURITY                                         

Physical Location Security Information  Image recordings were taken by security cameras

 

OTHER

Request and Complaint Management Information          Personal data regarding the receipt and evaluation of any requests or complaints directed to our company

 

Purposes of Processing Personal Data;

  • Planning and execution of employees’ access to information authorizations
  • Monitoring and/or supervision of employees’ work activities
  • Planning training activities
  • Follow-up of finance and/or accounting affairs
  • Planning human resources processes
  • Planning and execution of communication activities
  • Planning and/or monitoring customer satisfaction processes
  • Follow-up of customer requests and/or complaints
  • Carrying out personnel recruitment processes
  • Fulfilling the obligations arising from the employment contract and/or legislation for its employees
  • Ensuring the security of company assets and/or resources
  • Planning and execution of company audit activities
  • Planning and execution of external training activities
  • Planning and execution of internal company appointment-promotion and resignation processes
  • Ensuring the security of the company campus
  • Planning and execution of talent – career development activities
  • Providing information regarding legislation to authorized persons and/or organizations

A significant part of the activities carried out by our Company within the framework of these purposes are activities and processes that do not require the explicit consent of the personal data owner specified in the 2nd paragraph of Article 5 and the 3rd paragraph of Article 6 of the Law. Our company also obtains the express consent of the personal data owner for its activities and processes that are not within the scope of the mentioned articles of the Law.

 

Our Personal Data Processing Purpose and Data Category Table:

 

PURPOSE OF PERSONAL DATA PROCESSING                     DATA CATEGORY

 

Emergency Management Processes                                      Identity, Communication, Venue Security, Risk, Professional Experience, Visual, Health

 

Information Security Processes                                               Identity, Communication, Space Security, Professional Experience, Visual, Health

 

Employee Candidate/Intern Placement Processes         Identity, Communication, Location, Personnel, Professional Experience

 

Employee Candidate Application Processes                      Identity, Communication, Location, Personnel, Professional Experience

 

Employment Contract, Legislative Obligations                 Identity, Communication, Personnel, Legal Procedure, Professional Experience, Health Information, Forensic data

 

Fringe Benefits and Benefits for Employees                      Identity, Contact, Location, Personnel, Legal Process, Professional Experience, Health Information, Forensic data,

 

Audit/Ethical Activities                                                               Identity, Communication, Venue Security, Professional Experience, Visual

 

Conducting Educational Activities                                          Identity, Communication, Personnel, Risk, Professional Experience, Visual

 

Execution of Access Authorizations                                       Identity, Communication, Professional Experience

 

Conducting Activities in Compliance with Legislation    Identity, Communication, Personnel, Legal Procedure, Risk, Professional Experience, Visual,

 

Carrying out Finance and Accounting Affairs                     Identity, Communication, Personnel, Legal Procedure, Professional Experience,

 

Ensuring Physical Space Security                                            Identity, Communication, Legal Procedure, Venue Security, Risk, Visual, Health Information

 

Execution of Assignment Processes                                      Identity, Communication, Personnel, Professional Experience, Health Information

 

Follow-up and Execution of Legal Affairs                            Identity, Communication, Legal Procedure, Venue Security, Visual, Health Data, Forensic Information

 

Internal Audit/Investigation/Intelligence Activities       Identity, Communication, Legal Process, Venue Security, Visual

 

Carrying out Communication Activities                               Identity, Contact, Location, Legal Procedure, Health Information

 

Planning Human Resources Processes                                 Identity, Contact, Personnel, Professional Experience, Health Information, Forensic Data

 

Conduct/Audit of Business Activities                                    Identity, Communication, Personnel, Legal Procedure, Risk, Professional Experience, Health Information

 

Occupational Health/Safety Activities                                 Identity, Communication, Legal process, Venue Security, Risk, Professional Experience, Visual, Health Information,

 

Business Process Improvement Suggestions                     Identity, Contact, Risk, Health Information

 

Activities to Ensure Business Continuity                              Identity, Communication, Location, Venue Security, Risk, Health Information,

 

Goods/Service Purchasing Processes                                    Identity, Communication, Location, Legal Procedure, Professional Experience

 

Goods/Service Production and Operation Processes     Identity, Communication, Location, Personnel, Legal Procedure, Venue Security, Professional Experience, Health Information,

 

Customer Relations Processes                                                 Identity, Contact, Location, Legal Procedure, Health Information

 

Activities for Customer Satisfaction                                      Identity, Contact, Health Information

 

Organization and Event Management                                  Identity, Communication

 

Conducting Risk Management Processes                            Identity, Communication, Venue Security, Risk, Health Information

 

Storage and Archive Activities                                                 Identity, Communication, Personnel, Legal Process, Risk, Professional Experience, Visual, Health Information, Forensic Data, Genetics

Execution of Contract Processes                                             Identity, Communication, Personnel, Legal Procedure, Professional Experience

 

Tracking of Requests/Complaints                                          Identity, Communication, Venue Security, Visual

 

Security of Movable Property and Resources                    Professional experience

 

Supply Chain Management Processes                                  Identity, Communication, Location

 

Execution of Wage Policy                                                           Identity, Communication, Personnel, Professional Experience

 

Talent/Career Development Activities                                Identity, Communication, Personnel, Professional Experience

 

Providing Information to Authorized Institutions and Organizations     Identity, Communication, Location, Personnel, Legal Process, Venue Security, Professional Experience, Visual, Health Information

 

Conducting Management Activities                                      Identity, Communication

 

  1. TRANSFER OF PERSONAL DATA

 

My company can transfer the data owner’s personal data to third parties by taking the necessary security measures in line with the legal personal data processing purposes. In this regard, our company acts by the regulations stipulated in Article 8 of the KVK Law.

Even if there is no explicit consent from the personal data owner, if one or more of the conditions stated below are present, personal data may be transferred to third parties by our Company by showing due care and taking all necessary security measures, including the methods prescribed by the Board.

 

  • Relevant activities regarding the transfer of personal data are clearly foreseen in the law,
  • The transfer of personal data by the Company is directly related to and necessary for the establishment or performance of a contract,
  • Transfer of personal data is mandatory for our Company to fulfill its legal obligations,
  • Transfer of personal data by our Company in a limited way for the purpose of publicization provided that it has been made public by the data owner,
  • Transfer of personal data by the Company is mandatory for the establishment, exercise, or protection of the rights of the Company or the data owner or third parties,
  • It is mandatory to transfer personal data for the legitimate interests of the Company, provided that it does not harm the fundamental rights and freedoms of the data owner,
  • It is necessary for the person who is unable to express his consent due to actual impossibility or whose consent is not given legal validity, to protect his own life or physical integrity, or that of someone else.

 

Situations Requiring Personal Data Transfer:

 

SGK officials,

Officials of Public Institutions and Organizations

T.R. Officials of the Ministry of Family, Labor and Social Services

Authorizations of Human Resources Working in the Employer’s Workplace,

T.R. Officials of the Ministry of Treasury and Finance

Banks

Job security specialist

Employer’s Accounting Officials

Accounting Department Working at the Employer’s Workplace

Employer Lawyer

 

  1. CLARIFICATION OF THE PERSONAL DATA OWNER

The company complies with Articles 10 and 11 of the KVK Law. The article carries out the necessary processes to ensure that data owners are informed during the acquisition of personal data. In this context, in the clarification texts presented to data owners by the Center:

 

  • The title of our center is
  • For what purpose the personal data of data owners will be processed by the Center,
  • To whom and for what purpose the processed personal data can be transferred,
  • Method and legal reason for collecting personal data,
  • What rights does the data owner have

There is information listed above.

 

  1. EXPRESS CONSENT OF THE PERSONAL DATA OWNER

One of the conditions for processing personal data is the explicit consent of the owner. Explicit consent of the personal data owner must be expressed on a specific subject, based on informed consent and free will.

 

  1. PROCESSING OF VIDEO RECORDS

To ensure the general and commercial security of the Company’s facilities and businesses, our Company records images of visitors, employees, and other relevant persons by the basic principles set out in this Policy as stipulated in the KVKK, and these records are recorded physically or electronically for some time suitable for processing. It is stored securely in the environment.

 

In places where video recording is made, a warning stating that video recording has been made is visible to inform data owners.

 

Within the scope of these activities, our company acts following the obligations stipulated in all relevant legislation, especially KVKK, regarding the protection of personal data. In places where privacy is high, imaging is not performed.

 

  1. ISSUES RELATED TO THE PROTECTION OF PERSONAL DATA

 

Our company takes all necessary technical and administrative measures to ensure the appropriate level of security required to protect personal data. 12(1) of KVKK. The measures foreseen in the article are as follows;

 

  • To prevent unlawful processing of personal data
  • Preventing unlawful access to personal data
  • Ensuring the preservation of personal data

Precautions taken by our company within the scope of these principles;

 

Administrative Measures Taken by the Company to Ensure Lawful Processing of Personal Data and Prevent Unlawful Access to Personal Data;

 

  • If the processed personal data is obtained by others through illegal means, our company will notify the relevant party and the Board of this situation as soon as possible.
  • Regarding the sharing of personal data, MELEKONA TURIZM VE OTEL İŞLETMELERİ ANONİM ŞİRKETİ signs framework contracts with the persons with whom personal data is shared or ensures data security by adding provisions to the contracts.
  • The company trains its employees and raises their awareness regarding personal data protection laws. For its employees, training on improving qualifications, technical knowledge, and skills, information security training, training on preventing unlawful processing of personal data, training on preventing illegal access to personal data, training on ensuring the preservation of personal data, and training on communication techniques are provided.
  • Disciplinary punishment will be imposed on employees who violate the legislative provisions regarding information security and privacy.
  • Periodic and random audits are carried out within the institution.
  • Before starting to process personal data, the obligation to inform the relevant persons is fulfilled.

Technical Measures Taken by the Company to Ensure Lawful Processing of Personal Data and Prevent Unlawful Access to Personal Data

 

  • The company takes technical measures to protect personal data to the extent technology allows, and the measures taken are updated and improved in parallel with developments.
  • Necessary precautions are taken for the physical security of the company’s information systems equipment, software, and data.
  • Access to personal data processed within the company is limited to the relevant employees in line with the specified processing purpose.
  • Computers are allocated for employees, reception, and accounting use, and these computers are opened with the passwords determined by the users.
  • The software has been installed to ensure security.
  • Information is backed up at regular intervals. Backups are kept under lock and key.
  • Documents that are out of date but need to be kept are stored in the archive with locked doors and cabinets.
  • The cloud storage system is not used.
  • Information systems are kept up to date.

 

  1. RIGHTS OF PERSONAL DATA OWNERS AND THE USE OF THESE RIGHTS

 

Rights of Personal Data Owner:

 

Personal data owners have the following rights;

 

  • Learning whether personal data is processed or not,
  • Requesting information if personal data has been processed,
  • Learning the purpose of processing personal data and whether they are used for their intended purpose,
  • Knowing the third parties to whom personal data is transferred at home or abroad,
  • Requesting correction of personal data if personal data has been processed incorrectly or incompletely, and requesting that the action taken in this context be notified to third parties to whom personal data has been transferred,
  • Requesting the deletion or destruction of personal data in case the reasons requiring processing no longer exist, even though it has been processed by the law and other relevant legal provisions, and requesting that the action taken in this context be notified to third parties to whom the personal data has been transferred,
  • Objecting to the emergence of a result that is unfavorable to the individual by analyzing the processed data exclusively through automatic systems,
  • Request compensation for damages in case of damage due to unlawful processing of personal data.

 

Exercise of Personal Data Owner’s Rights;

 

Personal data owners will be able to submit their requests regarding the rights of the Personal Data Owner to our company through the methods determined by the Board. In this regard, they will be able to benefit from the “Data Owner Application Form”, which can be accessed at www.melekonahotel.com.

 

Situations Excluded from the Rights of Personal Data Owners According to the Legislation

 

Following Article 28 of the KVK Law, personal data owners will not be able to assert their rights on the following issues, since the following situations are not within the scope of the KVK Law:

 

 

  • Processing of personal data for artistic, historical, literary, or scientific purposes or within the scope of freedom of expression, provided that it does not violate national defense, national security, public security, public order, economic security, the privacy of private life or personal rights or constitute a crime.
  • Processing of personal data for purposes such as research, planning, and statistics by anonymizing them with official statistics.
  • Processing of personal data within the scope of preventive, protective, and intelligence activities carried out by public institutions and organizations authorized by law to ensure national defense, national security, public safety, public order, or economic security.
  • Processing of personal data by judicial authorities or enforcement authorities regarding investigation, prosecution, trial, or enforcement proceedings.

 

Following Article 28/2 of the KVKK Law; Personal data owners will not be able to assert their rights, except for requesting compensation for damages in the cases listed below:

 

  • Processing of personal data is necessary for the prevention of crime or criminal investigation,
  • Processing of personal data made public by the personal data owner.
  • Processing of personal data is necessary for the execution of auditing or regulatory duties and disciplinary investigation or prosecution by public institutions and organizations and professional organizations that are public institutions, based on the authority granted by the law.
  • Personal data processing is necessary to protect the economic and financial interests of the State regarding budget, tax, and financial matters.

 

  1. OUR COMPANY’S ANSWER TO APPLICATIONS

 

Our company takes the necessary administrative and technical measures to finalize the applications made by the personal data owner following the Law and secondary legislation.

If the personal data owner submits his request regarding the rights (“Rights of the Personal Data Owner”) to our Company by the procedure, our Company will finalize the relevant request free of charge as soon as possible and within 30 (thirty) days at the latest, depending on the nature of the request. However, if the transaction requires an additional cost, a fee may be charged by the tariff determined by the Board.

 

In cases where the personal data owner’s application is rejected, the response is found insufficient, or the application is not responded to in due time, following Article 14 of the Personal Data Protection Law; He/she may file a complaint with the KVK Board within thirty days from the date of learning the answer of our center and in any case within sixty days from the date of application.

 

  1. CONDITIONS FOR DELETION, DESTRUCTION AND ANONYMIZATION OF PERSONAL DATA

 

Although it has been processed following Article 7 of the KVK Law and the relevant legal provisions, if the reasons requiring processing are eliminated, personal data is deleted, destroyed, or anonymized, based on our Company’s own decision or upon the request of the personal data owner. Our company reserves the right not to fulfill the request of the data owner in cases where it has the right and/or obligation to preserve personal data by the provisions of Article 5 paragraph (2) of the KVK Law. The deletion or destruction techniques most commonly used by our company are listed below.

 

Physical Destruction; Personal data can also be processed by non-automatic means, provided that it is part of any data recording system. When such data is deleted/destroyed, a system of physical destruction of personal data in such a way that it cannot be used later is implemented.

 

Secure Deletion from Software; While data processed wholly or partially automatically and stored in digital media is deleted/destroyed; Methods are used to delete the data from the relevant software so that it cannot be recovered again.

 

Techniques for Anonymizing Personal Data: Anonymization of personal data refers to making personal data impossible to associate with an identified or identifiable natural person in any way, even by matching it with other data. Our company may anonymize personal data when the reasons requiring the processing of personal data processed following the law no longer exist. Following Article 28 of the KVK Law; Anonymized personal data may be processed for purposes such as research, planning, and statistics. Such processing is outside the scope of the KVK Law.

 

  1. PROTECTION OF PERSONAL DATA AND UPDATE OF PRIVACY POLICY;

The necessary sections of the policy are reviewed when necessary and the necessary sections are updated. Changes made to this Policy are immediately recorded in the text and explanations regarding the changes are announced at the end of the policy.

 

Company Upon the application of the personal data owner or the notification of a court, the relevant users and units will conduct this review of the data recording environments they use, regardless of the periodic audit period.

 

If determined by new legislation, the Company will comply with the legislative requirements by updating its policy to comply with the new legislation on personal data.

  1. ENFORCEMENT

This policy comes into force on………………….

We will be glad to welcome you and your loved ones in Melekona's warm and friendly environment.

Tadilat Nedeniyle
Geçiçi Süreliğine Kapalıyız.

İleri Tarihli Rezervasyonlarınız için Lütfen Bizimle İletişime Geçiniz
info@melekonahouse.com