Main PPDP Policy
Introduction and Scope
Welcome to HotelForex - Policy on Protection and Processing of Personal Data!
The Policy on Protection and Processing of Personal Data (briefly "Policy") contains information about the processes we process personal data as a data controller, the rules and principles we comply with in these processes and the measures we take to ensure the security of personal data.
The policy covers all natural persons whose personal data is processed by HotelForex Travel Turizm Ticaret Limited Şirketi (it will be referred to as "HotelForex" or the "Company").
This Policy informs you about HotelForex's personal data processing processes; Please review the policy of the relevant data controller so that you can learn about how other data controllers process your personal data.
If you have questions about this Policy or the processing of your personal data, you can contact us with the contact information specified in the last part of the Policy.
The index regarding the concepts and terms used in the Policy is at the end of the Policy.
Collection of Personal Data
a. Personal Data Collection Channels and Methods
HotelForex collects your personal data from different channels through which you communicate with us. Your personal data may be collected directly by you or through third parties.
Some of the channels through which we collect your personal data are as follows:
• Forms you fill out on www.hotelforex.com,
• E-mail correspondence,
• Cookies located at www.hotelforex.com.
HotelForex may collect your personal data by automatic, partially automatic or non-automatic methods provided that it is part of the data recording system. The methods by which your personal data are collected are specified in the illumination texts presented to you.
b. Legal Reasons for Collecting and Processing Personal Data
Your personal data can be processed based on the legal reasons stipulated in Articles 5 and 6 of the Law. In the absence of at least one of these legal reasons, your personal data can only be processed if you provide your explicit consent.
Legal reasons for personal data processing are regulated in Article 5 of the Law. These are as follows:
• Data processing is clearly stipulated in the Laws - Explicitly stipulated in the laws,
• Being obliged to protect the life or physical integrity of the person who is unable to disclose his consent due to actual impossibility or whose consent is not legally valid, or for the protection of someone else's life or physical integrity - Actual impossibility,
Provided that it is directly related to the establishment or performance of a contract, the processing of personal data belonging to the parties to the contract is necessary - Establishment or execution of the contract,
• mandatory that the company's data processing activities in order to fulfill their legal obligations - Legal obligations,
• Having the personal data made public by the person concerned - Making the relevant Person public,
• When data processing is mandatory for the establishment, exercise or protection of a right - Establishment, exercise or protection of a right,
• Data processing being mandatory for the legitimate interests of the Company, provided that it does not harm fundamental rights and freedoms - Legitimate interest.
Special quality personal data, race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, costume and dress, association, foundation or union membership, health, sexual life, criminal conviction and security measures and biometric and genetic data.
Legal reasons for processing special personal data are regulated in Article 6 of the Law. According to this article:
• For data of special nature other than health and sexual life - Prescribed by laws,
• For special quality data on health and sexual life - Persons or authorized institutions and organizations under the obligation of keeping these data confidential, for one of the purposes of protecting public health, preventive medicine, medical diagnosis, treatment and care services, planning and managing health services and financing. processing by,
If there are legal reasons, special quality data can be processed. If you do not have one of the stated legal reasons, your personal data of special nature can only be processed if you have your explicit consent.
Personal Data Processing Principles
As HotelForex, we comply with the following data processing principles in all processes where we process personal data:
• To comply with the law and honesty rules,
• Being accurate and up-to-date when necessary,
• Processing for specific, explicit and legitimate purposes,
• Being connected, limited and measured with the purpose for which they are processed,
• Being kept for the period stipulated in the relevant legislation or required for the purpose for which they are processed.
Purposes of Processing Personal Data
As HotelForex, our purposes for processing personal data are specified below for the relevant persons (data owners):
Personal Data Processing Purposes of the Related Person whose Personal Data is Processed
The People We Serve - To communicate with our customers and to
managing relationships,
- Registering a website membership,
- Performing hotel reservation transactions,
- Conducting bargaining activities regarding accommodation fees,
- Conducting activities for customer satisfaction,
- To carry out and maintain our business activities,
- To promote the products and services offered by our company; marketing
to carry out its activities,
- To receive feedback on the improvement of our products / services
and evaluate,
- To follow up and finalize requests / complaints,
- To carry out our activities in accordance with the legislation,
- To carry out financial and accounting affairs.
Employee Candidate - To carry out the application processes of employee candidates,
- To carry out the processes of selecting and placing employee candidates,
- Planning human resources processes.
Business Partner Employee / Officer - To communicate with you and manage relationships with our business partners,
- To register the membership of the facilities,
- Performing hotel reservation transactions,
- Conducting bargaining activities regarding accommodation fees
- To carry out and maintain our business activities,
- To ensure the security of our company operations,
- To carry out our activities in accordance with the legislation.
Website Visitor - To improve the experience of the website users,
- Conducting communication activities,
- Ensuring that the visits take place in an appropriate manner and
ensuring that information is remembered for the next visit,
- A personalized experience for visitors and registered users
provide.
Transfer of Personal Data
In order to transfer personal data to third parties, it is necessary to comply with the regulations in Articles 8 and 9 of the Law. In this direction, HotelForex makes sure that the transfer is made based on the legal reasons specified in the Law before transferring personal data to third parties.
In the table below, the purposes for which HotelForex transfers personal data to which third parties in the country or abroad:
Purposes of Recipients to Transfer Personal Data
Authorized Persons, Institutions or Organizations - To carry out our activities in accordance with the legislation,
- To provide information to authorized persons, institutions and organizations.
Hotels and Other Business Partners - You transmit through the website www.hotelforex.com
Support from our business partners regarding the fulfillment of your requests
receive,
- Complete hotel reservation procedures,
- Managing the relationships with our business partners.
Service Providers - Support from service providers for product / service procurement
receive,
- To carry out operational processes related to our services,
- To ensure the continuity of our business activities.
Storage of Personal Data
Transactions regarding the deletion, anonymization or destruction of your personal data are carried out with certain periods as per our legal obligation.
Personal data are stored by our Company in accordance with the principle of "keeping personal data for the period stipulated in the relevant legislation or as required for the purpose for which they are processed". In this respect, personal data are deleted, destroyed or anonymized by HotelForex in case the storage period stipulated in the legislation or the period required for the processing purpose expires.
Personal Data Security
HotelForex;
• To prevent your personal data from being processed illegally,
• To prevent unlawful access to your personal data,
• To ensure the protection of your personal data,
takes all necessary technical and administrative measures to ensure personal data security. In this context, you can find the main technical and administrative measures taken by our Company:
Technical Measures
1. Network security and application security are provided.
2. Security measures within the scope of procurement, development and maintenance of information technology systems are taken.
3. The security of personal data stored in the cloud is ensured.
4. Current anti-virus systems are used.
5. Personal data security problems are reported quickly.
6. Personal data security is monitored.
7. The security of environments containing personal data is ensured.
8. Personal data are reduced as much as possible.
9. Personal data are backed up and the security of backed up personal data is also ensured.
10. Current risks and measures have been identified.
11. Intrusion detection and prevention systems are used.
12. Cyber security measures have been taken and their implementation is constantly monitored.
13. Encryption is done.
Administrative Measures
1. The disclosure obligation of the data controller is fulfilled with the disclosure texts submitted to the relevant persons.
2. Training and awareness activities on data security are carried out periodically for employees.
3. Institutional policies on access, information security, use, storage and disposal issues have been prepared and implemented.
4. Access authorization to personal data of employees who have a job change or leave their job is removed.
5. The signed contracts contain data security provisions.
6. Personal data security policies and procedures have been determined.
Use of Cookies
Cookies are small text files that are downloaded to a computer, phone or browser when the user accesses a website. Cookies allow website visitors to be recognized and to store some information about their visit preferences or past transactions.
For detailed information about how HotelForex uses cookies, you can review the Cookie Policy at www.hotelforex.com.
Related Person Rights
Personal data owner data subjects have certain rights regarding the processing of their personal data in accordance with Article 11 of the Law. It is explained below what these rights are:
• Learning whether your personal data is being processed,
• Requesting information if we are processing your personal data,
• Learning the purpose of processing your personal data and whether they are used appropriately for their purpose,
• To know the third parties to whom we transfer your personal data at home or abroad, if any
• To request correction of your personal data if it is incomplete or incorrectly processed, and to request us to notify third parties to whom we have transferred personal data,
• To request the deletion or destruction of your personal data in the event that the reasons requiring its processing disappear, even though we have been processed in accordance with the law and the relevant legislation, and to request that we notify the third parties to whom we have transferred your personal data, if any,
• If there are situations where an unfavorable result arises by analyzing your personal data we process exclusively through automated systems, to object to them,
• Request compensation for your loss in case you suffer damage due to unlawful processing of your personal data.
In addition to the above, in cases where we process your personal data based on your express consent, you always have the right to withdraw your express consent by contacting us.
To Exercise Your Rights:
1. You can send your requests to us using the methods specified in the "Relevant Person Application Form" at www.hotelforex.com.
2. You can send your requests in writing to Cevizli Mahallesi, Zuhal Caddesi, A6 Blok No: 46 D: 18 Ritim Maltepe / İstanbul.
3. You can choose other methods specified in the Communiqué on Application Procedures and Principles to Data Controller.
If you send us your request regarding your rights, we will respond to your request as soon as possible and within thirty days at the latest, depending on the nature of your request.
You will not be charged a separate fee for exercising your rights. However, if your transaction requires an additional cost, we may charge you the fee in the tariff determined by the Personal Data Protection Authority. In such a case, we will be informing you about the additional cost.
For communication
For all your questions regarding this Policy or the processing of your personal data, you can contact us via the contact information below.
Phone: +90 212 807 01 76
E-mail: [email protected]
Concepts Used in the Policy
The concepts used in the policy and their explanations are specified in the table below:
Explicit Consent: Consent that is based on information and expressed with free will regarding a specific subject.
Anonymization / Anonymization: Making personal data unrelated to an identified or identifiable natural person under any circumstances, even by matching with other data.
Employee: HotelForex employee.
Relevant Person / Data Owner: Real person whose personal data is processed.
Destruction: Deletion, destruction or anonymization of personal data.
Law: Personal Data Protection Law dated 24/3/2016 and numbered 6698.
Board: Personal Data Protection Board.
Personal data: All kinds of information regarding an identified or identifiable natural person.
Processing of personal data: Obtaining, recording, storing, preserving, changing, rearranging, disclosure, transferring, taking over, making available, by means of non-automatic means, provided that personal data are fully or partially automatic or part of any data recording system Any action taken on the data, such as classification or prevention of use.
Data Controller: Real or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system.
Definitions not specified in the table will be based on the definitions in the Law and secondary regulations.