top of page

Personal Data Protection Notice

PURPOSE OF THE LEGAL REGULATION

Article 1 of Law No. 6698 on the Protection of Personal Data (“KVKK”) states:
"The purpose of this Law is to regulate the procedures and principles to be followed by real and legal persons who process personal data, as well as to protect the fundamental rights and freedoms of individuals, primarily the confidentiality of private life, in the processing of personal data."

​

LEGAL BASIS OF THIS NOTICE

Article 10 of Law No. 6698 stipulates that during the collection of personal data, the data controller or its authorized representative is obliged to inform the data subjects about:

a) The identity of the data controller and, if any, its representative,
b) The purpose for which personal data will be processed,
c) To whom and for what purpose the processed personal data may be transferred,
ç) The method of collecting personal data and its legal basis,
d) The other rights listed in Article 11.

Accordingly, this notice is provided for legal compliance and transparency purposes. POINT HOTEL MANAGEMENT TURIZM A.Åž. ensures the confidentiality of personal data obtained from its guests and customers by maintaining its system infrastructure and internet servers at the highest security level.

​

DEFINITION OF PERSONAL DATA PROCESSING

Article 2(e) of Law No. 6698 defines personal data processing as:
"Processing of personal data refers to any operation performed on personal data, whether fully or partially by automatic means or by non-automatic means as part of any data recording system, such as collection, recording, storage, preservation, alteration, restructuring, disclosure, transfer, acquisition, making accessible, classification, or prevention of use."

​

PRINCIPLES TO BE CONSIDERED IN THE PROCESSING OF PERSONAL DATA

Personal data may only be processed lawfully and fairly, accurately and up-to-date, for specific, clear, and legitimate purposes, related, limited, and proportionate to the purpose for which they are processed, and retained for the period prescribed by the relevant legislation or required for the purpose of processing, with the explicit consent of the data subject, unless otherwise permitted by law.

​

PURPOSES OF PROCESSING PERSONAL DATA

  • Guests and daily visitors: To fulfill legal obligations under applicable legislation, ensure the security of guests, and manage contractual relationships; also for purposes related to guests’ interests, public interest, and the HOTEL’s legitimate interests.

  • Employees: To record identity data in accordance with labor and social security legislation.

  • Job applicants: To evaluate employment applications.

  • Visitors, suppliers, contractors, and other business partners: For commercial purposes and to ensure the security of the HOTEL and its guests.

​

COLLECTION OF PERSONAL DATA AND LEGAL BASIS

Personal data are collected and processed for the following reasons:

  • To fulfill obligations arising from legislation,

  • To establish evidence in legal disputes under contractual relationships with guests,

  • To inform guests about forgotten items and similar matters,

  • To provide information about the HOTEL and deliver requested products or services.

Collected data may include identity information, address, telephone number, payment information (if necessary), and other required data, in accordance with applicable law.

​

TRANSFER OF PERSONAL DATA AND CROSS-BORDER TRANSFERS

  • According to Article 8 of Law No. 6698, personal data cannot be transferred without the explicit consent of the data subject, except in cases permitted by law and under the conditions prescribed therein.

  • According to Article 9 of Law No. 6698, personal data cannot be transferred abroad without the explicit consent of the data subject, except in exceptional cases specified by law and under the prescribed conditions.

​

DATA CONTROLLER AND REPRESENTATIVE

POINT HOTEL MANAGEMENT TURIZM A.Åž. is the Data Controller under Law No. 6698.

A representative of the Data Controller, appointed by POINT HOTEL MANAGEMENT TURIZM A.Åž., will be registered in the Data Controllers’ Registry in accordance with Article 16 and other relevant provisions of KVKK when the legal infrastructure is established.

​

RIGHTS OF THE DATA SUBJECT

According to Article 11 of Law No. 6698, any data subject has the right to:

a) Learn whether personal data is processed,
b) Request information if personal data has been processed,
c) Learn the purpose of processing and whether personal data is used accordingly,
ç) Know the third parties to whom personal data is transferred domestically or abroad,
d) Request correction of incomplete or inaccurate personal data,
e) Request deletion or destruction of personal data within the conditions set forth in Article 7,
f) Request notification of the actions taken pursuant to (d) and (e) to third parties to whom personal data has been transferred,
g) Object to the occurrence of a result against the data subject through exclusively automated processing,
ÄŸ) Request compensation for damages resulting from unlawful processing of personal data.

​

APPLICATION ADDRESS

You may submit your requests regarding your personal data in writing along with documents verifying your identity and the details of your request to:

Topçu St. No:2, 34437 Taksim / Istanbul, Turkey
or via e-mail: www.pointhotelmanagement.com.

​

APPLICATION TO THE DATA CONTROLLER

Pursuant to Article 11 of Law No. 6698:

  1. The data subject submits requests regarding the implementation of the Law in writing or through other methods determined by the Board to the data controller.

  2. The data controller concludes the requests free of charge as soon as possible and no later than thirty (30) days, depending on the nature of the request. If additional costs are incurred, a fee determined by the Board may apply.

  3. The data controller either approves the request or rejects it with justification, notifying the data subject in writing or electronically. If the request is accepted, necessary actions are taken. Any fees charged due to the controller’s fault will be refunded.

If the data subject’s application is rejected, a response is insufficient, or no response is given, the data subject may submit a complaint to the Personal Data Protection Board in Ankara within 30 days from the date of learning or 60 days from the date of application.

​

RETENTION OF PERSONAL DATA

According to Article 7 of Law No. 6698 and related legislation, personal data are retained for the duration required by law or for the purposes of processing. Once legal or contractual obligations cease or the purpose of processing is no longer valid, personal data is deleted or destroyed by the data controller either automatically or upon request of the data subject. Other relevant legal provisions remain reserved.

bottom of page