GRAND HARİLTON HOTEL
PRIVACY NOTICE ON THE PROCESSING OF THE PERSONAL DATA
Dear Guests;
This privacy notice prepared under the personal data protection is a general privacy notice in the frame of the Law No. 6698 on the Personal Data Protection applied throughout our company whose company title and hotel name is stated below and our hotel.
Our company and hotel;
GRAND HARİLTON HOTEL
Our hotel and company is hereinafter referred to as “Grand Harilton Hotel” or “Hotel”.
We, Grand Harilton Hotel family, care deeply about protecting your personal data. In this context, we process your personal data as the “Data Controller” in accordance with the Personal Data Protection Law No. 6698 (“KVKK”), within the scope of the purposes and limits specified below, and take great care to take the necessary administrative and technical measures accordingly. For this reason, through this “Information Notice on the Processing of Personal Data,” we would like to inform you, our valued guests and visitors, about our personal data processing procedures and your rights under Law No. 6698 and the GDPR regulations.
1. Your Personal Data We Processed
We need to request information such as the below information about you and/or your family members who are the customers of Grand Harilton Hotel:
• Identity details (such as first-last name, T.R. Identity Number, Passport Number).
• Contact details (such as phone number, e-mail address, contact address).
• Personal details (such as date of birth, nationality).
• Details on your children (such as name, date of birth, age).
• Your credit card number (for banking collection transaction and reservation purposes).
• Your arrival and departure dates at the Hotel.
• Your preferences and interests (such as smoking/non-smoking room, preferred floor, bedding set type, gazette/magazine type, sports, cultural interests)
• Questions/comments you may have while staying at our establishment or after your stay.
• In order to provide you with better service, protect your health, and enable you to use our sports facilities, we are required to process sensitive health data (such as blood type, past illnesses, allergy-related situations, whether you have any condition that may prevent you from participating sports activities). Information collected about individuals under the age of 18 is limited to name, nationality, and date of birth, and this information can only be provided to us by an adult. (Data listed above altogether in the text is referred to as “Personal Data”.)
2. The Time Your Personal Data Is Obtained
Personal data can be collected in various conditions, including:
1. Hotel activities:
• Room reservation.
• Entrance to the Hotel and payment.
• Your arrival and departure dates at the Hotel.
• Eating/drinking at the hotel bar or restaurant while you stay.
• Requests, complaints and/or dispute.
• Your reservations (in Weddings, Meetings and Other Organizations).
• In suggestion and survey forms.
Under the Law No. 6698 on the Personal Data Protection, the processing of personal data refers to any operation performed on data, whether fully or partially automatic, or through non-automatic means as part of any data recording system, including the collection, recording, storage, preservation, modification, rearrangement, disclosure, transfer, acquisition, making available, classification, or prevention of the use of such data.
– Participation in the marketing programs or activities:
• Participate in the customer survey (such as Guest Satisfaction Survey)
• Subscribing to the bulletin to receive offer and promotion on e-mail.
– Information transmission from third parties:
•Information transmitted to our plants through reservations you made via tour operators, trip agencies, GDS reservation systems and others.
– Internet activities:
• Connection to Grand Harilton Hotel websites (IP addresses, identification details)
• Online forms (network login systems such as online reservation, surveys, Grand Harilton Hotel pages on social Networks, login to Facebook etc.).
Personal Data Processing Method and Cause of Action
In the frame of the purposes stated in the article 3 of the Notice within the scope of fulfilling the requirements of accommodation and service processes offered within our hotel facilities, your Personal Data can be collected and processed with the below methods and channels by the related departments of the Hotel and other authorized departments through automatic or non-automatic methods in order to carry out the accommodation and other service processes and/or fulfilling of all obligations including legal obligations of the Hotel:
• Your personal applications in person, via the Hotel’s websites, by email, by post, through references, the Hotel’s solution partners and suppliers (such as travel agencies, touring companies, reservation sites) and/or websites or social media accounts.
• Through information obtained during meetings that can be conducted in various ways (face to face, phone, teleconference, video conference, fax etc.). Your personal data is processed for the following causes of action listed in Article 5 of Law No. 6698;
Your explicit consent,
Explicitly provided for in the laws,
III. If you are unable to express your consent due to actual impossibility or if it is necessary to protect your life or physical integrity or that of another person and your consent is not legally valid,
Processing of personal data related to a contract establishment or fulfillment,
Necessary to fulfill our legal obligations,
Disclosed by the person concerned themselves,
VII. Data processing is necessary for the establishment, exercise, or defense of a legal claim,,
VIII. Provided that it does not infringe upon your fundamental rights and freedoms and with your explicit consent, it is necessary for our legitimate interests,
Your Sensitive Health Data is processed depending on your explicit consent or if the conditions listed in Article 6 of the Law are met. Your personal data is processed pursuant to Identity Disclosure Law No. 1774, Turkish Commercial Code No. 6102, Personal Data Protection Law No. 6698 and other related legal legislations. Grand Harilton Hotel processes your personal data in accordance with the principles and obligations set forth in the relevant legal regulations, including the Constitution of the Republic of Turkiye, international agreements to which our country is a party, EU data protection regulations (GDPR), and the Personal Data Protection Law (KVKK).
3. Processing of Sensitive Personal Data
Certain types of personal data that carry risks of causing harm or discrimination when processed unlawfully are stated as “sensitive” in Article 6 of the Personal Data Protection Law No. 6698. Such data include data related to race, ethnic origin, political view, philosophical belief, religion, denomination, or other beliefs, dress and clothing, membership in an association, foundation, or union, health, sexual life, criminal conviction and security, and biometric and genetic data. Our Hotel complies with the regulations stipulated in Article 6 of the Personal Data Protection Law regarding the processing of sensitive personal data and acts with sensitivity in protecting this data.
As the Grand Harilton Hotel family, we process your sensitive personal data in accordance with the Personal Data Protection Law, subject to the implementation of adequate measures determined by the Personal Data Protection Board, in the following circumstances:
1. If You Have Given Your Explicit Consent
By sharing your circumstances with our Hotel, you can request customized services and share your sensitive data for this purpose. (For example, requesting a thin pillow due to a herniated disc, requesting a room on the ground floor due to a heart condition, requesting desserts without nuts due to a peanut allergy, requesting gluten-free meals due to a gluten allergy, and providing your health information to determine whether you meet the necessary health conditions to benefit from the services offered at the facility, including whether you have any medical condition that would prevent you from participating in the offered sports activities, etc.).
This health information collected with your explicit consent within our Hotel is restricted within the organization itself, ensuring that it is only accessible to authorized personnel within the facility where you are receiving services. In order to provide you with customized services tailored to your needs as defined by the sharing of your sensitive data, and to remember these needs in the future so that we can provide you with the same services again, our Hotel will only process your sensitive data with your explicit consent and solely for the purpose of collection. Your sensitive health data and other sensitive data related to your preferences are shared within the organization only with our personnel who provide the service, for the purpose of minimizing factors that could pose a vital risk to our valued guests in line with the service you receive and the provision of internal services. This sensitive data will never be shared with our other employees within the organization or third parties. All necessary administrative and technical measures are taken to protect this sensitive data, and great care and sensitivity are shown in safeguarding the data.
2. If You Have Not Given Your Explicit Consent
Your sensitive personal data excluding your sensitive health data may only be processed in cases stipulated by law. Your sensitive personal data related to your health may only be processed by persons or authorized institutions and organizations bound by confidentiality obligations for the purposes of protecting public health, preventive medicine, medical diagnosis, treatment and care services, and the planning and management of health services and their financing. Other than that, your health data can only be shared with healthcare institutions without your explicit consent in situations where your explicit consent cannot be obtained (such as if you are involved in an accident, become too ill to express your explicit consent, or require emergency medical intervention).
4. Reasons to Process Your Personal Data
Your personal data is processed for the purpose of ensuring security of our Hotel, enabling you to benefit from the services provided to our visitors and guests, managing access records, fulfilling our legal obligations arising from laws and regulations, in accordance with the personal data processing conditions specified in Articles 5 and 6 of Law No. 6698, and for the fulfillment of our institution’s obligations as determined by the laws, as we detailed below:
1. To fulfill our obligations to our customers.
2. To manage room reservations and accommodation requests:
• To prepare legal documents in accordance with the accounting standards, to manage and keep invoicing services.
To manage your hotel accommodation:
• To monitor your service usage (phone, bar, pay TV etc.)
• Manage Access to rooms.
• Internal management of lists of customers who engage in inappropriate behavior during their hotel stays (aggressive and antisocial behaviors, failure to comply with hotel contract, failure to comply with safety regulations, theft, damage, or payment-related issues).
• To perform marketing activities, to promote our brands.
• To adopt and improve our products and services to meet your needs better.
• To customize the commercial offers and promotion messages we sent you.
• To inform you about special offers and services provided by Grand Harilton Hotel and its affiliated companies where you have given explicit consent.
• To manage our customer relations before, during and after your stay.
• To perform segmentation procedures based on the reservation history and travel preferences of the customers for the purpose of sending targeted communications.
• To develop statistics and commercial scores and to report.
• To acknowledge preferences of new or old customers and provide personalized services.
• To send you bulletins, promotions and tourism, hotel, or service offers, or to contact you by phone, where you have given your explicit consent.
• To manage unsubscription requests for bulletin, promotion, tourism offers and satisfaction surveys.
• To pay attention to the right to object and to manage the objection procedures.
• To benefit from special phone services to contact guests staying in our Hotel in the event of serious incidents (such as natural disasters etc.) affecting the hotel in question.
• To present surveys and analyze the customer reviews through the survey.
• To manage claims/complaints.
• To secure and develop your usage of the websites of our Hotel specifically in the following fields:
• To develop surfing.
• To apply safety and counterfeiting prevention systems.
• To comply with our obligations in the frame of Identity Disclosure Law No. 1774.
• To fulfill the obligations set forth in the other relevant regulations. (such as OHS Activities, obligations of Tax Procedure Law etc.)
Beyond this, the primary purpose of processing your personal data is to better serve you and to ensure that you, our valued guests, can benefit more from our services without interruption.
5. Transfer of Your Personal Data Domestically and Internationally
Your personal data may be accessed by Grand Harilton Hotel and its affiliates for the purpose of providing services within the Hotel and this data is transferred to these companies when needed.
Your personal data may be transferred and/or made accessible to domestic and/or international organizations providing storage, archiving, and IT support services (such as servers, hosting, cloud computing), financial institutions with whom we collaborate and/or from whom we receive services, consulting firms providing support in legal and similar areas, third parties providing support in other areas related to the hotel’s activities, our business partners, and authorized institutions and organizations, under the control of our hotel’s technical units, with the necessary security measures in place, in a controlled and limited manner (domestically), for the purposes specified.
All obligations in the frame of Personal Data Protection Law No. 6698 and related regulation are complied with by our Hotel during the transfer of your data within the country. In the frame of legal obligations and if needed, your Personal Data can be transferred to government agencies, judicial bodies and foreign missions (embassy, consulates etc.) established with the international contracts.
6. Processing Period for Your Personal Data
Your Personal Data will be processed until the end of the period stipulated in the relevant regulation for the storage of such data, if any, or until the end of the period necessary for the purpose for which it was processed, if no such period has been specified. Upon the expiration of these periods, your Personal Data will be deleted, destroyed or made anonymous immediately, in accordance with the regulatory rules either automatically or upon your request. During this period, you are obliged to inform Grand Harilton Hotel or our related group company about the changes in your Personal Data so that your records can be kept up to date and accurate.
7. Monitoring of Hotel Facilities with Camera
The entrances and exits of Grand Harilton Hotel facilities, corridors, common areas and the exterior of the facility are monitored by cameras for the purposes of facility security, guest safety, and occupational health and safety, and camera symbols are present in these areas. We would like to emphasize that your rights are reserved in accordance with the Constitution and the Personal Data Protection Law (KVKK) regarding these images. The purpose of surveillance and recording via cameras is to detect potential incidents, particularly actions such as theft that may occur in the workplace. These records can only be accessed by the authorized departments of the Hotel. Records are retained for 21 days for safety purposes and are destroyed at the end of this period.
8. Your Rights as Data Subject under the Scope of Personal Data Protection Law (Article 11)
By applying to our Company, under the scope of Article 11 of Personal Data Protection Law, you have the rights to;
a) To learn if your personal data is processed,
b) If your personal data has been processed, to request information about this,
c) To learn the purpose for which your personal data is processed and whether it is being used for its intended purpose,
d) To know the third parties to whom your personal data is transferred within and outside the country,
e) In case your personal data are processed incorrectly or incompletely, to request for correction,
f) To request for deletion or destruction of your personal data in the frame of the terms stipulated in the relevant article of the Law,
g) To request notification to third parties to whom personal data has been transferred regarding the processing carried out in accordance with subparagraphs (e) and (f),
h) To object to the analysis of your processed data exclusively by automated systems, which results in the decision against the individual,
i) To request compensation for damages caused by the unlawful processing of the personal data,
In order to exercise the rights mentioned above, you can submit your request in writing, including the necessary information to identify your identity, along with an explanation of the right you wish to exercise as stated in Article 11 of the Personal Data Protection Law , by delivering it in person with the identification documents to the address Yenibosna Merkez, Ali Duran Sk. No:6, 34100 Bahçelievler / İstanbul / TÜRKİYE on behalf of GRAND HARİLTON HOTEL, signing it, filling out our request form by applying in person at our company, sending it through notary or other methods specified in the KVK Law, or by sending the relevant application securely with an electronic signature to info@grandhariltonhotel.com.