PRIVACY AND PERSONAL DATA PROTECTION POLICY
Hedef Hotel Management Inc. We do not evaluate the protection of personal data, which is the basis of the privacy of private life, only within the scope of compliance with the legislation, but also put the value we attach to human beings at the basis of our approach. For this reason, in accordance with the Law No. 6698 on the Protection of Personal Data (“Law”) and the relevant legislation, this Privacy and Personal Data Protection Policy (“Policy”) regarding the personal data processed through the Hedef Beyt Hotel e-commerce platforms is presented for clarification and information purposes.
- DATA SPEAKERCommercial Title: Hedef Otel İşletmeciliği A.Ş. (“THedef Beyt Hotel” or “Company”)Headquarters Address: Oruç Reis Mah. Tekstilkent Cad. No: 12 Koza Plaza B Blok K.28 Esenler, IstanbulMersis Number: 0461042614600015
- DATA OWNERS AND PROCESSING ACTIVITIES
- Customers Who Book Online
- YOUR PROCESSED PERSONAL DATA
Your personal data that may be subject to processing in accordance with the Law on Protection of Personal Data No. 6698 (“Law”) are as follows:
| Identity name, surname, TR ID number, gender, date of marriage |
| Communication phone number, e-mail address, billing address |
| Transaction Security IP address, website entry and exit information, traffic data, log records |
| Customer Transaction special request |
| Accommodation Information accommodation date, room type, number of people |
- PURPOSE AND LEGAL REASONS FOR THE PROCESSING OF YOUR PERSONAL DATA
Your personal data will be retained for the maximum period specified in the relevant legislation or required for the purpose for which they are processed. Your personal data may be processed by the company for the following purposes:
| Your Identity Data Processing Purpose:Making early reservations on your behalf, creating a reservation record, issuing invoices, carrying out sales and after-sales support services, meeting your special requests, providing services specific to the nature of the accommodation and carrying out activities for customer satisfaction, conducting communication activities, conducting legal processes, informing authorized public institutions and organizations Execution of financial and accounting works, follow-up of requests and complaints, execution of information security and audit activities, |
| Legal Reason: Provided that it is directly related to the establishment or performance of a contract, it is necessary to process the personal data of the parties to the contract, It is necessary for the data controller to fulfill its legal obligation, Data processing is mandatory for the establishment, use or protection of a right, It harms the fundamental rights and freedoms of the data subject. Data processing is mandatory for the legitimate interests of the data controller, |
| Your Contact Data Purpose of Processing: making early reservations on your behalf, creating a reservation record, issuing invoices, carrying out sales and after-sales support services, meeting your special requests, providing services specific to the nature of the accommodation and carrying out activities for customer satisfaction, conducting communication activities, conducting legal processes, authorized public institutions and organizations. institutions, execution of finance and accounting works, follow-up of requests and complaints, execution of information security and audit activities, sending reservation confirmation, cancellation and invoice information to electronic communication address, |
| Legal Reason: Provided that it is directly related to the establishment or performance of a contract, it is necessary to process the personal data of the parties to the contract, It is mandatory for the data controller to fulfill its legal obligation, Data processing is mandatory for the establishment, exercise or protection of a right, Fundamental rights of the data subject Data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm their freedoms and freedoms, |
| Your Transaction Security Data Purpose of Processing: fulfilling the obligations arising from the legislation, performing information security and audit activities, detecting faulty transactions, using them as evidence in disputes, conducting legal processes, informing authorized public institutions and organizations, following up requests and complaints, carrying out information security and audit activities,
|
| Legal Reason: It is clearly stipulated in the laws, Data processing is mandatory for the establishment, exercise and protection of a right, It is mandatory for the data controller to fulfill its legal obligation, |
| Your Customer Transaction Data Purpose of Processing: to meet your special requests, to provide services specific to the nature of the accommodation and to carry out activities for customer satisfaction, |
| Legal Reason: It is necessary to process the personal data of the parties to the contract, provided that it is directly related to the establishment or performance of a contract, |
| Accommodation Information Purpose of Processing: making early reservations on your behalf, creating a reservation record, issuing invoices, carrying out sales and after-sales support services, conducting communication activities related to reservations, conducting legal processes, |
| Legal Reason: Provided that it is directly related to the establishment or performance of a contract, it is necessary to process the personal data of the parties to the contract, It is mandatory for the data controller to fulfill its legal obligation, Data processing is mandatory for the establishment, exercise or protection of a right, |
Data Processing Activities Subject to Explicit Consent
| Processed Personal Data: Identity (Name, surname), contact (Mobile phone, e-mail address) |
| Purpose of Processing: Sending commercial electronic messages about all kinds of campaigns, advertisements, events, promotions, marketing, invitations, product and service promotions, celebrations, surveys and market research activities of Hedef Beyt Hotel and transferring them to service providers in the field of informatics for the provision of this service. |
- SHARING YOUR PERSONAL DATA WITH THIRD PARTIES
Your identity, contact and accommodation information; For the purposes of data processing, integration, archiving, storage, technical support, execution and auditing of business processes, ensuring the internal functioning of the company, performing audit and reporting activities with our domestic suppliers; Based on the legal reason that data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject,
Your identity, communication, accommodation and transaction security data; Data processing is mandatory for the establishment, exercise or protection of a right, for the purpose of fulfilling the requests and obligations in accordance with the law within the scope of the legislation, regulatory and supervisory activities related to law firms and authorized public institutions and organizations, for the purpose of executing and finalizing alternative dispute and litigation processes. and on the legal grounds that it is mandatory for the data controller to fulfill its legal obligation.
It is shared to the extent necessary for the realization of the relevant purpose, by taking the necessary technical and administrative measures in accordance with Articles 8 on the transfer of personal data and Article 9 on the transfer of personal data abroad.
- METHOD OF COLLECTING PERSONAL DATA
Your Personal Data; It is collected automatically in writing or electronically during the online reservation form available on the website of Hedef Beyt Hotel, filling out the contract and other forms, invoice, return and payment transactions and call center calls.
- Online Visitor
- YOUR PROCESSED PERSONAL DATA
Your personal data that may be subject to processing in accordance with the Law on Protection of Personal Data No. 6698 (“Law”) are as follows:
| Transaction Security IP address, website entry and exit information, traffic data, log records |
- PURPOSE AND LEGAL REASONS FOR THE PROCESSING OF YOUR PERSONAL DATA
Your personal data will be retained for the maximum period specified in the relevant legislation or required for the purpose for which they are processed. Your personal data may be processed by the company for the following purposes:
| Your Transaction Security Data Purpose of Processing: fulfillment of obligations arising from the legislation, performing information security and audit activities, detecting faulty transactions, using as evidence in disputes, conducting legal processes, informing authorized public institutions and organizations, following up requests and complaints, conducting information security and audit activities |
| Legal Reason: It is clearly stipulated in the laws, Data processing is mandatory for the establishment, exercise and protection of a right, It is mandatory for the data controller to fulfill its legal obligation, |
- SHARING YOUR PERSONAL DATA WITH THIRD PARTIES
Your transaction security data; Based on the legal reason that the law firm and authorized public institutions and organizations are required to perform the activities within the scope of the legislation and to fulfill the requests in accordance with the law, to be clearly stipulated in the laws for the execution of judicial processes, to be mandatory for the data controller to fulfill its legal obligation; Based on the legal reason that data processing is obligatory for the establishment, exercise and protection of a right in order to follow up the judicial and administrative processes with the contracted law firm; It is shared with domestic service providers whose servers are located abroad to the extent necessary for the realization of the relevant purpose, by taking necessary technical and administrative measures in accordance with the articles of the Law on the transfer of personal data in order to provide software, cyber security and information infrastructure support.
- METHOD OF COLLECTING PERSONAL DATA
Your Personal Data; It is automatically collected electronically during your visit to the website through information security systems and electronic devices on the website of Hedef Beyt Hotel.
- TECHNICAL AND ADMINISTRATIVE MEASURES TAKEN WITHIN THE SCOPE OF DATA SECURITY
As Hedef Beyt Hotel, we support privacy and security solutions in accordance with industry standards in order to prevent the unlawful processing of your personal data, which we obtain through our website, to prevent unlawful access to your personal data and to ensure the protection of personal data.
C.1. Administrative Measures
As Hedef Beyt Hotel, we provide our personnel with the necessary training for the legal processing and protection of your personal data and regularly audit their employees to measure the level of compliance with the Law. We adopt the compliance and care shown by our personnel to the Law as a criterion in the performance evaluation of our personnel.
Although these measures are taken within the company, we ensure your data security by signing confidentiality agreements and undertakings with our suppliers and business partners with whom we share your personal data in accordance with the law, and we ensure that our stakeholders show sufficient sensitivity for your personal data.
In addition to these trainings, inspections and precautions, in the event of a breach of your personal data, response plans have been created to remedy this breach, and the Company has made necessary preparations to remedy the breach by working with the Board.
C.2. Technical Measures
We pay special attention to information technologies and data security in order to protect the personal data of our customers. For this reason, as Hedef Beyt Hotel, we give priority to the employment of experienced and certified personnel in this field.
In addition, an information infrastructure equipped with security measures in accordance with international standards has been established in order to ensure data security and prevent illegal access to your data. The system, which is built on this infrastructure, is constantly audited internally for the smooth functioning of the system.
Technical measures given by the Personal Data Protection Authority such as encryption, authorization matrix, application and network security, data masking, firewalls, backup, key management and up-to-date anti-virus systems are complied with in our information infrastructure where the data we collect through our website is processed and stored.
In addition, intrusion detection and prevention systems have been established to prevent attacks on our information infrastructure, and the security of the system is checked by regularly applying risk analysis, data classification, vulnerability scans and penetration tests. In order to carry out all these processes, software programs and support in accordance with international standards are also received as a requirement of the importance we attach to your personal data.
Card information is never stored in reservation transactions made through our website, and the conditions required by PCI DSS (Payment Card Industry Data Security Standard/Payment Card Industry Data Security Standards) are complied with in payments. Hedef Beyt Hotel is obliged to comply with the PCI DSS (Payment Card Industry Data Security Standard) standard created to ensure data security in card payment systems. Your credit card number is encrypted and transmitted to your bank, it is not stored by Hedef Beyt Hotel in any way and is not shared with third parties. If you want to take advantage of one-click fast shopping by saving your card information, you can benefit from the MasterPass card storage infrastructure. In such a case, you can shop with your credit card, which is stored in the MasterPass infrastructure, on all e-commerce sites with MasterPass partnership. All technical measures determined by the Personal Data Protection Authority and ISO 27001 standards are complied with in the management of our information system.
C.3. Adopted Principles
As Hedef Beyt Hotel; In the processing of your personal data, to take security measures with the sensitivity required by the nature of your data, to show at least the care that the Company has shown in protecting its own information for the protection of your data, not to process or share your personal data without your consent when your consent is required, to collect limited and only necessary data on our website, In this context, to act in accordance with the data minimization principle decided by the Personal Data Protection Authority, to attach importance to the accuracy and up-to-date of your personal data, to be transparently informed about the processing and transfer of all your personal data obtained, to inform you in accordance with this transparency principle if you request, and to inform you about your personal data. We would like to state that we have adopted the principle of being sensitive about complying with all legal regulations on data protection.
As Hedef Beyt Hotel, we would like to state that the security measures specified in this Policy and the principles adopted are valid on our website. We inform you that Hedef Beyt Hotel will not be responsible for such sites and applications in case of redirection to other sites or applications through our website, therefore we ask you to be careful against such redirects from our website.
- RIGHTS OF RELATED PERSONS UNDER LAW AND THE USE OF THESE RIGHTS
The rights of the Relevant Person on the personal data processed by Hedef Beyt Hotel pursuant to Article 11 of the Law are as follows:
a) Learning whether personal data is processed or not,
b) If personal data has been processed, requesting information about it,
c) Learning the purpose of processing personal data and whether they are used in accordance with its purpose,
ç) To know the third parties to whom personal data is transferred in the country or abroad,
d) Requesting correction of personal data in case of incomplete or incorrect processing,
e) Requesting the deletion or destruction of personal data within the framework of the conditions stipulated in Article 7,
f) Requesting notification of the transactions made pursuant to subparagraphs (d) and (e) to third parties to whom personal data has been transferred,
g) Objecting to the emergence of a result against the person himself by analyzing the processed data exclusively through automated systems,
ğ) To request the compensation of the damage in case of loss due to unlawful processing of personal data.
You can access detailed information on the exercise of your rights with the text “Information on the KVKK Application Form” on the website of Hedef Beyt Hotel, which is regulated in accordance with Article 13 of the Law. Your requests within the scope of Article 11 of the Law, which regulates the rights of the data subject, are sent to the address of Hedef Otel İşletmeciliği A.Ş. Pamucak Sahili Mevkii, in writing to Selçuk/İzmir address, from your registered e-mail address to kvkk@hotelbeyt.com e-mail address, from your e-mail address not registered in our system, to kvkk@hotelbeyt.com using mobile signature/e-signature You can send it to the address or to the address Hedefotelselcuk@hs03.kep.tr via KEP.
Cookie Usage and Management
You can review our Cookie Clarification Text for detailed information about the cookies used by Hedef Beyt Hotel, types of cookies, their purposes, storage periods and cookie management.
INFORMATION ON PRIVACY AND PROTECTION OF PERSONAL DATA
Clarification Text for Website Contact Form
Information on PDPL Application Form
Customer Whatsapp Clarification Text
Customer Whatsapp Explicit Consent International Data Transfer