The following statements in this hereby information statement carry the following meanings:
Personal Data: All types of information concerning a real entity whose identity is known or can be determined;
Data Processor: The real or legal entity processing the Personal Data on the basis of the authority given by the Entity Responsible for the Data;
Entity Responsible for the Data: The real or legal entity who determines the objectives and tools for the processing of Personal Data and who is responsible for the establishment and management of the data recording system;
Relevant Individual: The real entity whose Personal Data is being or has been processed
As Az Otel İşletmeleri Turizm İnşaat Tic.Ltd.Şti. (“Our Company”),our primary principles include, in particular, the protection of fundamental rights and freedoms, as well as the preservation of the confidentiality of private life, ensuring and protecting the safety of information and respect for ethical values.
The Entity Responsible for the Data
The “Entity Responsible for the Data”, in respect of your Personal Data, is Az Otel İşletmeleri Turizm İnşaat Tic. Ltd. Şti., which has its company head office at “Kemerağzı Mah. Yaşar Sobutay Blv.No:37-39a Lara-Aksu-ANTALYA”, is registered at the Antalya Commercial Registry under the registration number 71500 and holds the Mersis (Central Registration System) number 5918953927254740.
The Parties whose Data is being Collected
We collect the data of the parties set out below, who are in a business relationship with our company, within the scope of the Legislation for the Protection of Personal Data:
The Data Collected and Processed by our Company from its Parties
We collect and process the following data from the parties of our company, within the scope of the GDPR (General Data Protection Regulations):
The Data Collection Objectives of our Company
We collect and process data in order to be able to achieve the company objectives, which are set out below (subject to being limited to the relevant objectives), within the scope of GDPR:
The Transmission of the Data Collected and Processed by our Company, in line with its Objectives
The personal data collected by our Company within the scope of the GDPR and the within the framework of the conditions and objectives for the processing of personal data, may be shared with our affiliates, subsidiaries, business partners (only anonymously), legally authorised public institutions and private individuals and other persons, in line with the objectives, the details of which are set out above.
The Manner in which and the Legal Reasons for the Collection of Data by our Company
Personal data is collected, used, recorded, stored and processed by our company, by notifying the owners of the personal data verbally, in writing and / or through electronic means, in a manner which is clear and easy to understand, and where necessary by obtaining their consent, subject to it being in connection with and restricted to the lawful objectives set out clearly above and in accordance with the rules of law and honesty, and remaining within the framework of the principle of prudence.
We guarantee that your personal data will not be processed, transmitted to 3rd parties, either domestically or abroad and stored for any purpose other than those set out in this information statement.
The Period of Storage of the Data Collected by our Company
Your personal data is stored for the period of storage set out in the relevant legislation, and in the event that no period has been stipulated in the relevant legislation, in line with the practices of our Company and the customs of commercial life or for the term required in line with the objectives of processing the data referred to above, and then deleted, destroyed or made anonymous in a manner which adheres to the requirements of the GDPR.
The Security of the Data Collected and Processed by our Company
The requirements of the technical and administrative measures of the Information Security Management System (ISO 27001 Standard and its good practices manuals 27018 and 27701) and the Personal Data Protection Management System (Bureau Veritas – Data Protection Technical Standard, BS 10012 – Data Protection Personal Information Security System Standard), as subscribed to by our Company, are continuously active and developed within the scope of continuous improvement, in order to ensure that they are not subjected to unauthorised access and damaged in the environment where they are processed and stored.
Information Concerning Users Situated within the European Union
This section only applies in respect of the use of the services supplied by Corendon Hotels by persons who are situated in the member states of the European Union.
Personal data may be forwarded to third countries or international organisations. In order to ensure your protection and the protection of your data, such a transfer of data is subject to legal requirements and the taking of the appropriate precautions in line with these (especially the implementation of the articles of the agreement concerning the EU standards) or a decision on adequacy published by the EU Commission (in accordance with the GDPR).
Moreover, we have an obligation to provide personal data to international organisations (in accordance with domestic and international regulations and agreements and article 6(1) (c) of the GDPR).
The Right of Objection in accordance with Article 21 of the GDPR
|You have the right to make an objection to the processing of personal data related to you (including profiling) , at any time, and together with the reasons citing your special circumstances, within the scope of paragraphs (e) or (f) of Article 6(1) of the GDPR.
The entity responsible for the data is not allowed to process your personal data if he/she is unable to show a strong lawful justification such as one which is over and above the interests, rights and freedoms of the owner of the data or the instituting, use or protection of a legal right.
Where personal data is being processed directly for the purposes of marketing, you have the right to object to the processing of your personal data for marketing purposes, including profiling to the extent where it is related to the said direct marketing activities, at any time.
In the event that you have made an objection to the processing of your data, your personal data will no longer be processed for such purposes.
Your Rights as the Relevant Individual
The rights you possess within the scope of the European Union General Data Protection Charter (Reg. EU 2016/679) are as follows:
You may send an e-mail to [[email protected]] in order to utilise your rights. However, do not forget that we may be required to process your personal data in order to be able to meet your requests and for the purposes of determining your identity, in accordance with the legal provisions.