As AZ OTEL İŞLETMELERİ TURİZM İNŞ. TİC. LTD. ŞTİ. (the “Company”), we show the utmost care with regard to the security of your personal data. With this in mind, as a company we attach great importance to all of the personal data belonging to the individuals who interact with the Company in any way, including those who benefit from our products and services, being processed and stored in accordance with the Personal Data protection Law (“PDP” Legislation) numbered 6698. With a full understanding of our responsibilities and in the manner defined in the PDP Legislation, we process your personal data in the manner set out below and within the boundaries stipulated by law, in our position as the “Entity Responsible for the Data”.
As the Corendon Group;
• Our Organisation collects and processes personal data in line with the laws of Turkey and the member countries of the European Union, within the context of protecting the fundamental rights and freedoms of individuals, and in particular the privacy of personal life.
• All of our personal data processing activities are within the scope of our policy. This includes the processing of the personal data and personal data of a private nature of customers, employees, suppliers and business partners and any data originating from any source, which has been collected and processed by the organisation.
• Our Organisation takes the necessary technical and administrative precautions to ensure the appropriate level of security in order to prevent the personal data it is processing from being processed or accessed in a manner which infringes the law and to ensure that the data is safeguarded, and performs or instigates the necessary controls within this scope.
• Processes personal data in a manner which is related to the objectives, limited and measured, with aims which are in line with the rules of law and honesty and correct, and where necessary, current, clear, explicit and lawful, on the subject of the processing of personal data.
• Our Organisation stores personal data for the period stipulated in the legislation or for the amount of time required in line with the purpose with which the personal data was processed.
• Our Organisation provides information to the owners of the personal data and gives them the necessary information in the event that the owners of the personal data should request it.
• Our Organisation acts in accordance with the stipulated regulations on the subject of the processing of personal data of a private nature and does not take actions or carry out activities without express consent, other than in situations clearly stipulated in the legislation.
• Our Organisation carries out its actions and activities by acting in accordance with the matters set out in the legislation on the matter of the transfer of personal data.
• We perform activities directed at the protection of personal data with traceable, measurable and assessable objectives, in our Organisation.
• Our Organisation establishes the awareness of its parties involved in its internal and external matters with regard to the protection of personal data and notifies them of their relevant obligations.
• Our Organisation conducts training designed to improve technical and behavioural skills with the aim of improving awareness, directed at the protection of Personal Data.
• Our Organisation evaluates matters of breaches in personal data in accordance with the discipline procedures and notifies the authorised members of the board immediately in the event of any offences or violations which require punishment.
• Our Organisation continuously monitors the confidentiality, integrity and validity of personal data and authorities to access personal data, through a process based asset inventory and process based risk assessments.
• Our Organisation undertakes to ensure that the applications directed at the Personal Data Protection Management System are realised and systematically managed and that the system is continually improved and to set aside the resources needed by the system.