Enlightenment Note On The Personal Data Protection Law
ENLIGHTENMENT NOTE ON THE PERSONAL DATA PROTECTION LAW
We, as Zeynep Turizm ve Ticaret A.Ş. (“Zeynep A.Ş.”) place a great importance on the protection of personal data and confidentiality of our employees, guests and third parties with whom we have a legal relationship and pay strict attention to take the necessary measures to ensure such protection. Thus, through this Enlightenment Note on the Personal Data Protection Law, we would like to inform you on your rights relating to the utilisation and protection of your personal data under the applicable legislation.
1) The Role of Data Controller
Pursuant to the Personal Data Protection Law numbered 6698 (the “PDPL”) Zeynep A.Ş. bears the capacity of the legal entity data controller as being the authority to determine the purposes and means to process the personal data and responsible for the establishment and operation of the data recording system. Zeynep A.Ş. as the data controller, is under the obligation to enlighten any person whose personal data is being processed; prevent any illegal personal data processing or reaching of a personal data on an illegal basis; and ensure the protection of the personal data.
2) The Legal Basis of the Collection of Personal Data by Zeynep A.Ş.
Any personal data owned by the employees, guests or third parties having a legal relationship with Zeynep A.Ş. and any other personal data obtained on a legal basis, is being processed in accordance with the Constitution of the Republic of Turkey, the PDPL, the Criminal Code of the Republic of Turkey and any other applicable legislation.
Your personal data is being processed in line with the principles listed below:
i) In accordance with the law and good faith;
ii) on an accurate and (as required) up-to-date basis;
iii) with definite, clear and legal purposes;
iv) in line with the purpose of processing, on a limited and appropriate basis;
v) with a purpose to be stored only within the time period set by the applicable legislation and required for the purpose of processing.
3) Why Do We Use Your Personal Data?
The personal data of the employees, guests and related third parties of Zeynep A.Ş. such as the name-surname, identity/passport number, address and contact details, education details and photograph may be collected, processed and shared by Zeynep A.Ş. pursuant to the PDPL and the applicable legislation with the purposes detailed below:
i) To satisfy the requirements of the legislation and practice in order to form a legally valid accommodation or employment agreement between the parties;
ii) to carry out the activities foreseen by the applicable legislation and to make the required notices to the public institutions and organisations;
iii) to ensure that the relevant authorities can conduct their inspection duties in case of any inspection with respect to Zeynep A.Ş. due to any applicable legislation or decision of any relevant public institution or organisation;
iv) in connection with the creation of the web page of Zeynep A.Ş. or any mobile application, updating and operating of such;
v) to enable processing of the personal data, choices, transactions, time spent and other related details available in the mobile applications or web pages to where log-ins can be made through user name and password together with other data;
vi) to carry out the obligatory notice duties to the relevant administrative authorities foreseen under the Identity Notice Law numbered 1774, Labour Law numbered 4857 and any other applicable legislation;
vii) in terms of the payments made through bank accounts by Zeynep A.Ş., to ensure that the account information and any other related information is stored in secure medium; and
viii) in order for Zeynep A.Ş. to organise collective activities and projects with the real persons and legal entities with which it collaborates, enable Zeynep A.Ş. to share information and activities of its employees, guests and other related third parties.
You may update or withdraw your permit any time on processing your personal data. Once we receive your withdrawal request, we will cease to process your personal data on an immediate basis.
4) Collection of Your Personal Data
Your personal data is being collected by our front desk team at the time of your stay through the documents and information provided by yourselves and as regards the data, collection of which is not obligatory, upon obtaining your approval; or through filling up of the forms available on the web page of Zeynep A.Ş.; or employment application forms submitted to Zeynep A.Ş.; or mobile applications; or booth or events, in any case on written or oral basis, in accordance with the applicable law and in line with the scope of your relationship with Zeynep A.Ş.
5) Purposes of Sharing Your Personal Data and the Parties that Your Personal Data May Be Shared with
As principal, Zeynep A.Ş. does not transfer any personal data of its employees, guests or any other party whose personal data is being processed, to any other third party without obtaining the explicit consent of the personal data owner.
Having said the above, in line with the limitations set by the applicable legislation, Zeynep A.Ş. may transfer personal data on the basis of the following conditions to the following organisations, institutions or entities: For the purpose of carrying out the legal requirements, to General Commandership of Gendarmerie; for the purposes of financial planning, calculating and performing the duties/requirements related to company law, to the third persons and entities located in the Republic of Turkey or overseas, Zeynep A.Ş.’s intermediaries and affiliates, agencies, suppliers or other third parties Zeynep A.Ş. is collaborating with.
6) Conditions set by the PDPL where Zeynep A.Ş. May Process Your Personal Data without Obtaining Your Approval
Pursuant to Article 5 of the PDPL, Zeynep A.Ş. may process your personal data without obtaining your approval based on the conditions listed below:
i) Conditions explicitly foreseen under the applicable law and legislation;
ii) In the event that you as being the data owner cannot express your approval due to a de-facto impossibility or that your approval is not deem to be legally valid or that it is essential to process your personal data to protect one’s life or physical integrity;
iii) In the event that the underlying agreement requires processing the personal information of the parties and to the extent it is directly related to the formation or performance of such agreement;
iv) In the event processing personal data is obligatory for the data controller to perform its legal duties;
v) In the event that your personal data is disclosed to public by yourselves;
vi) In the event that processing personal data is obligatory for the formation, utilisation or protection of a right; and/or
vii) On the basis that this will not harm your fundamental rights and freedoms, processing personal data is required for the legitimate interest of the data controller.
7) Your Rights under the PDPL
We would like to remind you that, pursuant to the PDPL, you have the following rights with respect to your personal data:
i) To be informed as to whether your personal data is processed or not;
ii) in case it is processed, to request information on such;
iii) to be informed on the purpose of processing your personal data and whether it is being used in line with such purpose;
iv) to be informed of the third party to whom your personal data is transferred, whether within the Republic of Turkey or overseas;
v) to request the rectification of incomplete or inaccurate data;
vi) In line with Article 7 of the PDPL, ask for deleting or disposal of your personal data;
vii) ask for notification of the transactions carried out under item (v) and (vii) above to the third parties to whom your personal data is transferred;
viii) to object to processing, exclusively by automated means, of your personal data, which leads to an unfavourable consequence for the data subject;
ix) in the event that you incur any loss as a result of your personal data being unlawfully processed, to ask for compensation.
We would like to remind you that, your personal data related applications will be replied by us within 30 (thirty) days upon receipt and that you have the right to make application to the Personal Data Protection Board within 30 (thirty) days following the receipt of our reply. Any application related to personal data protection rights to be made to Zeynep A.Ş within the capacity of the data controller, is required to be made in line with Article 13 Paragraph 1 of the PDPL on a written basis or any other means foreseen by the Personal Data Protection Board.
To that end, applications intended to be made to Zeynep A.Ş. may be made on written basis, in person, through the notary public or by means of sending an electronic mail to firstname.lastname@example.org.