1.1. The purpose of this personal data protection policy (the "Policy") is the purpose of Göçtur Tourism Investment and Trade Inc., Pine Bay Holiday Resort Hotel ("Migration"); to process personal data in accordance with the regulations of The Personal Data Protection Act no. 6698 (the "Law"). Violation of the law will be dealt with seriously by Göçtur and will be evaluated within the scope of regulatory provisions and disciplinary procedures. For the purposes of the law, the following definitions will be based on:
1.1.1. Personal Data: Any information about a specific or ideterminable real person;
1.1.2. Processing of Personal Data: Any transactions taken on data such as obtaining, recording, storing, storing, modifying, reorganization, disclosure, transfer, transfer, transfer, inherit, make available, classify or prevent the use of Personal Data by means that are completely or partially automated or are not automated as part of any data registration system
1.1.3. Special Quality Personal Data: Biometric and genetic data on persons' race, ethnicity, political thought, philosophical belief, religion, sect or other beliefs, clothing, association, foundation or union membership, health, sex life, criminal conviction and security measures;
1.1.4. Data Manager: Any real or legal person responsible for establishing and managing the data registration system, which determines the purposes and means for processing personal data, and Migration;
1.1.5. Data Processing: A third real or legal person who processes Personal Data on his behalf based on the authority granted by Göçtur;
1.1.6. Data Owner: The person with the actual personal data processed;
1.1.7. Data Registration System: The registration system in which personal data used by Göçtur is structured and processed according to certain criteria;
1.1.8. Board: Personal Data Protection Board;
1.1.9. Institution: Personal Data Protection Authority;
1.1.10. Law: The Personal Data Protection Act no. 6698, dated April 7, 2016 and published in the Official Gazette no. 29677.
1.2. With this Policy, Migration aims to inform the Data Owner and its contents are as follows:
1.2.1. Content and categories of Personal Data collected by Göçtur; use and transfer options;
1.2.2. Ways in which Personal Data is processed;
1.2.3. Ways in which Personal Data is retained; 1.2.4. Rights of Personal Data Holders;
1.2.5. Measures taken to protect Personal Data; 2. Principles for The Processing of Personal Data
2.1. The purpose of Göçtur is the registration of the relevant trade registry directorate and the entire purpose specified in the original contract declared.
2.2. In relation to the purpose of Migration; Personal Data that may be collected and processed from Board Members, customers, visitors, website users, employees, branches, third party agents, suppliers and their officials is listed below and this list may be expanded for Migration purposes. (The Following Personal Data varies by Data Owner contact group):
2.2.1. Identification card, driver's license, passport, registration sample, information on military status and nationality, passport photo, residence certificate and/or physical or digital surrogates;
2.2.2. Bank account information, billing information, credit card information;
2.2.3. Tax office information, tax number, tax deduction certificate;
2.2.4. Date of birth and place of birth information, parents' names;
2.2.5. Contact information, business card, etc. of all kinds of addresses, telephones, e-mails, etc.;
2.2.6. General health report, document that shows blood type scorecards or blood type, information of drugs used continuously, hepatitis-b and HIV HBS test results, lung film report, portor examination result document, disability, disability, disability health report, disability card and other documents and information on these documents;
2.2.7. The first and last name of the employee's dependents;
2.2.8. Contact information of the data owner regarding the emergency person;
2.2.9. Learning status and foreign grammar, diploma/ professional certificate surrogates
2.2.10. Photo and video recordings taken at events such as presentation, training, meeting, seminar, animation, etc. and recorded for security reasons;
2.2.11. Various information regarding criminal convictions and security measures, including criminal record;
2.2.12. Employee workplace entry and exit records and face scanning;
2.2.13. Social Security Institution number;
2.2.14. Vehicle license plate;
2.2.15. Any official document confirming the data owner's signature;
2.2.16. Website login, login and navigation information, password and password information, IP address;
2.2.17. Room number, information of the persons staying with;
2.2.18. Legal dispute information
2.3. Göçtur undertakes to process Personal Data only within the framework of the purposes and basis set out below, with the exceptions held in KVKK md. 5(2)(c);
2.3.1. Delivery of accommodation;
2.3.2. Newsletter subscription;
2.3.3. Pool and aquapark service;
2.3.4. The delivery of restaurants and catering services;
2.3.5. Conducting the necessary business and operational processes in order to benefit from the products and services offered;
2.3.6. Customer satisfaction, quality control, management of feedback processes, management of customer relations;
2.3.7. Conducting the necessary works and business processes for the privatisation and issuance of products and services;
2.3.8. To make the necessary efforts to recommend and promote the products and services offered to individuals by customizing them according to the likes, usage habits and needs of the persons of their own;
2.3.9. Operations and promotion allotments and campaign arrangements;
2.3.10. Organization of events such as weddings, invitations, congresses, seminars, trainings, meetings, etc.;
2.3.11. Use of previously obtained data in renewed transactions;
2.3.12. Resolution of commercial and/or legal disputes;
2.3.13. Transfer of data to domestic servers for the purpose of ensuring data security, archive, backup, statistical and security of data;
2.3.14. Management of external and internal audit, accounting, tax processes;
2.3.15. Provision of internal data transfer;
2.3.16. Future commercial and organizational planning, implementation of integrated management system;
2.3.17. Follow-up of past studies;
2.3.18. Ensuring order and control, management, compliance at work;
2.3.19. Planning and execution of human resources processes, conducting the activities of employees; managing the recruitment process and facilitating the process process;
2.3.20. Delivery of THE SERVICE,
2.3.21. Marketing, development of new products and services,
2.3.22. Management and execution of advertising, campaigns, promotional processes, execution of promotional activities;
2.3.23. Execution of communication activities, sending congratulatory messages and emails on national and religious holidays and special days,
2.3.24. Conducting marketing analysis studies;
2.3.25. Development of products and services, execution of works in this direction;
2.3.26. Collection with Virtual Pos;
2.3.27. Execution, planning, infrastructure of information security processes;
2.3.28. Ensuring the safety of physical space;
2.3.29. Creation of visitor records;
2.3.30. Ensuring the safety of fixtures and/or resources;
2.3.31. Ensuring the security of corporate operations; 3. Data Collection Method Migration will collect Personal Data in the following ways:
3.7. The website and social media accounts of Göçtur and its branches, Virtual Environments;
3.8. Through tourism agencies physically and/or digitally;
3.9. Hand delivery;
3.10. Contracts, application forms.
4. Processing and Transfer Permit
4.1. Domestic Processing and Transfer: Migration's processing of Personal Data domestically and transferring it to third real and legal persons is possible with the clear consent of the person (Data Owner) and will only be carried out in the presence of the following conditions:
4.1.1. As expressly stipulated in the law;
4.1.2. The person who is in a position to explain his consent due to actual impossibility or who has no legal validity for his or her consent must be required to protect the life or body integrity of himself or someone else;
4.1.3. The processing of Personal Data belonging to the parties to the contract is necessary, as long as it is directly related to the establishment or performance of a contract;
4.1.4. It is mandatory for Göçtur to fulfill its legal obligations;
4.1.5. The person concerned has been made a name for himself or her;
4.1.6. Data processing is mandatory for the facility, use or protection of a right;
4.1.7. The processing of data for the legitimate interests of Migration and/or other Data Officer is mandatory, without harming the fundamental rights and freedoms of the person concerned.
4.2. Processing and Transferring Specially Qualified Personal Data:
4.2.1. Göçtur may only process and transfer privately qualified Personal Data at home with the clear consent of the Data Holder.
4.2.2. Personal Data not related to health and sex life may be processed without the clear consent of the person in accordance with the law.
4.2.3. Personal Data on health and sex life may only be processed without the clear consent of persons or competent institutions and organizations under the obligation to keep secrets for the purpose of protecting public health, preventive medicine, medical diagnosis, the execution of treatment and care services, planning and management of health services and financing.
4.3. Processing and Transfer of Personal Data Abroad:
4.3.1. Migration is only with the clear consent of the Data Owners to process and transfer Personal Data abroad.
4.3.2. Migration above
The availability of the terms set forth in 4.1. and 4.2. and the presence of the following in the foreign country to which personal data will be transferred may transfer Personal Data abroad without the clear consent of the Data Owner;
4.3.3. Adequate protection in the foreign country to which personal data will be transferred;
4.3.4. In the event that there is not sufficient protection, Göçtur and its data persons in the relevant foreign country may transfer Personal Data abroad if they undertake an adequate protection in writing and the Board has permission.
4.3.5. In cases where the interests of Turkey or the relevant Data Holder will be severely damaged, except with the opinion of the relevant public institution or institution, it may be transferred abroad with the permission of the Board.
5. Security of Personal Data
5.1. Migration will ensure the security of Personal Data for the following purposes and will take all necessary technical and administrative measures to ensure the appropriate level of security for these purposes:
5.1.1. Prevent unlawful processing of Personal Data;
5.1.2. Prevent unlawful access to Personal Data;
5.1.3. To ensure the protection of Personal Data
5.2. Migration, in the case of the processing of Personal Data by another legal entity on its behalf,
5.1. Together with these other Data Processers, it is jointly responsible for taking the measures set out in section 5.1.
5.3. Migration must do or do the necessary inspections in its own institution or organization in order to ensure the implementation of the provisions of the Law.
5.4. Those who process data through Migration may not explain the Personal Data they have learned to anyone other than for the purpose of processing it, contrary to the provisions of the Law. This obligation continues after the end of their duties.
5.5. If the Personal Data processed is obtained by others by unlawful means, Göçtur will report this to the Data Owner and the Board within 72 hours. The Board may declare this situation on its website or in any other way it may see fit if it is appropriate.
6. Data Owner's Rights
6.1. Everyone has the following rights regarding him by applying to Göçtur.
6.1.1. Find out if your Personal Data has been processed;
6.1.2. Request information about personal data if processed;
6.1.3. To find out the purpose for which personal data is being processed and whether it is being used in accordance with their purpose;
6.1.4. Knowing the third parties to which Personal Data is transferred at home or abroad;
6.1.5. Request correction of Personal Data if it is incomplete or incorrectly processed;
6.1.6. Request the deletion or destruction of Personal Data within the framework of KVKK m. 6;
6.1.7. Request that transactions made in accordance with sections m. 6.1.5. and m. 6.1.6 of this Policy be reported to third parties to which Personal Data is transferred;
6.1.8. Object to the emergence of a result against the Data Owner itself by analyzing the Processed Personal Data exclusively through automated systems and
6.1.9. Claim to remedy damages if personal data is damaged by unlawful processing.
6.2. In order to use the rights set out in 6.1.
6.2.1. to firstname.lastname@example.org address, via e-mail; or 6.2.2. "Bayraklidede Mah. Kuştur Cd. No:25 09400 Kusadasi / Aydin / Turkey" address by mail. 7. Measures for The Accurate and Current Preservation of Personal Data Migration maintains Personal Data accurately and up-to-date in the following ways:
7.1. Daily backups;
7.3. Antivirus programs;
7.4. Restrictions on encryption systems and powers in virtual media access;
7.5. Card, keyed and encrypted entry systems to rooms and cabinets;
7.6. Confidentiality agreements and privacy undert underties
8. Changes to the Personal Data Protection Policy are Migration, which may make changes to this Policy to the extent required by activities or from a legal point of view. The text of the Policy, which has undergone such http://www.pinebay.com/ with the sharing of the text on the website.