KVKK
Purpose of Data Protection Storage and Destruction Policy
The main purpose of this policy is to make statements about the personal data processing activities carried out by our COMPANY in accordance with the law and the systems adopted for the protection of personal data, and in this context, to inform our guests, employees, employee candidates, company shareholders, company officials, visitors, and the institutions we cooperate with. To ensure transparency by informing people whose personal data are processed by our COMPANY, especially employees, shareholders, officials and third parties.
Scope of Data Protection Storage and Destruction Policy
2.1 Regarding the processing and protection of personal data, both national laws and duly put into effect international agreements will primarily be applicable. In case of incompatibility between the legislation in force and this policy, the COMPANY accepts that the applicable legislation will be applicable.
2.2 This policy applies to all personal data of our guests, employees, employee candidates, COMPANY shareholders, COMPANY officials, visitors, employees of the institutions we cooperate with, shareholders, officials and third parties processed automatically or non-automatically, provided that they are part of any data recording system. It's about you.
2.3 The scope of application of this policy regarding personal data owners in the groups mentioned above may be the entire policy (for example, our prospective employees who are also our visitors); There may also be only some provisions (for example, only our visitors).
2.4 Personal data anonymized for statistical evaluations or studies, personal data whose source cannot be identified, and data regarding legal entities are not considered personal data and are not subject to this policy.
2.5 This policy may be updated from time to time. Therefore, we kindly ask you to visit www.grandhotelderin.com regularly to access the most current version of the policy.
Definitions
Law/KVKK: Personal Data Protection Law No. 6698 dated 24/3/2016.
Board/Institution: Personal Data Protection Board/Personal Data Protection Authority.
Personal Data: Any information regarding an identified or identifiable natural person.
Relevant Person: Person whose personal data is processed.
Explicit Consent: Consent regarding a specific subject, based on information and obtained with free will.
Anonymization: Making personal data impossible to associate with an identified or identifiable natural person in any way, even by matching it with other data.
Deletion of Personal Data: Deletion of personal data; making personal data inaccessible and unusable in any way for Relevant Users.
Destruction of Personal Data: The process of making personal data inaccessible, irretrievable and unusable by anyone.
Processing of Personal Data: Obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making available personal data by fully or partially automatic or non-automatic means provided that it is part of any data recording system, Any action performed on data, such as classifying or preventing its use.
Data processor: Natural or legal person who processes personal data on behalf of the data controller, based on the authority given by the data controller.
Data Controller: The natural or legal person who determines the purposes and means of processing personal data and is responsible for establishing and managing the data recording system.
Personal Data of Special Qualification: Data regarding individuals' race, ethnic origin, political thought, philosophical belief, religion, sect or other beliefs, appearance and attire, association, foundation or union membership, health, sexual life, criminal conviction and security measures, as well as biometric data and genetic data.
Disclosure Obligation: During the acquisition of personal data, the data controller or the person authorized by him/her shall inform the relevant persons; Providing information about the identity of the data controller and his representative, if any, the purpose for which personal data will be processed, to whom and for what purpose the processed personal data can be transferred, the method and legal reason for collecting personal data, and other rights listed in Article 11 of the Law.
Elektra: Front office, accounting and purchasing automation system that includes customer data.
Destruction Policy: The policy on which data controllers base the process of deleting, destroying and anonymizing personal data and determining the maximum period required for the purpose for which they are processed.
Recording Medium: Fully or partially automatic or any data recording system