SAREMA TURİZM İNŞAAT SANAYİ VE TİCARET A.Ş

POLICY FOR PROTECTION AND PROCESSING OF PERSONAL DATA

This document explains what is the policy for the protection and processing of personal data that must be known for the User / Users who will use the website www.midtown-hotel.com and the person / person who will be staying, and such document was issued by SAREMA TURİZM İNŞAAT SANAYİ VE TİCARET A.Ş. and the effective date of this document is 03 May 2018.

SECTION 1- INTRODUCTION

1.1 INTRODUCTION

Protection of personal data is among our Company’s top priorities. The most important stance of this subject is that it is governed by this policy; the protection and processing of our customers, our potential customers, our employee candidates, company shareholders, company officials, visitors together with employees, shareholders and authorities of the corporations we are in cooperation with, and third parties’ personal data.

According to Turkey’s Constitution, everyone has the right to the protection of personal data regarding himself/herself. On the protection of personal data, which is a constitutional right, SAREMA TURİZM İNŞAAT SANAYİ VE TİCARET A.Ş that is governed by this policy demonstrates the importance of protecting the personal data of its customers, potential customers, employee candidates, company shareholders, company officials, visitors together with employees, shareholders and authorities of the corporations we are in cooperation with, and third parties, and brings this into a Company policy.   

In this scope, necessary administrative and technical measures are taken by SAREMA TURİZM İNŞAAT SANAYİ VE TİCARET A.Ş in order to protect the personal data processed in accordance with the relevant legislation.

In this Policy, detailed explanations of the basic principles adopted by SAREMA TURİZM İNŞAAT SANAYİ VE TİCARET A.Ş. in the processing of personal data will be given below:

Processing personal data in accordance with the law and honesty rules,

Keeping personal data accurate and up-to-date, if necessary,

Processing of personal data for specific, clear and legitimate purposes,

Limited and measured processing of personal data in connection with the purpose for which it is processed,

Keeping personal data for the time required for the purposes for which they are prescribed in the relevant legislation or for the purpose of their employment,

Enlightening and informing personal data owners,

Setting up the system to use the rights of personal data owners,  

Taking necessary precautions in the protection of personal data,

Transferring personal data to third parties in line with the requirements of the purpose of processing, acting in accordance with the relevant legislation and regulations of the KVK Council,

Demonstrating the necessary sensitivity to the processing and protection of personal data of a specific nature.

1.2 PURPOSE OF POLICY

The main purpose of this Policy is to provide explanations on the systems adopted by SAREMA TURİZM İNŞAAT SANAYİ VE TİCARET A.Ş. for the personal data processing activities carried out in accordance with the law and for the protection of personal data, and to ensure transparency by informing the person whose personal data are processed by our Company especially our customers, potential customers, employee candidates, company shareholders, company officials, visitors together with employees, shareholders and authorities of the corporations we are in cooperation with, and third parties.

1.3 SCOPE  

This Policy relates to all personal data processed in a non-automatic manner as part of an automated or any data recording system including our customers, our potential customers, employee candidates, company shareholders, company officials, visitors together with employees, shareholders and authorities of the corporations we are in cooperation with, and third parties.

The scope of implementation of this Policy for the groups of personal data holders in the above categories may be the whole Policy (e.g. our Active Customers who are also our visitors); it may only be a part of the provisions (such as our Visitors only).

1.4 IMPLEMENTATION OF POLICY AND RELEVANT LEGISLATION

Relevant statutory regulations in force in the processing and protection of personal data will be implemented in advance. If there is a discrepancy between the applicable legislation and the Policy, our Company will agree that the applicable legislation will be implemented.

The policy was established in accordance with the rules laid down by the relevant legislation and embodied within the scope of SAREMA TURİZM İNŞAAT SANAYİ VE TİCARET A.Ş. Our Company carries out the necessary systems and preparations to comply with the period of validity stipulated in the Law on the Regulations of the KVK. (See ANNEX-3)

1.5 ENFORCEMENT OF POLICY

This policy was organized by our company on May 3, 2018. The date of enforcement of the Policy will be updated in the event that all or some Articles of the Policies are renewed.

The policy is published on our Company’s website (https://www.midtown-hotel.com) and is made available to the relevant parties upon request of the personal data owners.

SECTION 2  POINTS FOR PROTECTION OF PERSONAL DATA

In accordance with Article 12 of the KVK Law, Our Company takes the necessary technical and administrative measures aimed at ensuring appropriate safety level so as to prevent unlawful processing of personal data that is being processed, to prevent illegal access to data and to provide safeguarding of data; and within this scope, makes or takes the necessary inspections.

2.1. ENSURING SECURITY OF PERSONAL DATA

Our Company takes the necessary legal, technical and administrative precautions on data security in the following points and shows the highest level of attention and sincerity in this respect. The actions and measures taken by our Company to ensure “data security” in accordance with Article 12 of the KVK Law are given below.

Our Company takes technical and administrative measures according to technological facilities and cost of implementation to ensure that personal data is processed in accordance with the law. Employees are informed that they will not be able to disclose personal data they have learned to others in violation of the provisions of the KVK Law and those cannot be used for purposes other than for the purpose of processing, and that this obligation will continue after leaving the office and necessary commitments are taken in this direction.

Our Company takes technical and administrative measures according to the quality of the protected area, technological facilities and cost of implementation so as to prevent unauthorized or imprudent disclosure of personal data, access, transfer, or other illegal access in other forms.

Our Company is increasing awareness in the presence of data processing organizations such as business partners and suppliers, where personal data is transferred regarding the prevention of illegal processing of personal data, the prevention of illegal access to data, and the provision of legal safeguards for data and aims at performing activities of personal data processing in accordance with KVK Law in terms of business partners and suppliers.

The obligation of our company to comply with personal data as a data responsibility and the obligation to comply with the legal, administrative and technical measures developed in this respect is contractually charged in accordance with the nature of the activity carried out by the Company in data processing to the data processing institutions, which are related to various attributes such as suppliers, business partners.

Our Company takes the necessary technical and administrative measures according to technological facilities and cost of implementation to prevent personal data from being stored in safe environments and to be destroyed, lost or altered by unlawful purposes.

In accordance with Article 12 of KVK Law, Our Company performs or carries out the necessary inspections within its organization. These audit results are reported within the scope of internal operations of the Company and necessary activities are being carried out to improve the measures taken.

If the processed personal data is obtained by others in unlawful ways, our Company conducts the system in order to immediately notify the relevant personal data owner and the KVK Council in accordance with Article 12 of KVK Law.

2.2. OBSERVING DATA OWNER RIGHTS; FORMATION OF CHANNELS TO TRANSMIT THESE RIGHTS TO OUR COMPANY AND EVALUATION OF REQUESTS MADE BY DATA OWNERS

Our Company carries out the necessary channels, internal operations, administrative and technical regulations in accordance with Article 13 of the KVK Law for the evaluation of the rights of personal data owners and for the provision of necessary information to the personal data owners.

If the personal data owners submit their requests for the rights listed below to our Company in writing, our Company concludes the request as soon as possible and within thirty days at the latest free of charge according to the nature of the request. However, if the transaction also requires a cost, the fee will be charged by our Company at the rate determined by the KVK Council.

Personal data owners are entitled;

To learn whether personal data is processed or not,

To request information about personal data if it has been processed,

To learn the purpose of processing personal data and whether they are used appropriately for their purpose,

To know the third parties to which personal data are transferred in Turkey or abroad,

To request correction of personal data if it is incomplete or improperly processed, and requesting that the process carried out in this context be notified to the third party to whom personal data are transmitted,

To request that personal data be deleted or destroyed, and requesting that third parties be notified of the processing carried out in this context in the event that the reasons for the processing have been dismissed despite the fact that it has been processed in accordance with the provisions of the KVK Law and other related laws,

To raise objection against the emergence of a consequence for the person himself by analyzing processed data exclusively through automated systems,

To demand that damages be eliminated in the event of a corruption due to the processing of personal data in violation of the law,

You should submit your request for the use of your abovementioned rights in accordance with the first paragraph of Article 13 of the Law on Protection of Personal Data to our Company by “written” or other methods established by the Board of Personal Data Protection.

Since the Board of Personal Data Protection has not set any method at this stage, you should submit your application to our Company in writing in accordance with the provisions of the Supervisory Act.  

In order to use your rights as set out above, the fact that you submit your request to us along with your identification of your identity and your clarification of your right to use by specifying which of your rights referred to in Article 11 of the Act relates to its use, shall ensure that your application for your request is answered more quickly and effectively.

In this context, the channels and procedures you will submit in writing to the application in the scope of using the rights of the same article in the 11th article mentioned above are explained below by our Company based on Article 13 of the Law on the Protection of Personal Data.

You can submit your request containing your explanations of your right to use the rights set out in Article 11 of the KVK Law by filling a form available at https://www.midtown-hotel.com accompanied with the copy of the signed form personally by hand to the address of SAREMA TURİZM İNŞAAT SANAYİ VE TİCARET A.Ş located in Taksim Kocatepe Mah. Lamartin Cad. No:13-12 Beyoğlu İstanbul along with documents certifying your identity, via Notary or other methods stated in KVK Law or you can submit related form to info@midtown-hotel.com with a safe electronic signature.  

2.3 PROTECTION OF SPECIFIC PERSONAL DATA

With KVK Law, special importance has been given to a number of personal data because of the risk of causing victimization or discrimination against persons when they are processed illegally.

These data are biometric and genetic data with respect to race, ethnicity, political thought, philosophical belief, religion, sect or other beliefs, costume and clothing, associations, foundations or trade union membership, health, sexual life, criminal conviction and security measures.

Our Company is sensitive to the protection of private personal data which is determined as “specific” by KVK Law and processed in accordance with the law. In this context, the technical and administrative measures taken by our Company for the protection of personal data are carefully applied with respect to personalized personal data and necessary controls are provided.

2.4 ENLIGHTENING AND INFORMING PERSONAL DATA OWNER

Our Company, in accordance with Article 10 of the Corporate Tax Law, enlightens personal data owners during the acquisition of personal data. In this context our company, during the acquisition of personal data, provides personal data owners with information about the rights of our company, the identity of our Company, the purposes for which personal data are to be processed, for whom and for what purpose personal data can be transferred, the method and legal reason for collecting personal data and the personal data owner’s rights under Article 11 of the KVK Law.

Article 20 of the Constitution states that everyone has the right to be informed about their own personal data. In this respect, “requesting information” among the rights of the personal data owner in the 11th Article of the KVK Law was also considered. In this context, our company provides the necessary information in case the personal data owner requests information in accordance with the 20th article of the Constitution and the 11th Article of the KVK Law.

Our company provides information on personal data processing activities to the relevant parties and provides accountability and transparency in this context by means of publicizing all the issues in the KVK Law with various publicly open documents, especially the policy document related to the personal data owners that are involved in the personal data processing activity in accordance with the rule of “Law and Honesty”. In addition, our Company has informed the related persons about their own activities and the subjects in the law in many different ways principally referring to the “explicit consent” of the persons.

SECTION 3– POINTS RELATED TO PROCESS PERSONAL DATA

In accordance with Article 20 of the Constitution and Article 4 of the KVK Law, our Company is committed to the rules of law and honesty, accurate, and up-to-date when necessary, current, specific, clear and legitimate aims in the processing of personal data and engages in personal data processing in a limited, measured manner linked to the purpose. Our company maintains personal data for as long as it is required by law or for the purpose of processing personal data.

In accordance with Article 20 of the Constitution and Article 5 of the KVK Law, our Company processes personal data on the basis of one or more of the conditions set out in Article 5 of the KVK Law on the Processing of Personal Data.

Our company complies with the regulations envisaged for the processing of specific personal data in accordance with Article 6 of the KVK Law.

In accordance with Articles 8 and 9 of KVK Law, our Company is in compliance with the regulations stipulated in the law regarding the transfer of personal data and set forth by the KVK Council.

3.1. PROCESSING OF PERSONAL DATA IN ACCORDANCE WITH PRINCIPLES PRESCRIBED BY LEGISLATION

3.1.1. Processing in accordance with Law and Honesty Rule

Our company acts in accordance with the principles of legal regulation in the processing of personal data and the principle of general trust and honesty. In this context, our Company takes into account the proportionality requirements in the processing of personal data and does not use personal data except as required by the purpose.

3.1.2. Ensuring Personal Data Accurate and Up-to-date If Necessary

Our company ensures that the personal data it processes are accurate and up-to-date, taking into account the fundamental rights of the personal data owners and their legitimate interests. It takes the necessary precautions in this direction.

3.1.3. Processing with Specific, Open and Legitimate Purposes

Our company clearly and precisely defines the purpose of processing lawful and legitimate personal data. Our company operates as much as is necessary for and linked to the service it is providing personal data. The purpose of our personal data to be processed by our company is yet to be set out before personal data processing activity begins.

3.1.4. Connected, Limited and Restrained with the Purpose Processed

Our company processes personal data in a manner that is conducive to the achievement of the stated objectives and avoids the processing of personal data that is not relevant or not required to be performed.For example, personal data processing activities are not conducted to meet the needs that may arise later.

3.1.5. Preservation up to the time required for the purpose for which it is processed or related to the relevant legislation

Our company retains personal data only for the period of time required for the purpose for which it is stated or covered in the applicable legislation. In this context, our Company determines that it is not foreseen for a certain period of time in order to store personal data in the related legislation and if it is determined for a certain period of time, behaves in accordance with this period, and if not specified for a period of time, keeps personal data for the time required for the purpose for which it is being processed. In the event that reasons requiring termination of period or processing are eliminated, personal data are deleted, destroyed or anonymized by our Company.

3.2. PROCESSING PERSONAL DATA BASED ON ONE OR MORE OF PERSONAL DATA PROCESSING CONDITIONS SPECIFIED ON ARTICLE 5 OF KVK LAW AND LIMITED PROCESSING OF THE SAME BASED ON THESE CONDITIONS

Protection of personal data is a constitutional right. Fundamental rights and freedoms, without disturbing their essence, may only be limited by law, subject to the circumstances set forth in the relevant articles of the Constitution. Pursuant to the third paragraph of Article 20 of the Constitution, personal data may only be processed in the cases provided for in the law or with the explicit consent of the person. Our company processes personal data in this direction and in accordance with the Constitution, but only in the circumstances provided for in the law or with the explicit consent of the person.

The explicit consent of the owner of the personal data is only one of the legal protections that make it possible for the personal data to be processed in accordance with the law. Except for explicit consent, personal data may be processed in the presence of one of the other conditions listed below. The personal data processing activity may be dependent only on one of the conditions specified below, and more than one of these conditions may be the basis for the same personal data processing activity. If the processed data is personal data of a special nature; the following conditions apply.

Although the legal basis for the processing of personal data by our Company varies, all personal data processing activities are carried out in accordance with the general principles set forth in Article 4 of Law No. 6698 (see Section 3.1).

  • Existing of Open Consent of Personal Data Owner  

One of the conditions for the processing of personal data is the explicit consent of the owner. The explicit consent of the owner of the personal data must be explained on a specific matter, on an informed basis and in a free will.

In order for personal data to be processed in accordance with the explicit consent of the personal data owner, explicit consent is taken from customer, potential customer and visitors with relevant methods.

  • Explicit Provision in Laws

The personal data of the data owner may be processed legally if it is expressly provided in the law.   

  • Failure To Take The Explicit Consent Of The Relevant Person Due To Actual Impossibility

If it is compulsory to process the personal data in order to protect the integrity of the life or body of the person himself  or someone else who is unable to explain his reason due to actual impossibility or who cannot be granted validity for his consent, the personal data of the data owner can be processed. Example: Blood group information of a fainted customer is given to doctors by his friends.

  • Being Directly Interest In Issuance or Performance of The Contract

Personal data may be processed if it is necessary to process personal data of the parties to the contract, provided that it is directly related to the issuance or performance of the Contract.

  • Fulfilling the Legal Liability of the Company

If our company is obliged to fulfill its legal obligations as a data responsibility, the personal data of the data owner can be processed.

  • Publicizing Personal Data of Personal Data Owner

If personal data are publicized by the data owner, relevant personal data can be processed.

  • Mandatory Data Processing for the Establishment or Protection of a Right If data processing is mandatory for the establishment, use or protection of a right, the personal data of the data owner may be processed.
  • Compulsory Data Processing for the Legitimate Interest of our Company The personal data of the data owner may be processed if the data processing for our Company’s legitimate interests is compulsory provided that the fundamental rights and freedoms of the data owner are not harmed. 

3.3. PROCESSING SPECIFIC PERSONAL DATA

Our company is sensitive to the regulations stipulated in the KVK Law for the processing of personal data determined as “specific” by KVK Law.

In Article 6 of the Law on KVK, a number of personal data bearing the risk of causing victimization or discrimination of persons when committed illegally were identified as “specific”. These data are biometric and genetic data with respect to race, ethnicity, political thought, philosophical belief, religion, sect or other beliefs, costume and clothing, associations, foundations or trade union membership, health, sexual life, criminal conviction and security measures.

Specific personal data are processed by our Company in accordance with KVK law in the following situations providing that sufficient prcautions are taken to be determined by KVK Council:

If the personal data owner has an explicit consent or

If the personal data owner does not have an explicit consent;

  • Specific personal data of personal data owner except health and sexual life, in the manners prescribed by law,
  • Specific personal data of personal data owner except health and sexual life are processed for the purpose of public health protection, preventive medicine, medical diagnosis, treatment and maintenance services, planning and management of health care financing by persons who are under obligation to keep secrets or by authorized institutions and organizations.

3.4. TRANSFER OF PERSONAL DATA

Our company is able to transfer the personal data of the personal data holder and personal data of the personal data to the third persons (third party companies, group companies, third party persons) by taking necessary security measures in line with the legal personal data processing purposes.

In this respect, our company complies with the regulations set out in Article 8 of the KVK Law.

  • Transferring Personal Data Abroad

Our company is able to transfer the personal data of the owner of the personal data and the private personal data of the personal data to the third parties by taking necessary security measures in accordance with the legal purposes of processing personal data. Personal data are transferred by our Company to foreign countries (“Foreign Countries Having Enough Protection”) announced by KVK Council to have enough protection or in case there is no enough protection, such data are transferred to foreign countries committed in writing of sufficient protection by data supervisors in Turkey and relevant foreign countries (“Foreign Country where data supervisor committing sufficient protection is located”) and the ones permitted by KVK Council. In accordance with this regulation, our Company complies with the regulations set out in Article 9 of the KVK Law.

SECTION 4 –CATEGORIZATION, PROCESSING PURPOSES AND PRESERVATION PERIODS OF PERSONAL DATA PROCESSED BY OUR COMPANY

In accordance with Article 10 of the KVK Law, our company notifies personal data on which personal data groups the personal data are processed within the scope of the disclosure obligation, the purpose of processing personal data of the personal data owner and the preservation periods.

4.1. CATEGORIZATION OF PERSONAL DATA

In the presence of our Company in line with the personal data processing purposes of our Compay in accordance with legality and law,  based on one or more of the personal data processing requirements set forth in Article 5 of the KVK Law principally the principles stated in Article 4 related to processing of personal data, below mentioned personal data are processed by informing relevant persons in accordance with Article 10 of KVK Law by complying with general principles stated in KVK Law and all obligations regulated by KVK Law and limited to periods within the scope of this Policy (Customer, Potential Customer, Group Company Customer, Employee Candidate, Company Shareholder, Company Official, Visitor,Employees, Shareholders and Authorities of Institutions we are in cooperation, Third Party). It is also stated in Chapter 5 of this Policy that the personal data processed in these categories are related to which data owners are organized under this Policy.

PERSONAL DATA CATEGORIZATION DESCRIPTION ON PERSONAL DATA CATEGORIZATION
Identity Information These are the data where there is information about the identity of the person which is clear that the identity belongs to a real person of particular or identifiable nature, that are processed partially or fully automatically or processed non-automatically as part of the data recording system; name-surname, T.R. identity number, nationality information, driver’s license including mother’s name-father’s name, place of birth, date of birth, gender, birth certificate and passport, tax number, SSI number, signature information, vehicle plate
Communication Information These are the data where there is information about the identity of the person which is clear that the identity belongs to a real person of particular or identifiable nature, that are processed partially or fully automatically or processed non-automatically as part of the data recording system; telephone number, address, e-mail, fax number, IP address
Location Information These are the data where there is information about the identity of the person which is clear that the identity belongs to a real person of particular or identifiable nature, that are processed partially or fully automatically or processed non-automatically as part of the data recording system; 12 locations operated by the Company’s business units of the personal data owner, travel data, etc.
Customer Information These are the data where there is information about the identity of the person which is clear that the identity belongs to a real person of particular or identifiable nature, that are processed partially or fully automatically or processed non-automatically as part of the data recording system; information obtained and produced about the business of our company as a result of the business activities of our company and the operations carried out by our business units in this framework
Family Members and relative information These are the data where there is information about the identity of the person which is clear that the identity belongs to a real person of particular or identifiable nature, that are processed partially or fully automatically or processed non-automatically as part of the data recording system; Within the framework of operations carried out by business units,information about the family members (eg spouse, mother, father, child) and relatives of the personal data owner in order to protect the legal and other interests of the Company and the personal data owner regarding the products and services provided by the Group Companies
Physical Location Security Information These are the data where there is information about the identity of the person which is clear that the identity belongs to a real person of particular or identifiable nature, that are processed partially or fully automatically or processed non-automatically as part of the data recording system; personal data on records and documents taken during stay in the physical space when entering the physical space; camera recordings, fingerprint recordings, and security recordings.
Financial Information These are the data where there is information about the identity of the person which is clear that the identity belongs to a real person of particular or identifiable nature, that are processed partially or fully automatically or processed non-automatically as part of the data recording system; Data such as bank account number, IBAN number, credit card information, financial profile, property data, revenue information, etc. related to the information, documents and records showing any kind of financial result created according to the type of legal relationship that the company has established with the personal data owner
Audio / Visual Information These are the data where there is information about the identity of the person which is clear that the identity belongs to a real person of particular or identifiable nature,; photographs and camera recordings (except records entered under Physical Location Security Information), voice recordings, and copies of documents containing personal data
Personal Information These are the data where there is information about the identity of the person which is clear that the identity belongs to a real person of particular or identifiable nature, that are processed partially or fully automatically or processed non-automatically as part of the data recording system; Any personal data processed to obtain information that is essential for the creation of personal rights of real persons in working relationship with the Company
Specific Personal Information These are the data where there is information about the identity of the person which is clear that the identity belongs to a real person of particular or identifiable nature, that are processed partially or fully automatically or processed non-automatically as part of the data recording system; (Eg health data including blood group, biometric data, religion, and information of association members), as indicated in Article 6 of the KVK Law,
Transaction Security Information These are the data where there is information about the identity of the person which is clear that the identity belongs to a real person of particular or identifiable nature, that are processed partially or fully automatically or processed non-automatically as part of the data recording system; personal data processed to provide our technical, administrative, legal and commercial security while conducting our business activities
Legal Transaction and Compliance Information These are the data where there is information about the identity of the person which is clear that the identity belongs to a real person of particular or identifiable nature, that are processed partially or fully automatically or processed non-automatically as part of the data recording system; hukuki alacak ve haklarımızın tespiti, takibi ve borçlarımızın ifası ile kanuni yükümlülüklerimiz ve Şirket’in politikalarına uyum kapsamında işlenen kişisel verileriniz
Marketing Information These are the data where there is information about the identity of the person which is clear that the identity belongs to a real person of particular or identifiable nature, that are processed partially or fully automatically or processed non-automatically as part of the data recording system; personal data processed for the customization and marketing of our products and services according to the usage habits, likes and needs of the personal data owner and the reports and evaluations created according to the results of these processes
Demand / Complaint Management Information These are the data where there is information about the identity of the person which is clear that the identity belongs to a real person of particular or identifiable nature, that are processed partially or fully automatically or processed non-automatically as part of the data recording system; Personal data on the receipt and assessment of any claims or complaints directed at the Company

4.2. PROCESSING PURPOSES OF PERSONAL DATA

The Company processes personal data limited to the purposes and conditions in the personal data processing conditions set forth in Clause 2 of Article 5 and Clause 3 of Article 6. These aims and conditions are as follows;

  • Clearly prescribing the involvement of SAREMA TURİZM İNŞAAT SANAYİ VE TİCARET A.Ş in the processing of personal data in the Act
  • The fact that the processing of personal data by SAREMA TURİZM İNŞAAT SANAYİ VE TİCARET A.Ş. is directly related to and required by the issuance or performance of a contract
  • The processing of personal data is compulsory for SAREMA TURİZM İNŞAAT SANAYİ VE TİCARET A.Ş to fulfill its legal obligation
  • Provided that personal data is publicized by the personal data owner; limited processing by SAREMA TURİZM İNŞAAT SANAYİ VE TİCARET A.Ş .for the purpose of publicizing the data owner
  • The fact that the processing of personal data by SAREMA TURİZM İNŞAAT SANAYİ VE TİCARET A.Ş. is mandatory for the establishment, use or protection of the rights of SAREMA TURİZM İNŞAAT SANAYİ VE TİCARET A.Ş. or its data holders or third parties
  • The necessity of personal data processing activities for the legitimate interests of SAREMA TURİZM İNŞAAT SANAYİ VE TİCARET A.Ş., provided that it does not damage the fundamental rights and freedoms of the personal data owner
  • The fact that the personal data processing activity by SAREMA TURİZM İNŞAAT SANAYİ VE TİCARET A.Ş. is compulsory for the protection of the personal data owner or the other person’s physical or livelihood integrity and that the personal data owner is unable to explain his consent due to actual or legal invalidation
  • The fact that the personal data holder is prescribed by law in terms of private personal data except health and sexual life
  • In terms of personal data on the personal health of the owner of the data holder and his sexual life, persons or authorities authorized to keep confidential information for the purpose of public health protection, preventive medicine, medical diagnosis, treatment and maintenance services, planning and management of health services and financing, by organizations.

Within this scope, SAREMA TURİZM İNŞAAT SANAYİ VE TİCARET A.Ş. processes your personal data for the following purposes:

  • Planning and implementation of institutional sustainability activities
  • Efficacy management
  • Management of relationships with business partners or suppliers
  • Execution of personnel procurement processes for SAREMA TURİZM İNŞAAT SANAYİ VE TİCARET A.Ş.  (See Annex-4 for the processing of personal data of Employee Candidates)
  • Support for community staff procurement processes
  • Performance and follow-up of Company’s (SAREMA TURİZM İNŞAAT SANAYİ VE TİCARET A.Ş) financial reporting and risk management operations
  • Performance/follow-up of legal procedures of SAREMA TURİZM İNŞAAT SANAYİ VE TİCARET A.Ş.
  • Planning and performing corporate communication activities
  • Performance of corporate management activities
  • Realization of companies and partnership law transactions
  • Demand and complaint management
  • Managing investor relations
  • Giving information to competent institutions through the legislation
  • Creation and follow-up of visitor records

In the event that the processing activity realized with the above mentioned purposes does not meet any of the conditions stipulated by the KVK Law, SAREMA TURİZM İNŞAAT SANAYİ VE TİCARET A.Ş. is provided with an explicit consent of the personal data owner regarding the relevant processing period.

4.3. PRESERVATION PERIODS OF PERSONAL DATA

SAREMA TURİZM İNŞAAT SANAYİ VE TİCARET A.Ş. maintains personal data for the period specified in the relevant legislation if it is foreseen in related laws and regulations.

If the legislation on how long personal data should be kept is not arranged for a period of time, personal Data are processed, deleted, destroyed or anonymized after being processed for the time required for the Company to be processed in accordance with the practices of SAREMA TURİZM İNŞAAT SANAYİ VE TİCARET A.Ş. and its commercial life depending on the activity carried out by SAREMA TURİZM İNŞAAT SANAYİ VE TİCARET A.Ş. Detailed information on this issue is included in Chapter 8 of this Policy.

If personal data comes to an end with the intent to be processed and the related legislation and the preservation periods determined by SAREMA TURİZM İNŞAAT SANAYİ VE TİCARET A.Ş. have come to an end, personal data may only be kept for evidence in case of possible legal disputes or for the provision of the relevant right or defense in respect of personal data.

Although there are time-outs and expiration times for the claim to be made at the establishment of these periods, the preservation periods are determined on the basis of the samples of the requests previously directed to SAREMA TURİZM İNŞAAT SANAYİ VE TİCARET A.Ş. in the same matter. In this case, the personal data stored is not accessed for any other purpose and only when it is necessary to use it in the relevant legal dispute, the personal data is accessed. Here, the personal data are deleted, destroyed or anonymized after the end of the period.

SECTION 5 –CATEGORIZATION OF PERSONAL DATA OWNERS PROCESSED BY SAREMA TURİZM İNŞAAT SANAYİ VE TİCARET A.Ş.

While the personal data of the personal data categories listed below are processed by the Company, the implementation scope of this Policy is limited to Customer, Potential Customer, Group Company Customer, Employee Candidate, Company Shareholder, Company Official, Visitor, Employees, Shareholders and Authorities of Institutions we are in cooperation, Third Party.

While the categories of persons whose personal data processed by SAREMA TURİZM İNŞAAT SANAYİ VE TİCARET A.Ş. are within the above-mentioned scope, the persons not covered by these categories shall direct their requests to SAREMA TURİZM İNŞAAT SANAYİ VE TİCARET A.Ş. within KVK Law and the requests made by these ğersons shall be taken into consideration within the scope of this policy. The concepts within the scope of this policy are clarified below related to Customer, Potential Customer, Group Company Customer, Employee Candidate, Company Shareholder, Company Official, Visitor, Employees, Shareholders and Authorities of Institutions we are in cooperation, Third Party.

Personal Data Owner Category Description
Customer Regardless of whether there is a contractual relationship with SAREMA TURİZM İNŞAAT SANAYİ VE TİCARET A.Ş., the actual persons who have used or used the products and services offered by our Company
Potential Customer Real persons who have requested or consented to use our products and services and have been evaluated in accordance with commercial practices and honesty
Group Companies Customer Regardless of whether there is a contractual relationship with SAREMA TURİZM İNŞAAT SANAYİ VE TİCARET A.Ş.,

Within the scope of the operations carried out by the business units of SAREMA TURİZM İNŞAAT SANAYİ VE TİCARET A.Ş., the real persons who obtain personal data through the business associations of the Group Companies

Visitor Real persons who have entered the physical settlements of SAREMA TURİZM İNŞAAT SANAYİ VE TİCARET A.Ş.for various purposes or visited our internet sites
Third Person Other real persons not covered by this Policy (eg guarantor, companion, family members and relatives, former employees)
Employee Candidate Real persons who have been employed by SAREMA TURİZM İNŞAAT SANAYİ VE TİCARET A.Ş. in any way or who have opened their resume and related information to the examination of our company
Company Shareholder Real persons acting as the shareholders of SAREMA TURİZM İNŞAAT SANAYİ VE TİCARET A.Ş.
Company Official Board Member and other authorized real persons of SAREMA TURİZM İNŞAAT SANAYİ VE TİCARET A.Ş.
Employees, Shareholders and Authorities of Institutions We are in Cooperation Real persons, including the employees, shareholders and authorities of those institutions that are involved in all kinds of business relations of SAREMA TURİZM İNŞAAT SANAYİ VE TİCARET A.Ş. (including but not limited to, business partner, supplier, transporter)

The table below details the categories of personal data mentioned above and the types of personal data processed by the persons in these categories.

PERSONAL DATA CATEGORIZATION DATA OWNER CATEGORY THAT IS ASSOCIATED WITH RELEVANT PERSONAL DATA
Identity Information Customer, Potential Customer, Group Company Customer, Employee Candidate, Company Shareholder, Company Official, Visitor,Employees, Shareholders and Authorities of Institutions we are in cooperation, Third Party
Communication Information Customer, Potential Customer, Group Company Customer, Employee Candidate, Company Shareholder, Company Official, Visitor,Employees, Shareholders and Authorities of Institutions we are in cooperation, Third Party
Location Data Employees and Company Officials of the Institutions we are in cooperation
Family Members and relative information Group Company Customer, Visitor, Employee Candidate, Third Person, Employees, Shareholders and Authorities of Institutions we are in cooperation
Physical Location Security Information Visitor, Employee Candidate, Company shareholders, Company Officials, Employees, Shareholders and Authorities of Institutions we are in cooperation, Third Person
Financial Information Customer, Potential Customer, Group Company Customer, Employee Candidate, Company Shareholder, Company Official, Visitor,Employees, Shareholders and Authorities of Institutions we are in cooperation, Third Party
Audio / Visual Information Potential Customer, Group Company Customer, Employee Candidate, Company Shareholder, Company Official, Visitor,Employees, Shareholders and Authorities of Institutions we are in cooperation, Third Party
Legal Transaction and Compliance Information Potential Customer, Group Company Customer, Employee Candidate, Company Shareholder, Company Official, Visitor,Employees, Shareholders and Authorities of Institutions we are in cooperation, Third Party
Transaction Security Information Customer, Potential Customer, Company Official, Visitor,Employees, Shareholders and Authorities of Institutions we are in cooperation
Personal Information Employees, Shareholders and Authorities of Institutions we are in cooperation, Employee Candidate, Third Person
Specific Personal Information Customer, Group Company Customer, Employee Candidate, Company Shareholder, Company Official, Visitor,Employees, Shareholders and Authorities of Institutions we are in cooperation, Third Party
Marketing Information Customer, Potential Customer
Customer Information Customer
Demand / Complaint Management Information Group Company Customer, Employee Candidate, Company Shareholder, Company Official, Visitor,Employees, Shareholders and Authorities of Institutions we are in cooperation, Third Party

SECTION 6 –THIRD PERSONS TO WHOM PERSONAL DATA ARE TRANSFERRED BY SAREMA TURİZM İNŞAAT SANAYİ VE TİCARET A.Ş. AND PURPOSES OF TRANSFER

SAREMA TURİZM İNŞAAT SANAYİ VE TİCARET A.Ş. discloses personal data to groups of persons to whom personal data are transferred pursuant to Article 10 of the KVK Law.

SAREMA TURİZM İNŞAAT SANAYİ VE TİCARET A.Ş. may transfer the personal data of policy-managed data owners to the following categories of persons in accordance with Articles 8 and 9 of the KVK Law (see Section 3 / Title 3.5):

(i) To business partners of SAREMA TURİZM İNŞAAT SANAYİ VE TİCARET A.Ş.,

(ii) To suppliers of SAREMA TURİZM İNŞAAT SANAYİ VE TİCARET A.Ş.,

(iii) To Group Companies,

(iv) To shareholders of SAREMA TURİZM İNŞAAT SANAYİ VE TİCARET A.Ş.,

(v) To Company Officials,

(vi) To Legally Authorized Public Institutions and Organizations,

(vii) To Legally Competent Private Law Persons

The scope of the above mentioned persons involved in the transfer and the data transfer purposes are stated below.

Persons to whom data transfer shall be made Description Data Transfer Purpose
Business Partner The parties to whom SAREMA TURİZM İNŞAAT SANAYİ VE TİCARET A.Ş establishes business partnerships for purposes such as sales, promotion and marketing of products and services, after-sales support, execution of joint customer loyalty programs It defines the partnership as limited in order to ensure the fulfillment of the purposes of establishment.
Supplier It defines the parties that provide services to SAREMA TURİZM İNŞAAT SANAYİ VE TİCARET A.Ş on a contractual basis in accordance with the orders and instructions of SAREMA TURİZM İNŞAAT SANAYİ VE TİCARET A.Ş while conducting business activities of the Company. Limited to ensure that SAREMA TURİZM İNŞAAT SANAYİ VE TİCARET A.Ş is provided by the Supplier outsourced and that the Services necessary for the fulfillment of the Company’s business activities are submitted to the Company.
Our shareholders According to the related legislative provisions, our shareholders who are competent to design the strategies of our Company’s commercial activities and the audit activities In accordance with the provisions of the related legislations, limited to the design and strategic purposes of our Company’s commercial activities
Company Officials Board Members of our Company and other authorized persons Limited to design strategies for our company’s business activities, to provide management at the highest level and for audit purposes
Legally Authorized Public Institutions and Organizations Public institutions and organizations authorized to obtain information and documents from our Company according to the provisions of the relevant legislation Limited to the purpose for which it is requested within the legal authority of the relevant public institutions and organizations
Legally Competent Private Law Persons Private legal persons authorized to obtain information and documents from our Company in accordance with the provisions of the relevant legislation Limited to purpose requested by the legal authority of the relevant private law

Transfers carried out by SAREMA TURİZM İNŞAAT SANAYİ VE TİCARET A.Ş. are conducted in accordance with the matters set out in Chapters 2 and 3 of the Policy.

SECTION 7 –PERSONAL DATA PROCESSING ACTIVITIES MADE BY SAREMA TURİZM İNŞAAT SANAYİ VE TİCARET A.Ş. IN THE ENTRIES OF THE BUILDING AND HOTEL AND IN THE BUILDING AND HOTEL, AND WEB SITE VISITORS

7.1. PERSONAL DATA PROCESSING ACTIVITIES CONDUCTED BY SAREMA TURİZM İNŞAAT SANAYİ VE TİCARET A.Ş. IN THE ENTRIES OF THE BUILDING AND HOTEL AND IN THE BUILDING AND HOTEL

In order to ensure safety by our company, our Company monitors personal information in the building and in the hotel with security camera and performs personal data processing to follow guest entrance and exit.

Personal data processing activities have been carried out by our Company through the use of security cameras and recording of guest entries and exits.

The monitoring activity of SAREMA TURİZM İNŞAAT SANAYİ VE TİCARET A.Ş through security camera aims at protection of benefits related to ensure security of the Company and other persons and in this scope our Company acts in accordance with the Constitution, KVK Law and other related legislation.

Image records of our visitors are taken by means of monitoring system by camera in our company building, hotel entrances and store.

Within the scope of monitoring with the security camera, our company aims to increase the quality of the service provided, to ensure its reliability, to ensure the safety of the company, customers and other persons and to protect the interests of the customers in the service.

Our Company acts in accordance with the regulations contained in the KVK Law for carrying out monitoring activities with cameras for security purposes.

The monitoring activity carried out with camera by our Company is conducted in accordance with the Law on Private Security Services and related legislation.

Records recorded and maintained in digital media are only accessible to a limited number of Company employees. Live camera images can be viewed by outside security officers or security officers who serve the area where the hotel is located. A limited number of persons with access to the records declare that they will protect the confidentiality of the data they obtain with the confidentiality commitment.

Technical and administrative measures are taken by our Company to ensure the safety of personal data obtained as a result of the camera surveillance pursuant to Article 12 of the KVK Law.

Apart from recording with the above mentioned camera, and for the purposes outlined in this Policy, our Company conducts personal data processing activities to follow and control guest visits to buildings and stores.

While the names and surnames of the people coming tı Company building and hotel as a guest are obtained or by means of texts which are hosted by the Company or which are presented to the guests in other forms, such personal data holders are clarified in this context. The data obtained in order to perform guest entry-exit follow-up is only processed for this purpose or the related personal data are recorded in the data recording system in the physical environment.

For the safety provided by our Company and for the purposes set out in this Policy, we can provide internet access to our Visitors who request during the period of your stay in our Building and Hotel by our Company. In this case, the log records of your internet accesses are recorded according to the provisions of the Law No. 5651 and the provisions of the legislation regulated by this Law and these records are processed only in order to be requested by authorized public institutions or to fulfill our legal obligations in the audit processes to be performed within the Company.

Only a limited number of employees of the Company have access to the log records obtained in this framework. Company employees who have access to said records have access to these records only for use in the request or audit process from the competent public authority and organization and share it with legally authorized persons. A limited number of persons with access to the records declare that they will protect the confidentiality of the data they obtain with the confidentiality commitment.

7.2. WEB SITE VISITORS

To ensure that visitors to these sites conduct their site visits in a manner that is appropriate for their purposes of visiting, in order to be able to display content that has been customized to them and to engage in online advertising activities; the web site that our company owns is able to record internet movements in the site with the technical means (e.g. cookies).

SECTION 8-  DELETION, ELIMINATION, ANONYMIZATION OF PERSONAL DATA

Although it has been processed in accordance with the provisions of the relevant law, as laid down in Article 138 of the Turkish Criminal Code and Article 7 of the KVK Law, personal data upon shall be deleted, destroyed or brought anonymously upon the request of SAREMA TURİZM İNŞAAT SANAYİ VE TİCARET A.Ş. or on the request of the personal data holder in the event that the reason for the processing of the data is eliminated.

Within this scope, our Company has developed necessary operational mechanisms in this matter by taking necessary technical and administrative measures within the Company in order to fulfill its related obligations; educate the related business units in order to comply with these obligations, and to provide them with their duties and awareness.

ANNEX-1 DEFINITIONS

Explicit consent : Consent to a specific subject, based on information and expressed in free will.
Anonymization: The personal data is to be changed in such a way that it will lose its personal data quality and cannot be recovered.

For ex: Masking, aggregation, data corruption and similar techniques to make personal data that cannot be associated with a real person.

Employee Candidate: Real persons who have been employed by our Company in any way or who have opened their resume and related information to the examination of our company
Employees, Shareholders and Authorities of Institutions We are in Cooperation Real persons, including the employees, shareholders and authorities of those institutions that are involved in all kinds of business relations of our Company (including but not limited to, business partner, supplier, transporter)
Business Partner While conducting the business activities of TÜZEL İNŞAAT SANAYİ VE TİCARET A.Ş., parties to whom we have partnered for purposes such as sales, promotion and marketing of products and services, after-sales support, execution of joint customer loyalty programs
Processing personal data Provided that personal data is completely or partially automatic or is part of any data recording system all kinds of transactions carried out on the data such as obtaining, recording, storing, maintaining, altering, rearranging, disclosing, transferring, taking over, acquiring, classifying or preventing its utilization in non-automatic ways.
Personal Data Owner Real person whose personal data is processed
Personal Data Any information related to the identity of the specific or identifiable real person. Therefore, the processing of information about legal entities is not covered by the Law.
Customer Regardless of whether there is a contractual relationship with our Company, the actual persons who have used or used the products and services offered by our Company
Specific Personal Data Biometric and genetic data are data on specific issues relating to race, ethnicity, political thought, philosophical beliefs, religion, sect or other beliefs, costumes, association or association membership, health, sexual life, criminal conviction and security measures.
Potential Customer Real persons who have been or are interested in using our products and services or who have been assessed in accordance with commercial customs and honesty rules
Company Shareholder Real persons acting as our Company’s shareholder
Company Official Board member of our company and other authorized real persons
Supplier While conducting commercial activities of TÜZEL İNŞAAT SANAYİ VE TİCARET A.Ş., the parties that provide services to ………… on a contractual basis in accordance with the orders and instructions of our Company
Third Person In order to secure the commercial transaction between our Company and the above-mentioned parties or to protect the rights of those concerned and to obtain benefits, third-party real persons associated with these people (For ex. Guarantor, Companion, Family Members and Relatives)
Data Processor A person is a natural or legal person who processes personal data on his behalf based on the authority of the data supervisor. For example, a cloud computing company that holds our company’s data, an interviewer who has signed forms for customers, a call-center company that makes calls in the framework of instructions, etc..
Data Supervisor The person who manages the place where the data is kept systematically (the data recording system), which determines the processing purposes and means of the personal data, is the data supervisor.
Visitor Real persons who have entered our physical campuses for various purposes or visited our internet sites

ANNEX-2: ABBREVIATIONS

KVK Law  : Law No. 6698 on the Protection of Personal Data, dated 24 March 2016, published in the Official Gazette No. 29677 of 7 April 2016.
Constitution: Constitution of Turkish Republic No.2709 dated November 7, 1982  published in the Official Gazette No. 17863 dated November 9, 1982
KVK Council : Personal Data Protection Council
KVK Institution : Personal Data Protection Institution
Policy: Personal Data Protection and Processing Policy of

TÜZEL İNŞAAT SANAYİ VE TİCARET A.Ş. Mamulleri San. Ve Tic. A.Ş

Company : TÜZEL İNŞAAT SANAYİ VE TİCARET A.Ş. Mamulleri San. Ve Tic. A.Ş.
Turkish Penal Code: Turkish Penal Code No. 5237 dated 26 September 2004 published in Official Gazette No.25611 dated October 12, 2004

ANNEX-3 PROCESSING PERSONAL DATA OF EMPLOYEE CANDIDATES AND BUSINESS PARTNERS EMPLOYEES

PERSONAL DATA OWNER COLLECTION AND PROCESSING OF PERSONAL DATA UTILIZATION OF RIGHTS AND APPLICATION
Employee Candidates Personal data gathered during the recruitment process of employees’ candidates and personal data collected according to the nature of the job, personal data are processed by our Company for the purposes set out in the policies of our Company’s human resources policy, recruitment, purposes of this Policy, as well as the personal data of working candidates:

• To evaluate the nature of the candidate, his experience and interest, his suitability to the open position,

If necessary, to check the accuracy of the information transmitted by the candidate, or to contact the third party to conduct research on the candidate,

To communicate with the applicant about the application and recruitment process, or, if appropriate, to communicate with the candidate for any position subsequently opened in the country or abroad,

To meet the requirements of the relevant legislation or the demands of the competent institution or body,

To develop and improve the recruitment principles that our company implements.

The personal data of working candidates can be collected by the following methods and means:

Digital application form published in written or electronic media;

Resumes of applicants to our company by e-mail, cargo, reference and similar methods,

Employment or consulting companies;

• When interviewing with face-to-face means such as video conferencing, telephone, etc.,

• The inspections carried out by our company and the checks made to confirm the accuracy of the information communicated by the candidate,

• Recruitment tests conducted by experienced individuals who determine the talent and personality characteristics of the results.

Employee candidates are also able to submit to our Company their requests related to rights arising from their data ownership, using the method described in Section 2.2. of this Policy.  
Employees of Business Partners Within the scope of fulfilling the business activities established with our business partners, our Company shall provide the personal data related to the employees of the business partners with the purpose stated in this Policy and in accordance with the Company’s Human Resources policy and shall process within the scope of other purposes stated in the Policy, especially for the purpose of promoting the commercial and legal safety of our company and the persons we are in cooperation. Employees of the Business Partners shall notify the Company of the rights and obligations arising from their data ownership using the method described in Section 2.2 of this Policy.

Policy For Protection And Processing Of Personal Data

This document explains what is the policy for the protection and processing of personal data that must be known for the User / Users who will use the website www.midtown-hotel.com and the person / person who will be staying, and such document was issued by SAREMA TURİZM İNŞAAT SANAYİ VE TİCARET A.Ş. and the effective date of this document is 03 May 2018.

SAREMA TURİZM İNŞAAT SANAYİ VE TİCARET A.Ş

POLICY FOR PROTECTION AND PROCESSING OF PERSONAL DATA

This document explains what is the policy for the protection and processing of personal data that must be known for the User / Users who will use the website www.midtown-hotel.com and the person / person who will be staying, and such document was issued by SAREMA TURİZM İNŞAAT SANAYİ VE TİCARET A.Ş. and the effective date of this document is 03 May 2018.

SECTION 1- INTRODUCTION

1.1 INTRODUCTION

Protection of personal data is among our Company’s top priorities. The most important stance of this subject is that it is governed by this policy; the protection and processing of our customers, our potential customers, our employee candidates, company shareholders, company officials, visitors together with employees, shareholders and authorities of the corporations we are in cooperation with, and third parties’ personal data.

According to Turkey’s Constitution, everyone has the right to the protection of personal data regarding himself/herself. On the protection of personal data, which is a constitutional right, SAREMA TURİZM İNŞAAT SANAYİ VE TİCARET A.Ş that is governed by this policy demonstrates the importance of protecting the personal data of its customers, potential customers, employee candidates, company shareholders, company officials, visitors together with employees, shareholders and authorities of the corporations we are in cooperation with, and third parties, and brings this into a Company policy.   

In this scope, necessary administrative and technical measures are taken by SAREMA TURİZM İNŞAAT SANAYİ VE TİCARET A.Ş in order to protect the personal data processed in accordance with the relevant legislation.

In this Policy, detailed explanations of the basic principles adopted by SAREMA TURİZM İNŞAAT SANAYİ VE TİCARET A.Ş. in the processing of personal data will be given below:

Processing personal data in accordance with the law and honesty rules,

Keeping personal data accurate and up-to-date, if necessary,

Processing of personal data for specific, clear and legitimate purposes,

Limited and measured processing of personal data in connection with the purpose for which it is processed,

Keeping personal data for the time required for the purposes for which they are prescribed in the relevant legislation or for the purpose of their employment,

Enlightening and informing personal data owners,

Setting up the system to use the rights of personal data owners,  

Taking necessary precautions in the protection of personal data,

Transferring personal data to third parties in line with the requirements of the purpose of processing, acting in accordance with the relevant legislation and regulations of the KVK Council,

Demonstrating the necessary sensitivity to the processing and protection of personal data of a specific nature.

1.2 PURPOSE OF POLICY

The main purpose of this Policy is to provide explanations on the systems adopted by SAREMA TURİZM İNŞAAT SANAYİ VE TİCARET A.Ş. for the personal data processing activities carried out in accordance with the law and for the protection of personal data, and to ensure transparency by informing the person whose personal data are processed by our Company especially our customers, potential customers, employee candidates, company shareholders, company officials, visitors together with employees, shareholders and authorities of the corporations we are in cooperation with, and third parties.

1.3 SCOPE  

This Policy relates to all personal data processed in a non-automatic manner as part of an automated or any data recording system including our customers, our potential customers, employee candidates, company shareholders, company officials, visitors together with employees, shareholders and authorities of the corporations we are in cooperation with, and third parties.

The scope of implementation of this Policy for the groups of personal data holders in the above categories may be the whole Policy (e.g. our Active Customers who are also our visitors); it may only be a part of the provisions (such as our Visitors only).

1.4 IMPLEMENTATION OF POLICY AND RELEVANT LEGISLATION

Relevant statutory regulations in force in the processing and protection of personal data will be implemented in advance. If there is a discrepancy between the applicable legislation and the Policy, our Company will agree that the applicable legislation will be implemented.

The policy was established in accordance with the rules laid down by the relevant legislation and embodied within the scope of SAREMA TURİZM İNŞAAT SANAYİ VE TİCARET A.Ş. Our Company carries out the necessary systems and preparations to comply with the period of validity stipulated in the Law on the Regulations of the KVK. (See ANNEX-3)

1.5 ENFORCEMENT OF POLICY

This policy was organized by our company on May 3, 2018. The date of enforcement of the Policy will be updated in the event that all or some Articles of the Policies are renewed.

The policy is published on our Company’s website (https://www.midtown-hotel.com) and is made available to the relevant parties upon request of the personal data owners.

SECTION 2  POINTS FOR PROTECTION OF PERSONAL DATA

In accordance with Article 12 of the KVK Law, Our Company takes the necessary technical and administrative measures aimed at ensuring appropriate safety level so as to prevent unlawful processing of personal data that is being processed, to prevent illegal access to data and to provide safeguarding of data; and within this scope, makes or takes the necessary inspections.

2.1. ENSURING SECURITY OF PERSONAL DATA

Our Company takes the necessary legal, technical and administrative precautions on data security in the following points and shows the highest level of attention and sincerity in this respect. The actions and measures taken by our Company to ensure “data security” in accordance with Article 12 of the KVK Law are given below.

Our Company takes technical and administrative measures according to technological facilities and cost of implementation to ensure that personal data is processed in accordance with the law. Employees are informed that they will not be able to disclose personal data they have learned to others in violation of the provisions of the KVK Law and those cannot be used for purposes other than for the purpose of processing, and that this obligation will continue after leaving the office and necessary commitments are taken in this direction.

Our Company takes technical and administrative measures according to the quality of the protected area, technological facilities and cost of implementation so as to prevent unauthorized or imprudent disclosure of personal data, access, transfer, or other illegal access in other forms.

Our Company is increasing awareness in the presence of data processing organizations such as business partners and suppliers, where personal data is transferred regarding the prevention of illegal processing of personal data, the prevention of illegal access to data, and the provision of legal safeguards for data and aims at performing activities of personal data processing in accordance with KVK Law in terms of business partners and suppliers.

The obligation of our company to comply with personal data as a data responsibility and the obligation to comply with the legal, administrative and technical measures developed in this respect is contractually charged in accordance with the nature of the activity carried out by the Company in data processing to the data processing institutions, which are related to various attributes such as suppliers, business partners.

Our Company takes the necessary technical and administrative measures according to technological facilities and cost of implementation to prevent personal data from being stored in safe environments and to be destroyed, lost or altered by unlawful purposes.

In accordance with Article 12 of KVK Law, Our Company performs or carries out the necessary inspections within its organization. These audit results are reported within the scope of internal operations of the Company and necessary activities are being carried out to improve the measures taken.

If the processed personal data is obtained by others in unlawful ways, our Company conducts the system in order to immediately notify the relevant personal data owner and the KVK Council in accordance with Article 12 of KVK Law.

2.2. OBSERVING DATA OWNER RIGHTS; FORMATION OF CHANNELS TO TRANSMIT THESE RIGHTS TO OUR COMPANY AND EVALUATION OF REQUESTS MADE BY DATA OWNERS

Our Company carries out the necessary channels, internal operations, administrative and technical regulations in accordance with Article 13 of the KVK Law for the evaluation of the rights of personal data owners and for the provision of necessary information to the personal data owners.

If the personal data owners submit their requests for the rights listed below to our Company in writing, our Company concludes the request as soon as possible and within thirty days at the latest free of charge according to the nature of the request. However, if the transaction also requires a cost, the fee will be charged by our Company at the rate determined by the KVK Council.

Personal data owners are entitled;

To learn whether personal data is processed or not,

To request information about personal data if it has been processed,

To learn the purpose of processing personal data and whether they are used appropriately for their purpose,

To know the third parties to which personal data are transferred in Turkey or abroad,

To request correction of personal data if it is incomplete or improperly processed, and requesting that the process carried out in this context be notified to the third party to whom personal data are transmitted,

To request that personal data be deleted or destroyed, and requesting that third parties be notified of the processing carried out in this context in the event that the reasons for the processing have been dismissed despite the fact that it has been processed in accordance with the provisions of the KVK Law and other related laws,

To raise objection against the emergence of a consequence for the person himself by analyzing processed data exclusively through automated systems,

To demand that damages be eliminated in the event of a corruption due to the processing of personal data in violation of the law,

You should submit your request for the use of your abovementioned rights in accordance with the first paragraph of Article 13 of the Law on Protection of Personal Data to our Company by “written” or other methods established by the Board of Personal Data Protection.

Since the Board of Personal Data Protection has not set any method at this stage, you should submit your application to our Company in writing in accordance with the provisions of the Supervisory Act.  

In order to use your rights as set out above, the fact that you submit your request to us along with your identification of your identity and your clarification of your right to use by specifying which of your rights referred to in Article 11 of the Act relates to its use, shall ensure that your application for your request is answered more quickly and effectively.

In this context, the channels and procedures you will submit in writing to the application in the scope of using the rights of the same article in the 11th article mentioned above are explained below by our Company based on Article 13 of the Law on the Protection of Personal Data.

You can submit your request containing your explanations of your right to use the rights set out in Article 11 of the KVK Law by filling a form available at https://www.midtown-hotel.com accompanied with the copy of the signed form personally by hand to the address of SAREMA TURİZM İNŞAAT SANAYİ VE TİCARET A.Ş located in Taksim Kocatepe Mah. Lamartin Cad. No:13-12 Beyoğlu İstanbul along with documents certifying your identity, via Notary or other methods stated in KVK Law or you can submit related form to info@midtown-hotel.com with a safe electronic signature.  

2.3 PROTECTION OF SPECIFIC PERSONAL DATA

With KVK Law, special importance has been given to a number of personal data because of the risk of causing victimization or discrimination against persons when they are processed illegally.

These data are biometric and genetic data with respect to race, ethnicity, political thought, philosophical belief, religion, sect or other beliefs, costume and clothing, associations, foundations or trade union membership, health, sexual life, criminal conviction and security measures.

Our Company is sensitive to the protection of private personal data which is determined as “specific” by KVK Law and processed in accordance with the law. In this context, the technical and administrative measures taken by our Company for the protection of personal data are carefully applied with respect to personalized personal data and necessary controls are provided.

2.4 ENLIGHTENING AND INFORMING PERSONAL DATA OWNER

Our Company, in accordance with Article 10 of the Corporate Tax Law, enlightens personal data owners during the acquisition of personal data. In this context our company, during the acquisition of personal data, provides personal data owners with information about the rights of our company, the identity of our Company, the purposes for which personal data are to be processed, for whom and for what purpose personal data can be transferred, the method and legal reason for collecting personal data and the personal data owner’s rights under Article 11 of the KVK Law.

Article 20 of the Constitution states that everyone has the right to be informed about their own personal data. In this respect, “requesting information” among the rights of the personal data owner in the 11th Article of the KVK Law was also considered. In this context, our company provides the necessary information in case the personal data owner requests information in accordance with the 20th article of the Constitution and the 11th Article of the KVK Law.

Our company provides information on personal data processing activities to the relevant parties and provides accountability and transparency in this context by means of publicizing all the issues in the KVK Law with various publicly open documents, especially the policy document related to the personal data owners that are involved in the personal data processing activity in accordance with the rule of “Law and Honesty”. In addition, our Company has informed the related persons about their own activities and the subjects in the law in many different ways principally referring to the “explicit consent” of the persons.

SECTION 3– POINTS RELATED TO PROCESS PERSONAL DATA

In accordance with Article 20 of the Constitution and Article 4 of the KVK Law, our Company is committed to the rules of law and honesty, accurate, and up-to-date when necessary, current, specific, clear and legitimate aims in the processing of personal data and engages in personal data processing in a limited, measured manner linked to the purpose. Our company maintains personal data for as long as it is required by law or for the purpose of processing personal data.

In accordance with Article 20 of the Constitution and Article 5 of the KVK Law, our Company processes personal data on the basis of one or more of the conditions set out in Article 5 of the KVK Law on the Processing of Personal Data.

Our company complies with the regulations envisaged for the processing of specific personal data in accordance with Article 6 of the KVK Law.

In accordance with Articles 8 and 9 of KVK Law, our Company is in compliance with the regulations stipulated in the law regarding the transfer of personal data and set forth by the KVK Council.

3.1. PROCESSING OF PERSONAL DATA IN ACCORDANCE WITH PRINCIPLES PRESCRIBED BY LEGISLATION

3.1.1. Processing in accordance with Law and Honesty Rule

Our company acts in accordance with the principles of legal regulation in the processing of personal data and the principle of general trust and honesty. In this context, our Company takes into account the proportionality requirements in the processing of personal data and does not use personal data except as required by the purpose.

3.1.2. Ensuring Personal Data Accurate and Up-to-date If Necessary

Our company ensures that the personal data it processes are accurate and up-to-date, taking into account the fundamental rights of the personal data owners and their legitimate interests. It takes the necessary precautions in this direction.

3.1.3. Processing with Specific, Open and Legitimate Purposes

Our company clearly and precisely defines the purpose of processing lawful and legitimate personal data. Our company operates as much as is necessary for and linked to the service it is providing personal data. The purpose of our personal data to be processed by our company is yet to be set out before personal data processing activity begins.

3.1.4. Connected, Limited and Restrained with the Purpose Processed

Our company processes personal data in a manner that is conducive to the achievement of the stated objectives and avoids the processing of personal data that is not relevant or not required to be performed.For example, personal data processing activities are not conducted to meet the needs that may arise later.

3.1.5. Preservation up to the time required for the purpose for which it is processed or related to the relevant legislation

Our company retains personal data only for the period of time required for the purpose for which it is stated or covered in the applicable legislation. In this context, our Company determines that it is not foreseen for a certain period of time in order to store personal data in the related legislation and if it is determined for a certain period of time, behaves in accordance with this period, and if not specified for a period of time, keeps personal data for the time required for the purpose for which it is being processed. In the event that reasons requiring termination of period or processing are eliminated, personal data are deleted, destroyed or anonymized by our Company.

3.2. PROCESSING PERSONAL DATA BASED ON ONE OR MORE OF PERSONAL DATA PROCESSING CONDITIONS SPECIFIED ON ARTICLE 5 OF KVK LAW AND LIMITED PROCESSING OF THE SAME BASED ON THESE CONDITIONS

Protection of personal data is a constitutional right. Fundamental rights and freedoms, without disturbing their essence, may only be limited by law, subject to the circumstances set forth in the relevant articles of the Constitution. Pursuant to the third paragraph of Article 20 of the Constitution, personal data may only be processed in the cases provided for in the law or with the explicit consent of the person. Our company processes personal data in this direction and in accordance with the Constitution, but only in the circumstances provided for in the law or with the explicit consent of the person.

The explicit consent of the owner of the personal data is only one of the legal protections that make it possible for the personal data to be processed in accordance with the law. Except for explicit consent, personal data may be processed in the presence of one of the other conditions listed below. The personal data processing activity may be dependent only on one of the conditions specified below, and more than one of these conditions may be the basis for the same personal data processing activity. If the processed data is personal data of a special nature; the following conditions apply.

Although the legal basis for the processing of personal data by our Company varies, all personal data processing activities are carried out in accordance with the general principles set forth in Article 4 of Law No. 6698 (see Section 3.1).

  • Existing of Open Consent of Personal Data Owner  

One of the conditions for the processing of personal data is the explicit consent of the owner. The explicit consent of the owner of the personal data must be explained on a specific matter, on an informed basis and in a free will.

In order for personal data to be processed in accordance with the explicit consent of the personal data owner, explicit consent is taken from customer, potential customer and visitors with relevant methods.

  • Explicit Provision in Laws

The personal data of the data owner may be processed legally if it is expressly provided in the law.   

  • Failure To Take The Explicit Consent Of The Relevant Person Due To Actual Impossibility

If it is compulsory to process the personal data in order to protect the integrity of the life or body of the person himself  or someone else who is unable to explain his reason due to actual impossibility or who cannot be granted validity for his consent, the personal data of the data owner can be processed. Example: Blood group information of a fainted customer is given to doctors by his friends.

  • Being Directly Interest In Issuance or Performance of The Contract

Personal data may be processed if it is necessary to process personal data of the parties to the contract, provided that it is directly related to the issuance or performance of the Contract.

  • Fulfilling the Legal Liability of the Company

If our company is obliged to fulfill its legal obligations as a data responsibility, the personal data of the data owner can be processed.

  • Publicizing Personal Data of Personal Data Owner

If personal data are publicized by the data owner, relevant personal data can be processed.

  • Mandatory Data Processing for the Establishment or Protection of a Right If data processing is mandatory for the establishment, use or protection of a right, the personal data of the data owner may be processed.
  • Compulsory Data Processing for the Legitimate Interest of our Company The personal data of the data owner may be processed if the data processing for our Company’s legitimate interests is compulsory provided that the fundamental rights and freedoms of the data owner are not harmed. 

3.3. PROCESSING SPECIFIC PERSONAL DATA

Our company is sensitive to the regulations stipulated in the KVK Law for the processing of personal data determined as “specific” by KVK Law.

In Article 6 of the Law on KVK, a number of personal data bearing the risk of causing victimization or discrimination of persons when committed illegally were identified as “specific”. These data are biometric and genetic data with respect to race, ethnicity, political thought, philosophical belief, religion, sect or other beliefs, costume and clothing, associations, foundations or trade union membership, health, sexual life, criminal conviction and security measures.

Specific personal data are processed by our Company in accordance with KVK law in the following situations providing that sufficient prcautions are taken to be determined by KVK Council:

If the personal data owner has an explicit consent or

If the personal data owner does not have an explicit consent;

  • Specific personal data of personal data owner except health and sexual life, in the manners prescribed by law,
  • Specific personal data of personal data owner except health and sexual life are processed for the purpose of public health protection, preventive medicine, medical diagnosis, treatment and maintenance services, planning and management of health care financing by persons who are under obligation to keep secrets or by authorized institutions and organizations.

3.4. TRANSFER OF PERSONAL DATA

Our company is able to transfer the personal data of the personal data holder and personal data of the personal data to the third persons (third party companies, group companies, third party persons) by taking necessary security measures in line with the legal personal data processing purposes.

In this respect, our company complies with the regulations set out in Article 8 of the KVK Law.

  • Transferring Personal Data Abroad

Our company is able to transfer the personal data of the owner of the personal data and the private personal data of the personal data to the third parties by taking necessary security measures in accordance with the legal purposes of processing personal data. Personal data are transferred by our Company to foreign countries (“Foreign Countries Having Enough Protection”) announced by KVK Council to have enough protection or in case there is no enough protection, such data are transferred to foreign countries committed in writing of sufficient protection by data supervisors in Turkey and relevant foreign countries (“Foreign Country where data supervisor committing sufficient protection is located”) and the ones permitted by KVK Council. In accordance with this regulation, our Company complies with the regulations set out in Article 9 of the KVK Law.

SECTION 4 –CATEGORIZATION, PROCESSING PURPOSES AND PRESERVATION PERIODS OF PERSONAL DATA PROCESSED BY OUR COMPANY

In accordance with Article 10 of the KVK Law, our company notifies personal data on which personal data groups the personal data are processed within the scope of the disclosure obligation, the purpose of processing personal data of the personal data owner and the preservation periods.

4.1. CATEGORIZATION OF PERSONAL DATA

In the presence of our Company in line with the personal data processing purposes of our Compay in accordance with legality and law,  based on one or more of the personal data processing requirements set forth in Article 5 of the KVK Law principally the principles stated in Article 4 related to processing of personal data, below mentioned personal data are processed by informing relevant persons in accordance with Article 10 of KVK Law by complying with general principles stated in KVK Law and all obligations regulated by KVK Law and limited to periods within the scope of this Policy (Customer, Potential Customer, Group Company Customer, Employee Candidate, Company Shareholder, Company Official, Visitor,Employees, Shareholders and Authorities of Institutions we are in cooperation, Third Party). It is also stated in Chapter 5 of this Policy that the personal data processed in these categories are related to which data owners are organized under this Policy.

PERSONAL DATA CATEGORIZATION DESCRIPTION ON PERSONAL DATA CATEGORIZATION
Identity Information These are the data where there is information about the identity of the person which is clear that the identity belongs to a real person of particular or identifiable nature, that are processed partially or fully automatically or processed non-automatically as part of the data recording system; name-surname, T.R. identity number, nationality information, driver’s license including mother’s name-father’s name, place of birth, date of birth, gender, birth certificate and passport, tax number, SSI number, signature information, vehicle plate
Communication Information These are the data where there is information about the identity of the person which is clear that the identity belongs to a real person of particular or identifiable nature, that are processed partially or fully automatically or processed non-automatically as part of the data recording system; telephone number, address, e-mail, fax number, IP address
Location Information These are the data where there is information about the identity of the person which is clear that the identity belongs to a real person of particular or identifiable nature, that are processed partially or fully automatically or processed non-automatically as part of the data recording system; 12 locations operated by the Company’s business units of the personal data owner, travel data, etc.
Customer Information These are the data where there is information about the identity of the person which is clear that the identity belongs to a real person of particular or identifiable nature, that are processed partially or fully automatically or processed non-automatically as part of the data recording system; information obtained and produced about the business of our company as a result of the business activities of our company and the operations carried out by our business units in this framework
Family Members and relative information These are the data where there is information about the identity of the person which is clear that the identity belongs to a real person of particular or identifiable nature, that are processed partially or fully automatically or processed non-automatically as part of the data recording system; Within the framework of operations carried out by business units,information about the family members (eg spouse, mother, father, child) and relatives of the personal data owner in order to protect the legal and other interests of the Company and the personal data owner regarding the products and services provided by the Group Companies
Physical Location Security Information These are the data where there is information about the identity of the person which is clear that the identity belongs to a real person of particular or identifiable nature, that are processed partially or fully automatically or processed non-automatically as part of the data recording system; personal data on records and documents taken during stay in the physical space when entering the physical space; camera recordings, fingerprint recordings, and security recordings.
Financial Information These are the data where there is information about the identity of the person which is clear that the identity belongs to a real person of particular or identifiable nature, that are processed partially or fully automatically or processed non-automatically as part of the data recording system; Data such as bank account number, IBAN number, credit card information, financial profile, property data, revenue information, etc. related to the information, documents and records showing any kind of financial result created according to the type of legal relationship that the company has established with the personal data owner
Audio / Visual Information These are the data where there is information about the identity of the person which is clear that the identity belongs to a real person of particular or identifiable nature,; photographs and camera recordings (except records entered under Physical Location Security Information), voice recordings, and copies of documents containing personal data
Personal Information These are the data where there is information about the identity of the person which is clear that the identity belongs to a real person of particular or identifiable nature, that are processed partially or fully automatically or processed non-automatically as part of the data recording system; Any personal data processed to obtain information that is essential for the creation of personal rights of real persons in working relationship with the Company
Specific Personal Information These are the data where there is information about the identity of the person which is clear that the identity belongs to a real person of particular or identifiable nature, that are processed partially or fully automatically or processed non-automatically as part of the data recording system; (Eg health data including blood group, biometric data, religion, and information of association members), as indicated in Article 6 of the KVK Law,
Transaction Security Information These are the data where there is information about the identity of the person which is clear that the identity belongs to a real person of particular or identifiable nature, that are processed partially or fully automatically or processed non-automatically as part of the data recording system; personal data processed to provide our technical, administrative, legal and commercial security while conducting our business activities
Legal Transaction and Compliance Information These are the data where there is information about the identity of the person which is clear that the identity belongs to a real person of particular or identifiable nature, that are processed partially or fully automatically or processed non-automatically as part of the data recording system; hukuki alacak ve haklarımızın tespiti, takibi ve borçlarımızın ifası ile kanuni yükümlülüklerimiz ve Şirket’in politikalarına uyum kapsamında işlenen kişisel verileriniz
Marketing Information These are the data where there is information about the identity of the person which is clear that the identity belongs to a real person of particular or identifiable nature, that are processed partially or fully automatically or processed non-automatically as part of the data recording system; personal data processed for the customization and marketing of our products and services according to the usage habits, likes and needs of the personal data owner and the reports and evaluations created according to the results of these processes
Demand / Complaint Management Information These are the data where there is information about the identity of the person which is clear that the identity belongs to a real person of particular or identifiable nature, that are processed partially or fully automatically or processed non-automatically as part of the data recording system; Personal data on the receipt and assessment of any claims or complaints directed at the Company

4.2. PROCESSING PURPOSES OF PERSONAL DATA

The Company processes personal data limited to the purposes and conditions in the personal data processing conditions set forth in Clause 2 of Article 5 and Clause 3 of Article 6. These aims and conditions are as follows;

  • Clearly prescribing the involvement of SAREMA TURİZM İNŞAAT SANAYİ VE TİCARET A.Ş in the processing of personal data in the Act
  • The fact that the processing of personal data by SAREMA TURİZM İNŞAAT SANAYİ VE TİCARET A.Ş. is directly related to and required by the issuance or performance of a contract
  • The processing of personal data is compulsory for SAREMA TURİZM İNŞAAT SANAYİ VE TİCARET A.Ş to fulfill its legal obligation
  • Provided that personal data is publicized by the personal data owner; limited processing by SAREMA TURİZM İNŞAAT SANAYİ VE TİCARET A.Ş .for the purpose of publicizing the data owner
  • The fact that the processing of personal data by SAREMA TURİZM İNŞAAT SANAYİ VE TİCARET A.Ş. is mandatory for the establishment, use or protection of the rights of SAREMA TURİZM İNŞAAT SANAYİ VE TİCARET A.Ş. or its data holders or third parties
  • The necessity of personal data processing activities for the legitimate interests of SAREMA TURİZM İNŞAAT SANAYİ VE TİCARET A.Ş., provided that it does not damage the fundamental rights and freedoms of the personal data owner
  • The fact that the personal data processing activity by SAREMA TURİZM İNŞAAT SANAYİ VE TİCARET A.Ş. is compulsory for the protection of the personal data owner or the other person’s physical or livelihood integrity and that the personal data owner is unable to explain his consent due to actual or legal invalidation
  • The fact that the personal data holder is prescribed by law in terms of private personal data except health and sexual life
  • In terms of personal data on the personal health of the owner of the data holder and his sexual life, persons or authorities authorized to keep confidential information for the purpose of public health protection, preventive medicine, medical diagnosis, treatment and maintenance services, planning and management of health services and financing, by organizations.

Within this scope, SAREMA TURİZM İNŞAAT SANAYİ VE TİCARET A.Ş. processes your personal data for the following purposes:

  • Planning and implementation of institutional sustainability activities
  • Efficacy management
  • Management of relationships with business partners or suppliers
  • Execution of personnel procurement processes for SAREMA TURİZM İNŞAAT SANAYİ VE TİCARET A.Ş.  (See Annex-4 for the processing of personal data of Employee Candidates)
  • Support for community staff procurement processes
  • Performance and follow-up of Company’s (SAREMA TURİZM İNŞAAT SANAYİ VE TİCARET A.Ş) financial reporting and risk management operations
  • Performance/follow-up of legal procedures of SAREMA TURİZM İNŞAAT SANAYİ VE TİCARET A.Ş.
  • Planning and performing corporate communication activities
  • Performance of corporate management activities
  • Realization of companies and partnership law transactions
  • Demand and complaint management
  • Managing investor relations
  • Giving information to competent institutions through the legislation
  • Creation and follow-up of visitor records

In the event that the processing activity realized with the above mentioned purposes does not meet any of the conditions stipulated by the KVK Law, SAREMA TURİZM İNŞAAT SANAYİ VE TİCARET A.Ş. is provided with an explicit consent of the personal data owner regarding the relevant processing period.

4.3. PRESERVATION PERIODS OF PERSONAL DATA

SAREMA TURİZM İNŞAAT SANAYİ VE TİCARET A.Ş. maintains personal data for the period specified in the relevant legislation if it is foreseen in related laws and regulations.

If the legislation on how long personal data should be kept is not arranged for a period of time, personal Data are processed, deleted, destroyed or anonymized after being processed for the time required for the Company to be processed in accordance with the practices of SAREMA TURİZM İNŞAAT SANAYİ VE TİCARET A.Ş. and its commercial life depending on the activity carried out by SAREMA TURİZM İNŞAAT SANAYİ VE TİCARET A.Ş. Detailed information on this issue is included in Chapter 8 of this Policy.

If personal data comes to an end with the intent to be processed and the related legislation and the preservation periods determined by SAREMA TURİZM İNŞAAT SANAYİ VE TİCARET A.Ş. have come to an end, personal data may only be kept for evidence in case of possible legal disputes or for the provision of the relevant right or defense in respect of personal data.

Although there are time-outs and expiration times for the claim to be made at the establishment of these periods, the preservation periods are determined on the basis of the samples of the requests previously directed to SAREMA TURİZM İNŞAAT SANAYİ VE TİCARET A.Ş. in the same matter. In this case, the personal data stored is not accessed for any other purpose and only when it is necessary to use it in the relevant legal dispute, the personal data is accessed. Here, the personal data are deleted, destroyed or anonymized after the end of the period.

SECTION 5 –CATEGORIZATION OF PERSONAL DATA OWNERS PROCESSED BY SAREMA TURİZM İNŞAAT SANAYİ VE TİCARET A.Ş.

While the personal data of the personal data categories listed below are processed by the Company, the implementation scope of this Policy is limited to Customer, Potential Customer, Group Company Customer, Employee Candidate, Company Shareholder, Company Official, Visitor, Employees, Shareholders and Authorities of Institutions we are in cooperation, Third Party.

While the categories of persons whose personal data processed by SAREMA TURİZM İNŞAAT SANAYİ VE TİCARET A.Ş. are within the above-mentioned scope, the persons not covered by these categories shall direct their requests to SAREMA TURİZM İNŞAAT SANAYİ VE TİCARET A.Ş. within KVK Law and the requests made by these ğersons shall be taken into consideration within the scope of this policy. The concepts within the scope of this policy are clarified below related to Customer, Potential Customer, Group Company Customer, Employee Candidate, Company Shareholder, Company Official, Visitor, Employees, Shareholders and Authorities of Institutions we are in cooperation, Third Party.

Personal Data Owner Category Description
Customer Regardless of whether there is a contractual relationship with SAREMA TURİZM İNŞAAT SANAYİ VE TİCARET A.Ş., the actual persons who have used or used the products and services offered by our Company
Potential Customer Real persons who have requested or consented to use our products and services and have been evaluated in accordance with commercial practices and honesty
Group Companies Customer Regardless of whether there is a contractual relationship with SAREMA TURİZM İNŞAAT SANAYİ VE TİCARET A.Ş.,

Within the scope of the operations carried out by the business units of SAREMA TURİZM İNŞAAT SANAYİ VE TİCARET A.Ş., the real persons who obtain personal data through the business associations of the Group Companies

Visitor Real persons who have entered the physical settlements of SAREMA TURİZM İNŞAAT SANAYİ VE TİCARET A.Ş.for various purposes or visited our internet sites
Third Person Other real persons not covered by this Policy (eg guarantor, companion, family members and relatives, former employees)
Employee Candidate Real persons who have been employed by SAREMA TURİZM İNŞAAT SANAYİ VE TİCARET A.Ş. in any way or who have opened their resume and related information to the examination of our company
Company Shareholder Real persons acting as the shareholders of SAREMA TURİZM İNŞAAT SANAYİ VE TİCARET A.Ş.
Company Official Board Member and other authorized real persons of SAREMA TURİZM İNŞAAT SANAYİ VE TİCARET A.Ş.
Employees, Shareholders and Authorities of Institutions We are in Cooperation Real persons, including the employees, shareholders and authorities of those institutions that are involved in all kinds of business relations of SAREMA TURİZM İNŞAAT SANAYİ VE TİCARET A.Ş. (including but not limited to, business partner, supplier, transporter)

The table below details the categories of personal data mentioned above and the types of personal data processed by the persons in these categories.

PERSONAL DATA CATEGORIZATION DATA OWNER CATEGORY THAT IS ASSOCIATED WITH RELEVANT PERSONAL DATA
Identity Information Customer, Potential Customer, Group Company Customer, Employee Candidate, Company Shareholder, Company Official, Visitor,Employees, Shareholders and Authorities of Institutions we are in cooperation, Third Party
Communication Information Customer, Potential Customer, Group Company Customer, Employee Candidate, Company Shareholder, Company Official, Visitor,Employees, Shareholders and Authorities of Institutions we are in cooperation, Third Party
Location Data Employees and Company Officials of the Institutions we are in cooperation
Family Members and relative information Group Company Customer, Visitor, Employee Candidate, Third Person, Employees, Shareholders and Authorities of Institutions we are in cooperation
Physical Location Security Information Visitor, Employee Candidate, Company shareholders, Company Officials, Employees, Shareholders and Authorities of Institutions we are in cooperation, Third Person
Financial Information Customer, Potential Customer, Group Company Customer, Employee Candidate, Company Shareholder, Company Official, Visitor,Employees, Shareholders and Authorities of Institutions we are in cooperation, Third Party
Audio / Visual Information Potential Customer, Group Company Customer, Employee Candidate, Company Shareholder, Company Official, Visitor,Employees, Shareholders and Authorities of Institutions we are in cooperation, Third Party
Legal Transaction and Compliance Information Potential Customer, Group Company Customer, Employee Candidate, Company Shareholder, Company Official, Visitor,Employees, Shareholders and Authorities of Institutions we are in cooperation, Third Party
Transaction Security Information Customer, Potential Customer, Company Official, Visitor,Employees, Shareholders and Authorities of Institutions we are in cooperation
Personal Information Employees, Shareholders and Authorities of Institutions we are in cooperation, Employee Candidate, Third Person
Specific Personal Information Customer, Group Company Customer, Employee Candidate, Company Shareholder, Company Official, Visitor,Employees, Shareholders and Authorities of Institutions we are in cooperation, Third Party
Marketing Information Customer, Potential Customer
Customer Information Customer
Demand / Complaint Management Information Group Company Customer, Employee Candidate, Company Shareholder, Company Official, Visitor,Employees, Shareholders and Authorities of Institutions we are in cooperation, Third Party

SECTION 6 –THIRD PERSONS TO WHOM PERSONAL DATA ARE TRANSFERRED BY SAREMA TURİZM İNŞAAT SANAYİ VE TİCARET A.Ş. AND PURPOSES OF TRANSFER

SAREMA TURİZM İNŞAAT SANAYİ VE TİCARET A.Ş. discloses personal data to groups of persons to whom personal data are transferred pursuant to Article 10 of the KVK Law.

SAREMA TURİZM İNŞAAT SANAYİ VE TİCARET A.Ş. may transfer the personal data of policy-managed data owners to the following categories of persons in accordance with Articles 8 and 9 of the KVK Law (see Section 3 / Title 3.5):

(i) To business partners of SAREMA TURİZM İNŞAAT SANAYİ VE TİCARET A.Ş.,

(ii) To suppliers of SAREMA TURİZM İNŞAAT SANAYİ VE TİCARET A.Ş.,

(iii) To Group Companies,

(iv) To shareholders of SAREMA TURİZM İNŞAAT SANAYİ VE TİCARET A.Ş.,

(v) To Company Officials,

(vi) To Legally Authorized Public Institutions and Organizations,

(vii) To Legally Competent Private Law Persons

The scope of the above mentioned persons involved in the transfer and the data transfer purposes are stated below.

Persons to whom data transfer shall be made Description Data Transfer Purpose
Business Partner The parties to whom SAREMA TURİZM İNŞAAT SANAYİ VE TİCARET A.Ş establishes business partnerships for purposes such as sales, promotion and marketing of products and services, after-sales support, execution of joint customer loyalty programs It defines the partnership as limited in order to ensure the fulfillment of the purposes of establishment.
Supplier It defines the parties that provide services to SAREMA TURİZM İNŞAAT SANAYİ VE TİCARET A.Ş on a contractual basis in accordance with the orders and instructions of SAREMA TURİZM İNŞAAT SANAYİ VE TİCARET A.Ş while conducting business activities of the Company. Limited to ensure that SAREMA TURİZM İNŞAAT SANAYİ VE TİCARET A.Ş is provided by the Supplier outsourced and that the Services necessary for the fulfillment of the Company’s business activities are submitted to the Company.
Our shareholders According to the related legislative provisions, our shareholders who are competent to design the strategies of our Company’s commercial activities and the audit activities In accordance with the provisions of the related legislations, limited to the design and strategic purposes of our Company’s commercial activities
Company Officials Board Members of our Company and other authorized persons Limited to design strategies for our company’s business activities, to provide management at the highest level and for audit purposes
Legally Authorized Public Institutions and Organizations Public institutions and organizations authorized to obtain information and documents from our Company according to the provisions of the relevant legislation Limited to the purpose for which it is requested within the legal authority of the relevant public institutions and organizations
Legally Competent Private Law Persons Private legal persons authorized to obtain information and documents from our Company in accordance with the provisions of the relevant legislation Limited to purpose requested by the legal authority of the relevant private law

Transfers carried out by SAREMA TURİZM İNŞAAT SANAYİ VE TİCARET A.Ş. are conducted in accordance with the matters set out in Chapters 2 and 3 of the Policy.

SECTION 7 –PERSONAL DATA PROCESSING ACTIVITIES MADE BY SAREMA TURİZM İNŞAAT SANAYİ VE TİCARET A.Ş. IN THE ENTRIES OF THE BUILDING AND HOTEL AND IN THE BUILDING AND HOTEL, AND WEB SITE VISITORS

7.1. PERSONAL DATA PROCESSING ACTIVITIES CONDUCTED BY SAREMA TURİZM İNŞAAT SANAYİ VE TİCARET A.Ş. IN THE ENTRIES OF THE BUILDING AND HOTEL AND IN THE BUILDING AND HOTEL

In order to ensure safety by our company, our Company monitors personal information in the building and in the hotel with security camera and performs personal data processing to follow guest entrance and exit.

Personal data processing activities have been carried out by our Company through the use of security cameras and recording of guest entries and exits.

The monitoring activity of SAREMA TURİZM İNŞAAT SANAYİ VE TİCARET A.Ş through security camera aims at protection of benefits related to ensure security of the Company and other persons and in this scope our Company acts in accordance with the Constitution, KVK Law and other related legislation.

Image records of our visitors are taken by means of monitoring system by camera in our company building, hotel entrances and store.

Within the scope of monitoring with the security camera, our company aims to increase the quality of the service provided, to ensure its reliability, to ensure the safety of the company, customers and other persons and to protect the interests of the customers in the service.

Our Company acts in accordance with the regulations contained in the KVK Law for carrying out monitoring activities with cameras for security purposes.

The monitoring activity carried out with camera by our Company is conducted in accordance with the Law on Private Security Services and related legislation.

Records recorded and maintained in digital media are only accessible to a limited number of Company employees. Live camera images can be viewed by outside security officers or security officers who serve the area where the hotel is located. A limited number of persons with access to the records declare that they will protect the confidentiality of the data they obtain with the confidentiality commitment.

Technical and administrative measures are taken by our Company to ensure the safety of personal data obtained as a result of the camera surveillance pursuant to Article 12 of the KVK Law.

Apart from recording with the above mentioned camera, and for the purposes outlined in this Policy, our Company conducts personal data processing activities to follow and control guest visits to buildings and stores.

While the names and surnames of the people coming tı Company building and hotel as a guest are obtained or by means of texts which are hosted by the Company or which are presented to the guests in other forms, such personal data holders are clarified in this context. The data obtained in order to perform guest entry-exit follow-up is only processed for this purpose or the related personal data are recorded in the data recording system in the physical environment.

For the safety provided by our Company and for the purposes set out in this Policy, we can provide internet access to our Visitors who request during the period of your stay in our Building and Hotel by our Company. In this case, the log records of your internet accesses are recorded according to the provisions of the Law No. 5651 and the provisions of the legislation regulated by this Law and these records are processed only in order to be requested by authorized public institutions or to fulfill our legal obligations in the audit processes to be performed within the Company.

Only a limited number of employees of the Company have access to the log records obtained in this framework. Company employees who have access to said records have access to these records only for use in the request or audit process from the competent public authority and organization and share it with legally authorized persons. A limited number of persons with access to the records declare that they will protect the confidentiality of the data they obtain with the confidentiality commitment.

7.2. WEB SITE VISITORS

To ensure that visitors to these sites conduct their site visits in a manner that is appropriate for their purposes of visiting, in order to be able to display content that has been customized to them and to engage in online advertising activities; the web site that our company owns is able to record internet movements in the site with the technical means (e.g. cookies).

SECTION 8-  DELETION, ELIMINATION, ANONYMIZATION OF PERSONAL DATA

Although it has been processed in accordance with the provisions of the relevant law, as laid down in Article 138 of the Turkish Criminal Code and Article 7 of the KVK Law, personal data upon shall be deleted, destroyed or brought anonymously upon the request of SAREMA TURİZM İNŞAAT SANAYİ VE TİCARET A.Ş. or on the request of the personal data holder in the event that the reason for the processing of the data is eliminated.

Within this scope, our Company has developed necessary operational mechanisms in this matter by taking necessary technical and administrative measures within the Company in order to fulfill its related obligations; educate the related business units in order to comply with these obligations, and to provide them with their duties and awareness.

ANNEX-1 DEFINITIONS

Explicit consent : Consent to a specific subject, based on information and expressed in free will.
Anonymization: The personal data is to be changed in such a way that it will lose its personal data quality and cannot be recovered.

For ex: Masking, aggregation, data corruption and similar techniques to make personal data that cannot be associated with a real person.

Employee Candidate: Real persons who have been employed by our Company in any way or who have opened their resume and related information to the examination of our company
Employees, Shareholders and Authorities of Institutions We are in Cooperation Real persons, including the employees, shareholders and authorities of those institutions that are involved in all kinds of business relations of our Company (including but not limited to, business partner, supplier, transporter)
Business Partner While conducting the business activities of TÜZEL İNŞAAT SANAYİ VE TİCARET A.Ş., parties to whom we have partnered for purposes such as sales, promotion and marketing of products and services, after-sales support, execution of joint customer loyalty programs
Processing personal data Provided that personal data is completely or partially automatic or is part of any data recording system all kinds of transactions carried out on the data such as obtaining, recording, storing, maintaining, altering, rearranging, disclosing, transferring, taking over, acquiring, classifying or preventing its utilization in non-automatic ways.
Personal Data Owner Real person whose personal data is processed
Personal Data Any information related to the identity of the specific or identifiable real person. Therefore, the processing of information about legal entities is not covered by the Law.
Customer Regardless of whether there is a contractual relationship with our Company, the actual persons who have used or used the products and services offered by our Company
Specific Personal Data Biometric and genetic data are data on specific issues relating to race, ethnicity, political thought, philosophical beliefs, religion, sect or other beliefs, costumes, association or association membership, health, sexual life, criminal conviction and security measures.
Potential Customer Real persons who have been or are interested in using our products and services or who have been assessed in accordance with commercial customs and honesty rules
Company Shareholder Real persons acting as our Company’s shareholder
Company Official Board member of our company and other authorized real persons
Supplier While conducting commercial activities of TÜZEL İNŞAAT SANAYİ VE TİCARET A.Ş., the parties that provide services to ………… on a contractual basis in accordance with the orders and instructions of our Company
Third Person In order to secure the commercial transaction between our Company and the above-mentioned parties or to protect the rights of those concerned and to obtain benefits, third-party real persons associated with these people (For ex. Guarantor, Companion, Family Members and Relatives)
Data Processor A person is a natural or legal person who processes personal data on his behalf based on the authority of the data supervisor. For example, a cloud computing company that holds our company’s data, an interviewer who has signed forms for customers, a call-center company that makes calls in the framework of instructions, etc..
Data Supervisor The person who manages the place where the data is kept systematically (the data recording system), which determines the processing purposes and means of the personal data, is the data supervisor.
Visitor Real persons who have entered our physical campuses for various purposes or visited our internet sites

ANNEX-2: ABBREVIATIONS

KVK Law  : Law No. 6698 on the Protection of Personal Data, dated 24 March 2016, published in the Official Gazette No. 29677 of 7 April 2016.
Constitution: Constitution of Turkish Republic No.2709 dated November 7, 1982  published in the Official Gazette No. 17863 dated November 9, 1982
KVK Council : Personal Data Protection Council
KVK Institution : Personal Data Protection Institution
Policy: Personal Data Protection and Processing Policy of

TÜZEL İNŞAAT SANAYİ VE TİCARET A.Ş. Mamulleri San. Ve Tic. A.Ş

Company : TÜZEL İNŞAAT SANAYİ VE TİCARET A.Ş. Mamulleri San. Ve Tic. A.Ş.
Turkish Penal Code: Turkish Penal Code No. 5237 dated 26 September 2004 published in Official Gazette No.25611 dated October 12, 2004

ANNEX-3 PROCESSING PERSONAL DATA OF EMPLOYEE CANDIDATES AND BUSINESS PARTNERS EMPLOYEES

PERSONAL DATA OWNER COLLECTION AND PROCESSING OF PERSONAL DATA UTILIZATION OF RIGHTS AND APPLICATION
Employee Candidates Personal data gathered during the recruitment process of employees’ candidates and personal data collected according to the nature of the job, personal data are processed by our Company for the purposes set out in the policies of our Company’s human resources policy, recruitment, purposes of this Policy, as well as the personal data of working candidates:

• To evaluate the nature of the candidate, his experience and interest, his suitability to the open position,

If necessary, to check the accuracy of the information transmitted by the candidate, or to contact the third party to conduct research on the candidate,

To communicate with the applicant about the application and recruitment process, or, if appropriate, to communicate with the candidate for any position subsequently opened in the country or abroad,

To meet the requirements of the relevant legislation or the demands of the competent institution or body,

To develop and improve the recruitment principles that our company implements.

The personal data of working candidates can be collected by the following methods and means:

Digital application form published in written or electronic media;

Resumes of applicants to our company by e-mail, cargo, reference and similar methods,

Employment or consulting companies;

• When interviewing with face-to-face means such as video conferencing, telephone, etc.,

• The inspections carried out by our company and the checks made to confirm the accuracy of the information communicated by the candidate,

• Recruitment tests conducted by experienced individuals who determine the talent and personality characteristics of the results.

Employee candidates are also able to submit to our Company their requests related to rights arising from their data ownership, using the method described in Section 2.2. of this Policy.  
Employees of Business Partners Within the scope of fulfilling the business activities established with our business partners, our Company shall provide the personal data related to the employees of the business partners with the purpose stated in this Policy and in accordance with the Company’s Human Resources policy and shall process within the scope of other purposes stated in the Policy, especially for the purpose of promoting the commercial and legal safety of our company and the persons we are in cooperation. Employees of the Business Partners shall notify the Company of the rights and obligations arising from their data ownership using the method described in Section 2.2 of this Policy.

Midtown Hotel Istanbul has more than 4.5 stars rating on Trip Advisor thanks to our guests. Please click to see us on www.tripadvisor.com web site.

Midtown Hotel Istanbul was awarded a LOVED BY GUESTS award by hotels.com of Expedia in 2021 for its outstanding customer service quality. Please click expedia.com to see our award on their website.

Midtown Hotel Istanbul has more than 8.9 rating on Booking.com thanks to our guests. Please click to see us on www.booking.com web site..

Midtown Hotel Istanbul has 4.7 rating on Google thanks to our guests. Please click to see us on www.google.com web site..

E-posta Listemize Katılın Şehrin Merkezindeki Etkinliklerden Haber Alın

Join Our Mailing List, Be Close to Istanbul’s Rich Life; Cultural Events, Congresses, Exhibitions & Many More..