INFORMATION on the processing of personal data

Bilintur Bilkent Turizm İnşaat Yatırım ve Ticaret Anonim Şirketi (hereinafter referred to as our “Company” or “we”), as a data controller, will use your personal data in a manner consistent with the applicable laws and regulations, and we will take all necessary precautions to ensure that your personal data is processed in accordance with the applicable law and to protect the privacy of your data. To that end, we’ve drafted this “information” to lay out in as much detail as possible how and why we collect, process, and share your personal data, as well as the legal grounds for doing so and the specific rights you have in this context.

 

Our Company hereby appoints Mr.Reşat Ulaş as its “Data Protection Officer” under the GDPR.

 

1. General Information on the Law and the GDPR

 

The Personal Data Protection Act (Kişisel Verilerin Korunması Kanunu) (the “Act”) was passed on March 25, 2016, and promulgated in the Official Gazette Issue No. 29677 on April 7, 2016. The goal of the Act is to establish the obligations of natural persons or legal entities processing personal data and the principles and procedures that they are required to follow in order to ensure the proper protection of individuals’ fundamental rights and freedoms, especially with regard to privacy. 

 

The General Data Protection Regulation (the GDPR) is a piece of EU legislation with the stated goal of safeguarding the personal data of the individuals located in the EU and the EEA. The GDPR entered into force 20 days after its publication in the Official Journal of the European Union on May 24, 2016, and became effective on May 25, 2018.

 

1. Scope of the Disclosure

 

This document is intended to inform our current and prospective guests, business partners and suppliers, as well as anyone else who visits our website or shares their personal data with our Company.

 

1. Why are we processing your personal data, and on what legal grounds?

 

If you choose not to share the personal data that are mentioned below, with the exception of the personal data whose processing is contingent upon your explicit consent, Our Company will not be able to properly perform its obligations towards its guests, nor will it be able to properly provide information or assistance to its prospective clients.

 

In cases where the data subject is a minor and the data subject’s consent is required for the processing of specific pieces of personal data, the data subject’s legal guardian must give that consent.

 

1. Preserving Relationships with our Business Partners and Suppliers: We process the information provided in the certificate of authorized signatories belonging to each of our business partners and suppliers, including not limited to, their names and surnames, e-mail addresses, phone numbers, addresses, Turkish ID numbers, birthdates and birthplaces, to duly enter into agreements, and check the authority of their representatives signing agreements with us. To that end, the personal data of the parties to an agreement can be processed on the legal basis that it is necessary for the conclusion or performance of the agreement.

 

1. Sales and Marketing: After duly obtaining the necessary authorizations under the Act Regulating E-Commerce (Elektronik Ticaretin Düzenlenmesi Hakkında Kanun), we may process personal data, such as name and surname, e-mail address, phone number, address, voice records taken by the call center and poll results for measuring traffic for advertisements, campaigns, sales and marketing activities, making statistical analyses, analyzing our client portfolio, performing segmentation and profiling studies, measuring and improving guest satisfaction, collecting opinions and suggestions on new products or services, providing you with targeted advertising, benefits and advantages regarding our services , including but not limited to those related to catering, dining, event, meeting, pool and spa. We process the aforementioned categories of personal data on the grounds that we require such processing in order to comply with our legal obligations regarding explicit consent and mandatory cookies.

 

 

 

When you use our website or mobile app, we may collect and store information using cookies or similar technologies for the purpose of processing the aforementioned categories of personal data. The settings that apply to cookies can be checked and changed to reflect your preferences. Please refer to our Cookies Policy on our Company website for further details.  (https://www.bilkentotel.com.tr)

 

1. Handling of Complaints; Call Center Services: For handling complaints, receiving and responding to your questions, correctly addressing the caller, providing information and consultancy support services, providing information or responses to you regarding your complaints or requests, or producing as evidence in any dispute that may arise in the future, we may process your name and surname, e-mail address, phone number, address, and your voice record taken by our Call Center, provided that such processing does not prejudice your fundamental rights and freedoms. The necessity of this processing is to protect our legitimate interests.

 

1. Management of Reservations and Guest Relations: We may process your personal data, including your name and surname, e-mail address, phone number, address details, bank account number and Turkish ID number for processing your reservations or taking any other action in connection with your stay, providing various services such as catering, dining, events, meetings, pool and spa use, taking your orders, receiving your payments, keeping the relevant records, issuing relevant documentation, sending you products outsourcing the relevant logistics services (for fulfilling your food delivery orders, or for sending you cards or daily planners etc.), or offering you competitive quotes regarding any product or service. The legal basis for processing of these personal data is entering into and carrying out the terms of the agreement.We may also collect your credit card details (number, valid through date and CVV) when you check in to our hotel, so that we may secure the collection of the charges related the products and services that are required to be paid for separately when checking out, such as minibar, food and beverage, pool and spa uses, provided that you give your explicit consent to such processing. When you give your explicit consent to the processing of your credit card details, we destroy these details once you have completed the checkout procedure and make the relevant payments. We don’t store credit card details or transfer the same to any third party for any purpose. If you do not wish to provide your explicit consent for the processing of the details of your credit card, you will be given two options: either you may deposit to our Company a certain amount that will be determined by our Company until your checkout, or you may have the minibar in your room emptied, and pay in cash for any service or product that you would like to purchase during your stay.

 

1. Ensuring Safety: We collect audio and visual data by utilizing audio and video tracking and recording devices at the entrance and corridors of the hotel, the office areas, the terrace and the recreational areas, the spa and the pool for the purpose of ensuring the safety within the Company, preventing any accident, offense, or crime, or reporting the same actions to the police upon the occurrence of such actions, provided that such collection of data does not violate your fundamental rights and freedoms. The processing of such data is required in order to safeguard our legitimate interests, which provides the legal justification for this processing.

 

1. Compliance with our Duties under the Identity Disclosure Act (Kimlik Bildirme Kanunu): We collect your personal data, including your name and surname, Turkish ID number, birthdate, and birthplace, when we take your reservation. This is done so that we can transfer this data to the Police Department, as is required by the Identity Disclosure Act.

 

1. Processing employee data: Please see the personnel information letter at bilkentotel.com.tr.

 

1. Information on any individual or entity to whom we may transfer your personal data

 

We reserve the right to disclose any personal data that we may have collected about you to any of the following individuals or entities for purposes in addition to those described above, in accordance with Articles 8 and 9 of the Act, or Chapter V of the GDPR:

 

1. Bilkent Holding A.Ş. or any direct or indirect subsidiary of this Holding, given that our Company is a subsidiary of the Holding, and as such, it is subject to certain audits that are carried out by the Holding, and it also receives certain services from the Holding;
2. Any person or entity to whom we are required to transfer your personal data under the Tax Procedure Code, the Law on the Supreme Court of Public Accounts, the Law for Preventing the Laundering of Proceeds of Crime, the Law for Preventing Money Laundering, the Turkish Commercial Code, the Turkish Code of Obligations, the Identity Disclosure Act and other applicable laws and regulations;

 

1. Any governmental or judicial authority authorized under the applicable laws and regulations to require us to provide your personal data, including but not limited to the Ministry of Interior or the General Directorate of Police or any governor’s office, police office, or public prosecutor’s office;

 

1. Any internal auditor, or independent auditor or audit firm, given that our Client is required to be audited under the Turkish Commercial Code No. 6102;

 

1. Any individual or entity from who we receive services regarding product/service comparisons, analyses, assessments, advertisements, or for the purposes given above, any company or business with whom we collaborate regarding certain campaigns, or any service provide that we may use for sending out messages to our customers.

 

1. How do we collect your personal data?

 

We may collect your personal data in any verbal, written or electronic form through our website, our sales and marketing personnel, our personnel taking your reservations, any questionnaire that you may fill in while visiting our premises, any digital marketing activity, any agreement, application, question form or proposal that you may enter into with, or provide to, us, or any cookie that we may use to identify you when you visit our website.

 

If Articles 5 and 6 of the Act or Articles 6 through 9 of the GDPR require your explicit consent to the processing of your personal data, then such consent will be the legal basis upon which such processing will occur. In any other case, we reserve the right to process your personal data for any of the other legitimate grounds listed in Articles 5 and 6 of the Act as well as Articles 6 through 9 of the GDPR (as explained in Section 3 above).

 

1. Data Subject’s Rights under the Act and the GDPR

 

You have the right to exercise any of your rights as a data subject by submitting an application with us using any of the methods that are outlined below. Our Company will conclude the process regarding your application as soon as possible, but in any event within 30 days. If the response is less than ten pages long, we will provide it free of charge. After the first ten pages, there will be a charge of TRY 1 for each additional page. If you request that we respond to you on a portable storage device like a CD or flash drive, we will charge you only for the cost of that device.

 

Accordingly, every data subject is entitled to

 

1. The right to be informed on whether or not their personal data has been processed;
2. The right to receive information about the processing of their personal data, if their data has been processed;
3. The right to learn the purposes of data processing and whether their personal data has been processed solely for these purposes;
4. The right to obtain information on any domestic or foreign third party to whom their personal information has been transferred;
5. The right to have their personal data rectified, if their personal data has been processed incompletely or inaccurately; the right to ask for the update of any personal data no longer up to date; and the right to have such rectification or update to any third party to whom their personal data has been transferred;
6. The right to have their personal data erased or destroyed, in the event that it has been previously processed in accordance with the provisions of the Act, the GDPR or any other applicable law or regulation, but it is no longer necessary to be processed for that purpose; and the right to have such erasure or destruction notified to any third party to whom their personal data has been transferred;
7. The right to object to any negative outcome obtained when their personal data is analyzed solely by automated systems;
8. The right to file an objection if their data is being processed in a way that goes against Act or the GDPR, and to seek compensation for any damage that results from that processing;
9. The right to withdraw any consent that they may have given regarding the processing of their personal data;
10. The right to file a complaint with the Personal Data Protection Authority or the European Data Protection Board in the event that their data is processed in a manner violating the Act or the GDPR.

 

Every data subject whose personal data is being processed under the GDPR is further entitled to the right to “restriction of processing” under Article 18 of the GDPR. In the event that a data subject has applied for the rectification or update of their personal data, or the erasure of their personal data which has been processed unlawfully, or the erasure of their personal data given that it is no longer required to be processed, then the data subject may demand the restriction of processing of their personal data pending the outcome of such application.

 

If you would like to exercise any of your rights listed above, you may submit your application to us in Turkish in printed form, or by sending an e-mail to use using your officially registered electronic e-mail address, secure electronic signature, mobile signature or other e-mail address previously given to our Company and entered to our systems.

 

If you would like to exercise any of the aforementioned rights, you can do so by submitting a written application to us, or by sending us an email from the official electronic e-mail address, secure electronic signature, mobile signature, or other e-mail address you have previously provided to our Company and entered into our systems in accordance with Article 1, Paragraph 1 of the Act and the Communique on the Principles and Procedures Governing Applications filed with Data Controllers dated March 10, 2018 (Veri Sorumlusuna Başvuru Usul ve Esasları Hakkında Tebliğ).

 

Any data subject who submits such an application will only receive information pertaining to that data subject from us; we are unable to provide information pertaining to other family members or third parties. Before responding, our Company reserves the right to verify your identity.

 

Your application needs to contain:

 

1. Your name and surname, and if your application is made in printed form, your signature;
2. Your Turkish ID Number if you are a citizen of the Republic of Turkey; or your nationality, passport number or identity number, if you are a foreign citizen;
3. Your residence or office address for notification purposes;
4. Your e-mail address, phone number and fax number, if any, for notification purposes;
5. The purpose of your application together with any supporting information or documentation.

 

If you would like to file your application in printed form, you may deliver your application, together with the relevant documentation, to our Company’s data representative by contacting them at info@bilkentotel.com.tr. You may file your application electronically by filling in the Data Subject Application Form available at www.bilkentotel.com.tr. If you would like to use your secure e-mail address when filing your application, you may send your application to our secure e-mail address, which is bilintur@bilintur.hs03.kep.tr.

 

The address, e-mail address and secure address may be used to contact our Data Protection Officer.

 

Depending on the purpose of your application, you must provide complete and accurate information or documentation that allows your identity to be verified. Your application will not be able to undergo a thorough review by our Company if you do not duly provide all of the necessary information and documentation. In the event that this occurs, our Company reserves any and all legal rights that are afforded to it by the relevant laws and regulations. Therefore, depending on the nature of your application, you must send us the appropriate information and documentation in their entirety.

 

 

 

 

 

 

If diagnosed with COVID-19 and determined not to require hospitalization based on the examination conducted by the relevant medical institution, I agree to remain in my room with my family or any other person with whom I am sharing my room, and not to leave it.

Name and Surname:

Room Number:

Signature:

 

This procedure is followed in accordance with the requirements of the Secure Tourism Certificate issued by the Ministry of Culture and Tourism of the Republic of Turkey, as set forth in Article 3 on Emergency and Isolation in the regulation of February 8, 2022 for Covid-19 and Hygiene Measures to be taken by Accommodation Facilities Throughout the Pandemic.

Bilintur A.Ş.’s General Disclosure Statement on the PDPL