1. Scope and Purpose
This Policy has been prepared in accordance with the Law No. 6698 on the Protection of Personal Data (KVKK) and the KVKK Policy Book. Its purpose is to regulate the processing of personal data obtained directly or arising from legal, commercial, or financial relations established between ŞAHİNLER OTELCİLİK and its personnel, as well as natural or legal persons with whom it communicates and interacts, and to determine the conditions to be complied with, declare, and announce them.
2. Obligation to Inform
In accordance with the Law No. 6698 on the Protection of Personal Data (KVKK), which entered into force on 07.04.2016, ŞAHİNLER OTELCİLİK is legally required to regulate the processing of personal data belonging to its employees and natural or legal persons with whom it communicates and interacts, due to the obligations imposed by the legislation.
ŞAHİNLER OTELCİLİK pays the utmost attention and care to the principles of personal data security and confidentiality of its employees and related persons. During the provision of services, the protection of personal data is prioritized.
According to the law mentioned above, all personal data that can be associated with a real person (including special categories of personal data) are considered personal data within the scope of KVKK. Such data are processed by ŞAHİNLER OTELCİLİK as the Data Controller using the methods detailed below and within the limits prescribed by legislation.
The term “Processing of Personal Data” refers to all operations performed on data, whether fully or partially automatic, or by non-automatic means provided that it is part of a data recording system, such as obtaining, recording, storing, preserving, modifying, reorganizing, disclosing, transferring, taking over, making available, classifying, or preventing its use.
3. General Principles
In the processing of personal data, ŞAHİNLER OTELCİLİK acts in accordance with the following principles:
Lawfulness and fairness: All data are processed in compliance with the law and in good faith.
Accuracy and up-to-dateness: Efforts are made to ensure that data are accurate and kept up-to-date.
Specific, explicit, and legitimate purposes: Data are processed for clear and lawful purposes.
Data minimization: Data are processed only to the extent necessary and relevant to the purpose.
Storage limitation: Data are retained only for the period stipulated by law or necessary for the purpose of processing.
4. Rights of Data Subjects
In accordance with Article 11 of the Law No. 6698, data subjects have the following rights:
To learn whether their personal data are being processed,
To request information regarding their personal data if processed,
To learn the purpose of processing and whether such data are used in line with the purpose,
To know the third parties to whom data are transferred domestically or abroad,
To request correction if data are incomplete or inaccurate,
To request deletion or destruction of personal data within the framework of the conditions set forth in the Law,
To request notification of third parties to whom the data have been transferred regarding corrections or deletions,
To object to the occurrence of a result against them due to the analysis of personal data exclusively through automated systems,
To claim compensation if they suffer damage due to unlawful processing of personal data.
5. Data Security
ŞAHİNLER OTELCİLİK takes all necessary technical and administrative measures to ensure an appropriate level of security for preventing unlawful processing of personal data, preventing unlawful access to personal data, and ensuring the preservation of personal data.
These measures include, but are not limited to:
Technical infrastructure ensuring data security,
Restriction of access to personal data only to authorized personnel,
Regular audits and risk assessments,
Employee training on data protection and confidentiality,
Compliance with relevant national and international standards.
6. Retention and Destruction of Data
Personal data are retained for the period stipulated in the relevant legislation or as long as necessary for the purposes for which they are processed. When this period expires, data are deleted, destroyed, or anonymized in accordance with the “Regulation on the Deletion, Destruction, or Anonymization of Personal Data.”
7. Contact and Applications
In accordance with Article 13 of Law No. 6698, data subjects may submit their requests regarding their rights to:
[Insert Company Contact Information / Application Address]
Applications will be finalized free of charge as soon as possible and within 30 days at the latest, depending on the nature of the request. However, if the process requires an additional cost, a fee may be charged according to the tariff determined by the Personal Data Protection Board."