Protection and processing of personal data

Personal data owned by our customers within scope of company's business and operations are generally as follows:

• Name, surname, TR identity number/VAT number and age, photo etc. identity data found on birth certificate, passport and similar identity certificates,
• Signature, identity, contact and legal transaction data found on various documents such as agreements and completed forms,
• Contact data such as address, residence address, e-mail address, phone and fax numbers, cell phone number,
• Financial data such as bank account details, invoice details, credit card details, payment records, debt and receivable breakdowns,
• Transaction data such as preferences, likes, comments about our services (e.g. smoking etc.),
• Physical location security data such as enterprise entrance - exit records (license plate details, audio and video recorded by security cameras),
• Information about whether you have been abroad in the last 14 (fourteen) days,
• Information including whether you have been in contact with a person who is diagnosed with Covid-19 within the last 14 (fourteen) days, whether you have visited a hospital where a person who is diagnosed with Covid-19 was present, health information about whether you have experienced fever, shortness of breath, frequent coughing (health information),
• IP Address, website sign-on, sign-out and navigation details,
• Your temperature measurement result (health information).

The Company collects the data directly from you as a general rule. In many cases where your collected personal data is transferred and/or kept by a third party, action is taken by ensuring that you provide consent before receiving such information from third parties.

We can collect data about you without requiring your information or consent in cases either allowed or required by the concerning laws or legislations.
 

Your personal data collected by our Company are particularly used and shared for the purposes of rendering service including establishing, managing and terminating the service relationship with you.
Your personal data is collected, kept and used particularly for the following purposes and in order to inspect and execute such processes;

• Fulfillment of the obligations arising from the service agreement and legal/administrative obligations,
• Ensuring health and security of our hotel and customers,
• Fulfillment of our legal and contractual obligations towards our customers, performance of the agreements,
• Tracking of finance and accounting procedures,
• Customer relations management and ensuring customer satisfaction and fulfillment of the obligations arising within this scope,
• Tracking of customer complaints,
• Customization of the products and services offered by the company depending on the like, utilization habits and necessities of the related parties and planning and execution of the activities required for offering and introducing such to the related parties,
• Carrying out required works for realization of the commercial activities of the company and execution of the related business processes,
• Carrying out required works related business processes for offering products and services provided by the company,
• Planning and executing the activities required for offering and introducing the products and services offered by the company through customization,
• Planning and management of transfer processes,
• Carrying out required business and operational processes for offering products and services provided by the company,
• Ensuring security of building and plant campuses and/or facilities,
• Performing the room change (into the isolation room) operation when necessary in order to protecte the health of the data subject himself/herself, other visitors and personnel within the hotel,
• Creation and follow-up of visitor logs,
• Ensuring security of fixtures and/or utilities,
• Ensuring technical and commercial occupational safety,
• Ensuring security of corporate operations,
• Official invitation cards to government organizations and institutions,
• Planning information security processes, creation and management of its infrastructure,
• Provision of information to public officers regarding public safety and public health,

Our Company saves, keeps your personal data which it has collected by observing the general principles set forth in Article 4 of the Law in accordance with legit purposes and in relation to the purpose, updates such in order to perform the obligations arising from the legislation, and processes such for the purpose of performing the legislative obligations or establishing and maintaining the service relationship whenever necessary or in order to fulfill the obligations stipulated to the Company by the laws or to establish a right in favor of the customers. Along with that, solely to be limited with the purposes of processing indicated in this Privacy Shield Notice, we can transfer such to official and administrative institutions, and to audit companies within scope of audits, to respective service providers, intermediaries and suppliers for the purposes of provision of e-invoice, e-archive, storage, information technologies and computing systems services as required by execution of legal and contractual performances and undertakings we have assumed towards you, to financial, legal, customs and other professional consultants whenever required, to transport, accommodation, domestic and foreign organization companies, representatives and agencies. Within this scope, all technical and legal measures will be taken and privacy commitment and guarantee will be received from the recipients in order to prevent violation of rights which may occur during transfer of data to third parties.

Not being limited to the aforesaid, personal data may be exchanged with courts and other government institutions within scope of and as required by the legal obligations.   

Sensitive personal data we collect from our distinguished Customers and Visitors are collected and kept by being limited to the following purposes:

• Protection of public health,
• Ensuring wellbeing of you, our employees and the third parties present at the workplace during your visits and stays,
• Ensuring physical security and online transaction security of you and our enterprises,
• Such is processed for the purpose of ensuring performance of company's operations in accordance with the required legislation and for ensuring compliance to product safety and health; and for safeguarding legit interests of the Company provided that your fundamental rights and freedoms are not violated.  

Personal data pertaining to our customers is processed automatically in the physical and electronic environments as a part of written or verbal data transfer means and data recording system by being acquired directly from the person or through third parties on legal grounds of "processing of the personal data of the parties to the agreement is required, provided that it is directly related to acting or executing an agreement", "data processing being mandatory for the data controller to fulfill his/her legal obligation", "was made public by the relevant person himself/herself", "being mandatory for establishing, exercising or protecting a right", "data processing is mandatory for the legit benefits of the data controller, provided that it does not harm the basic rights and freedoms of the relevant person" set forth in article 5 of the Law and by taking the provisions of Identity Notification Code (in Turkish, "Kimlik Bildirme Kanunu") numbered 1774 as basis.

Personal data pertaining to our visitors is processed automatically by relying on legal grounds of "being mandatory for the data controller to fulfill his/her legal obligation" and "being mandatory for the legit benefits of the data controller, provided that it does not harm the basic rights and freedoms of the relevant person" set forth in article 5 of the Law through recording of images by security cameras located at entrance doors within our service building, building facade, meeting rooms and activity venues, dining areas, cafeteria, lobby, car park, elevators and floor aisles service area.

Personal data pertaining to our online Visitors is processed automatically by relying on legal grounds of "data processing is mandatory for the legit benefits of the data controller, provided that it does not harm the basic rights and freedoms of the relevant person" and "Mandatory for the data controller to fulfill his/her legal obligation" set forth in article 5 of the Law and by taking basis the provisions of Law on Regulation of Publications on the Internet and Suppression of Crimes Committed by Means of Such Publications (in Turkish, “İnternet Ortamında Yapılan Yayınların Düzenlenmesi ve Bu Yayınlar Yoluyla İşlenen Suçlarla Mücadele Edilmesi Hakkında Kanun”) numbered 5651.
 

We would like to note that you have the following rights pursuant to article 11 of the Law as the data subject:

• To learn whether personal data was processed; to request information if personal data was processed,
• To learn the purpose of processing and whether such used in accordance with the purpose,
• To know the third persons to whom such was transferred at home or abroad,
• To require correction of such if processed incomplete/inaccurate,
• To request deletion, destruction of such pursuant to the required conditions,
• To request notification to the third persons to whom the personal data is transferred of the processes conducted pursuant to the aforementioned rights of correction, deletion and destruction,
• To object to any consequence against it through analysis of your processed personal data exclusively by automatic methods,
• To claim compensation of the loss in case of incurring loss due to illegal processing of the personal data.

You may submit your requests concerning whether your aforementioned rights or Privacy Shield Notice and for any question in this context within scope of the Law using either of the following free-of-charge:

• Submitting such to the address of CVK Park Hotel Gümüşsuyu Mah. İnönü Cad. No. 8 Beyoğlu Istanbul affixed with wet signature and together with the copy of a valid identity certificate,
• By making application in person with a valid identity certificate,
• By making submission to registered electronic mail (KEP) address or to our KEP address of cvkmineral@hs01.kep.tr through use of electronic signature,
• By sending e-mail to our address of kvkk@cvkhotelsandresorts.com from your e-mail address notified to our party previously by the Respective Person and registered in our system.

You shall indicate the following clearly in your applications;

• Name, surname and, if the application is written, your signature
• TR identity number if the applicant is a citizen of Republic of Turkey, and nationality particulars and passport number or foreigner identity number, if any,
• Residence or business address for notification,
• Electronic mail address, phone and/fax number for notification and
• Requests that are the subject of application

Your request will be replied and finalized as soon as possible and in any case within maximum thirty (30) days, depending on its nature. The part which only relates to you will be answered in your applications and no application made for your spouse, relative or friend will be accepted.
The duty of inspecting operation and compliance of Privacy Shield Notice is assumed by CVK Board of Protection of Personal Data.

You can review the following documents which are made accessible for in-house use whenever necessary:

• Our Personal Data Processing and Protection Policy,
• Our Personal Data Storage and Destruction Policy
• Company Service Standard certificates issued on Customer Relationships and Visit Policies.

Data Controller
CVK Mineral Madencilik Nakl. İnş. Taah. ve San. Tic. A.Ş.
 
Mersis No            : 0216047721400015
Address                : CVK Park Hotel Gümüşsuyu Mah. İnönü Cad. No.8 Beyoğlu Istanbul
Phone                   : (+90) 212 377 88 88
Kep Address        : cvkmineral@hs01.kep.tr
E-mail                   : kvkk@cvkhotelsandresorts.com