This website uses cookies and similar technologies to enhance your experience. By continuing to browse, you agree to our use of these technologies.
Book Now

GDPR

ASSOS TROY BEACH HOTEL PERSONAL DATA PROCESSING AND PROTECTION POLICIES

SECTION 1

PERSONAL DATA PROCESSING MATTERS

Introduction

As Ertan Erhan Solmaz Gıda İnşaat Turizm Sanayi Ticaret Ve Ltd Şti (Assos Troy Beach Hotel) (the "Company"), we attach utmost importance to the lawful processing and protection of personal data in accordance with the Personal Data Protection Law No. 6698 ("Law"). We act with this awareness in all our planning and activities. With this in mind, we present this Personal Data Processing and Protection Policy (the "Policy") to inform you about the measures we take and to fulfill our obligation to provide information under Article 10 of the Law.

Purpose

The primary purpose of this Policy is to explain the systems related to the lawful processing and protection of personal data. This Policy aims to inform Company Stakeholders, Company Officials, Business Partners, Employee Candidates, Visitors, Company and Group Company Customers, Potential Customers, and Third Parties whose personal data is processed by our Company. By doing so, we aim to ensure full compliance with the Law and to safeguard the rights of personal data owners.

Scope

This Policy applies to Company Stakeholders, Company Officials, Business Partners, Employee Candidates, Visitors, Customers, Potential Customers, and Third Parties whose personal data is processed by our Company, whether through automatic means or as part of a data recording system. This Policy does not apply to legal entities or data belonging to legal entities.

Our Company publishes this Policy on its website to inform Personal Data Owners about the Law. For employees, the Employee Personal Data Processing Policy applies. If the processed data does not fall within the scope of "Personal Data" as defined in this Policy or if data processing activities are conducted outside the specified means, this Policy shall not apply.

PROCESSING OF PERSONAL DATA IN ACCORDANCE WITH LEGAL PRINCIPLES

Assos Troy Beach Hotel processes personal data only in accordance with the procedures and principles set forth in the Law and other relevant regulations. The Company adheres to the following principles when processing personal data:

Processing in Accordance with the Law and Fairness

The Company complies with legal principles and good faith while processing personal data. Personal data is processed in a manner proportional to the intended purpose and is not used beyond its necessity.

Accuracy and Up-to-Date Processing

The Company ensures the accuracy and currency of personal data and takes necessary measures to maintain this accuracy.

Processing for Specific, Clear, and Legitimate Purposes

The Company processes personal data for specific and legitimate purposes in connection with the services provided. The purpose of data processing is determined before processing begins.

Processing Limited to the Purpose and in a Proportional Manner

Personal data is processed only to the extent necessary to achieve the determined objectives and is not processed beyond its intended use.

Retention for the Necessary Duration

Personal data is retained only for the duration specified in relevant regulations or as required to fulfill the intended purpose. Once the purpose is achieved, the data is deleted, destroyed, or anonymized.

CONDITIONS FOR PROCESSING PERSONAL DATA

Personal data can only be processed with the explicit consent of the data subject. However, explicit consent is not the only legal basis for processing personal data. In the absence of explicit consent, the Company may process personal data under the following conditions:

Explicit consent: The data subject gives specific, informed, and voluntary consent.

Legal requirement: The processing is explicitly provided for by law.

Vital interests: If the data subject cannot provide consent due to physical incapacity, but data processing is necessary to protect the life or physical integrity of the individual or another person.

Contractual necessity: If processing is necessary for the establishment or performance of a contract with the data subject.

Legal obligations: If processing is required for the Company to fulfill its legal obligations.

Publicized data: If the data subject has made their data publicly available.

Legal claims: If processing is necessary to establish, exercise, or protect a legal right.

Legitimate interest: If processing is necessary for the legitimate interests of the Company, provided that it does not harm the fundamental rights and freedoms of the data subject.

Under these conditions, our Company processes personal data for purposes such as:

Conducting business operations and ensuring continuity,

Managing financial and accounting processes,

Providing customer support and complaint resolution,

Marketing and sales operations,

Ensuring corporate communication and legal compliance,

Organizing training and human resources processes.

DATA TRANSFER AND STORAGE

Domestic and International Data Transfer

The Company may transfer personal data to third parties, including business partners, suppliers, legally authorized public institutions, and private persons, as required by its commercial activities and in compliance with the Law.

For international transfers, the Company ensures that:

The recipient country is designated by the Personal Data Protection Board as providing adequate protection, or

The recipient guarantees adequate protection in writing, and the Personal Data Protection Board grants permission for the transfer.

Personal Data Storage and Protection

The Company takes necessary technical and administrative measures to ensure the security of personal data. Data security measures include:

Implementing technological security systems,

Restricting access to authorized personnel,

Using firewalls and antivirus programs,

Conducting regular security audits and assessments.

RIGHTS OF DATA SUBJECTS

Under Article 11 of the Law, data subjects have the right to:

Learn whether their personal data has been processed,

Request information about their processed personal data,

Learn the purpose of processing and whether their data is used in line with this purpose,

Know the third parties to whom their data has been transferred,

Request correction of inaccurate or incomplete data,

Request deletion or anonymization of personal data if the legal basis for processing is no longer valid,

Object to decisions based solely on automated processing,

Seek compensation for damages in case of unlawful data processing.

Data subjects may submit requests regarding these rights in writing or via other methods approved by the Personal Data Protection Board.

FINAL PROVISIONS

This Policy was adopted on May 1, 2022, and has been published on the Company’s website. It is available upon request to all relevant individuals.

All Company personnel and the Data Controller must sign and acknowledge this Policy. The provisions of this Policy replace all prior personal data protection policies and their annexes.

For further information or to exercise your rights, you may contact:

Address: Assos Kadırga Koyu No:15 17862 Behram/Ayvacık/Çanakkale, Turkey

Email: [email protected]

This document has been translated from Turkish into English for informational purposes. The original Turkish text shall prevail in case of any discrepancies.