GDPR Clarification Text

PERSONAL DATA PROTECTION AND PRIVACY POLICY

Website Confidentiality Agreement

The way to use and protect the information we obtain about you and the services you request while you are visiting this website and benefiting from the services we offer through this website are subject to the terms specified in this “Privacy Policy”. By visiting this website and requesting to benefit from the services we offer through this website, you hereby agree to the terms specified in this “Privacy Policy”.

I.Purpose of personal data protection and processing policy

Due to the sensitivity of the work we have been dealing with as Ramada By Wyndham Istanbul Taksim Hotel (Erseven Turizm İşletmeleri Ticaret A.Ş.), data from our customers or prospective customers have been kept confidential and have never been shared with third parties. Protection of personal data is the core policy of our company. Before any legal regulation had been imposed, our company and our affiliates put great emphasis on the confidentiality of personal data and adopted this as a working principle and gave their employees working instructions in line with this principle. As “Erseven Turizm İşletmeleri Ticaret A.Ş.”, we undertake to comply with all the responsibilities imposed by the Law on Protection of Personal Data. The principles of our companies regarding the protection of personal data are also valid for our affiliates.

II. Scope and change of personal data protection and processing policy

This Policy, created by our company, has been provided in accordance with the Law on Protection of Personal Data No. 6698 (“LPPD”). The law has gone in effect with all its provisions as of today. The data obtained from you with your consent or in accordance with other laws listed in the Law will be used to improve the quality of the services we provide, to enhance our quality policy and the services provided to you. Some of the data we keep are de-personalized and anonymized. These data are used for statistical purposes and are not subject to Law enforcement and our Policy. “Personal Data Protection and Processing Policy” of “Ramada By Wyndham Istanbul Taksim” aims to protect the data that are automatically obtained from our customers, prospective customers, employees as well as customers and employees of companies working in partnership with us or other persons, and includes regulations regarding these. Our company has the right to change our policy and Regulation – provided that it is in compliance with the Law and personal data have better protection.

III. Basic rules regarding the processing of personal data

a) Compliance with the law and good faith: “Ramada By Wyndham Istanbul Taksim” questions the source of the data it collects or received from other companies and puts great emphasis on obtaining them in accordance with the law and good faith. Within this framework, it warns and notifies third parties (agencies and other intermediaries) that sell the services provided by “Ramada By Wyndham Istanbul Taksim Hotel” such that they are to protect personal data.

b) Being accurate and up-to-date where necessary: ”Ramada By Wyndham Istanbul Taksim Hotel” puts great emphasis on ensuring that all data kept within the organization are accurate, they do not contain false information, and finally they will be updated if there is a change in personal data and this change is communicated to the organization itself.

c) Processing with specified, explicit and legitimate purposes: “Ramada By Wyndham Istanbul Taksim Hotel” processes the data in the extent that is limited to the services and purposes for which consent of the persons are taken during the services. It does not process, use and make available the data for purposes other than business purposes.

d) Being relevant, limited and proportionate to the purposes for which they are processed: “Ramada By Wyndham Istanbul Taksim Hotel” uses the data only for the purpose for which it is processed and to the extent required by the service.

e) Preservation of the data for the period stipulated in the relevant legislation or required for the purpose for which they are processed: “Ramada By Wyndham Istanbul Taksim Hotel” keeps the contractual data as long as it is required by the commercial and taxation law as well as the periods of dispute specified in the relevant law. Nevertheless, when these purposes cease to exist, it erases or anonymizes the data.

It should be stressed that these principles listed above are still applicable whether “Ramada By Wyndham Istanbul Taksim Hotel” has collected or processed data either with consent or in accordance with the law.

Maximum Savings Principle/ Scrimping Principle

According to this principle, which is called maximum savings principle or scrimping principle, the data received by “Ramada By Wyndham Istanbul Taksim Hotel” are processed into the system as required. Therefore, which data we shall collect is determined according to the purpose. Unnecessary data shall not be collected. Other data submitted to our company are transferred to the company information systems in the same way. Extra information is not saved in our system, they are either erased or anonymized. These data can be used for statistical purposes. Health data, which are a form of sensitive personal data, are stored in the system with utmost care only in order to provide better service to customers and to protect their health.

Deletion of personal data

Personal data are to be erased, destructed or anonymized by our company automatically or upon the request of the data subject, when the retention periods required by the law expire, the judicial processes are completed or other requirements cease to exist.

Accuracy and data freshness

Data within the body of “Ramada By Wyndham İstanbul Taksim Hotel” are processed as declared by the data subject as a rule. “Ramada By Wyndham Istanbul Taksim Hotel” does not have to double check the accuracy of the data declared by customers or persons contacting “Ramada By Wyndham Istanbul Taksim Hotel” and this is contrary to the law and our working principles, as well. The data declared are regarded as accurate. The principle of accuracy and freshness of personal data has also been adopted by “Ramada By Wyndham Istanbul Taksim Hotel”. Our company updates the processed personal data based on the official documents received or upon the request of the data subject. Necessary precautions are taken to carry out this update.

Privacy and data security

Personal data are confidential and “Ramada By Wyndham Istanbul Taksim Hotel” complies with this confidentiality. Personal data can only be accessed by authorized persons within the company. All necessary technical and administrative measures are taken to protect the personal data collected by “Ramada By Wyndham Istanbul Taksim Hotel” and to prevent unauthorized access and to prevent our customers and prospective customers from potential damages. In this context, it is ensured that the software complies with the standards, the third parties are carefully selected and the data protection policy is complied with in the company. Employees are informed and trained on the protection of personal data and the processing of personal data in accordance with the law.

IV. Data processing purposes

The collection and processing of personal data by “Ramada By Wyndham Istanbul Taksim Hotel” will be carried out for the purposes specified in the letter of information. The data are collected and processed in order to establish a contract and provide better service to customers.

V. Data of customers, prospective customers, business and solution partners

As “Ramada By Wyndham Istanbul Taksim Hotel”, we process your personal data in the capacity of data controller within the scope of the Law on Protection of Personal Data No. 6698 and other relevant legislations. The categories and explanations of personal data to be processed in this context are presented below:

– Identity Information: Name-surname, name-surname of accompanying guest(s), nationality, place and date of birth; TR ID number, driver’s license number and passport number (including date and place of issue).

– Contact Information: Address, phone number, e-mail address.

– Financial Information: Mobile invoice information, bank account information, payment card number and other payment information, Loyalty Program memberships, information about purchased products or services.

– Data related to customer comments, feedbacks and complaints: Special preferences in accommodation, marketing and communication; reviews, opinions or complaints about brands and facilities.

– Other: Information on reservations, travel history; participation in contests, draws or marketing programs, information of vehicles used to reach the facility; booked hotel, airline and rental car packages; associated groups that the person has connection with to stay at the facilities, frequent flyer or Travel Partnership Program memberships and membership numbers, information provided in membership and account applications.

Collection and processing of data for contractual relationship

If a contractual relationship is established with our customers and prospective customers, the personal data collected can be used without the customer’s consent. However, this use shall take place for the purpose of the contract. The data shall be used for better execution of the contract and in line with the requirements of the service and are updated by contacting the customers when necessary. Nevertheless, the data provided to us by our prospective customers shall be processed in order to provide them with easier and higher quality service afterwards. These data shall be deleted upon the request of the data subject if they do not turn into a contractual relationship.

Data of Business and Solution Partners

“Ramada By Wyndham Istanbul Taksim Hotel” adopts as a principle to act in compliance with the laws when sharing data with both business and solution partners. The data are shared with business and solution partners with a commitment to data privacy and only as required by the services and these parties make sure that they take necessary precautions regarding data security.

Data processing for managing, analyzing and improving the services given in the facilities

Conducting surveys to evaluate the services provided,
To communicate with guests for marketing purposes in line with the communication permits granted under miscellaneous laws,
Making internal correspondence with guests who behave against public decency and violate the codes of conduct of the facility during their stay at the hotel and preparing a list in line with this information,
Saving the comments of guests published on social media, blogs and comment portals to the system in order to analyze the feedback related to the service provided,
Carrying out Sales and Marketing activities in order to provide a tailor-made holiday experience by processing the data of the services provided to the guests.

Managing our relationship with guests before, during and after the accommodation

Making a phone call before check-in,
Customer Loyalty Program management,
Answering the questions of guests on Loyalty Program, card categories, details of how to upgrade the card, etc,
Segmentation by processing data related to reservation history, travel preferences and services received in order to manage marketing activities correctly,
Managing claims/complaints about our services and facilities on comment portals, complaint pages, social media channels,
Keeping the personal information data of guests up-to-date and combining them with data to be obtained from third parties for analytical purposes.

E-invoice & E Archive Invoice

Within the scope of this program; the customer is automatically registered in the system and his invoice is sent to his e-mail address that is provided to the facility. It is the customer’s responsibility to make sure that the e-mail address given upon arrival or updated afterwards is the correct and preferred e-mail address for this communication. If a reservation is made for another family member or persons using this e-mail address, the e-invoice of the relevant invoice will be sent to the e-mail owner’s address.

E-Invoices are invoices that are not printed on paper but instead created electronically and are transmitted to the buyer and/or seller by the servers. It has gone in effect with Tax Procedure Law (TPL) communique with order no.397 of Turkish Republic’s TPL and has been put into practice since January 1, 2018.

As required by the Tax Procedure Law, e-Invoice contains all the information that should be included on an invoice, while mutual invoice transmission between the buyer and the seller takes place electronically.

E Archive Invoice is an application that makes sure the invoice which should be issued, preserved and presented in the form of a paper as per Tax Procedure Law is issued electronically in accordance with the General Communiqué of the Tax Procedure Law with order no.433 and its duplicate is to be kept and submitted electronically. In the e-Archive Invoice, all invoices except those created for the taxpayers registered in the e-Invoice Application are named as e-Archive Invoices.

Data processing for advertisement purposes

Electronic messages for advertisement purposes can only be sent to the persons with prior consent in compliance with the Law on the Regulation of E-Commerce and the Law on Commercial Communication and Commercial Electronic Messages. An explicit consent of the person should be in place in order to send him/her advertisements. “Ramada By Wyndham Istanbul Taksim Hotel” obeys the details of the “consent” specified in accordance with the same legislation. The consent to be obtained should cover all commercial electronic messages sent to the electronic communication addresses of the recipients in order to promote and market your company’s goods and services, to promote your enterprise, or to enhance the recognition with content such as greetings and wishes. This consent can be obtained in written form through physical environment or by any means of electronic communication. The important thing is that the recipient has a positive declaration of will, his/her name and surname, and an electronic contact address that he/she accepts to receive commercial electronic messages.

Data transactions carried out due to the legal obligation of the company or being explicitly stipulated in the law

Personal data may be processed without prior consent when it is explicitly stipulated in the relevant legislation or to fulfill a legal obligation specified in the legislation. The type and scope of data processing are both required for data processing activity that is permitted by the law and shall comply with the relevant legal provisions.

In this context, the e-mail sending permission given to us by our guests during their stay in our facilities will be shared with IYS, the national database system, where the Service Providers can store and manage different types of message permissions including calling, messaging and e-mailing and they can view and remove the permissions given by the recipients, report unauthorized submissions whereas the public authorities can view message complaints and status of the permission in respect thereof. IYS will be serving the public via its website, a text message number and a call center and will record all permissions with a timestamp and keep them safe in accordance with the Regulation no.30998 published in the Official Gazette dated January 4th, 2020.

Data processing of the company

Personal data can be processed in line with the legitimate purposes and services offered by the company. However, the data cannot be used in any way for illegal services.

Processing of special categories of personal data

According to the Law, data related to a person’s race, ethnic origin, political opinion, philosophical belief, religion, religious sect or other beliefs, costume and dress, membership to associations, foundations or trade-unions, health, sexual life, criminal convictions and security measures and biometric and genetic data are deemed to be special categories of personal data. “Ramada By Wyndham İstanbul Taksim Hotel” also takes adequate measures determined by the Board for the processing of special categories of personal data. “Ramada By Wyndham Istanbul Taksim Hotel” can only process special categories of personal data for the purpose for which it was collected, with the consents of the persons in order to provide better services.

Data processed with automated systems

“Ramada By Wyndham Istanbul Taksim Hotel” complies with the Law for data processed with automated systems. Information obtained from these data cannot be used against the persons without the explicit consents of the persons themselves. However, “Ramada By Wyndham Istanbul Taksim Hotel” can make decisions about the persons that it will perform processing by using the data in its system.

User information and internet

If personal data are collected, processed and used in the websites and other systems or applications of “Ramada By Wyndham Istanbul Taksim Hotel”, the relevant persons are informed with a privacy statement and, if necessary, about cookies. People are informed about our applications on web pages. Personal data will be processed in accordance with the law.

When you visit our website, we present the following information about the cookies we use/will use on our pages.

Data processed with automated systems

The data related to the employees processed with automated systems can be used in internal promotions and performance evaluations. Our employees have the right to object to the results that are against them and they perform this by following the internal procedures. The objections of the employees are also evaluated within the company.

VI. Data of our employees

Processing data for business relationship

Personal data of our employees can be processed without their consent to the extent of requirements related to health insurance and business relations. However, “Ramada By Wyndham Istanbul Taksim Hotel” ensures the confidentiality and protection of the data of its employees.

Data is obtained from Kariyer.net for job applications and candidate recruitment as well as for human resources management, and these data are registered in the system as part of the candidate assessment process.

Processing as per Legal Obligations

“Ramada By Wyndham Istanbul Taksim Hotel” may process the personal data of its employees without obtaining a separate consent if the data processing is explicitly emphasized in the relevant legislation or to fulfill a legal obligation stipulated in the legislation. This case is limited to the obligations arising from the law.

Processing of special categories of personal data

According to the Law, data related to a person’s race, ethnic origin, political opinion, philosophical belief, religion, religious sect or other beliefs, costume and dress, membership to associations, foundations or trade-unions, health, sexual life, criminal convictions and security measures and biometric and genetic data are deemed to be special categories of personal data. “Ramada By Wyndham İstanbul Taksim Hotel” takes adequate measures determined by the Board for the processing of special categories of personal data in addition to the consent of the data subject. Special categories of personal data can only be processed in relation to the cases permitted by the Law and to a limited extent without the consent of the data subject. Special categories of personal data obtained from the employees in order for them to benefit from insurance and health services shall only be used for that very purpose.

Telecommunications and internet

Computers, telephones, e-mail accounts and other applications allocated to employees within the company shall only be used for business purposes. The employee cannot use any of these means allocated to himself/herself for private purposes and private communication. The company can control and monitor all data on these means of communication. The employee undertakes that no other data or information will be kept on the computer, telephone or other tools allocated to him/her from the moment he starts working for the company.

VII. Transferring of personal data domestically and internationally

“Ramada By Wyndham Istanbul Taksim Hotel” may transfer personal data to the following persons and institutions for certain purposes;

» Business partners of “Ramada By Wyndham Istanbul Taksim Hotel” limited to the purpose of execution of the objectives of the establishment of the business partnership,

» The suppliers of “Ramada By Wyndham Istanbul Taksim Hotel” to the limited extent of providing our Company with the services required by our Company to fulfill its commercial activities and procured from the supplier externally,

» Solution partners of “Ramada By Wyndham Istanbul Taksim Hotel” limited to ensuring the execution of the commercial activities of our company that require the participation of our affiliates,

» “Ramada By Wyndham Istanbul Taksim Hotel” is authorized to transfer the personal data domestically and internationally within the requirements determined by the Board and in accordance with the other provisions in the Law and subject to the consent of the data subject.

VIII. Rights of the data subject

“Ramada By Wyndham İstanbul Taksim Hotel” hereby agrees that the data subject has the right to provide his/her consent before processing the data within the scope of the Law, and that he/she has the right to determine the fate of the data after the data have been processed.

Regarding personal data, the data subject has the right to do the following by applying to our contact person announced on the website of “Ramada By Wyndham Istanbul Taksim Hotel”;

a) To be informed whether his/her personal data are processed or not,

b) To request relevant information if his/her personal data have been processed,

c) To learn the purpose of processing of his/her personal data and whether these personal data are appropriately used in compliance with the relevant purposes,

ç) To get information about the third parties to whom his/her personal data are transferred domestically or internationally,

d) To request correction in case personal data are processed incompletely or inaccurately,

e) To request deletion or destruction of his/her personal data within the framework of the conditions stipulated in article 7,

f) To request notification of the transactions carried out pursuant to sub-paragraphs (d) and (e) to third parties to whom his/her personal data have been transferred,

g) To object to the occurrence of a result against the data subject himself/herself as a result of the analysis of the processed data exclusively through automated systems,

ğ) To demand compensation for possible exposure to damage due to unlawful processing of his/her personal data.

Nevertheless, the persons do not have any right on the anonymized data within the Company. “Ramada By Wyndham Istanbul Taksim Hotel” may share the personal data with relevant institutions and organizations in accordance with the business and contractual relationship in order for a jurisdiction or state authority to exercise its Legal functions.

The owners of personal data shall submit their requests regarding the above-mentioned rights to the contact address stated below by completely filling out the application form on the company’s official website www.ramadaistanbultaksim.com and signing the form with wet signature, via registered mail with return receipt including the copies of their identity cards (only the front page of the identity card). Your applications will be replied as soon as possible according to the content of your application or within 30 days at the latest after it is delivered to our company. You shall submit your applications by registered mail with return receipt. Additionally, requests that have to do with only yourself will get a reply, and any requests about your spouse, relatives or friends will be rejected. “Ramada By Wyndham Istanbul Taksim Hotel” may request extra relevant information and documents from the application holders.

IX. Privacy Principle

The data of employees and other persons with “Ramada By Wyndham Istanbul Taksim Hotel” are confidential. No one can use, copy, reproduce, transfer these data to others, or use this data for any other purpose without compliance with the contract or the law.

X. Security of processing

All necessary technical and administrative measures are taken to protect the personal data collected by “Ramada By Wyndham Istanbul Taksim Hotel” and to prevent unauthorized access to these data and to prevent potential damages on our customers and prospective customers. In this context, it is ensured that the software complies with the standards, the third parties are carefully selected and there is a data protection policy that is to be complied with in the company. Security measures are constantly being renewed and improved.

XI. Audit

“Ramada By Wyndham Istanbul Taksim Hotel” carries out the necessary internal and external audits for the protection of personal data.

XII. Notification of Violations

When “Ramada By Wyndham Istanbul Taksim Hotel” is notified of any violations of personal data, it takes immediate action to remedy the violation. It mitigates the risk of damage of the data subject and compensates the damage. In case personal data is seized by unauthorized persons outside the company, it immediately notifies the Personal Data Protection Board.

Regarding the notification of violations, applications can also be made according to the procedures specified at info@ramadaistanbultaksim.com.

Regarding requests made pursuant to the Law on Protection of Personal Data

As announced on info@ramadaistanbultaksim.com pages, all applications will be processed if the form on the page is filled out, a copy of the identity card is attached to it and it is sent to the address written on the form via registered mail.

The rights regarding personal data can only be exercised for one’s own personal data. Requests for data of persons other than the person who filled out the form and has a copy of ID card attached to it will not be taken into consideration. Forms without ID copies will not be taken into consideration. Please be informed that, even if the data deletion requests are fulfilled, we are obliged to share the data with the official authorities if requested by the official authorities.

On Changes To Be Made in the Personal Data Protection and Privacy Policy:

“Ramada By Wyndham Istanbul Taksim Hotel” reserves the right to make changes on the declarations herein. If a significant change is made to the declaration, a link is to be added to the home page of the website to have access to the updated declaration. Guests who register for any of our products or services may be informed about this update through the communication channel provided to the facilities. The last time the declaration was updated and the update number is presented at the end of this text.

Any change made to the declaration becomes effective once the amended declaration is posted on the website. By using the website or any of our products and services following such changes, you accept the amended declaration in effect at that time.