KVKK (Law on Personal Data Protection)
I. Purpose of personal data protection and processing policy
Until today, data and information of our customers or potential customers are kept confidential and have never been shared with third parties by virtue of the sensitivity of our business as tui blue tropical. Personal data protection is our essential policy. Even before any legal regulation, our company and subsidiaries had attached a great importance to the confidentiality of personal data, adopted as a working principle and gave working instructions to the employees in compliance with this principle. As tui blue tropical, we undertake to adhere to all responsibilities of Law on Personal Data Protection. The principle of our company to protect personal data also covers our subsidiaries.
II. Scope and change of personal data protection and implementation policy
This Policy prepared by our Company has been regulated in accordance with “Law on Personal Data Protection” no. 6698 (“KVKK”). The Law has entered into force with all of its provisions as of today. The data received with your consent or pursuant to the other regulations as per to the Law shall be used to make our service more quality and to improve our services and quality policy. Again, some of the data we obtain are removed from the scope of personal data and anonymised. These data are used for statistical purposes and not subject to the enforcement of Law and our Policy. Personal Data Protection and Implementation Policy of tui blue tropical aims and regulates the protection of the data which are automatically obtained from our customers, potential customers, employees and the customers and employees of the companies in cooperation with us for solution partnership and the other parties. Our company reserves the right to change our Policy and Regulation – provided to comply with the Law and protect the personal data in a better way.
III. General principles on processing of the personal data
a) Being in compliance with the law and good faith: tui blue tropical questions the source of the data it collects or sent by other companies and attaches importance to handling these in compliance with the law and good faith. Within this framework, it warns and notifies the third parties (agencies and other intermediary firms) that sell the services provided by tui blue tropical to protect the personal data.
b) Being accurate and up to date, if necessary: tui blue tropical attaches importance to the accuracy of all of the data kept within the organization, to the fact that they don’t include any misinformation and that personal data are updated only if the changes are notified.
c) Being processed for specified, explicit, and legitimate purposes: tui blue tropical processes the data limited to the services and purposes for which consent of the persons are taken during the services. It shall not process, use and make use of the data out of business purposes.
d) Being relevant, limited and proportionate to the purposes for which data are processed: tui blue tropical uses the data only for processing purposes and to the extent what the service requires.
e) Being stored only for the time designated by relevant legislation or necessitated by the purpose for which data are collected: tui blue tropical keeps the contractual data as long as it’s required by the commercial and taxation law as well as the periods of conflicts of law. Nevertheless, it shall delete or anonymise the data in case the reasons necessitating their processing cease to exist. It’s crucial to state that whether tui blue tropical collects or processes the data by one’s will or in compliance with the law, the abovementioned provisions shall apply anyhow. You shall have the following rights pursuant to Article 11 of Law on Personal Data Protection. A separate application shall be prepared by tui blue tropical for you to facilitate your related rights. The persons whose personal data have been processed may apply to our official announced on our website by tui blue tropical and shall be entitled to;
a) Learn whether or not your personal data have been processed,
b) Request information as to processing if your data have been processed,
c) Learn the purpose of processing of the personal data and whether data are used in accordance with their purpose,
ç) Know the third parties in the country or abroad to whom personal data have been transferred,
d) Request rectification in case personal data are processed incompletely or inaccurately,
e) Request deletion or destruction of personal data within the framework of the conditions set forth under the Law,
f) Request notification of the operations made as per clauses (d) and (e) to third parties to whom personal data have been transferred,
g) Object to occurrence of any result that is to your detriment by means of analysis of personal data exclusively through automated systems,
ğ) Request compensation for the damages in case the person incurs damages due to unlawful processing of personal data. As tui blue tropical, we respect to these rights.
Maximum Savings Policy/Scrimping Policy
Pursuant to our policy called as maximum savings policy or scrimping policy, the data received by tui blue tropical are processed into the system as required. Thus, which data we will collect shall be determined according to the purpose. Unnecessary data shall not be collected. Other data submitted to our company are transferred to the information system of the company in the same way. Redundant information is not stored in the system; they are deleted or anonymised. These data may be used for statistical purposes. Health data among the special quality data are only kept in the system to provide better service to the customers and to protect their health.
Deletion of Personal Data
When the retention period necessitated by the Law expires, judicial procedures are completed or other requirements no longer exists, these data shall be deleted, removed or anonymised automatically, by the company or upon the request of the relevant person.
Accuracy and Currency of Data
The data within the body of tui blue tropical are processed as declared by the relevant persons as a rule. tui blue tropical is not obliged to check up on the accuracy of the data declared by the customers or the persons in touch with tui blue tropical and it’s also contrary to the Laws and our working principles. The declared data are regarded as correct and accurate. The principle of accuracy and currency of personal data has also been adopted by tui blue tropical. The personal data processed upon the request of the relevant person or from official documents that are submitted to our company are updated. Necessary precautions are taken for this purpose.
Confidentiality and data security
Personal data are confidential and tui blue tropical obeys the rule of confidentiality. Only authorized persons shall access the personal data. All necessary technical and administrative measures are taken to protect the personal data collected by tui blue tropical and to prevent the damage on our customers and potential customers. Within this framework, it shall be ensured that the software complies with the standards, third parties are selected with caution and data protection policy is observed within the company.
IV. Purpose of data processing
Collection and processing of personal data by tui blue tropical shall be executed in line with the purposes stipulated in the letter of clarification. The data are collected and processed to draw up contracts and provide better services to the customers.
V. Data of customer, potential customer and business and solution partners
Collection and processing of data for contractual relationship
In case of a contractual relationship with our customers and potential customers, the collected personal data may be used without the approval of the customers. However, this use shall be for the purpose of the contract. The data shall be used for better execution of the contract and as required by the services and updated, if necessary, by contacting the customers. Nevertheless, the data provided to us by our potential customers shall be processed to easier and more quality services later. These data shall be deleted upon requests in case of lack of any contractual relationship.
Data of Business and Solution Partners
tui blue tropical adopts as a principle to act in compliance with the laws when exchanging the data both with business and solution partners. The data are shared with the business and solution partners with the understanding of data confidentiality and as required by the services and it’s definitely ensured that these parties take measures regarding the data security.
DATA CONTROLLER AND DATA PROCESSOR
Data Controller is the HOTEL (Turcotel Turizm A.S.) and the data processor is ETS Ersoy Turistik Servisleri A.S. www. etstur.com and https://www.etstur.com/Gizlilik-Politikasi
1- The HOTEL accepts, declares and undertakes that the necessary permissions for the transfer and processing of the personal data obtained and shared within the scope of the Agreement and the personal data to be obtained by ETSTUR to third parties are taken from the data owners in accordance with the Law No. 6698. The HOTEL, with the capacity of Data Controller, accepts, declares and undertakes that it will completely fulfil all obligations stipulated under Law No. 6698.
2- During the execution of services given in the Agreement, ETSTUR accepts to fulfil all liabilities and obligations imposed within the scope of the definition of Data Processor in Law no. 6698 provided that ETSTUR has the capacity of ‘’Data Processor’’. ETSTUR cannot be held responsible for damages arising or transactions under the obligation of Data Controller and stipulated in Law no. 6698 under any circumstances and shall not bear the capacity of Data Controller in terms of personal data transferred by the HOTEL and personal data to be obtained by ETSTUR under any circumstances.
3- ETSTUR shall not be the addressee of any direct and indirect damages except for the misuse of personal data due to its own fault as defined in Law no. 6698 and disclose of such personal data to 3rd parties unlawfully due to again its own fault.
4- ETSTUR is obliged to take all necessary technical and safety measures to ensure the appropriate level of security in order to prevent unlawful processing of personal data, to prevent unlawful access to personal data and to protect personal data.
5- The parties are authorized to terminate the Agreement immediately, without prejudice to all rights of claim for damages as a result of a notification from any official institution within the scope of this provision.
AREAS OF USE OF YOUR PERSONAL DATA
Your personal data collected and processed within the scope of the service you've purchased are shared with the solution partners of the HOTEL and companies deemed as performance assistant or the other subsidiaries of the HOTEL only for fulfilling the job necessities and as per confidentiality agreements such as
Maintaining the hotel’s service standards,
Ensuring corporate and administrative management,