KVKK

DISCLOSURE ON PROCESSING OF PERSONAL INFORMATION

As the data controller and operator of the “Uranus Istanbul Topkapı Hotel” brand, Niziplioğlu Otelcilik Anonim Şirketi brings the subsequent matters to the review and attention of guests, customers, and visitors via this Disclosure. This is done in fulfillment of the obligation to inform as stipulated in Article 10 of the Law on the Protection of Personal Data (“Law”).

Unless otherwise specified, the terms “Company,” “Hotel,” and “Uranus Istanbul Topkapı Hotel” appearing in this Disclosure refer to Niziplioğlu Otelcilik Anonim Şirketi, the entity holding the position of data controller. The Niziplioğlu Otelcilik A.Ş. website (www.uranushotels.com) shall henceforth be denoted as “Website” or “Internet Site.”

1. Identification of the Data Controller

The following are the corporate identity details of Niziplioğlu Otelcilik A.Ş., also known as the Uranus Istanbul Topkapı Hotel:
Tax Office : Davutpasa Tax Office
Taxpayer ID Number : 6311516243
Head Office: Merkez Efendi Cad. Mevlana Cad. No:112/1 Zeytinburnu/Istanbul
E-mail Address : info@uranushotels.com

2. Acquisition, Processing, and Objectives of Processing of Personal Data

Depending on the service, product, or commercial activity offered by our organization, your personal information may vary. Your personal data that you have shared, including but not limited to name, surname, date of birth, Turkish ID No (Passport No for non- Turkish Citizens), mobile phone number, e-mail address, gender, address, payment and billing information, camera records, hotel check-in and check-out data, licence plate details, your voice and digital data / personal data, which may be obtained by us from time to time by electronic or non-electronic methods, may be collected, recorded, and stored verbally, in writing or electronically by automatic or non-automatic methods, offices, call centre, website, social media channels, mobile applications and similar means in the manner stipulated in the Law.

The personal data of our customers, guests and visitors are collected by our hotel when you apply for the fulfilment of all kinds of organisation and event services such as but not limited to henna, wedding, engagement, circumcision and/or accommodation events in our hotel. This application can be filed when you come to our hotel, or by filling out the contact form on our website, when you use our mobile applications, when you contact us by phone, or by filling out forms to receive notifications such as campaigns and promotions via google, Instagram, Facebook, or Twitter. It should be noted that when you want to make a reservation for accommodation through our website, your personal data collected on the site where the reservation is made because you are directed to a different website other than www.uranushotels.com for the reservation is processed by the relevant service provider data recipient and no data processing activity is carried out by our company at this stage.

As long as you benefit from the products and services of our company, your personal data may be processed by creating and updating them. Your personal data may be collected verbally, in writing or electronically in accordance with the Law through our company’s websites, social media accounts, mobile applications, sales and marketing units, customer forms, offers, contracts. In addition, camera recordings are made for security purposes within the hotel and these records are kept limited to the period required to be kept in the legislation. During your stay in our hotel, your other personal data such as video recordings in common areas and wireless internet connections are processed. “Uranus Istanbul Topkapı Hotel” keeps the IP information required to be kept as per the Law No. 5651 and other relevant legislation. Apart from this IP information, cookies can be used in order to make the website designs effectively, to make the website designs and contents in a way to provide better service and to enable the users who enter the website to benefit from the website in the most effective way. Necessary notifications are made when receiving this personal data.

Our company attaches utmost importance to the confidentiality and protection of your personal data while providing its services, and your personal data of special nature, including your health data, and your personal data of general nature will be processed by our company only for the purposes specified below and within the personal data processing conditions specified in Articles 5 and 6 of the LPPD.

Personal data may be processed in order to fulfil legal obligations. In this context, your personal data is processed in order to fulfil our legal obligations arising from the situations clearly stipulated in the laws. Personal data may be processed if it is necessary to process personal data of the parties due to the establishment or performance of a contract. Uranus Istanbul Topkapı Hotel processes personal data in order to carry out organisations and events, to make room reservations, to provide requested products and services, to process payments, to communicate, to make notifications such as mail, telephone or unplanned situations and to fulfil the responsibilities arising from the contracts of its customers; processes the information of its employees, employee candidates, interns; and also processes the personal data of the supplier official and supplier employees in the contracts signed with the suppliers in order to provide the supply chain.

Your personal data may be processed if data processing is mandatory for the establishment, exercise or protection of a right. Provided that it does not harm your fundamental rights and freedoms, your personal data may be processed for our legitimate interests. In this context, your personal data is processed for the following purposes: Ensuring customer satisfaction, maintaining our commercial reputation, resolving disputes, fraud prevention, (monitoring and control of our systems, determining the validity of your cards and preventing fraud in credit card payments), business performance and development activities, ensuring the trust and safety of our employees and guests, ensuring the efficiency of quality management system, occupational health and safety system, environmental safety system; ensuring guest satisfaction, monitoring food safety and cleanliness, monitoring any accidents and undesirable situations, preventing and detecting crimes (using security cameras and call recording system), marketing our products and services and conducting our business in accordance with legal regulations.
Personal data are processed for similar purposes, including but not limited to those specified below, within the personal data processing conditions and purposes specified in Articles 5 and 6 of the LPPD and in accordance with other applicable legislation: Protection of public health; planning and management of health services and financing; informing you about the appointments in case you make an appointment; planning and managing the internal functioning of our company; monitoring and preventing fraud and unauthorised transactions; performing risk management and quality improvement activities; carrying out the necessary works by our business units to make you benefit from the services offered by our company; customising the products and services offered by our company according to your tastes and needs and recommending them to you; ensuring the legal and commercial security of our company and the persons who have a business relationship with our company (administrative operations for communication carried out by our company, ensuring the physical security and control of the company’s locations, business partner/customer/supplier (authorized or employees) evaluation processes, legal compliance process, financial affairs, etc.); determining and implementing our company’s commercial and business strategies and ensuring the execution of our company’s human resources policies; determining and implementing our company’s commercial and business strategies and ensuring the execution of our company’s human resources policies; conducting invoicing activities for our services, verifying your identity; confirming your relationship with the institutions contracted with the gym; responding to all kinds of questions and complaints regarding our services; taking all necessary technical and administrative measures within the scope of data security of the systems and applications of the gym; analysing your usage and storing your health data in order to develop and improve the services we offer you; maintaining information about your health data that must be kept in accordance with the relevant legislation; providing financial reconciliation with the institutions we have contracted with regarding the services offered to you, and measuring your satisfaction.

3. To whom and for what purpose the processed personal data can be transferred
   Your personal data may be transferred to the following parties for the purposes stated above within the framework of the personal data processing conditions and purposes specified in Articles 8 and 9 of the LPPD and within the scope of other relevant legislation: Administrative and official authorities that are legally required to be transferred, relevant persons and institutions for the fulfilment of the legal obligation and as required by the legislation, the software program-service partner persons and organisations that our company receives services / cooperates with in order to carry out its activities; banks for collection purposes and/or institutions authorised for collection purposes; independent audit companies, tax consultants and other external professional consultants, lawyers, insurance companies due to legal obligations and within the framework of legal limitations; domestic third parties; our shareholders; legally authorised public institutions and private persons; health institutions, Social Security Institution, Ministry of Health and its sub-units; family medicine centres, private insurance companies; General Directorate of Security and similar law enforcement agencies; General Directorate of Population, Turkish Pharmacists Association, courts; our authorised representatives, suppliers, support service providers, and professional organisations in the nature of public institutions; and state economic enterprises and our business partners.
4. Method and Legal Grounds for Collecting Personal Data

Your personal data are obtained through our audit and consultancy services, verbal, written and digital applications filed to our company employees, our website, calling our phone numbers, social media, sms channels, and other verbal, written or electronic media via automatic or non-automatic methods and other channels through which our company communicates with you or may communicate with you in the future, in order to carry out our activities, to fulfil our contractual and legal obligations between you and us, and the personal data obtained are stored within the legal periods in accordance with the relevant legislation.

5. Rights of a Data Subject as listed in Article 11 of the LPPD

As a data subject, if you submit a request regarding your rights to our company by the methods set out below in this disclosure, our company will finalise the request free of charge within thirty days at the latest, depending on the nature of the request. However, if the transaction requires an additional cost, the fee specified in the tariff determined by the Board may be charged.

Pursuant to Article 11 of the LPPD, data subjects are entitled to to learn whether their personal data has been processed, to request information if their personal data has been processed, to learn the purpose of processing their personal data and whether it has been used in accordance with its purpose, to know the third parties to whom their personal data has been transferred domestically or abroad, to request correction of any personal data in case of incomplete or incorrect processing, to request the deletion or destruction of their personal data within the framework of the conditions stipulated in Article 7, to request notification of any transactions made pursuant to subparagraphs (d) and (e) to third parties to whom personal data has been transferred, to object to the occurrence of any results to the detriment of themselves by analysing the processed data exclusively through automated systems, to demand compensation for any damages due to unlawful processing of personal data.

In accordance with paragraph 1 of Article 13 of the LPPD, you may submit your requests to our company in writing or by other methods determined by the Personal Data Protection Board to exercise your rights mentioned above. In accordance with the LPPD and the Communiqué on the Procedures and Principles of Application to the Data Controllers, you must file an application to our company in accordance with the requirements in the Communiqué. In this context, the channels and procedures to file your written applications to our company within the scope of Article 11 of the KVK Law are explained below:

To avail oneself of the aforementioned rights, one must personally visit our company at ‘Merkez Efendi Cad. Mevlana Cad. No:112/1 Zeytinburnu/Istanbul’ to submit an application that includes the requisite identification information and justifications pertaining to the specific right among those outlined in Article 11 of the LPPD. Alternatively, one may submit the application via notary public or other methods specified in the LPPD; or send it to info@uranushotels.com with a secure electronic signature.