YENİCEKÖY MAHALLESİ MOBİLYA CADDESİ NO:36 İNEGÖL / BURSA
EN
MENU
BOOK NOW

Privacy policy

  • LAW ON THE PROTECTION OF PERSONAL DATA

    ÖZEL DORA HOTEL MANAGEMENT TOURISM, CONSTRUCTION, INDUSTRY AND TRADE INC. POLICY ON THE PROTECTION AND PROCESSING OF PERSONAL DATA AND PRIVACY


    As ÖZEL DORA HOTEL MANAGEMENT TOURISM, CONSTRUCTION, INDUSTRY AND TRADE INC., we fully comply with Law No. 6698 on the Protection of Personal Data and other regulations concerning its implementation, and we show maximum sensitivity to the security of your personal data. With this awareness, all operations regarding the processing, storage, and transfer of any personal data of individuals obtained during our activities are carried out in accordance with Law No. 6698 on the Protection of Personal Data and relevant legislation. In full recognition of this responsibility, as the Data Controller, all administrative and technical protective measures are taken to ensure an appropriate security arrangement for the protection of your personal data.


    When you visit this website and use the services we offer through this site, the way in which the information we obtain about you and the services you request will be used and protected is subject to the conditions stated in this “Privacy Policy.” By visiting this website and requesting to use the services we provide through this site, you accept the terms specified in this “Privacy Policy.”


    1. PURPOSE AND SCOPE OF THE PERSONAL DATA PROTECTION AND PROCESSING POLICY

    The purpose of the Personal Data Protection and Processing Policy is to ensure compliance with regulations regarding the protection of personal data, to protect the confidentiality of personal data processing activities conducted by the Company, whether collected automatically or non-automatically, verbally, in writing, or electronically through businesses, branches, agencies, call centers, and similar means, and to inform individuals about internal responsibilities, company procedures, internal controls, and measures, ensuring transparency.


    Personal data processed by our Company includes, but is not limited to, Company officials, Company shareholders, employees, job applicants, suppliers, customers, potential customers, dealers, members, subscribers, visitors, business partners, and individuals visiting our websites and mobile applications—in short, all real persons related to the Company are within the scope of the Personal Data Protection Policy.


    2. DEFINITIONS

    Explicit Consent: Consent expressed freely based on being informed about a specific subject.


    Anonymization: Altering personal data in a way that it loses its personal data characteristics irreversibly. For example, masking, data scrambling, or other techniques that prevent the data from being associated with an individual.


    Processing of Personal Data: Any operation performed on personal data, including obtaining, recording, storing, maintaining, altering, reorganizing, disclosing, transferring, acquiring, making accessible, classifying, or preventing the use of the data, either fully or partially automated or as part of a non-automated data recording system.


    Data Subject/Relevant Person: The real person whose personal data is processed.


    Personal Data: Any information relating to an identified or identifiable real person. Processing information related to legal entities is not covered by the Law. Examples include name and surname, Turkish ID number, email, address, date of birth, credit card number, bank account number, etc.


    Special Categories of Personal Data: Data concerning race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, attire, association, foundation or union membership, health, sexual life, criminal convictions and security measures, as well as biometric and genetic data.


    Data Controller: The person or entity that determines the purposes and means of processing personal data and manages the data recording system where the data is systematically kept.


    Policy: ÖZEL DORA HOTEL MANAGEMENT TOURISM, CONSTRUCTION, INDUSTRY AND TRADE INC.’s Personal Data Processing and Protection Policy.


    3. MATTERS RELATED TO THE PROCESSING OF PERSONAL DATA3.1. BASIC PRINCIPLES REGARDING PERSONAL DATA PROCESSING

    Our Company processes data in accordance with the Constitution of the Republic of Turkey, Law No. 6698 on the Protection of Personal Data (KVK Law), and other relevant laws, adopting the following fundamental principles:


    Lawfulness and Fairness:
    The Company processes personal data in compliance with legal regulations and fairness principles.


    Accuracy and Data Currency:
    The Company ensures that the personal data processed is accurate and up-to-date, considering the fundamental rights of data subjects and the Company’s legitimate interests.


    Processing for Specific, Explicit, and Legitimate Purposes:
    The Company processes personal data for previously defined purposes and avoids processing data that is unnecessary or unrelated to those purposes. Processing is limited to business activities and legal obligations. Changes to the purpose are only allowed to a limited extent with justification.


    Data Minimization and Relevance:
    Personal data is processed strictly within the scope of legal and legitimate purposes; unnecessary or unrelated data is not processed.


    Retention Period:
    Personal data is kept for the period prescribed by relevant legislation or as long as necessary for the purposes for which it is processed. After the purpose ends and retention periods expire, data may be retained solely for evidence in potential legal disputes and cannot be accessed for other purposes.


    3.2. PURPOSES OF PERSONAL DATA PROCESSING

    The Company processes personal data for, but not limited to:




    • Planning and executing business and operational processes




    • Compliance with legislation, reporting, and information obligations




    • Fulfilling legal obligations




    • Post-sale support, customer satisfaction, corporate communication, and complaint management




    • Business continuity and security management




    • Corporate sustainability, governance, strategic planning, and information security




    • Marketing, sales, and promotional activities




    • Membership processes via social networks




    • Call center operations




    • Management of business partner, dealer, and supplier relations




    • Financial and accounting processes




    • Insurance processes




    • Contract and legal claim management




    • Physical security of company premises




    • Protection of the legal and commercial security of the Company and its stakeholders




    • HR policy implementation, employee recruitment, and exit processes




    • Health and safety management




    • Loyalty programs and related benefits




    • Visitor registration, archiving, and record-keeping




    • Transfer, reception, and lost item services




    As a rule, the Company obtains written consent from the data subject for processing personal data, except in cases specified under Articles 5/2 and 6/3 of the KVK Law.


    3.3. CONDITIONS, METHODS, AND LEGAL BASIS FOR PERSONAL DATA PROCESSING

    With Explicit Consent:
    Personal data cannot be processed without the explicit consent of the data subject. Consent must be informed and given freely.


    Without Consent:
    Data may be processed without explicit consent under specific circumstances, such as:




    • Clearly stipulated by law




    • Impossibility to obtain consent due to life or health threats




    • Necessary for the establishment or performance of a contract




    • Legal obligations




    • Data made public by the data subject




    • Required for establishing, exercising, or protecting a right




    • Necessary for legitimate interests without harming the data subject’s rights




    Personal data may be collected via various channels including customer communications, reservation forms, membership forms, agency systems, agreements, public records, websites, mobile applications, social media, offices, branches, call centers, and more. Cookies may also be used to process personal data.


    3.4. IDENTIFICATION AND CLASSIFICATION OF DATA SUBJECTS

    According to Article 10 of the KVK Law, the Company processes personal data in compliance with legal and legitimate purposes, based on the principles of lawfulness, fairness, accuracy, and necessity.


    Data Subject Categories:




    • Company Officials: Board members and authorized individuals




    • Shareholders: Real person shareholders




    • Employees: Current employees




    • Job Applicants: Individuals who submitted applications




    • Customers: Individuals using the Company’s products or services




    • Potential Customers: Individuals showing interest in the Company’s products or services




    • Visitors/External Participants: Individuals visiting Company hotels or websites




    • Third Parties: Individuals related to data subjects (e.g., family, guarantors)




    • Members/Subscribers: Participants in loyalty programs or promotions




    • Business Partners/Suppliers: Employees, shareholders, or representatives of partner companies




    • Dealers: Authorized personnel, shareholders, and employees of dealer companies




    3.5. IDENTIFICATION AND LINKING OF PERSONAL DATA TO DATA SUBJECTS

    Types of Personal Data Collected:




    • Identity information (name, ID number, nationality, birth date, etc.)




    • Contact information (address, phone, email, etc.)




    • Family and relatives’ information




    • Physical space and security information (CCTV footage, access logs)




    • Visual and audio data (photos, voice recordings)




    • System access and security information (IP address, login info)




    • Financial information (bank details, credit card info, assets, income)




    • Risk management information




    • Location information




    • Marketing information




    • Employment/HR data




    • Legal transaction data




    • Customer transaction data




    • Special categories of personal data




    Linking Data to Data Subjects:
    Each category of data subject is associated with specific types of personal data, as detailed in the original document (omitted here for brevity).


    3.6. PROCESSING OF SPECIAL CATEGORIES OF PERSONAL DATA

    Special categories include sensitive personal data such as race, ethnic origin, political opinions, religious beliefs, health, sexual life, biometric, and genetic data. Processing of these data types is strictly regulated and done only under legal grounds or with explicit consent.


    3.7. PROCESSING OF SECURITY CAMERA RECORDINGS

    CCTV recordings are used to ensure safety and security within Company premises and are processed under legal grounds such as fulfilling legal obligations and protecting legitimate interests. Data may be shared with authorities if required.


    3.8. PROCESSING OF INTERNET ACCESS RECORDS

    Internet access logs are recorded for visitors and processed only in compliance with Law No. 5651, for audits or upon requests from authorized institutions.


    3.9. PROCESSING OF PERSONAL DATA COLLECTED VIA COOKIES

    Cookies are used to enhance the functionality of websites and apps and to provide personalized user experiences. Personal data collected via cookies is processed and transferred under the Company’s security measures.


    4. MATTERS RELATED TO THE TRANSFER OF PERSONAL DATA

    Personal data may be shared domestically or internationally with suppliers, business partners, authorities, agencies, and service providers as necessary to fulfill contractual, legal, or business purposes, following all legal requirements. Transfer may include storage, classification, and reporting for operational, financial, and marketing purposes.


    5. PROTECTION OF THE RIGHTS OF THE DATA SUBJECT5.1. RIGHTS OF DATA SUBJECTS

    Data subjects have the right to:




    • Learn whether their personal data is processed




    • Request information if data has been processed




    • Learn the purpose of data processing and whether it is used properly




    • Know the third parties to whom data is transferred




    • Request correction of incomplete or inaccurate data and notification to third parties




    • Request deletion, destruction, or anonymization of data when reasons for processing no longer exist




    The Company processes requests free of charge within 30 days, except for cases requiring additional fees determined by the KVK Board or other authorities.


    5.2. EXERCISING THE RIGHTS OF THE DATA SUBJECT


    Data subjects may submit their requests regarding their rights under Article 11 of the Law on the Protection of Personal Data (KVK Law) with information and documents that can verify their identity, using the methods below or other methods determined by the Board.


    Pursuant to Article 13(1) of the KVK Law, you may submit your request to exercise your rights under the KVK Law and relevant legislation, as well as via the methods determined by the Personal Data Protection Board. You can also submit your request by filling out and signing the Application Form available at www.morrianhotel.com/tr/kisisel-verilerin-korunmasi using one of the methods below:




    • Deliver a signed copy of the form containing explanations regarding your requested right in person, together with official identity documents (e.g., national ID, driver’s license, passport, etc.), to:
      Kemerağzı Mah. Yaşar Sobutay Bulvarı No:333, Aksu – Antalya




    • Send the completed form and identity documents via Notary.




    • Submit the completed form and identity documents electronically via secure electronic or mobile signature to:
      www.morrianhotel.com




    • Send the completed form and identity documents using the email address previously registered in our system.




    Requests will be processed by the Company, as the Data Controller, within 30 days depending on the nature of the request.


    Rights related to personal data can only be exercised regarding data belonging to the individual themselves. Requests concerning data of others will not be considered. Forms submitted without identity verification documents will also be disregarded. Please note that even if deletion requests are fulfilled, personal data may still need to be shared with official authorities if legally required.


    Third parties cannot exercise the right to access information under Article 11 of the KVK Law on behalf of the data subject. For a third party to make a request regarding personal data, a special power of attorney, notarized and wet-signed by the data subject, must be provided.


    The Company may request additional information or documents from the data subject to clarify the details of the request and to confirm the requester’s identity.


    Requests may be denied with justification in the following cases:




    • Processing personal data for research, planning, and statistics through anonymization.




    • Processing personal data for artistic, historical, literary, or scientific purposes, or for freedom of expression, without violating national defense, national security, public safety, public order, economic security, privacy, or personal rights.




    • Processing personal data within preventive, protective, or intelligence activities by public institutions and organizations with lawful authority to ensure national defense, security, public safety, public order, or economic security.




    • Processing personal data by judicial authorities or enforcement agencies in relation to investigation, prosecution, trial, or execution procedures.




    • Processing personal data necessary to prevent crimes or for criminal investigation.




    • Processing personal data that the data subject has made public themselves.




    • Processing personal data for regulatory, disciplinary, or supervisory purposes by authorized public institutions or professional organizations with public institution status.




    • Processing personal data for budget, taxation, or financial matters to protect the State’s economic and financial interests.




    • If exercising the right would infringe on the rights and freedoms of others.




    • If the requested information is publicly available.




    5.3. ENSURING THE SECURITY OF PERSONAL DATA


    Our Company pays maximum attention to ensuring data security and, pursuant to Article 12 of the KVK Law, adopts the following measures:




    • Technical and administrative measures are taken to prevent unlawful processing and access to personal data and to ensure their preservation.




    • Employees are informed and committed not to disclose personal data unlawfully or use it for purposes other than processing, and this obligation continues even after employment ends.




    • The Company requires partners, suppliers, and consultants who process data on its behalf to comply contractually with legal, technical, and administrative measures.




    • Personal data is protected with organizational and technical measures to prevent unauthorized access, illegal actions, sharing, accidental loss, alteration, or destruction.




    • The Company conducts or commissions necessary internal audits and activities to ensure compliance with KVK Law within its operations.




    • In case personal data is unlawfully obtained by others, the Company promptly notifies the relevant data subject and the KVK Board.




    6. DELETION, DESTRUCTION, AND ANONYMIZATION OF PERSONAL DATA


    Pursuant to the Law and relevant regulations, once retention periods or purposes expire, personal data is deleted, destroyed, or anonymized either upon Company initiative or at the request of the data subject.


    DELETION OF PERSONAL DATA


    Deletion is the process of making personal data inaccessible and unusable for the user.




    • The Company identifies the personal data to be deleted and determines each user’s access and authority.




    • Access, retrieval, and reuse rights are removed before deletion.




    Examples:




    • Obscuring: Physical documents are blacked out so the data cannot be traced to a specific individual.




    • Server Deletion: Digital files are deleted via operating system commands or user access rights are removed.




    The Company fully complies with KVK Law and relevant regulations in deletion processes.


    DESTRUCTION OF PERSONAL DATA


    Destruction makes personal data completely inaccessible, irrecoverable, and unusable.




    • Physical data stored in non-automated systems is destroyed physically so it cannot be used again.




    • Digital data is deleted irretrievably using software methods.




    The Company fully complies with KVK Law and relevant regulations in destruction processes.


    ANONYMIZATION OF PERSONAL DATA


    Anonymization ensures that personal data cannot be linked to any identifiable individual, even when combined with other data.




    • Data is anonymized when legal reasons for processing cease to exist.




    • Techniques such as masking, grouping, generalizing, deriving, or randomizing are used to disconnect the data from the individual.




    • Anonymized data can be used for research, planning, and statistical purposes without requiring the data subject’s consent.




    The Company ensures full compliance with KVK Law and relevant regulations in anonymization processes.


    This policy provides the framework for the processing and protection of personal data within the Company and aligns with applicable laws, while noting that updates may occur to reflect changes in regulations.