Confidentiality Agreement
LİMAK THERMAL BOUTIQUE HOTEL
CONFIDENTIALITY STATEMENT
Data Controller: Limak Thermal Boutique Hotel
Gökçedere Mah. Sıcak Su Cad. No:1-3 Termal – Yalova
Limak İnşaat Sanayii Ticaret A.Ş. (“Limak Thermal Boutique Hotel) has prepared this privacy statement in order to inform our visitors, guests, employees, applicants and business contacts about the processing, storage and transfer of personal data related to our hotel management and tourism activities. Scope of Law No. 405 on the Protection of Personal Data. 6698 (“Law”) and related legislation.
What categories of personal data do we collect? What is the purpose of processing your personal data?
We collect the following categories of data within the scope of our hotel, tourism and accommodation services:
Identity Data
Contact Data
Family Data
Financial Data
Employment Data
Other Data
Identity Data
Description: Data related to the authentication of the data subject.
From whom data is collected: We collect identity data from our guests, visitors, members, employees, applicants and third parties with whom we cooperate.
Content: Name, surname, ID number, passport number, license plate number, photograph, copy of identity card.
Purpose of Data Collection: We collect identity data from both our guests and visitors in order to ensure the safety of all our guests and the legislation we are subject to.
We are obliged to record the identity information of our employees in accordance with labor and social security legislation.
We collect identification data from applicants for the purpose of job application evaluation; also from our supplier, subcontractor and other parties with whom we have established similar business contacts to fulfill our business requirements and obligations arising from signed contracts.
Legal Grounds for Data Collection: The main legal basis for the collection of relevant data is the legal obligations arising from the relevant legislation.
However, we collect identification data due to the contractual relationship between us and the data subjects.
Due to our legitimate interests and the corporate principles adopted, we sometimes collect identification data of the visitor (from each same-day visitor) for the purposes of security and providing a more peaceful accommodation environment for our guests, etc.
Data Collection Method: We collect data through printed forms and sometimes directly through forms available electronically.
Contact Data
Description: Personal data enabling communication with the data subject.
From whom the data is collected: We collect contact data from our guests, visitors, members, employees, applicants and third parties with whom we cooperate.
Content: Data such as home and work address, cell phone number, home phone number, room number, postal address, email address and IP address.
Purpose of Data Collection: We collect contact data from both our guests and visitors in accordance with the legislation we are subject to and for purposes such as ensuring the security of all our guests; informing our visitors and guests about our advertisements, campaigns and promotions; loyalty card programs, employment relations and hotel management activities.
We are obliged to record the contact data of our employees in accordance with labor and social security legislation.
We collect contact data from applicants for the purpose of notification of the result of the application evaluation; also from our supplier, subcontractor and other parties with whom we have established similar business contacts in order to fulfill our commercial requirements and obligations arising from signed contracts.
Legal Grounds for Data Collection: The main legal basis for the collection of relevant data is the legal obligations arising from the relevant legislation.
However, we collect contact data due to the contractual relationship between us and the data subjects.
We sometimes collect relevant data due to our legitimate interests and the corporate principles adopted in order to ensure the fulfillment of a customer satisfaction survey or security.
Data Collection Method: We collect data through printed forms and sometimes directly through forms available electronically.
Family Data
Description: Data on family members of the person concerned.
From whom the data is collected: We collect family data from our guests, members, employees and applicants.
Content: Name, surname, ID number, photograph, marital status, home and work address, mobile phone number, fax number, home phone number, postal and e-mail address of family members.
Purpose of Data Collection: We collect the family data of our guests due to the legislation we are subject to and to ensure the safety of all our guests.
We are obliged to collect the family data of our employees and applicants as required by labor and social security legislation.
Legal Grounds for Data Collection: The main legal basis for the collection of relevant data is the legal obligations arising from the relevant legislation.
However, we collect family data due to the contractual relationship between us and the data subjects.
Sometimes we collect relevant data due to our legitimate interests and corporate principles adopted to communicate in emergencies or to support the education of workers’ relatives by providing scholarships.
Data Collection Method: We collect data through printed forms and sometimes directly through forms available electronically.
Financial Data
Description: Data such as bank accounts, credit cards, billing information.
From whom data is collected: We collect financial data from our guests, members, employees and third parties we collaborate with.
Content: Data such as salary, authorized signature list, salary, bank account, credit card, billing information and tax number.
Purpose of Data Collection: We collect financial data from both our guests and members due to the legislation we are subject to, in order to provide flawless and perfect service.
We are obliged to collect the financial data of our employees in accordance with labor and social security legislation.
We collect financial data from our suppliers, subcontractors and other parties with whom we have established similar business relationships in order to fulfill our business requirements and contractual obligations.
Legal Grounds for Data Collection: The main legal basis for the collection of the relevant data is the legal obligations arising from the relevant legislation.
Nevertheless, we collect financial data due to the contractual relationship between us and the data subjects.
Due to our legitimate interests and adopted corporate principles, we sometimes collect financial data in order to facilitate payment for our repeat guests and to include our employees in campaigns or promotions provided by partner banks or other financial institutions.
Data Collection Method: We collect data through printed forms and sometimes directly through forms available electronically.
Employment Data
Description: Data that ensures the maintenance of a perfect employment relationship.
From whom the data is collected: We collect employment data from our employees and applicants.
Content: Identity, contact and financial data, gender, height and weight, social security number, blood type, document representing personal status, place of residence, IP records, bank account, proof of residence, reference/service/working paper from previous employer, criminal record certificate, curriculum vitae (CV), military service, disability status, data on disability status within the scope of tax exemption, insurance, housing and rent information, foreign language, educational status, professional information and previous address and signature.
Purpose of Data Collection: We collect relevant data to fulfill our legal obligations.
Legal Grounds for Data Collection: The main legal basis for the collection of relevant data is the legal obligations arising from the relevant legislation.
However, we collect employment data due to the employment contract between us and the data subjects.
Due to our legitimate interests and adopted corporate principles, we sometimes collect employment data for the purposes of participation in company orientation programs, insurance, contacting relatives in emergency situations and placing applicants in suitable positions.
Data Collection Method: We collect data through printed forms and sometimes directly through forms available electronically.
Other data
Description: Data collected within the scope of our commercial activities.
From whom data is collected: We collect this data from our guests, members, employees, visitors and third parties with whom we cooperate.
Content: These are identity, communication and financial data, CCTV (closed circuit television) recordings, voice recordings, facial recognition systems recordings, magnetic card and turnstile recordings; identity, communication and financial data of our business contacts; data collected within the scope of an organized event or organization, data related to accommodation, data collected in complaints and in the process of communication with the company.
Purpose of Data Collection: We collect relevant data from both our guests and members in accordance with the legislation we are subject to and in order to provide perfect and flawless service to all our guests and to ensure security; to carry out our tourism and hotel management activities; to use them in advertisements, marketing and promotions; to organize events and organizations.
We collect relevant data from our suppliers, subcontractors and other parties with whom we have established similar business relationships in order to fulfill our business requirements and obligations arising from signed contracts.
Legal Basis for Data Collection: The main legal basis for the collection of relevant data is the legal obligations arising from the relevant legislation.
However, we collect relevant data due to our legitimate interests and adopted corporate principles in order to provide payment convenience for our regular guests; to include our employees in campaigns or promotions provided by partner banks or other financial institutions; to provide our guests with security and a more peaceful accommodation environment; to organize events related to the number of participants and their special circumstances or requests; to offer special rates and accommodation options for our regular guests, to contact them in case of lost property, to evaluate guest and employee satisfaction and to respond to complaints.
Data Collection Method: We collect data through printed forms and sometimes directly through forms available electronically.
Do we transfer your personal data to local third parties?
Competent Authorities
In accordance with the legislation in our country, we share the above-mentioned identity, contact and some other data periodically or upon their request with the authorities strictly authorized by the legislation.
In addition, your personal data is shared with the authorized institution or organization on the grounds of a decision or upon the request of an administrative institution strictly authorized by the legislation.
Limak Tourism Group Facilities:
In addition, your personal data is shared with the following tourism facilities, which will be merged for limited purposes in the future in order to provide you with more privileged service.
Limak Arcadia Hotel & Resorts
Limak Limra Hotel & Resorts
Limak Atlantis Deluxe Hotel
Limak Lara Deluxe Hotel
Limak Ambassadore Hotel
Limak Eurasia Luxury Hotel
Limak Thermal Hotel
Limak Cyprus Deluxe Hotel
Third parties:
Your personal data is also shared with another group of third parties with whom we cooperate. These primarily include natural or legal persons such as travel agencies, online hotel reservation services.
Your personal data is shared in order to meet your requests for our services such as pick-up, transfer, etc. or to return your lost items, to share your invoices with real or legal persons authorized to perform the relevant services to the extent necessary to fulfill these services on our behalf.
Do we transfer your personal data abroad?
Your personal data may be transferred abroad only in the following cases:
with your express permission or
The circumstances provided for in the law occur and there is adequate protection in the country of transfer or
The cases stipulated in the Law are realized with the consent of the Turkish Data Protection Board in cases where there is no adequate protection in the transferred country.
For example: Where you receive services from a foreign agency, online booking service, etc. or pay us with a foreign financial service, we may transfer your personal data abroad for limited processing purposes without obtaining your consent in order to provide services for you, i.e. to fulfill our service contract.
How long is your personal data stored?
The retention periods of your personal data are determined according to the following criteria:
If there is a period set by law or relevant legislation, the relevant data must be retained for at least that period. Regarding the possibilities of late receipt by us of the requests of courts or administrative bodies strictly authorized by law or the emergence of a dispute in which we may be a part, the period of retention of personal data is the periods stipulated in the Legislation by adding 6 months or 1 year, and when it expires, the relevant data is deleted.
If there is no retention period stipulated in the legislation for the processing of data in relation to the business relationship between us, your personal data will be stored for the period specified in the contract. At the end of this business relationship or when the period specified in the contract expires, your personal data will be deleted without the need for your request.
What are your rights as a data subject?
As a personal data subject, you can;
Obtaining information on whether your personal data is being processed,
Requesting information if your personal data has been processed,
Learn the reason for processing your personal data and whether the data is used correctly for this purpose,
Obtaining information about domestic and foreign third parties who receive your personal data,
To request correction of your personal data if it is incomplete or incorrect,
To request the deletion or destruction of your personal data within the framework of the provisions specified in the Law,
Request notification to third parties to whom your personal data has been transferred regarding the correction of incomplete or incorrect data or the deletion or destruction of your personal data,
Object to a result that is unfavorable to you due to the analysis of the processed data exclusively by automated decision-making systems,
You may claim compensation in the event of a loss due to unlawful processing of your personal data.
How can you exercise your rights as a data subject?
Without prejudice to other methods determined by the Data Protection Board of Turkey, you may submit your requests regarding your personal data together with the documents proving your identity (copy of ID card) to our registered e-mail address thermal@limakhotels.com or to Gökçedere Mah. Sıcak Su Cad. No:1-3 Termal – Yalova by mail.
We reserve the right to object to your application if the information and documents you submit are incorrect or if your application is unauthorized.
How long does it take to respond to your requests?
Your requests will be evaluated and answered within 30 (thirty) days at the latest from the date of delivery. In case of a negative evaluation, a justified rejection will be sent by e-mail or mail to the address on your application.
How long will your requests regarding the processing of your personal data be answered?
Your requests for your rights regarding your personal data are evaluated and answered within 30 (thirty) days at the latest from the date of receipt. If your application is evaluated negatively, justified reasons for rejection are sent to the address you specified in the application by e-mail or postal mail.