Cevahir Hotel Asia Logo
--°
İSTANBUL
Türkçe
1Night

KVKK CLARIFICATION TEXT

KVKK CLARIFICATION TEXT

Cevahir Hotel Istanbul Asia ("Hotel") attaches great importance to the protection of personal data within the scope of Law No. 6698 on the Protection of Personal Data ("KVKK") and all related legislation. As the data controller, this Clarification Text has been prepared to inform you about the processes related to the processing of your personal data.

________________________________________

1. Identity of the Data Controller

• Data Controller: Cevahir Hotel Istanbul Asia

• Address: Yalı Mah. Turgut Özal Bulvarı No:21, Maltepe / Istanbul

• Email: kvkk@cevahirhotel.com.tr

• Phone: 02165000000

________________________________________

2. Categories of Personal Data Processed

The following categories of personal data may be processed, limited to the data processing purpose:

• Identity Information: Name, surname, Turkish ID number, passport information, date of birth.

• Contact Information: Phone number, email address, physical address.

• Customer Transaction Information: Reservation records, accommodation dates, room preferences.

• Financial Information: Invoice details, payment information.

• Security Information: CCTV footage, entry-exit records.

• Internet Access Information: IP address, log records, cookie data.

• Health Data (special categories): Allergy, disability, special needs information (only with explicit consent).

• Customer Communication Records: Complaints, requests, survey responses.

________________________________________

3. Purposes of Processing Personal Data

Your personal data is processed within the framework of the legal grounds specified in Articles 5 and 6 of the KVKK, limited to the data processing purpose:

• Carrying out reservation processes.

• Providing accommodation services and conducting operational processes.

• Identity verification and legal notification processes.

• Carrying out financial and accounting transactions.

• Measuring and improving guest satisfaction.

• Room services, special requests, and customer support processes.

• Ensuring facility and guest security through security camera footage.

• Managing emergencies and ensuring health security.

• Following legal processes.

• Conducting marketing and informational communications (with explicit consent).

________________________________________

4. Method and Legal Basis for Collection of Personal Data

Your personal data is collected through hotel reservation systems, website forms, phone communications, email correspondence, contract forms, camera recording systems, mobile applications, and third-party reservation platforms.

Legal bases for processing:

• Establishment and performance of a contract (KVKK Art. 5/2 c)

• Fulfillment of legal obligations (KVKK Art. 5/2 ç)

• Legitimate interests of the data controller (KVKK Art. 5/2 f)

• Cases requiring explicit consent (KVKK Art. 5/1 and 6/2)

________________________________________

5. Transfer of Personal Data

Personal data may be transferred in accordance with Articles 8 and 9 of the KVKK to:

• Authorized public institutions and organizations,

• Audit firms, consultants, and lawyers,

• Payment service providers and banks,

• Information and technology service providers (server, email, cloud services),

• Business partners involved in reservation and sales,

• Companies providing security and technical support services,

with necessary security measures taken.

Data transfer abroad is only carried out with explicit consent or when the conditions of a safe country / undertaking as per Article 9 of the KVKK are met.

________________________________________

6. Retention Periods for Personal Data

Your personal data is stored for the following periods, in accordance with the periods stipulated in the relevant legislation and the Hotel's data retention policy:

• Invoice and financial records: 10 years

• Reservation and accommodation information: 5–10 years

• CCTV records: 30–90 days (usually 30 days)

• Customer requests and complaint records: 3–5 years

• Marketing consent records: Until consent is withdrawn

• Health data: For the duration required by the service (only with explicit consent)

________________________________________

7. Technical and Administrative Measures for Data Security

The main security measures taken by the Hotel include:

• Strong encryption and network security measures

• Firewall and intrusion detection systems

• Access matrices and logging of access

• Data minimization and anonymization practices

• Personnel training and confidentiality agreements

• Secure backup and logging infrastructure

• Physical security measures (server room access control)

• Rapid notification procedure in case of a data breach

________________________________________

8. Your Rights Under KVKK (Article 11)

You have the following rights:

• To learn whether your personal data has been processed

• If processed, to request information about it

• To learn the purpose of processing and whether it is used in accordance with the purpose

• To know the third parties to whom it has been transferred

• To request correction if the data is incomplete or incorrectly processed

• To request deletion or destruction

• To object to processing

• To withdraw consent for data processed based on consent

________________________________________

9. Application Method and Process

You can submit your requests within the scope of KVKK through the following methods:

• Email: kvkk@cevahirhotel.com

• Mail: Yalı Mah. Turgut Özal Bulvarı No:21, Maltepe / Istanbul

• Physical application: Can be made to the relevant unit at the hotel reception.

Applications will be resolved within a maximum of 30 days as per KVKK. Requests are free of charge; however, in cases requiring additional costs, a fee may be charged according to the tariff determined by KVKK.

________________________________________

This Clarification Text may be updated in line with changes in data processing activities.