Rezervasyon

Data Policy

HOTEL SAMARA

PERSONAL DATA RETENTION AND DISPOSAL POLICY

TÜRK KABLO Mamulleri Tevzi Gıda Ticaret A.Ş.

1. PURPOSE OF THE POLICY

This Personal Data Retention and Disposal Policy (“Policy”), Personal Data Protection Law No. 6698 (KVKK) and the Regulation on the Deletion, Destruction or Anonymization of Personal Data issued based on this law (“Regulation”), the storage and anonymization of personal data As the data controller, TÜRK KABLO Mamulleri Tevzi Gıda Ticaret A. S. Prepared by

2. DEFINITIONS

Explicit Consent: Consent on a specific subject, based on information and expressed with free will,

Anonymization: Making personal data impossible to associate with an identified or identifiable natural person under any circumstances, even if it is matched with other data,

Unit Cabinets: Cabinets where the physical folders of each unit in the company are kept for their active activities,

Firewall: It is a hardware device that provides security both in the field of mail and the internet in order to prevent attacks from outside the company and to prevent users from being exposed to such attacks. In addition, internet access restrictions are set on this device.

Physical Destruction: The physical destruction of optical media and magnetic media, such as melting, incinerating or pulverizing.

Destruction: Deletion, destruction or anonymization of personal data,

Relevant Person: The real person whose personal data is processed,

Relevant User: Persons who process personal data within the organization of the data controller or in line with the authorization and instruction received from the data controller, excluding the person or unit responsible for the technical storage, protection and backup of the data,

Law: Law on Protection of Personal Data No. 6698,

Recording Environment: Any environment in which personal data is fully or partially automated or processed by non-automatic means, provided that it is a part of any data recording system,

Personal Data: Any information relating to an identified or identifiable natural person,

Personal Data Processing Inventory: Personal data processing activities carried out by data controllers depending on their business processes; The inventory they have created by associating the personal data with the purposes of processing, the data category, the transferred recipient group and the data subject group, explaining the maximum period required for the purposes for which the personal data is processed, the personal data to be transferred to foreign countries and the measures taken regarding data security,

Deletion of Personal Data: The process of making personal data inaccessible and unusable for the relevant users,

Destruction of Personal Data: The process of making personal data inaccessible, unrecoverable and reusable by anyone,

Sensitive Personal Data: Data about the race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, costume and clothing, membership to associations, foundations or unions, health, sexual life, criminal convictions and security measures, and biometric data. and genetic data,

Periodic Destruction: The deletion, destruction or anonymization process, which will be carried out ex officio at repetitive intervals and specified in the personal data storage and destruction policy, in the event that all of the personal data processing conditions in the law are eliminated,

Company: TÜRK KABLO Mamulleri Tevzi Gıda Ticaret A.Ş.

Regulation: Refers to the Regulation on the Deletion, Destruction or Anonymization of Personal Data published in the Official Gazette dated October 28, 2017.

3. RECORDING ENVIRONMENTS

In the implementation of this policy, recording media means any environment where personal data is stored. The Company stores the personal data it processes in the following recording environments in accordance with the relevant legislation, especially the Personal Data Protection Law, and by taking the most up-to-date measures regarding data security.

In this context, the recording media in the Company:

  • Personnel File
  • Accounting Archive
  • Related Volume Folders and Archives
  • FIDELIO Software
  • Security Camera Interface
  • Guest Books
  • hard disk
  • LOGO Payroll
  • Staff Health Folders

4. LEGAL, TECHNICAL AND OTHER REASONS REQUESTING THE STORAGE AND DISPOSAL OF PERSONAL DATA

a) Personal data of the persons concerned may be processed by the Company for the following purposes:

I. ISTANBUL (CENTER)

Working:

  • Execution of emergency management processes
  • Fulfillment of obligations arising from employment contracts and legislation for employees
  • Execution of finance and accounting works
  • Follow-up and execution of legal affairs
  • Conducting communication activities
  • Planning of human resources processes
  • Follow-up of permission rights
  • Establishment of the employment contract
  • Execution of occupational health and safety activities
  • Fulfillment of legal obligations
  • Arranging payroll
  • Making salary payments
  • Creation of the personnel file
  • Social Security Institution recruitment
  • Providing information to authorized persons, institutions and organizations

Security cameras:

  • Ensuring physical space security

II. SAMARA HOTEL

Working:

  • Execution of emergency management processes
  • Fulfillment of obligations arising from employment contracts and legislation for employees
  • Execution of finance and accounting works
  • Follow-up and execution of legal affairs
  • Conducting communication activities
  • Planning of human resources processes
  • Follow-up of permission rights
  • Establishment of the employment contract
  • Execution of occupational health and safety activities
  • Fulfillment of legal obligations
  • Arranging payroll
  • Making salary payments
  • Creation of the personnel file
  • Social Security Institution recruitment
  • Providing information to authorized persons, institutions and organizations

Employee Candidate:

  • Execution of the application processes of our employee candidates
  • Providing suitable personnel for open positions within the scope of human resources policies

Hotel Customer:

  • Check-in procedures,
  • Execution of reservation processes,
  • Execution of goods/service sales processes,
  • Execution of finance and accounting works,
  • Carrying out activities for customer satisfaction,
  • Collection of accommodation fee,
  • Fulfillment of legal obligations and
  • Execution of information security processes

Visitor:

  • Keeping visitor records
  • Ensuring physical space security

Security cameras:

  • Ensuring physical space security

Mail Order:

  • Collection of accommodation fee

Online Reservation:

  • Making reservations

b) In accordance with the Regulation, the personal data of the persons concerned are deleted or destroyed by the Company ex officio or upon request, in the following cases:

a. Changing or repealing the provisions of the relevant legislation, which is the basis for the processing or storage of personal data
b. The disappearance of the purpose that requires the processing or storage of personal data,
c. Elimination of the conditions requiring the processing of personal data in Articles 5 and 6 of the Law.
D. In cases where the processing of personal data takes place only on the basis of explicit consent, the data subject withdraws his consent,
to. The application made by the data subject regarding the deletion or destruction of his personal data is accepted by the data controller,
f. In cases where the data controller rejects the application made by the data subject with the request for the deletion or destruction of his personal data, if his answer is found to be insufficient or if he does not respond within the time stipulated in the Law, a complaint is made to the Board and this request is approved by the Board
g. The absence of any conditions justifying the retention of personal data for a longer period of time, even though the maximum period for keeping personal data has passed.

5. TECHNICAL AND ADMINISTRATIVE MEASURES FOR SECURE STORAGE AND LEGAL PROCESSING OF PERSONAL DATA

a) Technical Measures:

Network security and application security are provided.

Security measures are taken within the scope of procurement, development and maintenance of information technology systems.

The security of personal data stored in the cloud is ensured.

Access logs are kept regularly.

The authorizations of employees who have a change of job or quit their job in this field are removed.

Current anti-virus systems are used.

Firewalls are used.

Personal data security issues are reported quickly.

Personal data security is monitored.

Log records are kept without user intervention.

Cyber security measures have been taken and their implementation is constantly monitored.

Encryption is done.

b) Administrative Measures

There are disciplinary regulations that include data security provisions for employees.

Training and awareness activities are carried out periodically for employees on data security.

The signed contracts contain data security provisions.

Personal data security policies and procedures have been determined.

Necessary security measures are taken regarding entry and exit to physical environments containing personal data.

Physical environments containing personal data are secured against external risks (fire, flood, etc.).

The security of environments containing personal data is ensured.

Personal data is reduced as much as possible.

Confidentiality commitments are made.

6. TECHNICAL AND ADMINISTRATIVE MEASURES FOR LAWFUL DISPOSAL OF PERSONAL DATA

Employees are informed and trained on the law of protection of personal data and the destruction of personal data in accordance with the law.

Personnel who will destroy the Personal data registered in the Personal Data Inventory have been determined.

Personal data storage and destruction activities carried out within the company are audited.

The technical measures taken are reported to the person concerned.

Personnel knowledgeable in technical matters are employed.

7. METHODS USED FOR LEGAL DISPOSAL OF PERSONAL DATA

a. Methods of Deletion of Personal Data

i. Personal Data in Paper Media: It is deleted using the destruction method. Destruction is done by deforming and rendering unusable the relevant documents and the personal data on the relevant documents in such a way that they cannot be read back with technological solutions.

ii. Office Files on the Central Server: They are deleted with the delete command in the operating system.

b. Personal Data Destruction Methods

i. Personal Data in Local and Environmental Systems: Physical destruction is destroyed by using the appropriate overwriting method.

8. OFFICERS INVOLVED IN THE CONSERVATION AND DISPOSAL PROCESSES

PROCESS RESPONSIBLETASKRESPONSIBILITY
Front office managerPersonal Data Retention and Disposal Policy Implementation Officer for Front Office and Reservation Processes and Visitor RecordsEnsuring the compliance of the data processed by the department in charge with the storage period in this data laundering and destruction policy and managing the personal data destruction process during periodic destruction periods.
Accounting ManagerAccounting Processes Personal Data Retention and Disposal Policy Implementation Officer
Director of Human ResourcesHuman Resources Processes Personal Data Storage and Disposal Specialist
IT SpecialistPersonal Data Storage and Disposal Responsible for Data Processed Through Information Systems
Occupational PhysicianPersonnel Health Folder Personal Data Retention and Disposal Policy Implementation Officer
Job Security SpecialistOHS Processes Personal Data Retention and Disposal Policy Implementation Officer

9. TABLE OF STORAGE AND DISPOSAL TIMES

DATA CATEGORYSTORAGE PERIODDISPOSAL TIME
Other data required to be processed for the establishment or performance of a contract or processed within this scope10 years from the date of termination of the contract in accordance with the Turkish Code of ObligationsIn the first periodic destruction process following the end of the storage period
Data processed in order to protect the right in a possible disputeDuring the statute of limitations to which the legal relationship is subjectIn the first periodic destruction process following the end of the storage period
Employee health data and all data processed in accordance with Occupational health and safety legislation15 years from the date of dismissal in accordance with the Occupational Health and Safety legislationIn the first periodic destruction process following the end of the storage period
Data on finance and accounting10 years (TCC art. 82)In the first periodic destruction process following the end of the storage period
Camera recordings taken to ensure general security1 monthoverwrites
Other data for which a special storage period is stipulated in the relevant legislationDuring the storage period stipulated in the relevant legislationIn the first periodic destruction process following the end of the storage period
Data stored in accordance with tax legislation5 yearsIn the first periodic destruction process following the end of the storage period
Personal data processed on the basis of consentUntil the person’s request for the deletion of their personal dataWithin 30 days from the request of the person concerned
Log Records2 yearsIn the first periodic destruction process following the end of the storage period
Visitor book1 yearIn the first periodic destruction process following the end of the storage period
Post Survey Forms1 monthIt is destroyed after necessary evaluation.

10. PERIODIC DISPOSAL TIMES

Physical and digital data, which have completed the legal storage and destruction periods, are periodically destroyed. The company deletes or destroys personal data in the first periodical destruction process following the date on which the obligation to delete or destroy personal data arises.

Periodic destruction is carried out at 6-month intervals for all personal data.

Transaction records regarding deletion and destruction are kept for 3 years.

11. UPDATE INFORMATION

KVKK BAŞVURU FORMU

We are delighted to welcome you to our 70,000 m² paradise, where the enchanting blues of the Aegean meet lush greenery.

eSarj_3

Our Rooms

Hotel Amenities

Corporate

Contact

Torba Mahallesi 3129 Sok. No:1 Kaynar Mevkii Bodrum/Muğla, Türkiye

Ovaicon-instagram-2 Icomoon-facebook

Design

Hotel Samara Bodrum
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies to provide you with the best possible user experience. Cookie information is stored in your browser and performs functions such as recognizing you when you return to our website and helping our team understand which sections of the site you find most interesting and useful.