KVKK Disclosure Statement – Kalevera Hotel

This information text contains information regarding the processing of Personal Data by KALEVERA TURİZM SAN. VE TİC. LTD.ŞTİ. (“Company”), acting as the DATA CONTROLLER, in accordance with the Personal Data Protection Law No. 6698 (“LPPD Law”) and the relevant legislation.

This disclosure text aims to inform the groups of people whose personal data is collected about the personal data collected, the method of collecting personal data, the purposes of processing, legal reasons, to whom and for what purposes the processed personal data can be transferred, and the rights of personal data owners.

Within the scope of KVKK, personal data means any information related to an identified or identifiable natural person (“Personal Data”) and a special type of this, special quality personal data, refers to data related to race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, appearance and dress, association, foundation or union membership, health, sexual life, criminal conviction and security measures, as well as biometric and genetic data (“Special Quality Personal Data”). As the Data Controller, within the scope of our business relationship with you, Personal Data will be recorded, stored, preserved, rearranged when necessary, shared with institutions legally authorized to request this Personal Data , and processed in other ways listed within the scope of the KVKK.

Definitions:PDPL Law: Personal Data Protection Law No. 6698,

KVK Board : Personal Data Protection Board,

Data Owner : The natural person whose personal data is processed,

Processing of personal data: Any operation performed on data, such as obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making available, classifying or preventing the use of personal data, either fully or partially by automatic means or, provided that it is part of any data recording system, by non-automatic means.

In this disclosure text, personal data and special personal data may be referred to together as “Personal Data”. Your personal data processed in accordance with the purposes stated in the disclosure text is transferred in direct proportion to the purposes stated in this text .

1. GROUPS OF PERSONS WHOSE PERSONAL DATA IS COLLECTED BY THE COMPANY, COLLECTED PERSONAL DATA, PURPOSE OF PROCESSING PERSONAL DATA, LEGAL BASIS, METHOD OF COLLECTING PERSONAL DATA AND GROUPS OF PERSONS TO WHICH PERSONAL DATA IS TRANSFERRED

1.1. PERSONAL DATA OWNER GROUP: EMPLOYEE CANDIDATE

Personal Data Collected: Identity Data (such as Name Surname, TR ID No., Nationality, Name of Mother-Father, Date of Birth, Marital Status, Place of Birth, Gender), Communication Data (such as Phone Number , Address Information , Emergency Contact Phone, E-Mail), Physical Space Security Data (such as Security Camera Records of Employees and Visitors While They Are in the Physical Space), Professional Experience Data (such as diploma information, courses attended, in-service training information, certificates), Visual and Audio Records (such as passport photographs, visual and audio records), Health Data (such as information on disability status, blood group information, personal health information, information on devices and prosthesis used), Criminal Conviction and Security Measures (such as criminal record, criminal conviction and information on security measures), Candidate Transaction Data (Driver’s License Class, SRC Document, Travel Disability Status, Position Applied, Application Date, Salary Expectation, Shift Work Eligibility, Overtime Eligibility, Can I Change Residence Information, Interview Information, etc.), Signature Data (Wet or electronic signature, fingerprint, special marks, etc. on documents that are considered personal data), Other (Military service status, candidate interview information, employee body size information, Driver’s License Class, SRC Document, Competencies, Private Health or Life Insurance Information , Reference Information, Smoking Limit, Alcohol Use Limit, etc.)

Purpose of Processing Personal Data

It is processed for the purposes of carrying out emergency management processes, carrying out candidate employee / intern / student selection and placement processes, carrying out candidate employee application processes, carrying out activities in accordance with legislation, ensuring physical space security, planning human resources processes, sharing with business partners for candidate evaluation purposes, managing relationships with business partners and suppliers, carrying out occupational health / safety activities, carrying out contract processes, informing authorized persons, institutions and organizations, employing new personnel, examining candidates and determining the new candidate to be employed, information received about your resume so that the manager can get to know the candidate better and select him/her, sharing it with the manager, confirming the data with the reference persons you have included in your resume, verifying how much you match the position and recording your resume information for future confirmation, recording the information we share with you in digital or physical environments in case we need it in the short or long term, evaluating it in case there is a vacancy in the relevant position in our group companies, carrying out communication activities. and can be transferred.

Legal Basis for Processing Personal Data: Your personal data is collected by our Company through different channels and based on the legal reasons explained, in physical or electronic environments; from the job application form you have filled out personally, from websites that allow you to submit a CV or job application, via e-mail, from security cameras when you enter physical premises, and within the scope of employment contracts for the purposes listed above. “Personal data cannot be processed without the explicit consent of the relevant person” in paragraph (1) of Article 5 of the Personal Data Protection Law. “(2) In the event that (a) “It is expressly provided for by law”, (b) “It is mandatory for the protection of the life or physical integrity of the person who is unable to give his/her consent due to a de facto impossibility or whose consent is not legally valid, or of another person.”, (c) “Provided that it is directly related to the establishment or performance of a contract, the processing of personal data belonging to the parties to the contract is necessary.”, (ç) “It is mandatory for the data controller to fulfill its legal obligation.”, (d) “It is made public by the relevant person himself/herself.”, (e) “Data processing is mandatory for the establishment, exercise or protection of a right.”, (f) “Data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the relevant person.”, personal data may be processed without the explicit consent of the relevant person.

Transfer of Personal Data: Based on the explicit consent data processing requirement in the first paragraph of Article 8 of the Personal Data Protection Law; it may be shared and transferred with business partners, group companies, audit companies located in the country for the purpose of carrying out management activities.

1.1. PERSONAL DATA OWNER GROUP: EMPLOYEE

Personal Data Collected:

Identity Data (Name Surname, TR ID Number, Mother-Father Name, Date of Birth, Marital Status, Place of Birth, Gender etc.), Communication Data ( Phone Number , E-Mail, Company Internal Phone Number, Corporate E-Mail etc.), Physical Location Security Data ( such as Security Camera Records of Employees and Visitors While They Are in the Physical Space ), Professional Experience Data (Diploma information, courses attended, in- service training) education information , certificates, etc.), Visual and Audio Records (such as passport photographs, visual and audio records), Health Information (such as health report, periodic examination form for employment, accident report, blood group information, personal health information, information on devices and prosthesis used , information on disability status), Criminal Conviction and Security Measures (such as criminal record, criminal conviction and information on security measures),

Signature Data (Wet or electronic signature on documents that are considered personal data, etc.), Other (Driver’s License, Competencies, Hobbies, Salary Expectations, Military Status, Reference Information, Smoking, Alcohol , Computer Usage Information, Body Measurement, Candidate Interview Information, Employee’s Body Measurement Information, etc.), Location Data (Vehicle GPRS Data, Device GPRS Data, Location Information of the Location, etc.), Personnel Data (Photo, Education Information, Pay Slips, Job Start Date, Job Termination Information, CV Information, Wage Information, Position, E-Declaration, Seniority Base Date, Department Information, Insurance Information, Reference Information, Time Sheet Information, Leave Usage Information, Disciplinary Investigation, Asset Declaration Information, Performance Evaluation Reports, Employee or Working with the Company Relationship The Truth Within Persons All kinds of personal data processed to obtain information that will form the basis for the establishment of personnel rights , employment contract, graduation information, education information, duty Eligibility for , Retirement Fund Information, Job Application Form, Current Personnel Information Form, Annual Leave Usage Book / Records, Payroll Records, SGK Information, Employment Entry Document Records, AGİ, E-Declaration, Signature Declaration, Registry Number, Position Name, Department and Unit, Title, Last Date of Entry, Dates of Entry and Exit, Working in Flexible Hours, Travel Status, Number of Working Days, Projects Worked, Total Monthly Overtime Information, Severance Pay Base Date, Severance Pay Additional Day, Days Spent on Strike, Leave Seniority Base Date, Leave Seniority Additional Day, Leave Group, Exit/Return Date, Day, Reason for Leaving, Address/Telephone to be Located on Leave and Other Documents Resulting from Legal Obligations, etc.)

Legal Transaction Data ( Correspondence with judicial authorities information in the files , information in the case file, etc.), Process Security Data (such as IP address information, MAC address, website login and logout information, password and passcode information), Risk Management Data (information processed to manage commercial, technical and administrative risks related to risks to administrative and technical employees), Financial Data (such as bank account information, salary details, file and debt information related to enforcement proceedings), Biometric Data (such as facial recognition information), Family Relative Data (Spouse’s Name and Surname, Spouse’s Employment Information, Spouse’s Income, Child’s Name and Surname, Child’s TR ID Number, Child’s Date of Birth, Child’s Gender, Child’s Father’s Name, Child’s Mother’s Name, Natural-Stepparent Information, School Registration Date, School Name, Class),

Purpose of Processing Personal Data :

Performing the employment contract, approval of annual and other leave of employees, displaying remaining leaves and making leave arrangements, performing the entry and exit procedures of employees, ensuring that payroll procedures are carried out, making salary and additional benefit payments, carrying out emergency management processes, carrying out information security processes, carrying out employee satisfaction and loyalty processes, fulfilling the obligations arising from the employment contract and legislation for employees, carrying out fringe benefits and benefits processes for employees, carrying out audit / ethics activities, carrying out training activities, carrying out access authorizations, carrying out activities in accordance with the legislation, planning and management of harmonization of activities with the relevant legislation or company procedures, carrying out finance and accounting works, carrying out processes of commitment to company / product / services, ensuring physical space security, taking entry and exit records, carrying out assignment processes, following up and carrying out legal affairs, carrying out internal audit / investigation / intelligence activities, carrying out communication activities, planning human resources processes, carrying out business activities / auditing, collecting entry and exit records of business partner/supplier employees, sharing with business partners, managing relations with business partners and suppliers, carrying out occupational health/safety activities, receiving and evaluating suggestions for improving business processes, carrying out activities for ensuring business continuity, carrying out logistics activities, carrying out purchasing processes of goods/services, carrying out after-sales support services of goods/services , carrying out sales processes of goods/services, carrying out production and operation processes of goods/services, carrying out customer relations management processes, carrying out activities for customer satisfaction, organization and event management, carrying out marketing analysis studies, carrying out performance evaluation processes, carrying out risk management processes, carrying out storage and archive activities, carrying out social responsibility and civil society activities, carrying out contract processes, carrying out contract processes, carrying out sponsorship activities, carrying out strategic planning activities, following up on requests/complaints, ensuring the security of movable goods and resources, carrying out wage policy, foreign personnel work and residence permit procedures, carrying out talent/career development activities, authorized persons, institutions and Providing information to organizations, carrying out management activities, employing new personnel, examining candidates and determining the new candidate to be employed, information received about your CV so that the manager can get to know and select the candidate better, sharing it with the manager, confirming the data with the reference persons you have included in your CV , verifying how much you match the position and recording your CV information for future confirmation, recording the information we share with you in digital or physical environments in case we need it in the short or long term, evaluating it in case there is a vacancy in the relevant position in our group companies, carrying out communication activities, personnel management and making payrolls, ensuring that your family member benefits from the minimum living wage discount , following up on legal requirements, determining regulatory process and company management responsibilities, performing correct application and compliance audits, ensuring and auditing compliance with corporate policies such as security and internet usage requirements, operational requirements such as registered transactions, training and quality control, and security checks may be processed and transferred for the purposes of.

Legal obligation: Fulfillment of legal obligations within the scope of the Labor Law, Occupational Health and Safety Law, Social Security Law and other legislation, creation of personnel file, SGK and İŞKUR notifications, AGI calculation, provision of incentive and legal obligation information, ensuring the opening of a compulsory individual retirement insurance account, control and management of employment entry and exit records, payment of employees’ wage garnishment deductions to enforcement files, performance of occupational health and safety procedures , legal notification of work accidents, police station notification, compliance with archiving and information obligations required by legislation, execution of court orders.

Ensuring physical space security: Ensuring workplace security, ensuring employees’ entry and exit to the company headquarters.

Within the scope of our company’s obligations regarding ensuring and improving occupational health and safety; It is processed and transferred for the purposes of creating emergency lists and conducting emergency operations, creating emergency analysis reports, performing work accident examinations, performing pre-employment examinations, and conducting processes related to obtaining a health report from the workplace physician.

If there is a corporate e-mail, cloud service, computer, phone, tablet, etc. issued in your name or allocated to you for your use, Company officials will be able to track these devices, cloud and e-mail addresses. The Company may disable or delete the allocated cloud or e-mail address if it deems appropriate. The devices used may be cancelled.

Legal Basis for Processing Personal Data:

In paragraph (1) of Article 5 of the Personal Data Protection Law, “Personal data cannot be processed without the explicit consent of the relevant person.” “(2) In paragraph (a) “Explicitly provided for by law”, (b) “It is mandatory for the protection of the life or physical integrity of the person who is unable to give his/her consent due to a de facto impossibility or whose consent is not legally valid, or of another person.”, (c) “Provided that it is directly related to the establishment or performance of a contract, the processing of personal data belonging to the parties to the contract is necessary.”, (ç) “It is mandatory for the data controller to fulfil its legal obligation.”, (d) “It is made public by the relevant person himself/herself.”, (e) “Data processing is mandatory for the establishment, exercise or protection of a right .”, (f) “Data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the relevant person.”

In this case, it is possible to process personal data without the explicit consent of the relevant person and according to the 3rd paragraph of Article 6, “Processing of special personal data is prohibited. However, processing of these data; a) If the person concerned has given explicit consent, b) If it is clearly prescribed by law, c) If it is mandatory for the protection of the life or physical integrity of the person who is unable to give his/her consent due to a de facto impossibility or whose consent is not legally valid, or of another person, ç) If it is in accordance with the will of the person concerned to make public the personal data he/she has made public, d) If it is mandatory for the establishment, exercise or protection of a right, e) If it is necessary for the protection of public health, preventive medicine, medical diagnosis, treatment and care services by persons under the obligation of confidentiality or by authorized institutions and organizations, and for the planning, management and financing of health services, f) If it is mandatory for the fulfillment of legal obligations in the fields of employment, occupational health and safety, social security, social services and social assistance, it is possible to collect and process the data.

Methods of Collection of Personal Data:

Your personal data may be collected by the Company for the purposes specified in this Disclosure Text , either from you personally or through websites that allow you to apply for a job, via e-mail, through documents such as expense and permission forms that you have filled out, in physical and digital environments. Due to the Company’s legal obligation and legitimate interest to ensure workplace safety , it is collected in a digital environment automatically through cameras we have placed in the workplace building. In order to fulfill our legal obligation and as foreseen by law, your health data is collected through our workplace physician . < /span>

In cases where a vehicle is allocated to you, location information, day and time information are collected automatically via GPRS for the Company’s legitimate interest in following up on the business,

It is collected using face recognition methods for the legitimate interests and legal obligations of the data controller, such as ensuring workplace safety and tracking employees’ entry and exit times, keeping timesheet records, and fulfilling payroll arrangements, through systems that control entry and exit times.

Transfer of Personal Data: According to the first paragraph of Article 8 of the law determining the transfer of personal data, “Personal data cannot be transferred without the explicit consent of the relevant person .” and according to the second paragraph, personal data; (a) “Provided that adequate measures are taken”, (b) “Provided that sufficient measures are taken”, (b ) “ Provided that one of the conditions specified in the third paragraph of Article 6 is met , ” Transfers will be made in accordance with the provision . Your personal data shared with our company , according to the first paragraph of Article 9, “Personal data may be transferred abroad by data controllers and data processors in the event that one of the conditions specified in Articles 5 and 6 are present and there is an adequacy decision regarding the country to which the transfer will be made, the sectors within the country or international organizations.”, according to the second and third paragraphs, from the countries where the Board has made an adequacy decision to the countries in need, according to the fourth paragraph, “Personal data may be transferred abroad in the event that there is no adequacy decision, provided that one of the conditions specified in Articles 5 and 6 are present and the relevant person has the opportunity to exercise his/her rights and apply for effective legal remedies in the country to which the transfer will be made.”
It is transferred within the framework of the conditions specified in Articles 8 and 9 of the Law and on condition that it is limited to the purposes listed in the article above. No personal data is transferred to third parties other than those listed .

Based on the data processing condition of “establishment or performance of a contract” regulated in Article 5/2 (c) of the PDP Law; with banks, independent accountants/financial consultancies and relevant suppliers in order to carry out your salary payments and fringe benefits and to carry out Company activities; based on the data processing condition of “the data controller to fulfill his legal obligation” regulated in Article 5/2 (ç) of the PDP Law; only in necessary cases, with the Ministry of Labor and Social Security, Social Security Institution, Turkish Employment Agency, courts and other public institutions and organizations requesting information; with financial advisors/accounting firms; based on the data processing condition of “establishment, exercise or protection of a right” regulated in Article 5/2 (e) of the PDP Law; Your personal data may be shared and transferred with law firms and other consultants in order to provide evidence in possible disputes, to receive legal consultancy and technical support, to implement the employment contract, and to check whether the parties comply with their obligations ; Your location data processed for the purpose of ensuring the legal and commercial security of our company and business partners , when necessary, with the supplier company from which the vehicle tracking system service is provided ; Based on the explicit consent data processing condition in the first paragraph of Article 8 of the Personal Data Protection Law; to third parties through social media accounts for the purposes of carrying out advertising, marketing and promotional activities; with business partners, group companies and audit companies located in the country for the purposes of carrying out management activities ; with the companies we are affiliated with or work in partnership with and with the aforementioned companies in order to ensure our internal functioning ; The necessary portions of your personal data may be shared and transferred with the company we work with for reasons such as transportation, vehicle supply, business card printing and parking registration .

1.2.PERSONAL DATA OWNER GROUP: POTENTIAL PRODUCT OR SERVICE BUYER / CUSTOMER CANDIDATE

Personal Data Collected: Identity Data (such as Name Surname, TR ID Number, Nationality), Contact Data (such as Phone Number , Address Information , E-Mail), Marketing Data (such as shopping history information, surveys, cookie records, information obtained through campaign work), Physical Location Security Data (such as Security Camera Records of Employees and Visitors During Their Time in the Physical Location , Entry and Exit Logbook ).

Purpose of Processing Personal Data :

Carrying out communication activities , business processes Obtaining and Evaluating Suggestions for Improvement of Goods / Services Sales Processes Execution , MarketingAnalysis His work Execution of Advertising / Campaign / Promotion Processes Execution , Tracking of Requests/ Complaints , Marketing Processes of Products /Services It is processed and transmitted for its execution purposes .

Law on the Processing of Personal Data

Based on:

The following provisions are included in paragraph (1) of Article 5 of the PDP Law: “Personal data cannot be processed without the explicit consent of the relevant person.” (2) (a) “Explicitly provided for by law.”, (b) “ It is mandatory for the protection of the life or physical integrity of the person who is unable to give his/her consent due to de facto impossibility or whose consent is not legally valid or of another person .”, (c) “ Provided that it is directly related to the establishment or performance of a contract , the processing of personal data belonging to the parties to the contract is necessary.”, (ç) “It is mandatory for the data controller to fulfill its legal obligation.”, (d) “It is made public by the relevant person himself/herself.”, (e) “Data processing is mandatory for the establishment, exercise or protection of a right .”, (f) “Provided that it does not harm the fundamental rights and freedoms of the relevant person, the legitimate interests of the data controller .” In case data processing is mandatory, personal data may be processed without the explicit consent of the relevant person.

Methods of Collection of Personal Data:

It can be collected through e-mail, social media ( facebook, twitter , instagram etc.) in digital channels , through our website, in the form of forms, documents, surveys and field studies in a physical environment , or verbally from you personally.

Transfer of Personal Data:

According to the second paragraph of Article 8 of the law determining the transfer of personal data , personal data ; (a) item “In the second paragraph of Article 5,” (b) item “Adequate measures ” ” provided that one of the conditions specified in the third paragraph of Article 6 is met , the relevant person According to the provision and paragraph 1 of the article “Personal data cannot be transferred without the explicit consent of the relevant person .”, your personal data that is shared and transferred may be shared and transferred with our direct or indirect subsidiaries, group companies , shareholders/partners, authorized persons and institutions . < /span>

1.3.PERSONAL DATA OWNER GROUP: INTERN

Personal Data Collected:

Identity Data ( such as Name Surname, TR ID Number, Name of Mother-Father, Place of Birth , Date of Birth), Financial Data (Bank Account Information , Wage Information, etc.), Physical Space Security Data (such as Security Camera Records of Employees and Visitors While They Are in the Physical Space ), Professional Experience Data (such as information on the school attended , diploma information, courses attended, in- service training, etc.), education information , certificates, etc.), Visual and Audio Records (such as visual and audio records), Transaction Security Data ( such as IP address information, MAC address, website login and logout information, password and passcode information), Communication Data (such as address number , e- mail address , contact address, telephone number ), Health Data (such as disability status information, blood group information, personal health information , device and prosthesis information used, health report), Signature Data ( wet signature on documents that are considered personal data, etc.), Family Relative Data (such as Guardian’s Name and Surname, Guardian’s Phone Number , Guardian Relationship Information, Guardian Residence Information, Guardian E-Mail Address ). Personnel Data (Photo, Education Information, Pay Slips , Start Date, Termination Information, CV Information, E- Declaration, Department Information, Insurance Information, Reference Information, Time Sheet Information, Leave Usage Information).

Purpose of Processing Personal Data:

It is processed and transferred for the purposes of executing emergency management processes , executing information security processes, executing candidate employee / intern / student selection and placement processes, executing employee satisfaction and loyalty processes , executing fringe benefits and interests processes for employees , executing audit / ethics activities, executing training activities , executing access authorizations, executing activities in accordance with the legislation , executing commitment processes to company / product / services , ensuring physical space security, executing assignment processes , following up and executing legal affairs, executing internal audit / investigation / intelligence activities, executing communication activities, executing / auditing business activities , executing occupational health / safety activities , executing contract processes, executing talent / career development activities , and providing information to authorized persons, institutions and organizations .

Legal Basis for Processing Personal Data:

Methods of Collection of Personal Data:

It can be collected via e-mail in digital media or via forms /documents in a physical environment .

Transfer of Personal Data:

According to the second paragraph of Article 8 of the law determining the transfer of personal data , personal data; (a) item “In the second paragraph of Article 5,” (b) item “Adequate measures ” ” provided that one of the conditions specified in the third paragraph of Article 6 is met , the relevant person According to the provision and paragraph 1 of the article, ” Personal data cannot be transferred without the explicit consent of the relevant person.”, your personal data that is shared and transferred may be shared and transferred with our direct or indirect subsidiaries, group companies , shareholders/partners, banks with which we have an agreement, independent accountants /financial consultancies, authorized persons and institutions .

1.4.PERSONAL DATA OWNER GROUP: SUPPLIERS/SERVICE PROVIDERS

Personal Data Collected:

Identity Data (such as name, surname, title, TR identity number ), Communication Data (such as address number , e-mail address, contact address, registered e-mail address (KEP), telephone number ), Legal Transaction Data ( such as information in the case file in correspondence with judicial authorities ), Risk Management Data ( management of commercial, technical, administrative risks ), Financial Data (such as bank information, balance sheet information , tax office, tax number, signature circular), Customer Transaction Data (such as invoice, information on teller receipts, order information , request information, signature circular), Physical Space Security Data ( such as Security Camera Records of Employees and Visitors While They Are in the Physical Location ), Process Security Data (such as IP address information, MAC address, website login and logout information , password and passcode information), Signature Data ( wet or electronic signature on documents that carry personal data, etc.)

Purpose of Processing Personal Data:

It is processed for the purposes of carrying out emergency management processes, carrying out information security processes , carrying out audit / ethics activities, carrying out access authorizations , carrying out finance and accounting affairs, ensuring physical space security , carrying out assignment processes, following and carrying out legal affairs , carrying out internal audit / investigation / intelligence activities , carrying out communication activities, carrying out / auditing business activities , planning and managing business partners, suppliers’ access authorizations to information and facilities , managing relations with business partners, suppliers , carrying out occupational health / safety activities, receiving and evaluating suggestions for improving business processes , carrying out business continuity activities , carrying out logistics activities, carrying out goods / services purchasing processes , carrying out goods / services production and operation processes, carrying out storage and archive activities, carrying out contract processes , providing information to authorized persons, institutions and organizations. is being transferred.

Legal Basis for Processing Personal Data:

Personal Data Collection Method:

In digital stores ; it can be collected via e-mail or in a physical environment with forms, documents or verbally by you .

Transfer of Personal Data:

According to the second paragraph of Article 8 of the law determining the transfer of personal data, personal data; (a) “Provided that adequate measures are taken”, (b) “ Provided that adequate measures are taken ”, “ In case one of the conditions specified in the third paragraph of Article 6” , “ is met , open According to the provision and paragraph 1 of the article, ” Personal data cannot be transferred without the explicit consent of the relevant person.”, your personal data shared and transferred may be shared and transferred with our direct or indirect subsidiaries , group companies, shareholders/partners, private law persons and independent accountants/financial consultancies, banks with which we have agreements, authorized persons and institutions . < /span>

1.5.PERSONAL DATA OWNER GROUP: PERSON WHO PURCHASES PRODUCT OR SERVICE / CUSTOMER

Personal Data Collected:

Identity Data (Name Surname, TR ID No., Nationality, Passport No., Place of Issue , Date of Issue, Name of Mother-Father, Place of Birth, Date of Birth, Relative Name Surname Information , Companion Name Surname Information, etc.) Communication Data (Phone Number , Address Information , Relative Phone Number Information, Companion Phone Information , Smoking Code, E-Mail, etc.), Marketing Data ( shopping history information, surveys, cookies, etc. ) records,campaign information obtained through the study ), Health Information (Chronic Disease Information , Febrile Disease Information ), Physical Space Security Data ( Security Camera Records of Employees and Visitors During Their Stay in the Physical Space, Entry and Exit Logbook , etc.), Other (Order Date and Time Information, Number of Persons Information, Profession, Date and Time Information, Destination City Information , Room Stayed Information, Vehicle Plate Information, Language, Profession, Departure Date, Signature, Accompanying Person Information, Appointment Information, etc.).

Purpose of Processing Personal Data:

Execution of Emergency Management Processes, Execution of Information Security Processes , Execution of Audit / Ethics Activities, Execution of Activities in Accordance with Legislation , Execution of Company / Product / Service Loyalty Processes , Ensuring Physical Space Security, Monitoring and Execution of Legal Affairs, Execution of Internal Audit / Investigation / Intelligence Activities, Execution of Communication Activities , Execution / Audit of Business Activities, Execution of Occupational Health / Safety Activities, Execution of After- Sales Support Services of Goods / Services, Execution of Sales Processes of Goods / Services , Execution of Customer Relationship Management Processes, Execution of Activities Oriented to Customer Satisfaction , Execution of Marketing Analysis Studies , Execution of Advertising / Campaign / Promotion Processes, Storage and Archive Activities It is processed and transferred for the purposes of execution, execution of contract processes, tracking of requests/complaints, execution of marketing processes of products/services, and provision of information to authorized persons , institutions and organizations.

Legal Basis for Processing Personal Data:

In paragraph (1) of Article 5 of the Personal Data Protection Law, “Personal data cannot be processed without the explicit consent of the relevant person .” “(2) In the event that (a) “It is expressly provided for by law”, (b) “ It is mandatory for the protection of the life or physical integrity of the person who is unable to give his/her consent due to a de facto impossibility or whose consent is not legally valid” or of another person .”, (c) “Processing of personal data belonging to the parties to a contract is necessary, provided that it is directly related to the establishment or performance of a contract.”, (ç) “ It is mandatory for the data controller to fulfill its legal obligation .”, (d) “It is made public by the relevant person himself/herself.”, (e) “Data processing is mandatory for the establishment, exercise or protection of a right.”, (f) “Data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the relevant person .”, personal data can be processed without the explicit consent of the relevant person and according to the 3rd paragraph of Article 6, “Processing of special personal data” It is prohibited. However , processing of these data is possible within the scope of “a) If the relevant person gives explicit consent, b) If it is clearly provided for by law, c) If it is mandatory for the protection of the life or physical integrity of the person who is unable to express his/her consent due to a de facto impossibility or whose consent is not legally valid, or of another person, ç) If it is in accordance with the will of the relevant person to make public and regarding the personal data he/ she has made public, d) If it is mandatory for the establishment, exercise or protection of a right, e) If it is necessary for the protection of public health , preventive medicine, medical diagnosis, treatment and care services and the planning, management and financing of health services by persons or authorized institutions and organizations under the obligation of confidentiality, f) If it is mandatory for the fulfillment of legal obligations in the fields of employment, occupational health and safety, social security, social services and social assistance .”

Personal Data Collection Method:

Your personal verbal , digital It is collected through e-mail, our website, social media applications or physical forms and documents in the marketplace

Transfer of Personal Data:

According to the first paragraph of Article 8 of the law determining the transfer of personal data , “Personal data cannot be transferred without the explicit consent of the relevant person .” and according to the second paragraph , personal data; (a) clause “Provided that adequate measures are taken” in the second paragraph of Article 5 , (b) clause “Provided that adequate measures are taken” in the sixth paragraph , The transfer will be made in accordance with the provision that ” if one of the conditions specified in Articles 5 and 6 is present, it may be transferred without the explicit consent of the relevant person.” Your personal data shared with our company, according to the first paragraph of Article 9, “Personal data may be transferred abroad by data controllers and data processors in case one of the conditions specified in Articles 5 and 6 is present and there is an adequacy decision regarding the country to which the transfer will be made, sectors within the country or international organizations .”, according to the second and third paragraphs, from the countries where the Board has made an adequacy decision to the countries in need, according to the fourth paragraph, ” In case there is no adequacy decision, personal data may be transferred abroad by data controllers and data processors in case of an adequacy decision, … The data may be transferred abroad by data controllers and data processors , provided that one of the conditions specified in the articles is present and that the relevant person has the opportunity to exercise his/her rights and apply for effective legal remedies in the country where the transfer will be made, and that one of the appropriate safeguards specified below is provided by the parties : a) Existence of an agreement that does not have the nature of an international contract between public institutions and organizations or international organizations abroad and public institutions and organizations or professional organizations with the status of a public institution in Turkey and the transfer is permitted by the Board . b) Existence of binding corporate rules that contain provisions regarding the protection of personal data, which the companies within the group of enterprises engaged in joint economic activities are obliged to comply with and are approved by the Board. c) Existence of a standard contract declared by the Board , which includes matters such as data categories, purposes of data transfer, recipient and recipient groups, technical and administrative measures to be taken by the data recipient, additional measures to be taken for special personal data . ç ) Existence of a written commitment containing provisions that will provide sufficient protection and permission for the transfer by the Board .”, According to paragraph 5 “The standard contract shall be notified to the Institution by the data controller or data processor within five business days of its signature .”, According to paragraph 6 (paragraphs (a), (b) and (c) shall not apply to the activities of public institutions and organizations subject to public law.) “Data controllers and data processors may transfer personal data abroad only in the event of the absence of an adequacy decision and the failure to provide any of the appropriate safeguards stipulated in paragraph four, provided that it is incidental , in the event of the existence of one of the following situations : a) The data subject gives explicit consent to the transfer, provided that he/she is informed about the possible risks . b) The transfer is mandatory for the performance of a contract between the data subject and the data controller or for the implementation of pre-contractual measures taken upon the request of the data subject . c) The transfer is mandatory for the establishment or performance of a contract to be concluded between the data controller and another natural or legal person for the benefit of the relevant person . ç ) The transfer is mandatory for a superior public interest. d) The transfer of personal data is mandatory for the establishment, exercise or protection of a right . e) The transfer of personal data is mandatory for the protection of the life or physical integrity of the person who is unable to give his consent due to a de facto impossibility or whose consent is not legally valid or of another person . f) Transfer from a registry open to the public or persons with a legitimate interest, provided that the conditions required for accessing the registry in the relevant legislation are met and the person with a legitimate interest requests it. According to the 9th paragraph, “ Personal data may be transferred abroad only with the permission of the Board after obtaining the opinion of the relevant public institution or organization , in cases where the interests of Turkey or the relevant person will be seriously harmed, without prejudice to the provisions of international agreements ” and according to the 11th article, “ Provisions in other laws regarding the transfer of personal data abroad are reserved”, transfers may be made.

It is transferred within the framework of the conditions specified in Articles 8 and 9 of the Law and on condition that it is limited to the purposes listed in the article above . No personal data is transferred to third parties other than those listed .

Your personal data shared and transferred with our company may be shared and transferred with our direct or indirect affiliates , group companies, shareholders/partners, private law persons and independent accountants/financial advisors, banks with which we have agreements, authorized persons and institutions.

1.6. PERSONAL DATA OWNER GROUP: VISITOR

Personal Data Collected:

Physical Space Security Data ( such as Security Camera Records of Employees and Visitors While They Are in the Physical Location ), Other (signature, vehicle information), Transaction Security Data (IP address information , MAC address, website login and logout information, password and password information)

Purpose of Processing Personal Data:

Emergency management processes execution of ini̇yurve , provision of physical space security , execution of i̇c ̧ audit/ investigation / intelligence activities , visitor creation and monitoring of records , security of data controller operations supply,authorized with individuals , institutions and organizations to provide information , to ensure confidentiality , to provide better service, to deal with any issues that may arise in the future. to be used as evidence in disputes , to manage emergency situations with authorized public institutions or It is processed and transferred for the purposes of meeting the demands of the organizations , ensuring entry-exit controls , ensuring the security of the company, detecting any criminal cases and auditing.

Legal Basis for Processing Personal Data :

Personal Data Collection Method:

Our company processes and collects digitally, primarily through security services, camera recordings, e-mail, our website , social media applications or in a physical environment through forms and documents, through voice recordings, and in a physical environment by the security unit through the visitor’s book.

Transfer of Personal Data:

2. TRANSFER OF PERSONAL DATA

The Company does not share personal data with third parties prohibited by law , with or without explicit consent, except for legal obligations and legally granted rights. Personal data collected by the Company may be obtained, recorded, stored for retention periods, transferred to third parties to the extent permitted by the legislation and your explicit consent , or processed in other ways by the data controller in accordance with the PDP Law and relevant legislation , in order to carry out commercial activities in accordance with the law , to meet the services you request in line with your needs, to carry out contract processes and to determine and control the signing authorities of the parties signing the relevant documents, to plan commercial and/or legal business strategies , to access legal online applications and other legal regulations and obligations , through the means described in the Information Text .

3. STORAGE PERIOD OF PERSONAL DATA

Personal data shared with our Company through the channels mentioned in this Disclosure Text will be stored in accordance with the periods stipulated in the Personal Data Protection Law No. 6698 and the relevant legislation. Within the scope of the PDP Law, your personal data will be destroyed at the end of the required storage period in accordance with the procedures and principles of Article 7 of the PDP Law for these purposes . If a period is stipulated in the law and the relevant legislation, the procedures to be performed after the expiration of the said period or in case no period is stipulated are set out in the Personal Data Storage and Destruction Policy. is stated.

4. RIGHTS OF THE CONCERNED PERSON

According to Article 11 of the Personal Data Protection Law, which regulates the rights of the relevant person;

You have the right to apply to the Company and learn whether personal data has been processed, to request information about the processing of personal data if it has been processed, to learn the purpose of processing personal data and whether it is used in accordance with its purpose, to know the third parties to whom personal data is transferred domestically or abroad, to request correction of personal data if it is processed incompletely or incorrectly and to request notification of the transactions made within this scope to the third parties to whom personal data is transferred , to request the deletion or destruction of personal data within the framework of the conditions stipulated in the Personal Data Protection Law No. 6698 and other relevant laws and to request notification of the transactions made within this scope to the third parties to whom personal data is transferred , to object to the emergence of a result against the person by analyzing the processed data exclusively through automated systems , and to request compensation in case of damages incurred due to unlawful processing of personal data .

This Information Text is addressed to the Data Controller. In cases where the application made by following the procedure specified in the article titled Application Methods is rejected, the response given is found insufficient or the application is not responded to in a timely manner ; there is a right to complain to the Personal Data Protection Board within thirty days following the notification of the response and in any case within sixty days from the date of application . However, in accordance with the legal regulation, the complaint method cannot be applied before the application method is exhausted .

5. APPLICATIONS TO THE DATA CONTROLLER

If you want to exercise your rights, you can submit your applications in accordance with the procedures and principles set forth in the Communiqué on the Procedures and Principles of Application to the Data Controller, dated 10.03.2018 and numbered 30356, together with documents showing your identity;

After filling out the Application Form at https://en.kalevera.com/, a signed copy of it;

a. To be delivered personally or through a notary to the address I. Murat Mahallesi, Bülent Alamut Cd . 28.Sokak No: 5, 22030 Merkez / Edirne ,

b. Sending it via e-mail to [email protected] in a soft environment using the registered e-mail (KEP) address, secure electronic signature, mobile signature or the e-mail address that you have previously notified to our Company and is registered in our systems ,

You can apply by other methods specified in the c.KVK Law .

In order for third parties to request an application on behalf of personal data owners , there must be a special power of attorney issued through a notary public on behalf of the person who will apply by the data owner .

Your request or requests in your application will be finalized free of charge as soon as possible and within 30 (thirty) days at the latest, depending on their nature . However, if the transaction requires an additional cost for the Company, the fee in the tariff determined by the Personal Data Protection Board will be charged.

Our Rooms & Suites

Standard Single Room

Standard Double Room

Comfort Double Room

Information Text Within the Scope of KVKK No. 6698

Our Rooms

Corporate