Personal Data Protection Policy

CLARIFICATION TEXT IN RELATION TO THE LAW ON THE PROTECTION OF PERSONAL DATA NR. 6698 (KVKK)

1. The purpose of the clarification text

The purpose of this clarification text is to inform you (hereinafter “Data Subject”) transparently on the collection, processing, processing methods and purpose, legal basis, who and how to share the personal data which is gathered from you and your rights in light of the relevant lain person, within the scope of the Law on Protection of Personal Data ("KVKK" or "Law") Nr. 6698, in particular Article 10 with the title "The Obligation of the Data Controller for Clarification" and Article 11 with the title "The Rights of the Relevant Person" of the Law.

Hapimag Turistik Yatırım ve Ticaret A.Ş. ("Company") processes, records, transfers, shares and protect your personal data, as the Data Controller, as it is described below and within the borders of the legal legislation.

Our Company reserves the right to update this Clarification Text for Personal Data within the scope of possible changes in legal legislation.

2. The collection, processing, collection method, processing reason and legal reason of the personal data

The Company is permitted to process your personal data automatically or non-automatically through the instrument of the Company main office; our website, call center, social media accounts, mobile applications; through attendance to trainings, seminars, organizations managed by the Company, and other channels.  Your personal data can be orally, in writing or electronically collected, saved, stored, protected, updated according to operation needs, modified, and by the directive of the KVKK regulations, your personal data can be disclosed, transferred, delivered to and, shared with third parties and can be classified and anonymized. Your personal data will be processed by the Company due to reasons such as; provided services and activities; in order to fulfill the requirements sanctioned by the authorities in a complete and accurate manner; to comply with the Ministry of Culture and Tourism regulations and regulations of any related agencies, complying with concluded contracts, pursuant to KVKK regulations and within its boundaries. While administering your personal data, Customer Relationship Management (CRM) or such methods are practiced in order to provide you with a better quality in service and for sales and marketing purposes.

The conditions and purposes specified in the Article 5 of KVKK with the title "Conditions for Processing of Personal Data" and the Article 6 of KVKK with the title "Conditions for Processing of Special Categories of Personal Data" shall be considered during processing and transferring your personal data. Your data is utilized; for commercial and legal security of the Company and related parties; to provide the services that are managed by the Company; to personalize the services to your needs; to improve the quality of the services; to perform the sale, marketing and such activities by the Company; to comply with the obligations regarding storage, reporting and information of the data; to determine and apply commercial and business strategies; to facilitate service strategies for the Company.

In order to announce company based organizations and activities and such efforts, your personal data is collected orally, in writing, or in electronic format, in order to provide various services through various means to our customers, employees and third parties.

3. Personal data may be processed without seeking the explicit consent of the Data Subject only in cases where one of the following conditions is met: 

According to Article 5 of KVKK, in the event that the conditions are met which have been listed below, our Company may process your personal data without any explicit consent.

1. a)      It is clearly provided for by the laws.
2. b)      It is mandatory for the protection of life or physical integrity of the person or of any other person who is bodily incapable of giving his consent or whose consent is not deemed legally valid.
3. c)      Processing of personal data belonging to the parties of a contract, is necessary provided that it is directly related to the conclusion or fulfillment of that contract.
4. d)      It is mandatory for the controller to be able to perform his legal obligations.
5. e)      The personal data is made available to the public by the Data Subject himself.
6. f)       Data processing is mandatory for the establishment, exercise or protection of any right.
7. g)      It is mandatory for the legitimate interests of the controller, provided that this processing shall not violate the fundamental rights and freedoms of the Data Subject.
8. To whom and for which purpose the processed personal data may be transferred

Your personal data will not be used for purposes other than those stated above without your explicit consent and will not be shared with and not be transferred to a third party, except of legal obligations from government agencies.

Your personal data that has been collected may be transferred by the Company to our business partners locally or internationally (under the conditions determined by the Board of Protection of Personal Data) to suppliers, shareholders, associates, legally public authorities and private persons, related third parties or/and corporate entities, only according to the explicit consent of the Data Subject or under other circumstances stated in Article 5/2 of the KVKK, but particularly the legislation to which we are subject for the purposes of being used to the following purposes: to provide better service, to increase the value-added services, opportunities, and other services; to ensure the human resources division continues its operations; to maintain legal and commercial safety of the Company and its’ associates, to designate and execute the commercial business strategies. As well with the conditions listed above, in order to carry out our commercial activities in accordance with Articles 8 and 9 of the KVKK.

5. The rights of Data Subject according to Article 11 of the KVKK

If you, as the Data Subject, make your application in regard to your rights, through the methods  below mentioned in this clarification text for personal data, to our Company, your application shall be concluded free of charge in thirty days at the latest by our Company according to content of your application.

In accordance with the “Communiqué on the Procedures and Principles on the Application to Data Controller” which was arranged by the Board of Protection of Personal Data, in respect of your application in relation to your rights as the Data Subject, the following rules apply;

1. a)      If your application will be responded in written, there is no charge up to the first ten pages. For each and every page exceeding ten pages may be charged for 1 Turkish Lira as transaction fee.
2. b)      The fee shall not exceed the cost of the recording medium which is requested by our Company as the controller if the response to the application is with recording mediums such as CD or flash memory.

Within this framework, the Data Subject has the right:

1. a)      to learn whether his personal data are processed or not,
2. b)      to request information if his personal data are processed,
3. c)      to learn the purpose of his data processing and whether this data is used for intended purposes,
4. d)      to know the third parties to whom his personal data is transferred at home or abroad,
5. e)      to request the rectification of the incomplete or inaccurate data, if any,
6. f)       to request the erasure or destruction of his personal data under the conditions laid down in Article 7 of the KVKK,
7. g)      to request notification of the operations carried out in compliance with subparagraphs (e) and (f) to third parties to whom his personal data has been transferred,
8. h)      to object to the processing, exclusively by automatic means, of his personal data, which leads to an unfavorable consequence for the data subject,
9. i)        to request compensation for the damage arising from the unlawful processing of his personal data.

6. The period of time required for the processing of personal data

In accordance with the KVKK, your personal data which is processed within the scope of the reasons stated in this clarification text for personal data, shall be erased, destructed or continued to be used after anonymization by our Company when the reasons are disappeared that are required to be processed according to Article 7/1 of KVKK and/or at the time of expiration of the statute of limitations to which we are subject.

Pursuant to Article 13/1 of KVKK, you may make your application concerning use of your rights stated above, to our Company in writing or through other methods determined by the Board of Protection of Personal Data.  Because any method is not specified by the Board of Protection of Personal Data at this stage, in accordance with the KVKK, your application shall be made in written form to our Company. Within this framework, you can see below the procedure and contact details/information in relation to your application to be made within the scope of Article 11 of the KVKK to our Company.

In order to use your rights listed hereinabove, you can deliver in person by hand the required documents confirming your identity and your application which includes your statements concerning your right to be used specified in the Article 11 of the KVKK with a signed copy of the form by filling the form listed in www.hapimag-seagarden.com to the address Gümüşsuyu İnönü Cd., No:18, D:8, Beyoğlu, İstanbul or send these through notary channel or other methods specified in the KVKK or send the related form to bodrum@hapimg.com with a secure electronic signature.