VOYAG TURİZM OTELCİLİK İŞLETMESİ VE İNŞAAT SANAYİ TİCARET ANONİM ŞİRKETİ
& MRA TURİZM VE OTEL İŞLETMECİLİĞİ ANONİM ŞİRKETİ Call Centre Privacy Notice

Within the scope of your communication with our call centre, we would like to inform you, in accordance with the Law No. 6698 on the Personal Data Protection (“ the Law”), about the processing of your personal data by Voyag Turizm Otelcilik İşletmesi ve İnşaat Sanayi Ticaret Anonim Şirketi and MRA Turizm ve Otel İşletmeciliği Anonim Şirketi (“Company”) in their capacity as “Data Controller”.

First and foremost, we would like to emphasise that, as the Company, our principle in all communication processes is to refrain from collecting any personal data beyond what is necessary for evaluating your questions, requests or complaints. Therefore, when contacting our call centre, we kindly ask that you do not share any special categories of personal data, unless strictly required. This includes information concerning your health, sexual life, biometric or genetic data; your race, ethnic origin, political opinions, philosophical beliefs, religion, sect or other beliefs; your appearance or clothing; your membership of associations, foundations or trade unions; and information regarding criminal convictions or security measures.

 1. What are our methods for collecting and processing your personal data, which personal data do we process, for what purposes and on what legal grounds?

Call Centre Processes: Your personal data may be provided verbally during your conversation with our call centre, submitted via email when you communicate your questions, requests or complaints, or obtained from the existing data in our systems. These may include your identity details (name, surname, ID number, date of birth), contact information (mobile phone number, email address), customer transaction data (call centre records, reservation number, reservation/accommodation information, details of your query/request/complaint, payment transaction number, number of instalments), finance data (credit card information if you choose to make payment via the call centre) and other information (such as flight and transfer details related to your accommodation). We process and collect these categories of personal data for the purposes of receiving, tracking and resolving your questions, requests or complaints; creating or cancelling your reservation upon request; managing customer loyalty processes; collecting and evaluating suggestions to improve our business operations; conducting sales and after-sales support services for products or services; carrying out activities aimed at customer satisfaction and communication; ensuring business continuity; conducting and supervising business activities; and managing customer relations. This data is processed and collected based on the legal grounds of “processing of personal data belonging to the parties of a contract being necessary, provided that it is directly related to the establishment or performance of the contract” and “processing being necessary for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject.”

 2. To whom and for what purposes may we transfer your personal data?

• Suppliers and Business Partners: Your personal data including identity details (name, surname, ID number, date of birth), contact information (mobile phone number, email address), customer transaction data (call centre records, reservation number, reservation/accommodation details, query, request and complaint information, payment transaction number, number of instalments), finance data (credit card information, if you choose to make a payment via the call centre) and other information (flight and transfer details related to your accommodation) may be shared with third-party service providers from whom we receive services such as call centre software, audit and technical support, transfer/transportation services for accommodation and cancellation assurance/insurance. Such transfers are made based on the legal ground of “necessity of data processing for the legitimate interests of the data controller, provided that the fundamental rights and freedoms of the data subject are not harmed.”
• Public Authorities and Institutions: Your personal data including identity (name, surname, ID number, date of birth), contact (mobile phone number, email address), customer transaction (call centre records, reservation number, reservation/accommodation details, query, request and complaint information, payment transaction number, number of instalments), finance (credit card information, if you choose to make a payment via the call centre) and other (flight and transfer details related to accommodation), as well as any personal data specifically requested by public institutions and authorities, may be transferred to public authorities and institutions, consumer arbitration boards, courts, prosecutors' offices, law enforcement agencies, relevant ministries and other judicial/administrative bodies. These transfers are carried out for the purposes of fulfilling our legal obligations related to official notifications, declarations and audits, conducting legal correspondences, handling legal disputes, and exercising our legal rights, particularly the rights of action, response and defence, based on the legal grounds of “necessity of processing for the data controller to fulfil its legal obligations” and “necessity of processing for the establishment, exercise or defence of a legal right.”
• Group Companies: Your identity (name, surname, ID number, date of birth), contact (mobile phone number, email address), customer transaction (call centre records, reservation number, reservation/accommodation details, query, request and complaint information, payment transaction number, number of instalments), finance (credit card information, if you choose to make a payment via the call centre) and other data (flight and transfer details related to accommodation) may be transferred to our group companies for the purpose of shared use of IT infrastructure and joint execution of maintenance, support and quality audit processes. These transfers are carried out on the legal ground of “necessity of data processing for the legitimate interests of the data controller, provided that the fundamental rights and freedoms of the data subject are not harmed.”

 3. What are your rights?

In accordance with Article 11 of the Law, you may at any time contact our Company to exercise your rights regarding your personal data processed by us. These rights include:

1.  To learn whether your personal data has been processed,
2.  To request information if your personal data has been processed,
3.  To learn the purpose of the processing of your personal data and whether it is being used in accordance with that purpose,
4.  To learn which third parties in Türkiye or abroad your personal data has been transferred to,
5.  To request the correction of your personal data if it has been processed incompletely or inaccurately,
6.  To request the deletion or destruction of your personal data within the framework of the conditions set out in Article 7 of the Law,
7.  To request that the correction, deletion or destruction of your personal data be notified to third parties to whom the data has been transferred,
8.  To object to any outcome to your detriment that arises from the analysis of your personal data exclusively through automated systems,
9.  To request compensation for damages in case you suffer harm due to the unlawful processing of your personal data.

You may submit your requests using any of the methods listed below. Please note that your application must comply with the conditions set out in the Communiqué on the Principles and Procedures for the Request to Data Controllers.

  A. Written Application

You may submit your application in writing to the Company’s address below, either in person, via notary public, or by post or courier. If you wish, you may access the KVKK Data Subject Application Form via our website.

Please write the following phrase exactly as shown on the envelope, at the top of your letter, or in the subject line of your email:

“For the Attention of Voyag Turizm Otelcilik İşletmesi ve İnşaat Sanayi Ticaret Anonim Şirketi and MRA Turizm ve Otel İşletmeciliği A.Ş. Legal Department – Data Subject Application under the Law on the Personal Data Protection.”

Send your written applications to:

Merdivenköy Mah. Nur Sok. C Blok No:1 İç Kapı No:26. Kadıköy/İstanbul, TÜRKİYE

  B. Application via Email / Registered Email (KEP)

You may send your application to the Company using your KEP (Registered Electronic Mail) address recorded in our systems, to one of the following email addresses:

• For Maxx Royal Resorts: [email protected]
• For Voyage Hotels: [email protected]

If your email address is not registered in the Company’s systems, you may still submit your application by email, provided that it includes your mobile signature or secure electronic signature, by sending it to one of the following addresses:

• For Maxx Royal Resorts: [email protected]
• For Voyage Hotels: [email protected]
• Alternatively, if using your KEP (Registered Electronic Mail) address, you may submit your application to one of the following KEP addresses:
• For Maxx Royal Resorts: [email protected]
• For Voyage Hotels: [email protected]

“For the Attention of Voyag Turizm Otelcilik İşletmesi ve İnşaat Sanayi Ticaret Anonim Şirketi and MRA Turizm ve Otel İşletmeciliği A.Ş. Legal Department – Data Subject Application under the Law on the Personal Data Protection.”