MAXX ROYAL RESORTS (ERSOY OTELCILIK İNŞAAT VE TURIZM İŞLETMECILIĞI A.Ş.)

PERSONAL DATA PROTECTION AND PRIVACY POLICY

Website Confidentiality Agreement
During your visit to this website and your use of the service through this Site, how the information that we receive regarding you and the services you request will be used and protected are subject to this ‘’Confidentiality Agreement’’. You hereby accept the conditions stipulated in this ‘’Confidentiality Agreement’’ when you visit this website and request to use the services we provide through this Site.

I. PURPOSE OF PERSONAL DATA PROTECTION AND PROCESSING POLICY

Until today, data and information of our customers or potential customers are kept confidential and have never been shared with third parties by virtue of the sensitivity of our business as Voyag Turizm Otelcilik Isl. ve Ins. San. Tic A.S. ve Ersoy Otelcilik Ins. ve Tur. Isl. A.S. (“Voyag Turizm ve Ersoy Otelcilik”). Personal data protection is our essential policy. Even before any legal regulation, our company and subsidiaries had attached a great importance to the confidentiality of personal data, adopted as a working principle and gave working instructions to the employees in compliance with this principle. As ‘’Voyag Turizm ve Ersoy Otelcilik’’, we undertake to adhere to all responsibilities of Privacy Act. The principle of our companies to protect personal data also covers our subsidiaries.

II. SCOPE AND CHANGE OF PERSONAL DATA PROTECTION AND IMPLEMENTATION POLICY

This Policy prepared by our Company has been regulated in accordance with “Law on Protection of Personal Data” no. 6698 (“KVKK”). The Law has entered into force with all of its provisions as of today. The data received with your consent or pursuant to the other regulations as per to the Law shall be used to make our service more quality and to improve our services and quality policy. Again, some of the data we obtain are removed from the scope of personal data and anonymized. These data are used for statistical purposes and not subject to the enforcement of Law and our Policy. “Personal Data Protection and Implementation Policy of Voyag Turizm ve Ersoy Otelcilik” aims and regulates the protection of the data which are automatically obtained from our customers, potential customers, employees and the customers and employees of the companies in cooperation with us for solution partnership and the other parties.
Our company reserves the right to change our Policy and Regulation – provided to comply with the Law and protect the personal data in a better way.

IV. PURPOSE OF DATA PROCESSING

Collection and processing of personal data by “Voyag Turizm ve Ersoy Otelcilik” shall be executed in line with the purposes stipulated in the letter of clarification. The data are collected and processed to draw up contracts and provide better services to the customers.

III. GENERAL PRINCIPLES ON PROCESSING OF THE PERSONAL DATA

a) Being in compliance with the law and good faith: “Voyag Turizm ve Ersoy Otelcilik” questions the source of the data it collects or sent by other companies and attaches importance to handling these in compliance with the law and good faith. Within this framework, it warns and notifies the third parties (agencies and other intermediary firms) that sell the services provided by “Voyag Turizm ve Ersoy Otelcilik” to protect the personal data.
b) Being accurate and up to date, if necessary: “Voyag Turizm ve Ersoy Otelcilik” attaches importance to the accuracy of all of the data kept within the organization, to the fact that they don’t include any misinformation and that personal data are updated only if the changes are notified.
c) Being processed for specified, explicit, and legitimate purposes: “Voyag Turizm ve Ersoy Otelcilik” processes the data limited to the services and purposes for which consent of the persons are taken during the services. It shall not process, use and make use of the data out of business purposes.
d) Being relevant, limited and proportionate to the purposes for which data are processed: “Voyag Turizm ve Ersoy Otelcilik” uses the data only for processing purposes and to the extent what the service requires.
e) Being stored only for the time designated by relevant legislation or necessitated by the purpose for which data are collected: “Voyag Turizm ve Ersoy Otelcilik” keeps the contractual data as long as it’s required by the commercial and taxation law as well as the periods of conflicts of law. Nevertheless, it shall delete or anonymize the data in case the reasons necessitating their processing cease to exist.

It’s crucial to state that whether “Voyag Turizm ve Ersoy Otelcilik” collects or processes the data by one’s will or in compliance with the law, the abovementioned provisions shall apply anyhow.

You shall have the following rights pursuant to Article 11 of Law on Protection of Personal Data. A separate application shall be prepared by “Voyag Turizm ve Ersoy Otelcilik” for you to facilitate your related rights.

Maximum Savings Policy/Scrimping Policy
Pursuant to our policy called as maximum savings policy or scrimping policy, the data received by “Voyag Turizm ve Ersoy Otelcilik” are processed into the system as required. Thus, which data we will collect shall be determined according to the purpose. Unnecessary data shall not be collected. Other data submitted to our company are transferred to the information system of the company in the same way. Redundant information is not stored in the system, they are deleted or anonymized. These data may be used for statistical purposes. Health data among the special quality data are only kept in the system to provide better service to the customers and to protect their health.

Deletion of personal Data
When the retention period necessitated by the Law expires, judicial procedures are completed or other requirements no longer exists, these data shall be deleted, removed or anonymized automatically, by the company or upon the request of the relevant person.

Accuracy and Currency of Data
The data within the body of “Voyag Turizm ve Ersoy Otelcilik” are processed as declared by the relevant persons as a rule. “Voyag Turizm ve Ersoy Otelcilik” is not obliged to check up on the accuracy of the data declared by the customers or the persons in touch with “Voyag Turizm ve Ersoy Otelcilik” and it’s also contrary to the Laws and our working principles. The declared data are regarded as correct and accurate. The principle of accuracy and currency of personal data has also been adopted by “Voyag Turizm ve Ersoy Otelcilik”. The personal data processed upon the request of the relevant person or from official documents that are submitted to our company are updated. Necessary precautions are taken for this purpose.

Confidentiality and data security
Personal data are confidential and “Voyag Turizm ve Ersoy Otelcilik” obeys the rule of confidentiality. Only authorized persons shall access the personal data. All necessary technical and administrative measures are taken to protect the personal data collected by “Voyag Turizm ve Ersoy Otelcilik” and to prevent the damage on our customers and potential customers. Within this framework, it shall be ensured that the software complies with the standards, third parties are selected with caution and data protection policy is observed within the company.

V. DATA OF CUSTOMER, POTENTIAL CUSTOMER AND BUSINESS AND SOLUTION PARTNERS

As “Voyag Turizm ve Ersoy Otelcilik”, we process your personal data in the capacity of data supervisor within the scope of Personal Data Protection Law no. 6698 and other relevant legislations.
In this sense, categories and explanations of personal data to be processed are as follows:
- Identity Information: Name-surname, name-surname of companying guest/guests; nationality, birth place and date, T.R. Identity, driver’s license and passport numbers (including date and place of issue).
- Contact Information: Address, telephone number, e-mail address.
- Financial Information: Mobile invoice information, bank account information, payment card information, Loyalty Program memberships, information about purchased product or services.
- Customer reviews, feedbacks and complaints: Special preferences in accommodation, marketing and communication fields; reviews, opinions or complaints about the brands and properties.
- Other: Reservation details, travel history; information on participation in competitions, draws or marketing programs, information of vehicles used to access the property; booked hotel, airline and rental car packages; associated groups to stay in the properties, frequent-flyers or Travel Partnership Program memberships and member numbers, information provided during membership and account applications.
Collection and processing of data for contractual relationship
In case of a contractual relationship with our customers and potential customers, the collected personal data may be used without the approval of the customers. However, this use shall be for the purpose of the contract. The data shall be used for better execution of the contract and as required by the services and updated, if necessary, by contacting the customers. Nevertheless, the data provided to us by our potential customers shall be processed to easier and more quality services later. These data shall be deleted upon requests in case of lack of any contractual relationship.

Data of Business and Solution Partners “Voyag Turizm ve Ersoy Otelcilik” adopts as a principle to act in compliance with the laws when exchanging the data both with business and solution partners. The data are shared with the business and solution partners with the understanding of data confidentiality and as required by the services and it’s definitely ensured that these parties take measures regarding the data security.

Processing data to manage, analyse and improve the services provided in the properties
- Carrying out a questionnaire study with the aim of measuring the services provided,
- Communicating with guests for marketing purposes in line with the communication permits within the scope of miscellaneous laws,
- Exchanging internal correspondences with guests violating the property and general codes of conduct during the accommodations at the hotel and preparing a list in line with these information,
- Recording the comments of guests on social media, blogs, review portals etc. into the system to analyse the feedback of the service provided,
- Carrying out Sales and Marketing activities to offer a tailor-made holiday experience by processing the data of services provided to the guests.

Managing relations with guests before, during and after the accommodation
- Calling guests before check-in,
- Customer Loyalty Program management,
- Answering questions of guests on Loyalty Program, card categories, how to upgrade your card etc.,
- Doing segmentation by analysing the data about reservation history, travel preferences and services purchased with the aim of correctly managing the marketing activities,
- Managing allegations/complaints about our properties and services on review portals, complaint pages, social media etc.,
- Keeping personal information of guests up-to-date and combining with data to be obtained from third party sources for analytical purposes.

E-invoicing & E-Archive Invoice
Within the scope of this program, customer is automatically enrolled in e-invoicing program and invoices are sent to the e-mail address he/she has provided to the property. It’s the responsibility of the customer to ensure that the e-mail address is accurate and preferred one for this communication, which is provided during check-in or updated later. If a reservation is made for another family member or other persons using this e-mail address, e-invoice of the relevant invoice is sent to the address of the e-mail address.
e-Invoice is an invoice that is issued in electronic environment, not printed on the paper and sent to the receiver and/or vendor through the servers. It has entered into force with TPL communique with order no. 397 of Turkish Republic’s Tax Procedure Law and has been put into practice since March 5, 2010.
As per TPL, e-Invoice contains all information required to be present in an invoice and mutual invoice submission between the receiver and vendor are realized in electronic environment.
e-Archive Invoice is an implementation that ensures the invoice which must be issued, kept and submitted on paper as per Tax Procedure Law is issued in electronic environment and its secondary copy is kept and submitted in electronic environment in compliance with General Communique on Tax Procedure Law with order no. 433. In e-Archive Invoice, all invoices except for the invoices issued for taxpayers registered in e-Invoice Implementation are designated as e-Archive Invoice.
Data processing for advertisement purposes
‘’This e-mail and its content have been created by the employees of VOYAG Turizm ve ERSOY Turizm Otelcilik Isletmesi ve Insaat San. Tic. A.S. for business purposes and may contain personal data and commercial data required to be confidential.
If this e-mail is not intended for you and contains personal data or trade secret, we recommend you to delete it from your system as per Law on Personal Data Protection no. 6698 and kindly remind you that any contrary action may result in liability.’’

Data processing due to legal obligations of the company or being stipulated explicitly in the Law
Personal data may be processed without prior consent when it’s stipulated explicitly in the relevant legislation or to fulfill a legal obligation specified in the legislation. Type and scope of the data processes are required for data processing activity that is permitted by the Laws and they should comply with the relevant legal provisions.

Data processing of the company
Personal data may be processed pursuant to the legal purposes and the services of the company. However, the data shall not be used for services contrary to the laws under any circumstances.

Processing of special quality data
Pursuant to the Law, race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, clothes, membership of association, foundation or union, health, sexual choice, juridical sentence and data regarding safety measures and biometric and genetic data are among the special quality data. “Voyag Turizm ve Ersoy Otelcilik” also takes adequate measures determined by the Board for the processing of special quality data. “Voyag Turizm ve Ersoy Otelcilik” may process the special quality data only for the corresponding purposes to provide better services.

Data processed with automatic systems
“Voyag Turizm ve Ersoy Otelcilik” acts in compliance with the Law for data processed with automatic systems. The information obtained from these data without the explicit consent of the persons shall not be used against the person. However, “Voyag Turizm ve Ersoy Otelcilik” may take decisions regarding the persons that it will perform process by using the data within the system.

VI. TRANSFERRING OF THE PERSONAL DATA DOMESTICALLY AND INTERNATIONALLY

Personal data may be shared with business and solution partners and “ETS” subsidiaries for the purpose of providing the services by “Voyag Turizm ve Ersoy Otelcilik”.

“Voyag Turizm ve Ersoy Otelcilik” will be entitled to transfer the personal data for certain purposes to the following person and institutions;
» Business partners of “Voyag Turizm ve Ersoy Otelcilik” limited to the purpose of execution of the aims of the establishment of the business partnership,
» The suppliers of “Voyag Turizm ve Ersoy Otelcilik” to the extent of providing the necessary services by our company to fulfill its commercial activities and procured by the supplier as external sources,
» Solution partners of “Voyag Turizm ve Ersoy Otelcilik” limited to ensuring the execution of the commercial activities which require the participation of the affiliates of the company,
» Subsidiaries of “ETS”.

“Voyag Turizm ve Ersoy Otelcilik” is authorized to transfer the personal data domestically and internationally within the conditions determined by the Board and in compliance with the other provisions in the Law and depending on the consent of the person.

VII. RIGHTS OF THE RELEVANT PERSON

“Voyag Turizm ve Ersoy Otelcilik” hereby agrees that the relevant person must provide his/her consent before processing the data within the scope of the Law and he/she reserves the right to determine the destiny of the data after the data is processed.

Regarding the personal data, the relevant persons holds the right to do the following by applying to our official announced on the web page by “Voyag Turizm ve Ersoy Otelcilik”;
a) To be informed whether his/her personal data are processed or not,
b) To request information if the personal data are processed,
c) To learn the purpose of processing the personal data and whether the data are used for the corresponding purposes,
ç) To get information on the third parties to whom the personal data are transferred in the country and abroad,
d) In case the personal data are processed incompletely or inaccurately, to request the correction,
e) To request that personal data are deleted or removed within the framework of the conditions stipulated in article 7,
f) To request that the processes performed as per clause (d) and (e) are notified to the third parties to whom the personal data are transferred,
g) To appeal to the negative results against himself/herself arising from the analysis of the data processed exclusively through the automatic systems,
ğ) In case the personal data are damaged due to the processing of the data contrary to the Law, to request that the damages are indemnified.
Nevertheless, the persons don’t reserve any right on the anonymized data within the company. “Voyag Turizm ve Ersoy Otelcilik” may share the personal data as required by a juridical function or governmental authority as per the business and contractual relationship.

The owners of the personal data shall submit their requests regarding the above-mentioned rights to the following contact address by completely filling out and putting their wet signatures on the application form given at www.voyagehotel.com, the official website of the company, through registered letter with return receipt with the copies of their identity cards (only front page for birth certificate). The applications shall be replied within the shortest time according to the content of the application ow within 30 days at the latest after the delivery to the company. You need to apply with registered letter with return receipt. Besides, only the questions about you shall be replied and any applications made regarding your spouse, relative or friends shall not be accepted. “Voyag Turizm ve Ersoy Otelcilik” can only request information and document from the application holders.

VIII. CONFIDENTIALITY PRINCIPLE

The data of the employees and other persons within “Voyag Turizm ve Ersoy Otelcilik” are confidential. Nobody can use, copy, reproduce, transfer these data for other purposes apart from the business purposes.

IX. PROCESS SECURITY

All necessary technical and administrative measures are taken to protect the personal data received by “Voyag Turizm ve Ersoy Otelcilik” and to prevent the retention of them by unauthorized persons and to prevent the damage on our customers and potential customers. Within this framework, it’s ensured that the software complies with the standards, third parties are selected with care and data protection policy is followed within the company.

X. INSPECTION

“Voyag Turizm ve Ersoy Otelcilik” carries out the internal and external inspections for protection of the personal data.

XI. NOTIFICATION OF VIOLATIONS

“Voyag Turizm ve Ersoy Otelcilik” shall immediately act to remedy the violations in case a violation of personal data is notified. It shall mitigate or indemnify the damage of the relevant person. In case the personal data are obtained by the unauthorized persons, this case should be immediately notified to the Board of Personal Data Protection.

Regarding the notification of the violations, you can also make an application as per the procedures provided at www.maxxroyal.com/en/kvkk

Requests made pursuant to the Act on the Protection of Personal Data As announced on www.maxxroyal.com/en/kvkk to put your application into process, please complete the form on the websites, attach a copy of your identity card, and send it to the address written on the form via registered mail.
The rights concerning personal data will only be used for one's own data. Requests regarding the personal data of others will not be taken into consideration. Forms without identity card photocopies will not be taken into consideration. Please be informed that even if data deletion requests are fulfilled, we are required to share data with the authorities if requested.

Click for application form

XII. VERBIS (DATA SUPERVISOR INFORMATION)

You can access Data Supervisor Information that were notified to the Personal Data Protection Board by ‘’Voyag Turizm ve Ersoy Otelcilik’’ from the following links.
VOYAG TURİZM OTELCİLİK İŞLETMESİ VE İNŞ.SAN.TİC.A.Ş.
ERSOY OTELCİLİK İNŞAAT VE TURİZM İŞLETMECİLİĞİ A.Ş.

XIII. CHANGES TO BE MADE IN PERSONAL DATA PROTECTION AND PRIVACY POLICY:

Voyag Turizm ve Ersoy Otelcilik reserves the right to make changes on the declarations here.
There is a link attached on the homepage of the website to access the up-to-date ‘Personal Data Protection and Privacy Policy’.
When the last time this Policy was updated and update number are given at the end of this text.
Each change made on the Policy becomes effective upon the publication of the changed declaration on the website.
By using the website or any of our products and services following such changes, you accept the changed declaration that is effective at that time. Policy Update: 04.02.2020.KVKK-2

CONTACT

You can contact us for further questions on the confidentiality agreement by using the following contact information.

Voyage Hotels & Maxx Royal Resorts
Sales and Marketing (Head Office)
Guzeloba Mah. Rauf Denktas Cad. No:38/A
Antalya - TURKISH