Dear Guest,
As (Voyag Turizm Otelcilik İşletmesi ve İnşaat Sanayi Ticaret Anonim Şirketi and MRA Turizm ve Otel İşletmeciliği Anonim Şirketi (“Maxx Royal Resorts”), we would like to inform you, in our capacity as “Data Controller,” about the personal data that we process, in accordance with Law No. 6698 on the Protection of Personal Data (the “Law”).
IDENTITY OF THE DATA CONTROLLER
|
Title: |
|
|
Address: |
MERDİVENKÖY MAH. NUR SK. C BLOK NO: 1 İÇ KAPI NO: 26 KADIKÖY / İSTANBUL |
|
Telephone: |
+90 242 715 33 80 |
|
E-mail: |
|
|
KEP: |
THE PERSONAL DATA WE PROCESS, OUR PURPOSES FOR PROCESSING, AND THE LEGAL GROUNDS
ACCOMMODATION PROCESSES
|
Personal Data Processing Process |
Data Collected |
Purpose of Personal Data Processing |
Legal Ground |
|
Reservation Process |
Your Identity Information (name, surname, date of birth), Contact Information (mobile phone number, e-mail address), Customer Transaction Information (accommodation and payment information, Loyalty Card membership information), Other Information (information regarding special requests) |
For the purpose of receiving and confirming the reservation, and carrying out the accommodation processes, |
We process this data based on the legal grounds that “it is necessary to process the personal data of the parties to a contract, provided that this is directly related to the establishment or performance of the contract,” and “it is mandatory for the data controller to process data for its legitimate interests, provided that this does not harm the fundamental rights and freedoms of the data subject.” |
|
Transfer and Transportation (VIP Vehicle-Helicopter) Process |
Your Identity Information (name, surname), Contact Information (mobile phone number), Other Information (flight information) |
For the purpose of carrying out transfer processes within the scope of your stay, |
We process this data based on the legal grounds that “it is necessary to process the personal data of the parties to a contract, provided that this is directly related to the establishment or performance of the contract,” and “it is mandatory for the data controller to process data for its legitimate interests, provided that this does not harm the fundamental rights and freedoms of the data subject.” |
|
Check-in Process |
Your Identity Information (name, surname, Turkish ID/passport number, gender, date of birth, nationality, signature), Contact Information (address, mobile phone number, e-mail address), Customer Transaction Information (accommodation information, payment information), Other Information (vehicle license plate information) |
For the purposes of confirming the reservation and creating the guest record, and notifying the relevant authorities of identity information, |
We process this data based on the legal grounds that “it is mandatory for the data controller to fulfil its legal obligation” and “it is necessary to process the personal data of the parties to a contract, provided that this is directly related to the establishment or performance of the contract.” |
|
Check-out and Invoicing Processes |
Your Identity Information (name, surname, Turkish ID/passport number, date of birth), Financial Information (invoice and payment information), Customer Transaction Information (room number, accommodation information, request/complaint and refund information, invoice information, payment information, information regarding extra expenses incurred at facilities such as spa & wellness, restaurant, and bar) |
For the purpose of finalizing the accommodation service, processing the payments made by our guests for accommodation and additional services, and fulfilling invoicing/tax and other legal obligations, |
We process this data based on the legal ground that “it is mandatory for the data controller to fulfil its legal obligation.” |
GUEST RELATIONS AND COMMUNICATION PROCESSES
|
Personal Data Processing Process |
Data Collected |
Purpose of Personal Data Processing |
Legal Ground |
|
Guest Relations and Communication Processes |
Your Identity Information (name, surname), Contact Information (mobile phone number, e-mail address), Transaction Security Information (IP address, log records, device information), Customer Transaction Information (room number, accommodation information, request/complaint information) |
For the purposes of managing requests and complaints within the scope of guest relations, increasing service quality and guest satisfaction, adding you to messaging groups with your guest assistant limited to your stay, evaluating your eligibility for the peace and security of the facility in light of relevant legislation, and ensuring facility security, |
We process this data based on the legal ground that “it is necessary to process the personal data of the parties to a contract, provided that this is directly related to the establishment or performance of the contract.” |
|
Marketing and Customer Relationship Management Processes |
Your Identity Information (name, surname), Contact Information (mobile phone number, e-mail address), Customer Transaction Information (room number, accommodation information, survey responses, travel history; reserved hotel, Frequent Flyer or Travel Partnership Program memberships and membership numbers, information provided in membership and account applications) |
For the purpose of increasing guest satisfaction and improving service quality; managing campaigns, promotions, and loyalty programs, carrying out profiling and marketing analyses, sending informational communications, evaluating feedback, and improving business processes in light of the data obtained, |
We process this data if you give your “explicit consent.” |
|
Loyalty Program Processes |
Your Identity Information (name, surname), Contact Information (mobile phone number, e-mail address), Customer Transaction Information (loyalty membership and account information) / Customer Transaction Information (holiday and accommodation habits, preferred hotels, survey results, comment, feedback, and complaint information) |
If you become a member of the Loyalty Program by giving your explicit consent, for the purpose of calculating the loyalty points you earn under your loyalty agreement and informing you thereof / for the purpose of improving services and measuring customer satisfaction, analyzing user preferences and areas of interest, offering personalized content, offers, and campaigns, and planning and carrying out marketing activities, |
We process this data based on the legal ground that “it is necessary to process the personal data of the parties to a contract, provided that this is directly related to the establishment or performance of the contract” / if you give your “explicit consent.” |
|
Commercial Electronic Communication Process |
Your Contact Information (E-mail Address, Phone Number) / Contact Information (e-mail address, phone number) and Legal Transaction Information (commercial communication consent/refusal information, date and time of consent, communication method (SMS, call, e-mail)) |
Within the framework of commercial electronic communication legislation, for the purposes of contacting you with campaign, promotional, and informational content within the scope of our advertising and promotional activities / for the purposes of carrying out commercial communication consent processes in accordance with our legal obligations, following up and conducting legal matters, and informing authorized persons, institutions, and organizations, |
We process this data if you give your “explicit consent” / we collect and process this data based on the legal ground that “it is mandatory for the data controller to fulfil its legal obligation.” |
PURPOSE OF TRANSFERRING PERSONAL DATA AND RECIPIENT GROUPS
|
Recipient Group to be Transferred to |
Purpose of Transfer |
Legal Ground of Transfer |
|
Suppliers and Business Partners |
For the purposes of enabling accommodation, transfer, ticketing, invoicing, survey, marketing communications, and loyalty card delivery services to be carried out, and obtaining independent audit services, |
We transfer this data based on the legal ground that “it is mandatory for the data controller to process data for its legitimate interests, provided that this does not harm the fundamental rights and freedoms of the data subject.” |
|
Authorized Institutions and Organizations: authorized public institutions and organizations, consumer arbitration committees, courts, public prosecutors' offices, law enforcement authorities, relevant ministries, and other judicial/administrative authorities, |
For the purposes of fulfilling our legal notification, declaration, and audit obligations and other related obligations, conducting judicial/official correspondence, pursuing legal disputes, and exercising our legal rights, in particular our rights to bring an action and respond, |
We transfer this data based on the legal grounds that “it is mandatory for the data controller to fulfil its legal obligation” and “it is mandatory for the data to be processed for the establishment, exercise, or protection of a right.” |
|
Our Overseas Service Suppliers: to our suppliers abroad, limited to providing the services necessary to carry out our company's commercial activities, in accordance with the conditions set out in Article 9 of the Law, |
For the purpose of obtaining support in areas such as server, maintenance, support, storage, archiving, hosting, information technology support, and similar areas, |
We transfer this data based on the legal ground that “it is mandatory for the data controller to process data for its legitimate interests, provided that this does not harm the fundamental rights and freedoms of the data subject.” |
METHOD OF COLLECTING PERSONAL DATA
Your personal data are collected,
- Through processing into our systems, by front office staff, of the accommodation form filled in by you (by partly automated and non-automated means),
- Through online reservation sites, the call center, information provided by you to hotel staff, website forms, e-mail, and travel agencies (by partly automated and non-automated means).
YOUR RIGHTS UNDER THE LAW
As a data subject, pursuant to Article 11 of the Law, you may submit your requests regarding your rights — which are explained in detail in the Personal Data Protection and Privacy Policy available on our website — in writing, in accordance with the Communiqué on the Procedures and Principles of Application to the Data Controller, to the address “Merdivenköy Mah. Nur Sok. C Blok No:1 İç Kapı No:26, Kadıköy/İstanbul,” or you may submit them to us via your registered electronic mail (KEP) address, secure electronic signature, mobile signature, or the e-mail address you have previously notified to Maxx Royal Resorts and which is registered in our system, by sending them to the following address: [email protected].