Personal Data Processing and Protection Policy
Dear Guests,
As BAND TURİZM VE TİCARET AŞ., we show great sensitivity and importance to the protection of your personal data.
With this awareness, BAND TURİZM VE TİCARET AŞ. processes your personal data as “Data Controller” as defined in the Law No. 6698 on the Protection of Personal Data (PPDL), in accordance with the PPDL, with the purposes and methods described below, within the limits set by the legislation, within the limits set by the legislation, by complying with the destruction requirements and deadlines, carefully and carefully.
1. Your Personal Data We Process
- Identity Particulars: Name, surname, date of birth, nationality, place of birth, gender, marital status, Passport number, Driver's license information, Turkish ID card information (Turkish ID number, serial number, issue number, father's name, mother's name, place of birth, date of birth, marital status, province, district, neighborhood-village, volume number, family sequence number, sequence number, place of issuance, reason for issuance, registration number, date of issuance, previous surname), copy of identity, if issued by the guest, profession/professional chamber identity cards accepted instead of identity cards and their copies.
- Contact Information Address, postal code, e-mail address, telephone number, registered e-mail address, social media contact information.
- Financial Information: e-invoice information, detailed breakdown of expenses and other payment information
- Health Information: Reasonable health data, including any illness, disability, food allergies, special dietary requirements, symptoms of illness and follow-up information,
- Audio and Visual Recordings: Photographs, video recordings and audio recording information,
- Physical Space Security: Your camera system image records taken during your visits to BAND Turizm ve Ticaret AŞ., your check-in and check-out dates and information
- Location: Travel and transfer information, information on the vehicles used for transportation to the facility,
- Transaction Security Information: BAND Turizm ve Ticaret AŞ. navigation information, IP address, browser information, location data, log and traffic information, internet access logs, login and exit logs obtained during your login with your username and password during the use of our website and application, if you use the Wi-Fi network
- Guest comments, feedback and complaint data: Reviews, opinions or complaints about the property, comments and responses shared for the purpose of evaluating services, reservation information, room number,
- Preference information: Data on specific preferences, special requests, interests and past service requests in the field of accommodation,
- Marketing: Hotel stay history, cookie records, loyalty program membership information, information made public by you, for example, information we obtain when we review publicly available platforms to learn more about you, special occasion information,
- Other: Vehicle license plate number, tourism agency/company information, guest product acceptance information, personal data obtained in case of communication via e-mail, letter and other means, signature in order to perform the check-in process, signature in case of room type upgrade/change, signature of the person concerned during delivery in case of forgotten personal belongings (lost and found) in our facilities, signature of the person concerned for the delivery of personalized orders and/or shipments such as flowers, cakes, etc., occupational information, all personal data transferred by you during the interviews we have made to provide personal assistant support.
2. Purpose of Processing Personal Data
- Creating Your Reservations and Fulfillment of Related Services: Management of the planning and realization activities of your reservations and provision of accommodation service, entering information into the system for online check-in, confirming your identity, fulfilling customized service requests, (In order to provide customized service for the needs that you, our valued guests, have defined by sharing with BAND Turizm ve Ticaret AŞ. and to ensure the continuity of this service; such as pillow preference, room preference, food allergy / special diet preference requests, clothing size information)
- Customized Service Provision: Data on special preferences, special requests, interests and past service requests in the accommodation area, information made public by you, for example, information we obtain when we review public platforms to learn more about you, name, surname, room number and date of birth, special day information in order to create reservations for a’la carte, pavilion, etc., name, surname, reasonable health data, room number and parent's name, surname and phone number can be processed in case our little guests participate in mini club activities.
- Contact Establishment: Submitting your reservation information, providing personal assistant support, submitting payment information,
- Evaluation of Your Requests and Comments: Measuring, increasing and researching guest satisfaction, planning and execution of guest relations management processes, receiving and evaluating requests and complaints,
- Fulfillment of Legal Obligations: Ensuring compliance with the national and international legislation to which BAND Turizm ve Ticaret AŞ. is subject and fulfilling the obligations arising from the relevant legislation, following up and executing its legal affairs, responding to the applications of the relevant persons in accordance with the legislation and taking the necessary actions, fulfilling the requests of official institutions,
- Execution of Accounting and Finance Processes: Carrying out finance or accounting operations, forwarding financial information or invoice to the e-mail address you specified during registration, receiving payments and performing refund transactions if necessary,
- Ensuring Physical Space Security: Ensuring the security of BAND Tourism and Trade Inc. premises and/or facilities, creating and monitoring visitor records
- Ensuring Transaction Security: Navigation information, IP address, browser information, location data obtained during your login with your username and password during the use of our website and application, log and traffic information if you use BAND Turizm ve Ticaret AŞ. wifi network, internet access logs, login and exit logs, prevention of forgery and fraud, identification of business partners and suppliers' authorization to access information,
- Benefiting from Barut Club Membership Program: Carrying out the necessary work for you to benefit from the Barut Club membership program services if you are a member and carrying out the relevant business processes.
- Data Processing for Advertising Purposes: Your personal data may be processed in order to provide information about our hotel, to promote and market its goods and services, to promote its business or to increase its recognition with content such as celebrations and wishes in line with the message permission you have given. In line with the permission you give, your Personal Data will be obtained and processed in accordance with the relevant legislation in order to ensure that you are informed about the campaigns of our business partners within BAND Turizm ve Ticaret AŞ. may be transferred to the physical archives and/or information systems of BAND Turizm ve Ticaret AŞ. and kept both in digital and physical environment.
3. To Whom and for What Purpose Your Personal Data Will be Transferred
- Fulfillment of Legal Obligations: In order for our hotel to fulfill its legal obligations, your personal data may be shared with public institutions and organizations such as Judicial Authorities, General Directorate of Security and other law enforcement agencies, Personal Data Protection Authority in accordance with the Personal Data Protection Law, Identity Notification Law and other relevant legal regulations.
- Sharing with our lawyers: Your personal data may be shared with our lawyers from whom we receive consultancy, provided that it is limited to the subject matter for reasons such as fulfillment of legal obligations, obtaining information, etc,
- Sharing with our Group Companies: If you are a member of Barut Club, only the score information can be shared with our group companies Barut Yönetim Hizmetleri A.Ş., Barut Turizm ve Eğitim Ticaret A.Ş., Canem Turizm ve Ticaret A.Ş. in order for you to benefit from Barut Club membership program services, collect points and benefit from reward services.
- Our Business Partners We Work With: Your personal data may be shared with the banks we work with in order to benefit from Hotel and Tourism incentives, the agencies we work with, transfer planning, ticketing, utilization of CIP services, companies providing pre-flight hospitality services, companies providing concierge services, the in-house facility operating system application we use, rental units within the hotel, limited to the subject.
- Sharing with Your Authorized Legal Representative: Your personal data may be shared only within the scope of the request and authorization of your authorized legal representative in accordance with the legal request of your authorized legal representative.
- Use of Applications and Websites: Your personal data may be shared with companies that process data on behalf of our company, websites, information technology servers used by our company and companies that provide this server support, and companies that provide cloud computing services in cases where cloud computing is used.
- For Audit Procedures and Processes: Your personal data may be shared with audit firms and information security firms, regulatory and supervisory institutions in order to carry out the necessary quality, confidentiality and standard audits and to carry out internal and external audits.
- Sharing for the Promotion of Our Hotel and Announcement of Our Projects: In case you give your explicit consent, limited personal data such as photographs, video recordings, name, surname can be shared on our hotel's website, social media accounts, foreign fairs in order to promote and inform our hotel.
4. Method of Collection of Your Personal Data and Legal Reasons
Your personal data may be collected and processed verbally, in writing or electronically, automatically or non-automatically, by the relevant units of BAND Turizm ve Ticaret AŞ, depending on the nature of the service provided, through physical media and similar means, verbally, in writing or electronically, automatically or non-automatically, in accordance with the Law, for the purposes specified in paragraph (2) of this clarification text, accommodation forms, interviews/messages you have made with the personal assistant, our mobile application, requests and communications during your stay in the hotel, software, various contracts, electronic mail, social media, in-hotel security cameras, depending on the nature of the service provided.
With the methods mentioned above, your personal data is processed for the following reasons;
- Legal reasons as “stipulated in the laws” (Tax Procedure Law, Identity Notification Law, Law No. 5651, etc. related legislation), “data processing is necessary for the establishment and performance of the contract”, “fulfillment of the legal obligation” legal reason regarding our retention obligations arising from the legislation, and “data processing is mandatory for the legitimate interests of the data controller”;
- Your personal data regarding the recording with security cameras in the hotel is subject to the legal reason of “ensuring the security of the building facilities and premises, controlling the entrances and exits to the buildings and facilities”, “it is mandatory for the data controller to fulfill its legal obligation” and “it is mandatory to process data for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data owner”,
- Your public photos and videos that you post on social media regarding your stay are processed based on the legal reason of “publicization by the person concerned” if you tag the accounts of BAND Turizm ve Ticaret A.Ş.
- In order to provide better service to you, our esteemed guests, and to protect your health, if you share your special data in order to receive customized service from BAND Turizm ve Ticaret AŞ., your health data you share (such as pillow preference, room preference, food allergy / special diet preference requests due to various health problems) are processed in line with your declaration in order to provide BAND Turizm ve Ticaret A.Ş. processes your health data based on the legal reasons of “being made public by the person concerned”, “being mandatory for the establishment, use or protection of a right” in order to provide services at a high standard and these preferences are stored in order to provide you with better service in the next reservation.
5. Scope and Amendment of the Personal Data Protection and Processing Policy
This Clarification Text prepared by BAND Turizm ve Ticaret AŞ. has been prepared in accordance with the Law No. 6698 on the Protection of Personal Data. BAND Turizm ve Ticaret AŞ. has the right to change the Clarification Text on the Protection of Personal Data, provided that it complies with the Law and board decisions and that personal data is better protected.
6. Information on Commercial Electronic Messages
Pursuant to Law No. 6563 on the Regulation of Electronic Commerce and the Regulation on Commercial Communication and Commercial Electronic Messages, your personal data may be processed in order to provide information about our services, to promote our goods and services and to ensure that you are informed about our campaigns. In accordance with the relevant legislation, your commercial electronic message permissions must be recorded in the Message Management System (MMS) and in this context, contact address (e-mail address and/or telephone number), permission date, communication channel, recipient type and permission source data will be shared with MMS. For detailed information about MMS, please visit https://iys.org.tr/.
7. Your Rights Regarding the Protection of Your Personal Data
Regarding your personal data processed by BAND Turizm ve Ticaret AŞ., you can always apply to us regarding your rights under Article 11 of the Law. Pursuant to this article, you have the right to;
- “Learn whether personal data is being processed”,
- “Request information if personal data has been processed”,
- “Learn the purpose of processing personal data and whether they are used for their intended purpose”
- “Know the third parties to whom personal data are transferred domestically or abroad”,
- “Request correction of personal data in case of incomplete or incorrect processing and to request notification of the transactions made in this direction to third parties to whom personal data are transferred”,
- “Request the deletion or destruction of personal data in the event that the reasons requiring the processing of personal data disappear and to request that the transactions made in this direction be notified to third parties to whom personal data are transferred”,
- “Object to unfavorable consequences that may arise as a result of the processing of personal data through automated systems”
- “In case you suffer damage due to unlawful processing of your personal data, to request compensation for this damage”.
Application Method
- You can submit your requests within the scope of the Law by filling out the “Application Form Pursuant to the Law on the Protection of Personal Data” at “https://barutacanthuscennet.com/en/policies”;
- in person or you can send your requests through Notary Public to Side Mah. Özal Cad. No:35 MANAVGAT/ANTALYA or you can send an e-mail to
- [email protected] with secure electronic or mobile signature, via registered e-mail address or your electronic e-mail address registered in our system.
Depending on the nature of your request, your applications will be concluded free of charge as soon as possible and within thirty days at the latest; however, if the transaction requires an additional cost, you may be charged a fee according to the tariff to be determined by the Personal Data Protection Board.
(Hereby, we would like to remind you that the related request must be in accordance with the provisions included in the Directives on the Procedures and Principles of Applications to Data Controllers.)