Data Protection and Privacy

Privacy Statement for Request / Complaint / Suggestion Processes

1. Data Controller

Your personal data is processed by our Company, as the data controller, in accordance with the provisions of the Law on Personal Data Protection No. 6698 (“Law”) and within the framework of this Privacy Statement for Request / Complaint / Suggestion Processes (“Privacy Statement”). This Privacy Statement explains the scope of processing of your personal data collected within the framework of the requests, complaints and suggestions you will submit to our Company.

2. Methods of Collecting Your Personal Data

Your personal data is collected by our Company, in whole or in part, through automated or non-automated means, provided that it is part of a data recording system, via physical and/or electronic media, including but not limited to our Company’s websites, mobile applications, digital assistants (chatbots), printed forms, reception desks at our Company’s headquarters, email, SMS, telephone, fax, request/complaint/suggestion platforms, courier/mail, online meeting and communication platforms, social media platforms, our Company’s information technology systems, internal integrated systems, and integrated systems with authorized public institutions, organizations, and private entities, as well as any additional methods (channels) that may be introduced in the future.

3. Categories of Processed Personal Data and Purposes and Legal Reasons for Processing Your Personal Data

The categories of personal data processed within the scope of request, complaint and suggestion processes, the purposes and legal reasons for collecting and processing such personal data are explained in detail below.

Personal Data CategoryPurposes of Processing Personal DataLegal Reasons for Processing
  • Identity Data (e.g. name-surname)
  • Contact Data (e.g. e-mail address, mobile phone number)
  • Request / Complaint and Suggestion Data (e.g. request and complaint information)
  • Legal Transaction Data (e.g. records of reading of privacy statement)
– Fulfilment of legal obligations explicitly stipulated in the laws (e.g. receiving relevant person applications and evaluation of them) and
– Carrying out storage and archive activities.		– Pursuant to Article 5/2(a) of the Law, being explicitly stipulated in the laws
  • Identity Data (e.g. name-surname)
  • Contact Data (e.g. e-mail address, mobile phone number)
  • Customer Transaction Data ((only if you are our customer) (e.g. information on the product/service subject to the request/complaint/suggestion))
  • Finance Data (e.g. bank account information)
  • Request / Complaint and Suggestion Data (e.g. request and complaint information)
  • Legal Transaction Data (e.g. records of reading of privacy statement)
  • Transaction Security Data (e.g. IP address, confirmation log records)
– Carrying out the necessary communications with the relevant persons who submit their requests, complaints, and/or suggestions within the scope of the performance of goods/services after-sales support services,
– Planning and realization of audit and internal audit and reporting activities,
– Carrying out ethics, whistleblowing, investigation, and misconduct processes,
– Performance of business activities and ensuring sustainability,
– Carrying out information security processes and
– Carrying out storage and archive activities.		– Provided that it is directly related to the establishment or performance of a contract pursuant to Article 5/2(c) of the Law that personal data processing is mandatory for the parties of the contract.
  • Identity Data (e.g. name-surname)
  • Contact Data (e.g. e-mail address, mobile phone number)
  • Request / Complaint / Suggestion Data (e.g. request and complaint information)
  • Legal Transaction Data (e.g. records of reading of privacy statement)
  • Transaction Security Data (e.g. IP address, confirmation log records)
– Fulfilment of legal obligations and
– Carrying out storage and archive activities.		– Data processing is mandatory for the data controller to fulfil its legal obligation pursuant to Article 5/2(ç) of the Law.
  • Identity Data (e.g. name-surname)
  • Contact Data (e.g. e-mail address, mobile phone number)
  • Customer Transaction Data ((only if you are our customer) (e.g. information on the product/service subject to the request/complaint/suggestion))
  • Finance Data (e.g. bank account information)
  • Request / Complaint and Suggestion Data (e.g. request and complaint information)
  • Visual and Audio Data (e.g. voice records)
  • Legal Transaction Data (e.g. records of reading of privacy statement)
  • Transaction Security Data (e.g. IP address, confirmation log records)
– Establishing and protecting the rights and interests of our Company in prospective dispute transactions to which our Company is a party and/or related,
– Planning and performance of legal and consultancy works, including the execution of dispute proceedings to which our Company is a party and/or related and
– Carrying out storage and archive activities.		– Data processing is mandatory for the establishment, exercise, or protection of a right pursuant to Article 5/2(e) of the Law.

  • Identity Data (e.g. name-surname)

  • Contact Data (e.g. e-mail address, mobile phone number)

  • Request / Complaint and Suggestion Data (e.g. request and complaint information)

  • Visual and Audio Data (e.g. voice records)

  • Legal Transaction Data (e.g. records of reading of privacy statement)

  • Transaction Security Data (e.g. IP address, confirmation log records)

  • Customer Transaction Data (only if you are our customer) (e.g. information on the product/service subject to the request/complaint/suggestion)

– Receiving, evaluating, and finalizing requests, complaints, and/or suggestions,
– Improving the experience of the request / complaint / suggestion owner,
– Conducting quality standards, including receiving and evaluating feedback for the improvement of our Company’s products/services/processes,
– Planning and realization of audit and internal audit reporting activities,
– Carrying out ethics, whistleblowing, investigation, and fraud processes,
– Performance of business activities and ensuring business continuity,
– Carrying out information security processes and
– Carrying out storage and archiving activities.		– Data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject pursuant to 5/2(f) of the Law.
4. Sharing and Transferring Your Personal Data

Your personal data, collected and processed within the scope of each of the above-mentioned personal data categories may be shared with and/or transferred to the recipient groups listed below for the purposes specified in the table below based on the conditions for processing personal data pursuant to Articles 8 and 9 of the Law:

Recipient Group Purposes of Transfer Personal Data Category Legal Reasons for Transferring
Suppliers located domestically and/or abroad, including group companies acting as service providers (e.g. online meeting/communication, voluntary audit, information technology, and data hosting service providers) Procurement of products and/or services within the scope of execution, auditing, and assurance of business activities’ the continuity
  • Identity
  • Contact
  • Visual and Audio
  • Customer
  • Transaction
  • Request/Complaint/Suggestion
  • Finance
  • Transaction Security
  • Legal Transaction
 – Data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject pursuant to Article 5/2(f) of the Law
Business partners located domestically and/or abroad Procurement of services within the scope of carrying out company activities, ensuring business continuity, and establishing business partnerships
  • Identity
  • Contact
  • Customer
  • Transaction
  • Request/Complaint/Suggestion
  • Visual and Audio
Request/complaint/suggestion platforms located domestically and/or abroad Procurement of services within the scope of collecting, evaluating, and resolving requests, complaints, and suggestions
  • Identity
  • Contact
  • Customer
  • Transaction
  • Request/Complaint/Suggestion
Attorneys and attorney partnerships located domestically Providing services within the scope of carrying out legal and consultancy works, including the establishment and protection of our Company’s rights and interests in prospective dispute transactions to which our Company is a party and/or related to
  • Identity
  • Contact
  • Visual and Audio
  • Customer
  • Transaction
  • Request/Complaint/Suggestion
  • Finance
  • Transaction Security
  • Legal Transaction
 – Data processing is mandatory for the establishment, exercise, or protection of a right pursuant to Article 5/2(e) of the Law and
– for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject pursuant to Article 5/2(f) of the Law
Competent public authorities and institutions located domestically (e.g. courts) Sharing of information/documents within the scope of fulfilling our Company’s legal obligations and monitoring legal affairs processes
  • Identity
  • Contact
  • Visual and Audio
  • Customer
  • Transaction
  • Request/Complaint/Suggestion
  • Finance
  • Transaction Security
  • Legal Transaction
 – Data processing is mandatory for the data controller to fulfil its legal obligation pursuant to Article 5/2(ç) of the Law and for the establishment, exercise, or protection of a right pursuant to Article 5/2(e) of the Law
5. Your Rights within the Scope of Law

We inform you that you, as a personal data owner, have the rights within the scope of the Article 11 of the Law:

You can send your applications for your aforesaid rights to our Company in accordance with the in accordance with the provisions of the Communiqué on the Principles and Procedures of Application to the Data Controller (in writing or via registered electronic mail (KEP) address, secure electronic signature, mobile signature or your e-mail address that has been registered in our systems and that you have previously notified to our Company, along with the information/documents * (such as TR ID number or passport number for citizens of other countries, residence address/workplace for notification, mobile phone/telephone/fax number, e-mail address) confirming your identity in order to enable our Company to electronically determine that you are the real right owner). Depending on the nature of your request, your applications will be concluded free of charge as soon as possible and within 30 (thirty) days at the latest; however, if the transaction requires an additional cost, you may be requested with a charge according to the tariff to be determined by the Personal Data Protection Board.

Postal Address:hotelrunner@hs01.kep.tr
E-Mail Address:dataprivacy@hotelrunner.com  

* We would like to remind you that any sensitive personal data (such as the details about your race, ethnic origin, political opinions, philosophical beliefs, religion, sect, or other beliefs, clothing and attire, membership in associations, foundations, or trade unions, health, sexual life, criminal convictions and security measures, biometric data, genetic data) should not be included in the scope of these documents.