Privacy Statement for Request / Complaint / Suggestion Processes
- Data Controller
Your personal data is processed by HotelRunner (“Company”), as the data controller, in accordance with the in accordance with applicable data protection laws and regulations (“Applicable Law”) and within the framework of this Privacy Statement for Request / Complaint / Suggestion Processes (“Privacy Statement”). This Privacy Statement explains the scope of processing of your personal data collected within the framework of the requests, complaints and suggestions you will submit to our Company.
- Methods of Collecting Your Personal Data
Your personal data is collected by our Company, either wholly or partially through automated or non-automated means, provided that it is part of a data recording system, via physical and/or electronic media, including our Company’s websites, mobile applications, and the channels in question, digital assistants (chatbots), printed forms (e.g. contact forms, demo request forms), reception desks at our Company’s headquarters, email, SMS, telephone, fax, request/complaint/suggestion platforms, courier/mail, online meeting and communication platforms, social media platforms, our Company’s information technology systems, internal integrated systems, and integrated systems with authorized public institutions, organizations, and private entities, as well as any additional methods (channels) that may be added in the future.
- Categories of Processed Personal Data and Purposes and Legal Reasons for Processing Your Personal Data
The categories of personal data processed within the scope of request, complaint and suggestion processes, the purposes and legal reasons for collecting and processing such personal data are explained in detail below.
| Personal Data Category | Purposes of Processing Personal Data | Legal Reasons for Processing |
| Identity Data (e.g. name-surname) Contact Data (e.g. e-mail address, mobile phone number, address) Request / Complaint / Suggestion Data (e.g. request, complaint, suggestion information) Legal Transaction Data (e.g. records of reading of privacy statement | Fulfilment of legal obligations explicitly stipulated in the laws (e.g. receiving relevant person applications and evaluation of them) and Carrying out storage and archive activities. | Personal data may be processed where such processing is necessary for the data controller to comply with its legal obligations under the Applicable Law |
| Identity Data (e.g. name-surname) Contact Data (e.g. e-mail address, mobile phone number, address) Professional Experience Data (e.g. job role, employing company information) Customer Transaction Data (only if you are our customer) (e.g. information on the product / service subject to the request / complaint / suggestion) Finance Data (e.g. bank account information) Request / Complaint / Suggestion Data (e.g. request, complaint, suggestion information, demo requested country information) Legal Transaction Data (e.g. records of reading of privacy statement) Transaction Security Data (e.g. IP address, confirmation log records, WhatsApp user name) | Prior to the sales process of the Company’s products and/or services, the collection of information and documentation as well as trial and/or demo requests, the management of the relevant processes, and the conduct of necessary communications with the relevant data subjects submitting such requests. Carrying out the necessary communications with the relevant persons who submit their requests, complaints and / or suggestions within the scope of the performance of goods / services after sales support services, Planning and realization of audit and internal audit and reporting activities, Carrying out ethics, whistleblowing, investigation and misconduct processes, Performance of the business activities and ensuring sustainability, Carrying out information security processes and Carrying out storage and archive activities. | Personal data may be processed where such processing is necessary for the establishment, performance, or execution of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract in accordance with the Applicable Law |
| Identity Data (e.g. name-surname) Contact Data (e.g. e-mail address, mobile phone number) Request / Complaint / Suggestion Data (e.g. request, complaint, suggestion information) Legal Transaction Data (e.g. records of reading of privacy statement) Transaction Security Data (e.g. IP address, confirmation log records) | Fulfilment of legal obligations and Carrying out storage and archive activities. | Personal data may be processed where such processing is required for the data controller to fulfil obligations imposed by the Applicable Law |
| Identity Data (e.g. name-surname) Contact Data (e.g. e-mail address, mobile phone number, address) Professional Experience Data (e.g. job role, employing company information) Customer Transaction Data (only if you are our customer) (e.g. information on the product / service subject to the request / complaint / suggestion) Finance Data (e.g. bank account information) Request / Complaint / Suggestion Data (e.g. request,complaint, suggestioninformation, demo requested company information) Visual and Audio Data (e.g. voice records) Legal Transaction Data (e.g. records of reading of privacy statement) Transaction Security Data (e.g. IP address, confirmation log records, WhatsApp username) | Establishing and protecting the rights and interests of our Company in prospective dispute transactions to which our Company is a party and/or related, Planning and performance of legal and consultancy works, including the execution of dispute proceedings to which our Company is a party and/or related and Carrying out storage and archive activities. | Personal data may be processed where such processing is necessary for the establishment, exercise, or defence of legal claims in accordance with the Applicable Law |
| Identity Data (e.g. name-surname) Contact Data (e.g. e-mail address, mobile phone number, address) Professional Experience Data (e.g. job role, employing company information) Request / Complaint / Suggestion Data (e.g. request, complaint, suggestion information, demo requested company information) Visual and Audio Data (e.g. voice records) Legal Transaction Data (e.g. records of reading of privacy statement) Transaction Security Data (e.g. IP address, confirmation log records, WhatsApp user name) Customer Transaction Data (only if you are our customer) (e.g. information on the product / service subject to the request / complaint / suggestion) | Prior to the sales process of the Company’s products and/or services, the collection of information and documentation as well as trial and/or demo requests, the management of the relevant processes, and the conduct of necessary communications with the relevant data subjects submitting such requests. Receiving, evaluating, and finalizing requests, complaints, and/or suggestions, Improving the experience of the request/complaint/suggestion owner, Conducting quality standards, including receiving and evaluating feedback for the improvement of our Company’s products/services/processes, Planning and realization of audit and internal audit reporting activities, Carrying out ethics, whistleblowing, investigation, and fraud processes, Performance of business activities and ensuring business continuity, Carrying out information security processes, and Carrying out storage and archiving activities. | Personal data may be processed where such processing is necessary for the purpose of the legitimate interests of the data controller, provided that such interests do not override the fundamental rights and freedoms of the data subject, in accordance with the Applicable Law |
- Transferring Your Personal Data
Your personal data, may be transferred to the recipient groups listed below, located domestically and/or abroad, pursuant to the Applicable Law:
| Recipient Group | Purposes of Transfer | Personal Data Category | Legal Reasons for Transferring |
| Suppliers located abroad, including group companies acting as service providers (e.g. information technology, and data hosting service providers) | Procurement of products and/or services within the scope of execution, auditing, and assurance of business activities’ the continuity | Identity Contact Professional Experience Visual and Audio Customer Transaction Request/ Complaint/ Suggestion Finance Transaction Security Legal Transaction | Data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject pursuant to the Applicable Law |
| Business partners located domestically and/or abroad | Procurement of services within the scope of carrying out company activities, ensuring business continuity, and establishing business partnerships | Identity Contact Professional Experience Customer Transaction Request/ Complaint/ Suggestion Visual and Audio | |
| Request/complaint/suggestion platforms located domestically and/or abroad | Procurement of services within the scope of collecting, evaluating, and resolving requests, complaints, and suggestions | Identity Contact Professional Experience Customer Transaction Request/ Complaint/ Suggestion | |
| Attorneys and attorney partnerships located domestically | Providing services within the scope of carrying out legal and consultancy works, including the establishment and protection of our Company’s rights and interests in prospective dispute transactions to which our Company is a party and/or related to | Identity Contact Visual and Audio Customer Transaction Request/ Complaint/ Suggestion Finance Transaction Security Legal Transaction | Data processing is mandatory for the establishment, exercise, or protection of a right pursuant to the Applicable Law and |
| for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject pursuant to the Applicable Law | |||
| Competent public authorities and institutions located domestically (e.g. courts, consumer arbitration board) | Sharing of information/documents within the scope of fulfilling our Company’s legal obligations and monitoring legal affairs processes | Identity Contact Professional Experience Visual and Audio Customer Transaction Request/ Complaint/ Suggestion Finance Transaction Security Legal Transaction | Data processing is mandatory for the data controller to fulfil its legal obligation pursuant to the Applicable Law and for the establishment, exercise, or protection of a right pursuant to the Applicable Law |
- Your Rights within the Scope of Applicable Law
We inform you that you, as a personal data owner, have the rights within the scope of the Applicable Law:
You can send your applications for your aforesaid rights to our Company in accordance with the in accordance with the provisions of the Applicable Law (in writing or via registered electronic mail address, secure electronic signature, mobile signature or your e-mail address that has been registered in our systems and that you have previously notified to our Company, along with the information/documents * (such as National ID number or passport number for citizens of other countries, residence address/workplace for notification, mobile phone/telephone/fax number, e-mail address) confirming your identity in order to enable our Company to electronically determine that you are the real right owner). Depending on the nature of your request, your applications will be concluded free of charge as soon as possible and within 30 (thirty) days at the latest; however, if the transaction requires an additional cost, you may be requested with a charge according to the tariff to be determined by the relevant data protection authority.
| E-mail Address: | dataprivacy@hotelrunner.com |
* We would like to remind you that any sensitive personal data (such as the details about your race, ethnic origin, political opinions, philosophical beliefs, religion, sect, or other beliefs, clothing and attire, membership in associations, foundations, or trade unions, health, sexual life, criminal convictions and security measures, biometric data, genetic data) should not be included in the scope of these documents.