Information Text Regarding Processing of Personal Data

1. A. Introduction

   This clarification text has been prepared in order to inform the relevant persons about the principles regarding the collection, recording, use, storage, storage, sharing with third parties and processing of your Personal Data by our Company BHM Otelcilik A.Ş. as the data controller.

   Your personal data that identifies you as an individual or can be associated with you as an identified or identifiable individual is processed in accordance with the Law on the Protection of Personal Data in order to provide you with better service.

   B. Definitions :

   a) Personal data : refers to Any information relating to an identified or identifiable natural person,

   b) Data Controller : refers to the legal or natural person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system,

   c) Relevant Person : refers to the natural person whose personal data is processed,

   ç) Law : refers to the Law on the Protection of Personal Data dated 24/3/2016 and numbered 6698,

   d) Board : refers to Personal Data Protection Board,

   e) Authority : refers to Personal Data Protection Authority,

   f) Registry : refers to Data Controllers Registry (VERBIS) kept by the Presidency

   g) Personal data processing : refers to any operation performed on personal data such as obtaining, recording, storing, preserving, modifying, reorganizing, disclosing, transferring, taking over, making available, classifying or preventing the use of personal data by fully or partially automatic means or by non-automatic means provided that it is part of any data recording system,

   h) Recipient group : The category of natural or legal person to whom personal data is transferred by the data controller.

   C. Personal Data Collected: We collect and process the following personal data about you:

   · Name and surname,

   · Date and place of birth,

   · Turkish ID/passport number,

   · E-mail address,

   · Phone number,

   · Financial data such as credit and/or debit card number,

   · Nationality, passport, visa or other government-issued identification,

   · Membership or loyalty program data (including co-branded payment cards, travel partner program memberships)

   · Employer's data for work-related reservations,

   · Vehicle license plate,

   · Flight, airport transportation and transfer data,

   · Itinerary, tour group or activity data,

   · Previous guest stays or interactions, goods and services purchased, requests for special services and amenities,

   · Social media account ID, profile photo and other publicly available data, and data made available by linking your social media and loyalty accounts,

   · Data on the names of family members and accompanying persons and ages of children,

   · Image, video and audio data taken by means of security cameras/recording devices located in public areas such as corridors and lobbies of our facilities,

   · The preferences you share with us, including your interests, to make your current and future stays and your experience with us more enjoyable,

   · Your appreciation, opinions, comments and criticisms about our services, as well as nutritional information, health restrictions and/or personal requirements for your health,

   · Special anniversaries, such as your birthday or wedding anniversary, as well as your hobbies and preferences for activities you would like to participate in,

   · If you make a reservation for another person, the personal data you will share regarding the person(s) you made the reservation for

   etc.

   Ç. Collection, Processing and Processing Purposes of Personal Data: Your personal data that you will share with our company is used limited to the following purposes;

   · Law No. 1174 on Identity Notification, Law No. 5651 on the Regulation of Publications on the Internet and Combating Crimes Committed through These Publications, Tax Procedure Law No. 213, Turkish Commercial Code No. 6102, and fulfillment of the obligations arising from the legislation,

   · Providing reservation and guest registration procedures, on-site welcome and accommodation services,

   · Organization and management of day use, organizations, seminars and events in our facilities and/or enterprises,

   · Suggesting and offering the products and services offered by our companies by customizing them according to the tastes, usage habits and needs of our guests,

   · Creation of commercial statistics and analysis regarding visits and usage of our facilities' websites or social media channels / channels,

   · To be informed about the events, organizations, seminars, trainings, seminars, talks organized in our facilities and/or enterprises,

   · Informing you about the information, activities and services you will request from our companies,

   · Carrying out the necessary work so that you can benefit from our products and services,

   · Conducting market research and R&D (research and development) activities, as well as developing and improving our product range, services, stores, information technology systems and security systems, and ensuring information security,

   · Determining the prices of our products and services and carrying out invoicing and payment transactions,

   · To make notifications regarding all kinds of loyalty programs and memberships applied and/or to be applied by our Companies and related Companies / organizations, to inform about changes, innovations and similar issues that may occur in the new services and products to be offered, loyalty programs and / or membership conditions,

   · Improving the quality of the services provided by our company and developing our quality policy,

   · Informing and benefiting from the general and special campaigns, promotions, promotions, discounts and similar advantages offered by our Company,

   · Determining and implementing our company's commercial and business strategies,

   · Ensuring the security of our facilities and those in our facilities and assisting in the prevention, detection and investigation/prosecution of crimes,

   · Obtaining legal consultancy services for the prevention and resolution of all kinds of disputes that our Company has encountered or will encounter within the scope of its commercial

   activities, and execution of contract processes regarding the purchase of products and services and leasing / sublease,

   · Establishment and maintenance of commercial, lease, etc. legal relations in accordance with the needs of our company's product and service procurement,

   · Ensuring the security of our Company, our guests, our employees and third parties, including those who have a business relationship with our Company (administrative operations, ensuring physical security and supervision of facilities, business partner/customer/supplier evaluation processes, legal compliance process, financial affairs, etc.),

   · Providing information about the availability and prices of our facilities through our call center or our website, making reservations and/or cancelling reservations and/or changing reservations and/or assisting with incomplete or incomplete reservations and/or providing new offers,

   · Emergency and incident response,

   · Receiving, evaluating and following up your requests and complaints.

   D. Method and Legal Reason for Collecting Personal Data: our personal data, within the scope of the above-mentioned purposes, within the scope of paragraph 2 of Article 5 of the Law on the Protection of Personal Data,

   · explicitly stipulated in the law,

   · provided that it is directly related to the conclusion or performance of a contract, it is necessary to process personal data of the parties to the contract,

   · it is mandatory for the data controller to fulfill its legal obligation,

   · data processing is mandatory for the establishment, exercise or protection of a right,

   · The legitimate interest of our Company as the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject,

   Based on legal grounds, it is collected verbally, in writing or electronically by automatic or non-automatic methods through the website, call center, social media channels, agencies, intermediaries, mobile applications and similar tools.

   E. Force Majeure: Within the scope of measures taken or to be taken for force majeure events such as COVID-19 and similar global or regional epidemics, infectious diseases, earthquakes, floods, wars, states of emergency, your personal and/or special categories of personal data requested in accordance with the circulars published by the Ministry of Interior, special permission document, Ministry and Presidency decisions, health information such as blood pressure, pulse, respiration and fever, HES code information, vaccination card information, PCR test result, special permission document within the scope of the circulars published by the Ministry of Interior of the Republic of Türkiye, can be processed for the following purposes:

   · Protection of public health,

   · Ensuring a healthy environment in our company's business and facility buildings as required by the safe tourism certificate etc,

   · Monitoring the health status / disease risk of our guests and visitors, providing medical diagnosis, treatment and care services,

   · Implementation of isolation/quarantine processes notified by the Ministries, provision of preventive health services,

   · Ensuring compliance with national and international legislation to which our facilities are subject and fulfilling the obligations arising from the relevant legislation,

   · Compliance with the rules set by national/international health authorities,

   · Arrangements and information regarding your stay/visit and refunds/extensions/cancellations of your reservation,

   · Ensuring the continuity and execution of our business activities,

   F. Transfer of Personal Data:

   We may transfer/share your personal data to 3rd parties in the following recipient groups:

   · We may share with Service Providers for services such as website operations, data analysis, order/payment transactions, reservation and reservation confirmation processes, customer service, e-mail sending, marketing.

   · When you stay at one of our affiliated properties or visit our affiliated properties, we may share your information about services such as spa, restaurant, cafe, bar, health club, concierge and other sales points in our properties with Onsite Service and/or Agency Providers so that they can provide marketing services to you.

   · We may share your information with Contracted Organizations in order for you to benefit from the services of real and/or legal persons such as airlines, car rental, travel agencies for purposes such as obtaining discounted services and/or facilitating your service purchase during your use of our facility

   · We may share this information with Group Companies and Other Companies within Barut Hotels in order to personalize the services and products we will offer you, to facilitate your transactions, to communicate with you, to enable you to benefit from our loyalty programs and to realize our business purposes, etc.

   · We may share with real and/or legal persons such as reservation process providers, wifi, wifi interface providers, secure payment systems, insurance companies, transfer companies, travel agencies, insurance companies, transfer companies, travel agencies, etc. in order to make products and services available to You with Suppliers and Service Providers.

   · We may share with Consultants for making plans on legal, financial and investment issues, determining risks, conducting business and transactions, etc.

   · We may share with Financial Institutions for the realization of payment transactions and execution of investment processes

   · We may share with Public Institutions for the fulfillment of obligations arising from the legislation, protection of public health, ensuring security, prevention, detection and investigation / prosecution of crimes, prevention of force majeure situations, etc.

   In addition, your personal data that you share for reasons such as reservations in our facilities and visits to our facilities, etc. may be transferred to different countries for reasons such as server system, cloud storage system, payment systems of banks, the headquarters of the intermediary organizations where reservations are made in different countries, etc.

   G. Rights of the Data Subject as a Data Subject:

   As a data subject, you have the following rights by applying to our Company,

   · To request whether personal data is processed or not, and if processed, to request information about it,

   · To learn the purpose of processing the data and whether they are used for their intended purpose,

   · To know the third parties to whom personal data are transferred domestically or abroad,

   · To request correction of personal data in case of incomplete or incorrect processing,

   · To request that it be deleted or destroyed in the event that the conditions for processing are no longer applicable and, if it has been transferred, to notify the third parties to whom it has been transferred,

   · To demand the compensation of the damage in case of damage caused by unlawful processing of personal data.

   Requests regarding the rights of the relevant persons and the implementation of the Law may be submitted in writing to the address "Şirinyalı Mah. Lara Cad. No:24 Muratpaşa / Antalya". Our Company shall respond to these requests without charging a fee up to ten pages if a written response is to be given, and by charging a transaction fee of 1 Turkish Lira for each page over ten pages. If the response to the application is given in a recording medium such as CD, flash memory, the fee that may be requested by the Personal Data Protection Authority will not exceed the cost of the recording medium.

   H. Identity of the Data Controller and Application to our Company:

   Data Controller : BHM Otelcilik A.Ş.

   Representative :

   Address : Şirinyalı Mahallesi Lara Cadde No: 24/ Muratpaşa Antalya

   Phone : +90 242 310 99

   E -Mail : [email protected]

   Pursuant to paragraph 1 of Article 13 of the PDPL, you may submit your request to exercise your above-mentioned rights to our Companies with the method(s) determined/to be determined by the Personal Data Protection Board with the regulations in the PDPL and the relevant legislation, or you may make a request by one of the following methods.

   · You can send a signed copy of your application containing your explanations to the address "Şirinyalı Mahallesi Lara Cadde No: 24/ Muratpaşa Antalya" in person with official documents identifying you such as identity card, driver's license, passport.

   · You can send your wet signed application and official documents identifying your identity through a Notary Public or

   · You can send your application and documents identifying you electronically to [email protected] secure electronic signature or mobile signature

   · Or you can send your application and documents identifying your identity to our Company by using the e-mail address you have previously notified to our Company and registered in our Company's system.

   Our Company will ensure that your application is finalized within 30 days at the latest, depending on the nature of your request.

   You may exercise your rights regarding personal data only in relation to your own personal data, and no request may be made regarding third parties. In order to get more information about our practices regarding the protection of personal data and your rights, you can contact us at our addresses and phones written above.

   I. Clarification Text Update Date: July 2024