PRIVACY STATEMENT OF HAPIMAG TURİSTİK YATIRIM VE TİCARET AŞ

HAPIMAG TURİSTIK YATIRIM VE TİCARET AŞ GİZLİLİK BEYANI

Thank you for visiting our website and for your interest in the Hapimag Sea Garden Hotel in Bodrum. We take the protection of your personal data seriously and act in accordance with the applicable legal provisions on data privacy and data security.

The Hapimag Sea Garden Hotel in Bodrum is operated by Hapimag Turistik Yatırım ve Ticaret AŞ, a subsidiary of Hapimag AG, Switzerland.

Bodrum Hapimag Sea Garden Hotel'in web sitesini ziyaret ettiğiniz ve gösterdiğiniz ilgi için teşekkür ederiz.Kişisel verilerinizin korunmasını ciddiye alıyoruz ve veri gizliliği ve veri güvenliği ile ilgili yasal düzenlemelere uygun hareket ediyoruz.

Bodrum Hapimag Sea Garden Hotel'i, Hapimag AG İsviçre'nin bir iştiraki olan Hapimag Turistik Yatırım ve Ticaret AŞ tarafından işletilmektedir.

1.      Scope and changes of the privacy statement / Gizlilik Beyanı'nın kapsamı ve değişiklikleri

Part 1 (in English language) and Part 2 (in Turkish language) of this privacy statement refers to the Clarification Text in relation to the Law on Protection of Personal Data Nr. 6698 (KVKK) (Chapters 3-8).

Part 3 of this privacy statement refers to the EU General Data Protection Regulation (GDPR) and is addressed to guests from the Member States of the European Union, Liechtenstein, Iceland and Norway (Chapters 9-22).

We reserve the right to periodically amend or update this privacy statement. Users are asked to regularly inform themselves about the content of the privacy statement.

İşbu Gizlilik Beyanı'nın 1.Kısmı (İngilizce dilindeki) ve 2.Kısmı (Türkçe dilindeki) 6698 sayılı Kişisel Verilerin Korunması Kanunu'na ilişkin Aydınlatma Metni'ni kapsamaktadır (3 ila 8 arasındaki maddeler).  

İşbu Gizlilik Beyanı'nın 3. Kısmı, Avrupa Birliği Genel Veri Koruma Tüzüğü (GDPR)'ne ilişkin olup, Avrupa Birliği üyesi devletlerden, Lihtenştayn, İzlanda ve Norveç'den gelen misafirleri kapsamaktadır (9 ila 22 arasındaki maddeler).    

İşbu Gizlilik Beyanı'nı periyodik olarak değiştirme ve güncelleme hakkını saklı tuttuğumuzu bildiririz. Kullanıcılardan, Gizlilik Beyanı'nın içeriği hakkında kendilerini düzenli olarak bilgilendirmeleri istenir.

2.      Controller and contact for data protection / Veri Sorumlusu ve İletişim Bilgileri

Controller and owner of the data collection is:
Veri Sorumlusu:

Hapimag Turistik Yatırım ve Ticaret AŞ

Gümüşsuyu,İnönü Caddesi No:18 Gümüşsu Palas D:8

34437 Beyoğlu – İstanbul

Türkiye

                                    (hereinafter also “Hapimag” or the “Company”)
                                    (bundan sonra "Hapimag" veya "Şirket")


If you have any questions or queries, you may contact us as follows:
Herhangi bir sorunuz olması durumunda, bize aşağıda yazılı olan adres üzerinden ulaşabilirsiniz:

Hapimag Turistik Yatırım ve Ticaret AŞ

Yali Mahallesi, Yalidag Caddesi No: 42

48400 Bodrum – Mugla - Türkiye

Tel      +90 252 311 1280

Fax      +90 252 311 1281

E-Mail bodrum@hapimag.com

PART 1 – CLARIFICATION TEXT IN RELATION TO THE LAW ON THE PROTECTION OF PERSONAL DATA NR. 6698 (KVKK)

3.      The purpose of the clarification text

The purpose of this clarification text is to inform you (hereinafter “Data Subject”) transparently on the collection, processing, processing methods and purpose, legal basis, who and how to share the personal data which is gathered from you and your rights in light of the relevant lain person, within the scope of the Law on Protection of Personal Data ("KVKK" or "Law") Nr. 6698, in particular Article 10 with the title "The Obligation of the Data Controller for Clarification" and Article 11 with the title "The Rights of the Relevant Person" of the Law.

Hapimag Turistik Yatırım ve Ticaret A.Ş. ("Company") processes, records, transfers, shares and protect your personal data, as the Data Controller, as it is described below and within the borders of the legal legislation.

Our Company reserves the right to update this Clarification Text for Personal Data within the scope of possible changes in legal legislation.

4.      The collection, processing, collection method, processing reason and legal reason of the personal data

The Company is permitted to process your personal data automatically or non-automatically through the instrument of the Company main office; our website, call center, social media accounts, mobile applications; through attendance to trainings, seminars, organizations managed by the Company, and other channels.  Your personal data can be orally, in writing or electronically collected, saved, stored, protected, updated according to operation needs, modified, and by the directive of the KVKK regulations, your personal data can be disclosed, transferred, delivered to and, shared with third parties and can be classified and anonymized. Your personal data will be processed by the Company due to reasons such as; provided services and activities; in order to fulfill the requirements sanctioned by the authorities in a complete and accurate manner; to comply with the Ministry of Culture and Tourism regulations and regulations of any related agencies, complying with concluded contracts, pursuant to KVKK regulations and within its boundaries. While administering your personal data, Customer Relationship Management (CRM) or such methods are practiced in order to provide you with a better quality in service and for sales and marketing purposes.

The conditions and purposes specified in the Article 5 of KVKK with the title "Conditions for Processing of Personal Data" and the Article 6 of KVKK with the title "Conditions for Processing of Special Categories of Personal Data" shall be considered during processing and transferring your personal data. Your data is utilized; for commercial and legal security of the Company and related parties; to provide the services that are managed by the Company; to personalize the services to your needs; to improve the quality of the services; to perform the sale, marketing and such activities by the Company; to comply with the obligations regarding storage, reporting and information of the data; to determine and apply commercial and business strategies; to facilitate service strategies for the Company.

In order to announce company based organizations and activities and such efforts, your personal data is collected orally, in writing, or in electronic format, in order to provide various services through various means to our customers, employees and third parties.

5.      Personal data may be processed without seeking the explicit consent of the Data Subject only in cases where one of the following conditions is met: 

According to Article 5 of KVKK, in the event that the conditions are met which have been listed below, our Company may process your personal data without any explicit consent.

a)      It is clearly provided for by the laws.

b)      It is mandatory for the protection of life or physical integrity of the person or of any other person who is bodily incapable of giving his consent or whose consent is not deemed legally valid.

c)      Processing of personal data belonging to the parties of a contract, is necessary provided that it is directly related to the conclusion or fulfillment of that contract.

d)      It is mandatory for the controller to be able to perform his legal obligations.

e)      The personal data is made available to the public by the Data Subject himself.

f)       Data processing is mandatory for the establishment, exercise or protection of any right.

g)      It is mandatory for the legitimate interests of the controller, provided that this processing shall not violate the fundamental rights and freedoms of the Data Subject.

6.      To whom and for which purpose the processed personal data may be transferred

Your personal data will not be used for purposes other than those stated above without your explicit consent and will not be shared with and not be transferred to a third party, except of legal obligations from government agencies.

Your personal data that has been collected may be transferred by the Company to our business partners locally or internationally (under the conditions determined by the Board of Protection of Personal Data) to suppliers, shareholders, associates, legally public authorities and private persons, related third parties or/and corporate entities, only according to the explicit consent of the Data Subject or under other circumstances stated in Article 5/2 of the KVKK, but particularly the legislation to which we are subject for the purposes of being used to the following purposes: to provide better service, to increase the value-added services, opportunities, and other services; to ensure the human resources division continues its operations; to maintain legal and commercial safety of the Company and its’ associates, to designate and execute the commercial business strategies. As well with the conditions listed above, in order to carry out our commercial activities in accordance with Articles 8 and 9 of the KVKK.

 7.      The rights of Data Subject according to Article 11 of the KVKK

If you, as the Data Subject, make your application in regard to your rights, through the methods  below mentioned in this clarification text for personal data, to our Company, your application shall be concluded free of charge in thirty days at the latest by our Company according to content of your application.

In accordance with the “Communiqué on the Procedures and Principles on the Application to Data Controller” which was arranged by the Board of Protection of Personal Data, in respect of your application in relation to your rights as the Data Subject, the following rules apply;

a)      If your application will be responded in written, there is no charge up to the first ten pages. For each and every page exceeding ten pages may be charged for 1 Turkish Lira as transaction fee.

b)      The fee shall not exceed the cost of the recording medium which is requested by our Company as the controller if the response to the application is with recording mediums such as CD or flash memory.

Within this framework, the Data Subject has the right:

a)      to learn whether his personal data are processed or not,

b)      to request information if his personal data are processed,

c)      to learn the purpose of his data processing and whether this data is used for intended purposes,

d)      to know the third parties to whom his personal data is transferred at home or abroad,

e)      to request the rectification of the incomplete or inaccurate data, if any,

f)       to request the erasure or destruction of his personal data under the conditions laid down in Article 7 of the KVKK,

g)      to request notification of the operations carried out in compliance with subparagraphs (e) and (f) to third parties to whom his personal data has been transferred,

h)      to object to the processing, exclusively by automatic means, of his personal data, which leads to an unfavorable consequence for the data subject,

i)        to request compensation for the damage arising from the unlawful processing of his personal data.

 

8.      The period of time required for the processing of personal data

In accordance with the KVKK, your personal data which is processed within the scope of the reasons stated in this clarification text for personal data, shall be erased, destructed or continued to be used after anonymization by our Company when the reasons are disappeared that are required to be processed according to Article 7/1 of KVKK and/or at the time of expiration of the statute of limitations to which we are subject.

Pursuant to Article 13/1 of KVKK, you may make your application concerning use of your rights stated above, to our Company in writing or through other methods determined by the Board of Protection of Personal Data.  Because any method is not specified by the Board of Protection of Personal Data at this stage, in accordance with the KVKK, your application shall be made in written form to our Company. Within this framework, you can see below the procedure and contact details/information in relation to your application to be made within the scope of Article 11 of the KVKK to our Company.

In order to use your rights listed hereinabove, you can deliver in person by hand the required documents confirming your identity and your application which includes your statements concerning your right to be used specified in the Article 11 of the KVKK with a signed copy of the form by filling the form listed in www.hapimag-seagarden.com to the address Gümüşsuyu İnönü Cd., No:18, D:8, Beyoğlu, İstanbul or send these through notary channel or other methods specified in the KVKK or send the related form to bodrum@hapimg.com with a secure electronic signature.

 PART 2 – 6698 SAYILI KİŞİSEL VERİLERİN KORUNMASI KANUNU'NA İLİŞKİN AYDINLATMA METNİ

 3.      İşbu aydınlatma metninin amacı

6698 sayılı Kişisel Verilerin Korunması Kanunu (“KVKK” veya “Kanun”) kapsamında- Kanunun “Veri Sorumlusunun Aydınlatma Yükümlülüğü” başlıklı 10. maddesi ve “İlgili Kişinin Hakları” başlıklı 11. maddesi çerçevesinde; kişisel verilerinizin toplanması, işlenmesi, işlenme yöntemi ve amacı, hukuki nedenleri, kimlere hangi amaçla aktarılabileceği ve ilgili kanunun kapsamındaki haklarınız konusunda sizleri en şeffaf şekilde bilgilendirmektir.

Hapimag Turistik Yatırım ve Ticaret A.Ş. ("Şirket") olarak Veri Sorumlusu sıfatı altında, kişisel verilerinizi aşağıda izah etmiş olduğumuz şekilde ve resmi mevzuat tarafından emredilen sınırlar çerçevesinde işlemekte, kaydetmekte, aktarmakta, paylaşmakta ve saklamaktayız.

Şirketimiz, işbu “6698 sayılı Kişisel Verilerin Korunması Kanunu'na ilişkin Aydınlatma Metni”ni yürürlükteki resmi mevzuatta yapılabilecek değişiklikler çerçevesinde her zaman güncelleme hakkını saklı tutar.

4.      Kişisel verilerin Toplanması, İşlenmesi, Toplanma Yöntemi, İşlenme Amacı ve Hukuki Sebebi

Şirket'imiz tarafından verilen hizmetler veya faaliyetler sebebi ile, ayrıca yasadan kaynaklanan ve yetkili kurumlar ve otoritelerce emredilen yükümlülükleri ekskiksiz ve doğru şekilde yerine getirebilmek amacı ile Şirket'imize iletmiş olduğunuz veya Şirket'imizin gerçekleştirdiği faaliyet ve işlemler çerçevesinde edinmiş olduğu her türlü kişisel verileriniz; gerek Kültür ve Turizm Bakanlığı ve ilgili diğer kurumların düzenlemeleri gerekse akdettiğimiz sözleşmeler nedeniyle, KVKK gereğince ve KVKK’da çizilen sınırlar dahilinde otomatik olan veya otomatik olmayan yöntemlerle, gerek Şirket merkezi aracılığı ile gerekse internet sitesi, çağrı merkezi, sosyal medya mecraları, mobil uygulamalar ve benzeri vasıtalar ile Şirketimizin düzenlediği eğitim, seminer veya organizasyonlara katılım durumunda, sözlü, yazılı ya da elektronik olarak elde edebilecek, kaydedilecek, depolanabilecek, muhafaza edebilecek, hizmetlerini devam ettirebilmek amacıyla güncellenebilecek, değiştirilebilecek, yeniden düzenlenebilecek, KVKK’nın izin verdiği durumlarda ve ölçüde üçüncü kişilere açıklanabilecek, devredilebilecek, aktarılabilecek, paylaşılabilecek, sınıflandırılabilecek, anonim hale getirilebilecek, ve Kanun'unda sayılan diğer şekillerde işlenebilecektir. CRM (Müşteri İlişkileri Yöntemi) benzeri uygulamalar ise kişisel verileriniz ile sizlere sunduğumuz hizmet kalitesinin arttırılması ile satış ve pazarlama faaliyetleri çalışmaları kapsamında kullanılacaktır.

Toplanan kişisel verileriniz, Şirket'imiz ve Şirket'imiz ile ilişki içerisinde olan kişilerin hukuki ve ticari güvenliğinin temini, Şirket'imiz tarafından sunulan hizmetlerden sizleri faydalandırmak için gerekli çalışmaların yapılması, Şirket'imiz tarafından sunulan hizmetlerin sizlerin beğeni, kullanım alışkanlıkları ve ihtiyaçlarına göre özelleştirerek sizlere önerilmesi, bu hizmetlerin kalitesini arttırmak, şirketimizin satış, pazarlama ve sair faaliyetlerini yerine getirebilmek, bilgi saklama, raporlama, bilgilendirme yükümlülüklerine uymak, Şirketimizin faaliyet ve hizmetleri ile ticari ve iş stratejilerinin belirlenmesi ve uygulanması ile Şirketimizin hizmet politikalarının yürütülmesi amacıyla kullanılabilecek  ve KVKK’nin 5. ve 6. Maddelerinde belirtilen kişisel veri işleme şartları ve amaçları kapsamında işlenebilecek ve aktarılabilecektir.

Kişisel verileriniz Şirket'imiz tarafından müşterilerine, çalışanlarına ve diğer üçüncü kişilere farklı kanallarla ve farklı hizmetler sunabilmek, Şirket’in düzenlediği organizasyon ve etkinlikleri duyurabilmek ve bu kapsamdaki faaliyetleri yürütmek amacıyla otomatik ya da otomatik olmayan yollarla, yazılı, sözlü ya da elektronik ortamda toplanmaktadır.

5.      Şirketimizin Kişisel Verilerinizi Kanunlar Gereği Açık Rızanız Olmaksızın İşleyebileceği Durumlar:

KVKK'nın 5.maddesi uyarınca, aşağıdaki hallerde Şirket'imiz, açık rızanız aranmaksızın yukarıda belirtilen ve kanuna uygun olarak almış olduğu kişisel verilerinizi işleyebilir.

a)      İlgili kanunlarda öngörüldüğü hallerde

b)      Fiili imkansızlık nedeniyle veri sahibi olarak rızanızı açıklayamayacak durumda olmanız veya rızanıza hukuki geçerlilik tanınmayan hallerde kendinizin ya da bir başkasının hayatı veya beden bütünlüğünün korunması için kişisel verinizin işlenmesinin zorunlu olması

c)      Sözleşmenin ifası gereği,

d)      Şirketimizin bir hukuki yükümlülüğünü yerine getirebilmesi için zorunlu olması

e)      Kişisel verinizin tarafınızca alenileştirilmiş olması

f)       Bir hakkın tesisi, kullanılması veya korunması için veri işlemenin zorunlu olması,

g)      Sahip olduğunuz temel hak ve özgürlüklerinize zarar vermemek kaydıyla, Şirketimizin meşru menfaatleri için veri işlenmesinin zorunlu olması

6.      İşlenen Kişisel Verilerin Kimlere Hangi Amaçla Aktarılabileceği

Kişisel verileriniz, açık rızanız bulunmadan yukarıda belirtilen amaçlar dışında kullanılmayacak olup, yasal yükümlülükler ve resmi kurum/ kuruluşlar haricinde üçüncü şahıslarla paylaşılmayacak ya da aktarılmayacaktır.

Toplanan söz konusu kişisel verileriniz Şirket'imiz tarafından sadece, müşterilerin açık rızasına istinaden veya tabi olduğumuz mevzuat başta olmak üzere KVKK m. 5 f.2’de öngörülen diğer hallerde Şirket'imiz tarafından hizmetlerden sizleri faydalandırmak için gerekli çalışmaların iş birimlerimiz tarafından yapılması; Şirket'imiz tarafından siz müşterilerimize sunulan katma değerli hizmetler, fırsatlar ve olanaklar ve hizmet kalitesinin artırılması; Şirket’imizin insan kaynakları politikalarının yürütülmesinin temini; Şirket’imizin ve Şirket’imizle iş ilişkisi içerisinde olan kişilerin hukuki ve ticari güveniliğin temini; Şirket’imizin ticari ve iş stratejilerinin belirlenmesi ve uygulanması amaçlarıyla; yurtiçinde veya yurtdışında (Kişisel Verilerin Korunması Kurulu tarafından belirlenen şartlar dahilinde) bulunan iş ortaklarımıza, tedarikçilerimize, hissedarlarımıza, iştiraklerimize, kanunen yetkili kamu kurumları ve özel kişilere, ilişki içerisinde olduğumuz diğer 3. Kişi gerçek kişi ve/ veya tüzel kişilere, ticari faaliyetlerimizi yürütmek çerçevesinde 6698 sayılı Kanun’un 8. Ve 9. Maddelerinde belirtilen kişisel veri işleme şartları ve amaçları çerçevesinde aktarılabilecektir.

7.      Kişisel Veri Sahibinin Kişisel Verileri Koruma Kanunu ‘nun 11. Maddesi Çerçevesinde Hakları

Kişisel Veri Sahipleri olarak haklarınıza ilişkin taleplerinizi, işbu “Kişisel Verilerin İşlenmesine İlişkin Aydınlatma Metni”nde aşağıda düzenlenen yöntemlerle Şirket'imize iletmeniz durumunda, Şirket'imiz talebin niteliğine göre, en geç otuz gün içinde talebinizi ücretsiz sonuçlandıracaktır.

Kişisel Verileri Koruma Kurulu tarafından yayınlanan "Veri Sorumlusuna Başvuru Usul ve Esasları Hakkında Tebliğ" uyarınca, Kişisel Veri Sahipleri olarak haklarınıza ilişkin talepleriniz kapsamında,

a)      Başvurunuza yazılı olarak cevap verilecekse, on sayfaya kadar ücret alınmaz. On sayfanın üzerindeki her sayfa için 1 Türk Lirası işlem ücreti alınabilir.

b)      Başvuruya cevabın CD, flash bellek gibi bir kayıt ortamında verilmesi halinde Veri Sorumlusu olarak Şirket'imiz tarafından talep edilebilecek ücret kayıt ortamının maliyetini geçmez.

Bu kapsamda Kişisel Veri Sahipleri:

a)      kişisel verilerinizin işlenip işlenmediğini öğrenme,

b)      kişisel verileriniz işlenmişse buna ilişkin bilgi talep etme,

c)      kişisel verilerinizin işlenme amacını ve amacına uygun kullanılıp kullanılmadığını öğrenme,

d)      kişisel verilerinizin yurt içinde veya yurt dışında aktarıldığı üçüncü kişileri bilme,

e)      kişisel verileriniz eksik veya yanlış işlenmiş ise düzeltilmesini isteme,

f)       kişisel verileriniz KVKK ve ilgili diğer Kanun hükümlerine uygun olarak  işlenmiş olmasına rağmen, işlenmesini gerektiren sebeplerin ortadan kalkması halinde kişisel verilerinizin silinmesini veya yok edilmesini isteme,

g)      kişisel verilerinizin aktarıldığı üçüncü kişilere yukarıda sayılan (e) ve (f) bentleri uyarınca yapılan işlemlerin bildirilmesini isteme,

h)      kişisel verilerinizin münhasıran otomatik sistemler ile analiz edilmesi nedeniyle aleyhinize bir sonucun ortaya çıkmasına itiraz etme ve

i)        kişisel verilerinizin kanuna aykırı olarak işlenmesi sebebiyle zarara uğramanız hâlinde zararın giderilmesini talep etme

haklarına sahiptir.

8.      Kişisel Verilerin İşleneceği Süreler

KVKK’ya uygun olarak, işbu “6698 sayılı Kişisel Verilerin Korunması Kanunu'na ilişkin Aydınlatma Metni”nde belirtilen amaçlarla işlenmiş olan kişisel verileriniz, KVKK madde 7/f.1 e göre işlenmesi gerektiren amaç ortadan kalktığında ve/ veya mevzuat uyarınca verilerinizi işlememiz için zorunlu kılındığımız zaman aşımı süreleri dolduğunda, tarafımızca silinecek, yok edilecek veya anonimleştirilerek kullanılmaya devam edilecektir.

KVKK’nın 13. Maddesinin 1. Fıkrası gereğince, yukarıda belirtilen haklarınızı kullanmak ile ilgili talebinizi, yazılı veya Kişisel Verileri Koruma Kurulu’nun belirlediği diğer yöntemlerle Şirket’imize iletebilirsiniz. Kişisel Verileri Koruma Kurulu, şu aşamada herhangi bir yöntem belirlemediği için, başvurunuzu, KVKK gereğince, yazılı olarak Şirket'imize iletmeniz gerekmektedir. Bu çerçevede Şirket'imize yapacağınız başvurularda, yazılı olarak başvurunuzu ileteceğiniz kanallar ve usuller aşağıda açıklanmaktadır.

Yukarıda belirtilen haklarınızı kullanmak için kimliğinizi tespit edici gerekli bilgiler ile KVKK’nın 11. maddesinde belirtilen haklardan kullanmayı talep ettiğiniz hakkınıza yönelik açıklamalarınızı içeren talebinizi; www.hapimag-seagarden.com adresindeki formu doldurarak, formun imzalı bir nüshasını Gümüşsuyu İnönü Cd., No:18, D:8, Beyoğlu, İstanbul adresine kimliğinizi tespit edici belgeler ile bizzat elden iletebilir, noter kanalıyla veya KVKK'da belirtilen diğer yöntemlerle gönderebilir veya ilgili formu bodrum@hapimag.com adresine güvenli elektronik imzalı olarak iletebilirsiniz.

PART 3 – PRIVACY STATEMENT FOR GUESTS FROM THE MEMBER STATES OF THE EUROPEAN UNION, LIECHTENSTEIN, ICELAND AND NORWAY (EU-GDPR)

9.      Personal data

Under the European General Data Protection Regulation (GDPR), personal data refers to any information relating to an identified or identifiable natural person. Personal data refers to information assigned to you personally (hereinafter the “data subject”) and may convey something about you.

10.  Legal basis for processing

The legal basis for processing personal data is deemed to be the principles of Article 6 (1) GDPR, specifically

-          a) if the data subject has given consent;

-          b) if processing is necessary for the performance of a contract to which the data subject is party. This also applies to the steps required prior to entering into a contract.

-          c) if our company must comply with a legal obligation;

-          d) if the compelling interests of the data subject or another natural person are to be protected;

-          e) if processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in our company;

-          f) if processing is required for the purposes of the legitimate interests pursued by our company or a third party, and the interests or fundamental rights and freedoms of the data subject will not be overridden. The legitimate interest of our company lies in carrying out our business activity.    

11.  Collection and processing of personal data

We use the data you have given without your explicit consent solely for the necessary performance and processing of the services offered and on the basis of legitimate interests. On completion of the services, your data are excluded from further use and are deleted after the storage time limits have expired under tax and commercial law, provided you have not expressly given your consent for your data to be used further or there is no other legal justification.

The user is made clearly aware of the scope of any consent to be given upon registration for the respective service and that consent is recorded. The content of the consent given will be kept available for the user within the service. If you do not give your consent, we trust you will understand that you may not be able to take part in the respective service.

 11.1                     Visiting our website

You may visit the website of the Hapimag Sea Garden Hotel without disclosing your identity. However, our web servers automatically save technical information of the device used for the visit, including the IP address, type of web browser, operating system, domain name of your internet service provider, date and duration of your visit to our internet pages and the website you came from to visit us. This information is evaluated anonymously for statistical purposes only.

These data are processed for the purpose of making navigation of the website easier (connection set-up), system security, technical administration of the network infrastructure as well as for optimising the internet offering, and as such on the basis of our legitimate interests under Article 6 (1) f GDPR and to protect users and prevent unauthorised use. We do not pass on these data to third parties or make any other kind of evaluation. We do not create a personal user profile.

11.2                     Contact through our website (contact form)

If there are any queries about the Hapimag Sea Garden Hotel and for a booking enquiry for special offers, we need the following personal data as a one-off to get in touch with you: first and last names, telephone number and e-mail address. These data are not passed on to third parties or used for marketing purposes.

For such enquiries, the personal data are processed for handling and administration under Article 6 (1) b GDPR.

The type of data we collect when the contact form is used can be seen on the contact form or it depends on your e-mail message. These data are saved and used solely for responding to your enquiry, for contacting you and for related technical administration work. After your enquiry has been processed, your data are deleted, provided you request this and there are no statutory storage obligations to prevent deletion.

12.  Compliance with legal provisions or public interest (Article 6 (1) c, e GDPR)

Like everyone involved in the economic process, we are also subject to a wide range of legal obligations. The primary ones are statutory requirements (e.g. commercial and tax law), but sometimes provisions of supervisory and other authorities too. The fulfilment of control and reporting requirements under tax law as well as the archiving of data for the purposes of data protection and data security plus audits by tax and other authorities are actions deemed to be for the purposes of processing. Personal data may also have to be disclosed under judicial and official measures for the purposes of collecting evidence, law enforcement or implementing claims under civil law.

13.  Use of cookies (cookie policy)

Cookies are used on various pages of our website. A cookie is a small text file stored on your hard drive by a website. Cookies do not cause any damage to your computer and do not contain any viruses. The cookies from our internet pages do not collect any kind of personal data. We use the information contained in cookies to make navigation on our websites easier for you and to tailor the information to your needs.

This website uses browser cookies (hereinafter “cookie”) to simplify use of this website (hereinafter “website”) and to obtain indicators about improving the information and services accessible via the website. This cookie policy gives you information about the use of cookies on the website.

How cookies work

Cookies are small text files that the browser stores on the user’s computer in a specific directory. For example, cookies enable text that has been input once to be saved in form fields on the website so that you do not have to enter this text again when you next visit the website or switch between individual functions.

Cookie settings

You can decide yourself whether our website’s web server can save cookies on your computer or not. You can choose at any time to set your browser to not accept or save cookies. Alternatively, before accepting a cookie, you can have a warning message appear or set the browser so that only cookies from certain websites are accepted. You can also delete cookies you have saved at any time.

We would like to point out that the use of some functions on our website may be limited or locked if you reject cookies from the website. To make it easier to use the website, we therefore recommend that you set your browser to accept cookies from the website.

Web analysis services, online marketing networks, third-party content

On the basis of our legitimate interests under Article 6 (1) f GDPR, we use web analysis services, online marketing networks and third-party services for the analysis, optimisation and commercial operation of our sites.

Web analysis services use cookies to collect data. The information they generate (e.g. IP address and browser type) may be transmitted in anonymised form to a server at the web analysis service in Switzerland or abroad for saving and processing. You can prevent the respective web analysis service from setting cookies on your computer and collecting data by setting your browser accordingly or setting an opt-out cookie.

Hapimag uses international online marketing networks such as DoubleClick to run its online marketing activities (e.g. for banners or affiliate programs). These networks use cookies to tailor marketing activities to the identifiable needs of customers. By setting opt-out cookies, you can prevent such online marketing networks from setting cookies on your computer and collecting data.

By using third-party services, third-party providers may become aware of the IP address of the users of third-party content, i.e. this is necessary to carry out offers of third-party providers. The commissioned third-party providers may also use pixel tags to evaluate information on visitor traffic or for statistical or marketing purposes. Furthermore, this information may be saved in cookies and on user devices. These cookies may therefore contain technical information on the browser used, operating system, time of visit and other details on the use of our websites and also be linked with this information from other sources.

14.  Web analysis services – data privacy at Google Analytics, Google AdWords, Conversion Tracking and Google Remarketing

Our website uses Google Analytics, Google AdWords, Conversion Tracking and Google Remarketing. These are services of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States (“Google”). Google uses cookies saved on your computer to analyse website usage. The information generated by the cookie (including your IP address) is transferred to a Google server in the USA where it is stored. Google then abbreviates the IP address to the last three characters, which means the IP address can no longer be clearly assigned. Google observes the data protection requirements of the US Privacy Shield Framework and has registered with the US Department of Commerce for the Privacy Shield program.

Google uses this collected information to evaluate your website activity, to compile reports on website activities for the website operators and to supply us with further services related to website usage and internet usage. If necessary, Google will also transmit this information to third parties if this is legally required or if third parties are processing these data on behalf of Google.

Third-party providers, including Google, display advertisements on websites on the internet. Third parties, including Google, use stored cookies in order to display advertisements based on a user’s previous visits to our website.

You can opt out of the use of cookies by Google by accessing the page for Opt out of Google Advertising.

Alternatively, users may opt out of the use of cookies by third parties by accessing the Opt out page of the Network Advertising Initiative. You can also prevent the data related to your website activity (including your IP address) and data generated by the cookie from being recorded by Google and these data from being processed by Google. To do so, download and install the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en-GB.

However, we would like to point out that if you do so, you may not be able to use all functions of this website in full. By using this website, you agree to Google processing the data it has collected about you in the manner described above and for the aforementioned purpose. Consent for data collection and storage may be withdrawn at any time with effect for the future. You can find further information in Google’s terms and conditions here.

15.  Online marketing networks

15.1                     Use of Google Maps

This website uses Google Maps to display maps and generate route maps. Google Maps is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. By using this website, you agree to Google, one of its representatives or third-party providers recording, processing and using automatically collected data or data you have given. For more information, please go to Terms of use of Google Maps and the opt-out procedure at: https://www.google.com/settings/ads/ .

15.2                     Use of Facebook Ads

We use communication tools of the social network Facebook, particularly the Custom Audiences and Website Custom Audiences product operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). In doing so, an irreversible and non-personal hash total is generated from your usage data that can be transmitted to Facebook for analysis and marketing purposes. The Facebook cookie is used for the Website Custom Audiences product. Please read Facebook’s data privacy guidelines for further information on the purpose and scope of data collection and further processing and use of data by Facebook as well as your privacy setting options, which can be found at https://www.facebook.com/ads/website_custom_audiences/ and https://www.facebook.com/privacy/explanation . If you would like to reject Facebook Website Custom Audiences, you can do so at https://www.facebook.com/ads/website_custom_audiences/.

15.3                     Use of SiteMinder channel manager

For bookings and queries via external booking platforms, our website uses techniques of the channel manager of SiteMinder Distribution Limited, Waterfront, Hammersmith Embankment, Manbre Road, London W6 9RH, United Kingdom (“SiteMinder”).

Your data are neither sold, leased or made available in any other way to third parties.  Please visit the website of SiteMinder Distribution Limited at https://www.siteminder.com/en/ for more information on the terms of use and information on data protection.

16.  Third-party services – information on the use of Facebook, Twitter, Instagram and YouTube

On the basis of our legitimate interests under Article 6 (1) f GDPR, we use the plug-ins listed below to analyse and optimise our offers.

Our website uses social plug-ins (“plug-ins”) of the social networks Facebook, microblogging services Twitter and Instagram as well as the service from YouTube. These services are offered by the companies Facebook Inc., Twitter Inc., Instagram LLC. and YouTube (“providers”).

Facebook is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). You can obtain an overview of Facebook plug-ins and their structure here:  https://developers.facebook.com/docs/plugins

Twitter is operated by Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA (“Twitter”). You can find an overview of Twitter buttons and what they look like here: https://dev.twitter.com/web/overview

Instagram is operated by Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA (“Instagram”). You can find an overview of Instagram buttons and what they look like here:  https://www.instagram.com/developer/embedding/

YouTube is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“YouTube”). You can find further information on YouTube here: https://developers.google.com/youtube/

If you access one of our website pages containing a plug-in of this type, your browser establishes a direct connection to the servers of Facebook, Twitter, Instagram or YouTube. The content of the plug-in is transferred from the respective provider directly to your browser, which incorporates it in the website. By incorporating the plug-in, the providers are notified that your browser has visited the corresponding page of our website, even if you do not have a profile or you are not even logged in. This information (including your IP address) is transmitted directly to the USA to a server of the respective provider and stored there.

If you are logged in to one of the services, the providers can directly assign your visit to our website to your profile on Facebook, Twitter, Instagram or YouTube. If you interact with the plug-ins, for example if you press the “Like”, “Twitter” or “Instagram” buttons, the corresponding information is also transferred directly to the server of one of the providers where it is stored there. The information is also published and shown to your contacts on the social networks on Facebook, Twitter, Instagram, or YouTube. Please consult the data privacy statements of those providers for the purpose and scope of data collection and for the further processing and use of data by the providers as well as your rights and privacy setting options:

Privacy statement of Facebook: http://www.facebook.com/policy.php

Privacy statement of Twitter: https://twitter.com/privacy

Privacy statement of Instagram: https://help.instagram.com/155833707900388/

Privacy statement of YouTube: https://www.google.de/intl/en/policies/privacy  

If you do not want Facebook, Twitter, Instagram or YouTube to assign the data collected through our website to your profile in the respective service, you must log out of the relevant service before visiting our website. You can also fully prevent the loading of plug-ins with add-ons for your browser, e.g. with the script blocker “NoScript” (http://noscript.net/).

17.  Usage and disclosure of collected data to third parties

We use the personal data you have made available solely on an internal basis for the advised and agreed purposes:

-          operation of our internet websites

-          for the performance of accommodation services and related additional services

-          or very generally for answering your queries.

As such, data may be forwarded to the following recipients:

-          public bodies or authorities that request data under statutory regulations (e.g. tax authorities, social security agencies, municipal administrations, courts)

-          internal functions involved in the execution and performance of the respective business processes (e.g. HR, Accounting, Marketing, Sales, IT, Legal) as well as to other Hapimag companies, if data subjects have given their written consent or transmission is permitted out of overriding legitimate interests

-          external contractors (service companies) under Article 28 GDPR

-          other external bodies (e.g. banks, debt collection agencies, credit card companies, travel and indemnity insurance companies).

If you use our services, we only collect the personal data we need to provide the requested services. Any additional data collection is made on a voluntary basis and solely to safeguard our own legitimate business interests.

We only process and use your data with your express consent, or if there is legal justification, for the purposes of advice, marketing and market research. You may withdraw your declaration of consent at any time. Your data are neither sold, leased nor made available in any other way to third parties. Any processors specifically remain reserved. The transmission of personal data to government institutions and authorities is carried out solely within the framework of compulsory national legal provisions.

18.  Guaranteeing security in data processing

Hapimag uses dedicated technical and organisational  measures in accordance with relevant legal provisions to protect your data, which we manage against unlawful or unintended manipulation, loss, destruction or access by unauthorised  persons. Our security measures are being constantly improved in line with technological developments to guarantee the protection aims of confidentiality, integrity and availability of your data.

19.  Time limits for deleting data

Your personal data are only saved for as long as the purpose for which they were collected and processed has been fulfilled. Statutory storage obligations and time limits remain reserved. After these time limits expire, personal data are routinely deleted and, if they are in paper form, destroyed according to data protection requirements and in observance of specific precautions.

20.  Data transmission to other countries

Data may only be transmitted to other countries as part of contract fulfilment, necessary communication as well as due to other exceptions expressly provided for in the relevant data protection laws.

Currently there is an exchange of guest master data between the Hapimag Sea Garden Hotel in Bodrum and the Hapimag Headquarter in Steinhausen (Switzerland). The European Community considers Switzerland's level of data protection to be equivalent and appropriate. No data are transmitted to other countries, particularly those where data protection is deemed to be low, and there are currently no plans to do so.

21.  Rights of data subjects

Under GDPR, the data subject has the following rights over how his or her personal data are handled:

-          Article 15: Right of access

-          Article 16: Right to rectification

-          Article 17: Right to erasure

-          Article 18: Right to restriction of processing

-          Article 20: Right to data portability

-          Article 21: Right to object

There is also a right to lodge a complaint with a responsible data protection supervisory authority (Article 77 GDPR).

You may withdraw your consent for us to process your personal data at any time. This also applies to the withdrawal of declarations of consent that were given to us before the effective date of the GDPR, i.e. before 25 May 2018. Please note that withdrawal is only effective for the future. Processing carried out prior to the withdrawal is not affected by this.

22.  Right to object under Article 21 GDPR

22.1                     Specific right to object

You have the right to enter an objection (for reasons based on your particular situation) at any time against the processing of personal data concerning you that is carried out on the basis of Article 6 (1) e GDPR (data processing in the public interest) and Article 6 (1) f GDPR (data processing on the basis of the balance of interests).

If you enter an objection, we will no longer process your personal data, unless we can prove compelling legitimate reasons to do so that override your interests, rights and freedoms or the processing is used for asserting, exercising or protecting legal claims.

22.2                     Right to object to processing of data for the purposes of direct marketing

In specific cases, we process your personal data to carry out direct marketing. You have the right at any time to object to the processing of data related to you for the purposes of such marketing.

***

Kişisel Veri Sahibi Başvuru Formu

Personal Data Owner Application Form