The purpose of this text is to inform you about the personal data processing activities and the systems adopted for the protection of personal data conducted by Set Otelcilik Ticaret ve Anonim Şirketi (Crowne Plaza Bosphorus), which operates at Ortaköy Dereboyu Caddesi No:10 34347 Beşiktaş / ISTANBUL, in its capacity as the data controller, in accordance with the Law No. 6698 on the Protection of Personal Data ("Law") and related legislation.
This text will explain how your personal data is collected, used, shared, and other related matters as specified below:
- What personal data does Crowne Plaza Bosphorus collect from you?
- For what purposes does Crowne Plaza Bosphorus collect your personal data?
- What methods are used to collect your personal data?
- On what legal grounds is your personal data processed?
- To whom and for what purposes is your personal data transferred?
- For how long is your personal data retained?
- What are your rights as a data subject?
- What is the procedure for applications and complaints regarding your personal data?
Data Controller
Your personal data is processed by Set Otelcilik Ticaret ve Anonim Şirketi, which operates at Ortaköy Dereboyu Caddesi No:10 34347 Beşiktaş / ISTANBUL, as the data controller, in accordance with the Law No. 6698 on the Protection of Personal Data, within the scope explained below.
Which Personal Data is Being Processed and What Are the Purposes of Processing Your Personal Data?
Data Category: Identification Data
Processed Personal Data:
- Name
- Surname
- Birth Date
- Gender
- Nationality
Purposes of Processing Personal Data:
- Conducting Communication Activities
- Managing Company/Product/Service Affiliation Processes
- Ensuring Compliance with Legislation in Activities
- Managing Business Continuity Activities
- Executing and Supervising Business Operations
- Managing Goods/Services Sales Processes
- Providing Post-Sales Support Services for Goods/Services
- Executing Financial and Accounting Transactions
- Managing Customer Relationship Management Processes
- Conducting Customer Satisfaction Activities
- Performing Storage and Archiving Activities
- Managing Contract and Membership Processes
- Tracking Requests/Complaints
- Planning and Implementing Commercial and/or Business Strategies
- Conducting Necessary Studies by Business Units to Utilize
- Offered Products and Services and Managing Related Business Processes
- Providing Information to Authorized Persons, Institutions, and Organizations
Data Category: Communication Data
Processed Personal Data:
- E-Mail Address
- Corporate Mobile Phone Number
- Address
Purposes of Processing Personal Data:
- Conducting Communication Activities
- Managing Financial and Accounting Operations
- Managing Company/Product/Service Affiliation Processes
- Managing Business Continuity Activities
- Executing and Supervising Business Operations
- Managing Goods/Services Sales Processes
- Providing Post-Sales Support Services for Goods/Services
- Managing Customer Relationship Management Processes
- Conducting Customer Satisfaction Activities
- Performing Storage and Archiving Activities
- Managing Contract and Membership Processes
- Tracking Requests/Complaints
- Planning and Implementing Commercial and/or Business Strategies
- Conducting Necessary Studies by Business Units to Utilize Offered Products and Services and Managing Related Business Processes
- Providing Information to Authorized Persons, Institutions, and Organizations
Data Category: Customer Transaction Data
Processed Personal Data:
- Invoice Details
- Request Details
- Feedback, Opinions, Requests and Complaints,
- Evaluations, and Comments
Purposes of Processing Personal Data:
- Executing and Supervising Business Operations
- Providing Information to Authorized Persons, Institutions, and Organizations
- Ensuring Compliance with Legislation in Activities
- Managing Financial and Accounting Operations
- Performing Storage and Archiving Activities
- Managing Contract Processes
- Managing Goods/Services Sales Processes
- Providing Post-Sales Support Services for Goods/Services
- Managing Customer Relationship Management Processes
- Conducting Customer Satisfaction Activities
- Executing Marketing Analysis Studies
- Managing Advertising, Campaign, and Promotion Processes
- Tracking Requests/Complaints and Managing Marketing Processes for Products/Services
Data Category : Financial Data
Processed Personal Data:
- Encrypted Credit Card Information
- Bank Account/ IBAN Number Information
Purposes of Processing Personal Data:
- Ensuring Compliance with Legislation in Activities
- Monitoring and Managing Legal Affairs
- Managing Financial and Accounting Operations
- Managing Service and Product Refund Processes
- Executing and Supervising Business Operations
- Managing Goods/Services Sales Processes
- Performing Storage and Archiving Activities
- Managing Contract Processes
- Providing Information to Authorized Persons, Institutions, and Organizations
Data Category: Visual and Audio Recordings
Processed Personal Data:
- Security Camera Recordings
- Photography
Purposes of Processing Personal Data:
- Improving the Quality of Services Provided
- Ensuring Physical Location Security
- Ensuring the Safety of People and Property within the Hotel and its Physical Premises
- Protecting the Legitimate Interests of Hotel Guests and Visitors
- Ensuring Compliance with Legislation in Activities
- Executing and Supervising Business Operations
- Managing Customer Relationship Management Processes
- Conducting Customer Satisfaction Activities
- Tracking Requests/Complaints
- Providing Information to Authorized Persons, Institutions, and Organizations
Data Category: Process Safety Data
Processed Personal Data:
- IP Address
- Website Opt- in / Opt-out
- Traffic Data Time of Connection etc)
Purposes of Processing Personal Data:
- Execution of Information Security Processes
- Execution of Activities in Compliance with Regulations
- Management of Customer Relationship Management Processes
- Tracking of Requests and Complaints
- Provision of Information to Authorized Persons, Institutions, and Organizations
Data Category: Legal Process Data
Processed Personal Data:
- Dispute- Related Case File Information
- Legal Notices
- Correspondence with Judicial and Administrative Authorities
Purposes of Processing Personal Data:
- Tracking and Management of Legal Matters
- Execution and Supervision of Business Activities
- Providing Information to Authorized Persons, Institutions, and Organizations
- Execution of Activities in Compliance with Regulations
- Management of Storage and Archiving Activities
- Management of Risk Management Processes
- Execution of Contract Processes
- Tracking of Requests/Complaints
- Ensuring the Security of Data Controller Operations
Data Category: Other Data
Processed Personal Data:
- Accomodation Date
- Room Type
- Vehicle Plate Number
- Allergen Details
- Disability Information
- Smoking Preference
- Special Day
- Celebration
- Details
- Children Details
- F&B Preferences
- IHG Rewards Club Card Loyality- Honour Membership Details
Purposes of Processing Personal Data:
- Customization of the Service
- Execution of Customer Relationship Management Processes
- Implementation of Customer Satisfaction Activities
- Tracking of Requests/Complaints
- Management of Goods/Services Sales Processes
- Management of Goods/Services Production and Operations Processes
- Conducting Marketing Analysis Studies
- Execution of Advertising, Campaign, and Promotion Processes
- Conducting Necessary Activities by Business Units to
- Benefit from Provided Products and Services and
- Management of Related Business Processes
What Are the Methods for Collecting Your Personal Data?
The personal data listed in categories above are collected through the following methods:
- By reporting your reservation and accommodation service requests to Crowne Plaza Bosphorus via phone or email.
- By being transferred to Crowne Plaza Bosphorus through online systems, phone, or email by our business partners, agencies, and/or tour operators due to the services you have received.
- By providing information and documents to the reservation or front desk department of Crowne Plaza Bosphorus physically upon your entry.
- By visiting the Crowne Plaza Bosphorus website.
- If your reservations are made online through the InterContinental Hotels Group (“IHG”) website or mobile application, the information is reported to Crowne Plaza Bosphorus by IHG through their system.
Your personal data is collected via internet applications, information systems, electronic devices (such as telecommunications infrastructure, computers, and phones), and other information and documents provided by you, through electronic or non-electronic means.
On What Legal Grounds Is Your Personal Data Collected and Processed?
Your personal data is collected and processed by Crowne Plaza Bosphorus and real or legal persons processing data on its behalf under the following legal grounds:
- As explicitly foreseen in laws for the fulfillment of the above-stated purposes.
- If directly related to the establishment or performance of a contract, and the processing of personal data of the contract parties is necessary.
- If necessary for the data controller to fulfill its legal obligations.
- If necessary for the data controller’s legitimate interests, provided that it does not harm the fundamental rights and freedoms of the relevant person.
- Based on explicit consent.
To Whom and For What Purposes Can Your Personal Data Be Transferred?
Your collected personal data may be transferred to service providers, business partners, and suppliers located both domestically and internationally, as necessary for achieving the purposes stated below. This includes programs and/or systems provided for our use, authorized persons, public institutions and organizations, and InterContinental Hotels Group located abroad to which Crowne Plaza Bosphorus is affiliated. Such transfers will be made in accordance with the conditions specified in Articles 8 and 9 of the Law.
Transfer of Personal Data
Third Parties to Whom Data is Transfered:
- To Authorized Public Institutions and Organizations
- To Service Providers, Suppliers and Business Partners Located Within the Country (Programs and Systems Provided by them
- To Service Providers, Suppliers, and Business Partners Located Abroad or Whose Servers Are Located Abroad (Programs and/or Systems Provided and Made Available to Us by Them)
- To the IHG Headquarters Located Abroad
Purpose of Personal Data Transfer:
- Fulfillment of Our Obligations to Provide Information and Documents, and Other Related Responsibilities to
- Authorized Public Institutions, Organizations, and Judicial Authorities
- Exercise of Our Legal Rights Such as the Right to Litigation and Response
- Execution of Activities in Compliance with Regulations
- Receiving Product and/or Service Support in Areas Such as Information Technologies, Marketing/Advertising/Analysis Activities, Payment Services, or Specialized Consulting
- Management of Service Sales Processes
- Management of Goods/Services Production and Operations Processes
- Conducting Marketing Analysis Studies
- Carrying Out Necessary Work by Business Units to Benefit from the Provided Products and Services
- Execution of Relevant Business Processes
- Management of Risk Management Processes
- Execution of Contract Processes
- Tracking of Requests/Complaints
- Ensuring the Security of Data Controller Operations
- Management of Information Security Processes
- Monitoring, Detection of Suspicious Transactions, and Prevention of Illegal Activities
- Receiving Product and/or Service Support in Areas Such as
- Information Technologies, Marketing/Advertising/Analysis
- Activities, Payment Services, or Specialized Consulting"
- Management of Service Sales Processes
- Management of Goods/Services Production and Operations Processes
- Conducting Marketing Analysis Studies
- Carrying Out Necessary Work by Business Units to Benefit from the Provided Products and Services
- Execution of Relevant Business Processes
- Management of Risk Management Processes
- Execution of Contract Processes
- Tracking of Requests/Complaints
- Ensuring the Security of Data Controller Operations
- Management of Information Security Processes
- Monitoring, Detection of Suspicious Transactions, and Prevention of Illegal Activities
- Improvement and Enhancement of the Standards of Provided Services
- Customization of the Service
- Execution of Customer Relationship Management Processes
- Implementation of Customer Satisfaction Activities
- Tracking of Requests/Complaints"
- Management of Goods/Services Sales Processes
- Management of Goods/Services Production and Operations Processes
- Conducting Marketing Analysis Studies
- Carrying Out Necessary Work by Business Units to Benefit from the Provided Products and Services
- Execution of Advertising, Campaign, and Promotion Processes
How Long Will Your Personal Data Be Retained?
Your personal data will be retained for the period required by law, provided it is in line with the purposes of collection. We adhere to criteria specific to the retention periods for different categories of personal data. Once the retention period has expired, your personal data will be deleted, anonymized, or destroyed.
What Are Your Rights as a Data Subject?
Data subjects may exercise the following rights by applying to the Company:
- Learn whether their personal data is being processed.
- Request information if their personal data has been processed.
- Learn the purpose of processing personal data and whether it is used in accordance with its purpose.
- Learn the third parties, whether domestic or international, to whom their personal data has been transferred.
- Request correction of personal data if it is incomplete or inaccurate.
- Request deletion or destruction of personal data under Article 7 of the Law.
- Request notification of the correction, deletion, or destruction of personal data to third parties to whom the data has been transferred.
- Object to a result that is processed exclusively through automated systems that is detrimental to the data subject.
- Request compensation for damages suffered due to unlawful processing of personal data.
How Is the Application and Complaint Process Regarding Your Personal Data?
You can submit your applications related to the above-mentioned rights to Set Otelcilik Ticaret ve Anonim Şirketi (“Crowne Plaza Bosphorus”) via email at info@cportakoybosphorus.com. Your requests will be processed free of charge within the shortest time possible and no later than thirty days. However, if the process incurs additional costs, a fee may be charged according to the tariff determined by the Personal Data Protection Board.