CLARIFICATION DOCUMENT

As Gurkanlar Tourism Construction Works Ltd Corp. (Shall be called “Gurkanlar Tourism” afterwards) we appreciate protection of your personal data and show ultimate attention on security of your personal data. We proceed your personal data according to the Law on Protecting Personal Data that is numbered 6698 (GDPR Law of Republic of Turkey) and we take necessary technical and administrative measures to protect them. GURKANLAR TURIZM, which act as data responsible, prepares this clarification document in order to explain data proceeding and information.

Identity of Data Responsible and Communication Information

Gürkanlar Tourism Construction Works Ltd Corp.
Commercial Registry Number: 1960
Mersis Number: 0445001745200013
Address: Oludeniz County, Deniz Park Cad. No.7B, Fethiye/Muğla
Contact Info: info@ecclesiahotel.com

1) Definition of Personal Data

The concept of personal data is expressed as “any kind of information about any real person, whose identity is / can be determined” in Turkey GDPR Law. Accordingly, Gürkanlar Tourism may proceed the data collected from you such as name, surname, e-mail address, postal address, telephone number, birth date etc. in line with the provisions of relevant legislation.

Special kind of personal data is the data of people about their race, ethnicity, political thought, philosophical belief, religion, sect and other beliefs, dressing, membership of associations, foundations or syndications, health, sexual life, criminal records, security measures and biometrical and genetic data. Your special kind of personal data may be processed according to Turkey GDPR Law and shall be precisely protected.

2) The Purpose of Processing Personal Data

Your personal data may be proceeded by Gürkanlar Tourism in line with the undermentioned purposes and according to Turkey GDPR Law and its relevant regulations and our policy of protecting personal data

• Execution of managerial activities
• Informing authorized persons, agencies and intuitions
• Ensuring security of operations conducted by the data responsible
• Execution of payment policies
• Ensuring security of movables and sources
• Execution of sponsorships and donations
• Execution of storage and archiving
• Execution of risk management process
• Executing purchasing process of goods and services
• Execution of procurement process
• Execution of activities to ensure work sustainability
• Execution of occupational health and safety activities
• Execution of auditing / investigation / informative activities
• Execution of activities in line with the legislation
• Execution of auditing / ethical activities
• Execution of information security process
• Execution of emergency status management process
• Execution of advertisement / campaign / promotion processes
• Execution of activities towards customer satisfaction
• Execution of customer relations management process
• Execution of communication activities
• Ensuring security of physical place
• Execution of access powers
• Execution of application process of prospective employees
• Execution of hiring process of prospective employees / apprentices / students
• ID verification
• Execution of aftersales support services for good / services
• Execution of sales process of goods / services
• Execution of strategic planning activities
• Development and tracking of visitor data
• Execution of marketing process of goods / services
• Follow-up of demands / complaints
• Execution of performance assessment process
• Execution of marketing analysis studies
• Execution of logistics activities
• Execution / Auditing of work activities
• Planning of human recourses processes
• Pursuing and execution legal works
• Execution of finance and accounting works
• Execution of educational activities
• Execution of processes for side benefits and rights of the employees
• Execution of processes for employee satisfaction and loyalty
• Execution of loyalty processes for company / goods / services
• Execution of assignment processes
• Execution contracting processes
• Fulfilment of responsibilities for the employees acquired from the contract and legislation

3) Transferring Personal Data

Gürkanlar Tourism may transfer your personal data in accordance with relevant legislation and the decisions of the Turkey GDPR Board. In terms of transferring your personal data, Gürkanlar Tourism is responsible for conducting transfer of personal data in accordance with the GDPR Law of Turkish Republic and the decisions of the GDPR Board.

Neither the personal data nor the special kind of personal data may be transferred to other real or legal persons without consent of the relevant person. However, Gürkanlar Tourism may transfer your personal data without your prior consent in exceptional cases defined in the fifth and sixth articles of Turkish Republic GDPR Law.

Gurkanlar Tourism may transfer your personal data abroad in accordance with relevant legislation and decisions of the GDPR Board. In spite of the exceptional situations, which are defined in the Turkish GDPR Law, transferring the personal data abroad is bound to the prior consent of relevant person. Gürkanlar Tourism takes all security measures preceded in the relevant legislation and decision of the GDPR Board of Turkey when transferring your personal data abroad.

Your personal data may be transferred abroad due to processing reasons. Reserving the situations mentioned in GDPR Law of Turkish Republic, transferring your personal data is bound to prior consent of relevant person. Your personal data may be shared or transferred by our partners, representatives, suppliers, auditors, by legally authorized public agencies and institutions and private agencies or institutions, occupational organizations and similar institutions, controlling and regulating authorities, by legally authorized real persons, special law entities and by other persons or institutions within the framework of the conditions and objectives defined in 8th and 9th articles of the Law.

In case, that your personal data is transferred abroad, specific protection shall be applied according to the decisions of GDPR Board of Turkey. On the other hand, GÜRKANLAR TOURISM and its relevant data responsible abroad shall guarantee sufficient protection in a written way alongside the permit by the Board.

Method of Collecting Personal Data and Legal Basis

Under eligible conditions for processing personal data, GÜRKANLAR TOURISM may partly or fully collect the shared personal data through directly human resources processes, direct representatives, suppliers, and/or partners, or through recorded linked information when our web site or social media accounts are used, and also through electronically fulfilled communication forms, through similar forms you fulfilled at workplace , office and our representatives. The documents and information you shared in e-mails, fax letters, and mails through verbal or written communication you made with GÜRKANLAR TOURISM, the information and document you shared with GÜRKANLAR TOURISM, its partners and representatives via telephone or direct contact, and the personal data written in the signed contract with GÜRKANLAR TOURISM and any other kind of written, oral or electronic data may be partly or fully collected through automatic or non-automatic ways .

Your personal data may be processed and shared within the context of the conditions and purposes mentioned in 5th and 6th Articles of GDPR Law of Turkish Republic.

The mentioned conditions for your personal data are as follows:

1. Clear consent of the relevant person
2. Clear prediction in Law
3. In the cases when the data is necessary to protect life or bodily integrity for the persons or others who may not explain consent or whose consent is legally void
4. As processing personal data of contractual parties necessary, when the data is directly linked with development and execution of contracts.
5. As it is necessary for data responsible to fulfil legal obligations.
6. As the data is publicised by the relevant person.
7. When data processing required to gain, use or protection of any right,
8. When it is necessary to proceed data for legitimate benefits of the data responsible providing that basic rights and freedoms of the person shall not be damaged.

The mentioned conditions for your special kind of personal data are as follows:

1. Clear consent of the relevant person
2. The data other than sexual or health records may be proceeded by persons under confidentiality obligation and by other authorized agencies and organizations without prior consent of the relevant person due to the conditions mentioned by Law. Health and sexual records may only be proceeded to protect public health, to imply protective medicine, to make diagnosis, to conduct treatment and care services, to plan health services and financial and managerial matters.

In proceeding personal data, it is important to take necessary measures mentioned by the Turkish GDPR Board. GURKANLAR TOURISM takes the necessary measures without any delay.

5) Your Rights About Protection of Personal Data

GÜRKANLAR TOURISM is obliged to respond applications of data owners according to the provisions of the Turkish GDPR Law. The persons whose personal data is proceeded by ourselves, may use their rights mentioned in the Turkish GDPR Law after submitting their identification records.

The data owners have the following rights in the context of the Turkish GDPR Law:

• To learn if their personal data is proceeded
• If yes, to demand information about the process
• To learn the purpose of data processing and to ask if these process is purposefully conducted.
• To know about domestic or foreign third parties, which the personal data is transferred
• To ask recovery if the personal data is fallibly proceeded or lacked.
• To ask for extinction or erasure of personal data in the framework of conditions mentioned in Article 7
• To ask for notification of third parties ,whom the personal data is transferred, about the proceedings mentioned in bullets (d) and (e)
• To appeal possible negative outcomes of processed personal data due to particular automatic analysis
• To ask for recovery if any loss happens due to illegal data proceeding.

In these cases, you may deliver your demand through methods defined by Turkish GDPR Board for free by using application form in www.ecclesiahotel.com.tr/index.html address alongside identity proofs and send to our info@ecclesiahotel.com e-mail address with your secure electronic signature or you may personally deliver or send a wet signed copy of the form through Notary or by certified mail to our “Ölüdeniz County, Deniz Park Cad. No.7B Fethiye/Muğla” address. If any third party applies on behalf of the personal data owner, a Notarized proxy shall be submitted.

If the relevant person applies and submits application to Gürkanlar Tourism, then Gürkanlar Tourism shall respond within thirty days without any charge. If any cost occurs, the fee defined by the Board shall be charged. Gürkanlar Tourism may reject the application by explaining the legitimate reason.

According to the14th Article of the Law on Protecting Personal Data (GDPR Law), the applicant may appeal to the Board if the application is rejected, or the given response is deemed insufficient or null, within thirty days by the time of delivery of response and within sixty days by the time of application.

6) The Situations Where the Data owner May not Appeal for Their Rights

The data owners, whose data are processed, are exempt from the context KVK Law in the following cases ,according to 28/1st Article of the KVK Law, so they may not assert their rights as provided in Article 9 :

• Proceeding personal data for research, planning and statistical purposes by anonymization with official data
• Proceeding data for artistic, historical, literature and scientific contexts provided that proceeding these data do not violate national defence, national security, public security, public order, economic security, privacy and individual rights nor constitute any crime.
• Proceeding data in the framework of preventive, protective, and informative activities conducted by legally authorized and assigned public agencies and institutions in order to ensure national defence, national security, public security, public order, or economic security.
• Proceeding personal data by judicial authorities or execution officers regarding investigation, inquiry, jurisdiction and execution affairs.

In addition, according to the 28/2nd Article of the Law, data owners may not assert their rights from Gürkanlar Tourism, except the right of asking recovery of loss among those are mentioned in the 9th Article:

• When processing data is necessary for preventing crime or for investigating crime
• When the data owner proceeds already publicised data of his/her own
• When proceeding data is necessary to fulfil control and regulation duties and to execute disciplinary investigations conducted by assigned and authorized public agencies organizations and official occupational organizations.
• When proceeding data is necessary to protect economic and financial benefits of the State regarding budget, tax and fiscal matters.