PPPD Policy

(Processing and Protection of Personal Data)

 

SCOPE AND PURPOSE

            This Policy has the purpose to make regulations regarding processing the personal data arising from legal, commercial and financial relationships that (DREAM WORLD) OPTİMAL TURİZM KUY. TAŞ. İNŞ. DERİ VE TEKS. SAN. LTD.ŞTİ and its customer and personnel interacted and communicated with the real and judicial persons or obtained directly from them, to determine the conditions to be followed and declare and announce them.

Disclosure Obligation

            The personal data processed during the relationships of DREAM WORLDS, its customers and working personnel communicated and interacted with the real and judicial persons within the scope of LPPD (Law on Protection of Personal Data) numbered 6698 and brought into force on 07.04.2016 are required to be legally organized due to necessities and requirements that the legislation require.

            DREAM WORLD pays attention and care at high level to the personal data security and confidentiality of the relevant persons that it communicates and interacts with the customer and personnel. During the performance of DREAM WORLD Services, priority is given to the personal data security of the relevant persons.

            Any personal data that can be associated with a natural person (including special quality personal data) in accordance with the provisions of the law mentioned above are considered as personal data within the scope of PPD Law. These personal data are processed by DREAM WORLD as the Data Controller with the methods detailed below and within the framework of the limits ordered by the legislation.

“Processing of Personal Data” means all kinds of transactions that are carried-out on the data such as acquitting, recording, storing, preserving, changing, re-organizing, explaining, transferring, taking over, bringing available, classifying or preventing to use of these data by fully or partially automated or non-automatic means provided that they are part of any data recording system.

Processing Purpose and Legal Basis of Personal Data

            The personal data can be collected in written or verbal form by DREAM WORLD in electronic or physical environment with automatic or non-automatic methods as required by the legislation including registration to a platform by means of telephone, fax, e-mail, sms and other social media environments, mobile applications.

            Within the framework of the 5th article of the LPPD numbered 6698, they are processed within the specified personal data processing conditions and purposes including

  1. Explicating consent of the data owner,
  2. Stipulating in the laws clearly,
  3. Being mandatory for the protection of a person himself/herself who is in a situation that will not explain his/her consent due to the actual impossibility or to whom consent is not recognized a legal validity or someone else’s life or bodily integrity,
  4. Being necessary of processing the personal data belonging to the contract parties provided that they are directly relevant for establishing or performing a contract prepared as a result of approval and/or signature with DREAM WORLD,
  5. Being mandatory of DREAM WORLD to fulfill its legal obligation,
  6. Being available of the data processing by the relevant person,
  7. Being mandatory of the data processing for the establishment, exercise or protection of a right,
  8. Being mandatory of the data processing for the legitimate interests of DREAM WORLD provided that it does not harm the fundamental rights and freedoms of the relevant person.

 

And also within the scope of the 6th article, including

  

  1. Explicit consent of the data owner,
  2. In other cases stipulated by laws

Sharing and Transfer of Personal Data

            The personal data belonging to the relevant person may be shared by DREAM WORLD by taking the necessary electronic and physical security measures with the domestic/foreign solution partners that it is in a commercial, legal and economic relationship, project partners, program and cooperation partners, supplier companies, institutions and organizations, independent auditors, banks and financial institutions, other companies, persons and organizations from which assistance and support is received, and also with consultancy firms such as lawyers, financial advisors, law, informatics, quality and financial consultants upon request by official institutions and organizations in cases where they are required by the legislation. These sharing and transfer transactions are also valid for abroad.

            DREAM WORLD may transfer, process and store the personal data belonging to the relevant person in servers with information technology support, hosting companies, software, other electronic media such as cloud computing in Turkey or especially EU countries, other countries including the United States and England provided that the necessary security measures are taken.

Collection Method of Personal Data

            The personal data belonging to the relevant person; all agreements/information forms and other documents signed with approval and/or acceptance; approval, acceptance and notifications made by electronic approval and / or signature; data obtained in verbal, written, visual, sound recording or electronic media that is communicated with the person or may communicate in the future with the methods such as administrative center, physical environments, call centers, websites, mobile applications, internet transactions, social media and other public areas, user interviews, forensic records scanning, market research, Identity Sharing System, SMS, digital applications, mobile applications, written/digital applications to sales teams, call center of DREAM WORLD are collected fully or partially automatically or as part of any data recording system and kept by considering the statute of limitations in accordance with the relevant legislation.

            The personal data collected by DREAM WORLD for the above mentioned legal reasons may be processed or transferred for the purposes described previously of this policy by taking into account personal data processing conditions that are specified in the 5th and 6th articles of Law on Protection of Personal Data numbered 6698.

User Rights

(In accordance with the 11th Article PPD Law numbered 6698)

            The relevant persons have right to

  • To learn whether the personal data of DREAM WORLD have been processed by means of e-mail related to the personal data,
  • To request information if processed,
  • To learn the purpose of processing and whether they are used appropriately,
  • To know the third persons transferred domestically or abroad,
  • To ask for correction if they are incomplete/incorrectly processed,
  • To request the deletion, destruction or anonymization of personal data in case the reasons requiring the processing of personal data disappear,
  • To request notification of transactions that are made as per the (5) and (6) paragraphs deemed above against the 3rd persons to whom they are transferred,
  • To object to the emergence of a result against you because it is analyzed exclusively with the automated systems, and
  • To demand the compensation of the damage in case of damage due to illegal processing and other rights written in the legislation for the personal data of DREAM WORLD by means of the following e-mail regarding the personal data.

Data Controller Who May Apply Within the Scope of Law

            DREAM WORLD Data Supervisor is the person registered in the VERBIS system at www.LPPD.gov.tr.

            The relevant person may send his/her requests, complaints and suggestions to the address of DREAM WORLD which is specified below by means of application in person or through notary public or by indicating the e-mail address notified by the user during account opening and registered on the website within the scope of rights mentioned above.

            Name, surname, RFT identification number, address of residence or workplace for notification, mobile phone number, e-mail address and the subject of the request are required to be present and the information and documents regarding the request are also required to be attached to the application.

            The official language of correspondence that will be made with DREAM WORLD is Turkish. For this reason, it is essential that all kinds of applications, correspondence, problems, complaints and suggestions are written and sent in Turkish.

            If the application is submitted in writing and physically, the signature should be wet signed.

            As a rule, the responses to the requests, problems, suggestions and complaints are not subject to a fee. However, if there is a cost, fee or other cost related to the answer to be given, DREAM WORLD reserves the right to charge the fees in the tariff determined by the LPPD Regulations or other authorities.

            For more detailed information or for your problems, requests, suggestions and complaints about the KVK Policy, please contact [email protected]

            It is also possible to obtain the KVK Policy book from DREAM WORLD

For your physical and written applications:

(DREAM WORLD)

OPTİMAL TURİZM KUY. TAŞ. İNŞ. DERİ VE TEKS. SAN. LTD.ŞTİ

EVRENSEKİ MH. SAHİL CD. NO: 30   MANAVGAT ANTALYA

E-MAIL                     : [email protected]

 

DISCLOSURE TEXT

(For Hotel Guests)

            You may reach to the details regarding the explanations taking place in this disclosure text that has prepared pursuant to the Law on Protection of Personal Data (LPPD Law) numbered 6698 with LPPD Policy which has prepared and brought into force in this accommodation facility belonging to (DREAM WORLD) OPTİMAL TURİZM KUY. TAŞ. İNŞ. DERİ VE TEKS. SAN. LTD. ŞTİ as data controller from the LPPD Policy and documents taking place in the attachments, in this scope;       

  1. Your Personal Data Processed

  1. Identity and Family Information [Name-surname, RFT Identity Number, Passport Number, place of birth – date, marital status, profession, gender, name and number of child, age and dates of birth, signature, register card with voucher (travel card) information (accommodation card information), room type and number, flight number, hotel hosted, accommodation dates and amount]
  2. Contact Information [address, telephone number, e-mail address]
  3. Location Information [Accommodation and location information]
  4. Customer Transaction Information [(Vehicle license plate, survey form, records, requests and instructions for product and service delivery, photographs, wedding, special days of birth anniversary, call center records, invoice, promissory note, check information, information on box office receipts, order information, request information]
  5. Physical Location Security Information [Entry-exit recording information, camera and sound records of employees and visitors]
  6. f) Transaction Security Information [IP address, hotspot records, password and password information, website login and exit information, log and digital traffic records]
  7. Financial Information [bank account number, IBAN, Credit card number, CVC code, expiry date]
  8. Visual and Auditory Records and Information [Audio recordings, visual and auditory records and information received through the call center]
  9. Health Information [Information belonging to disability condition, blood group information, chronic diseases, past diseases, asthma, diabetes, heart, blood pressure diseases, personal health information, device and prosthesis information used]

  1. Collection Method of Your Personal Data and Legal Reasons

Your personal data according to this disclosure text are obtained in verbal, written and electronic form by third parties or by means of information, documents and similar means transmitted by you with whom we have contracted and served as a requirement of working with solution partners that are in cooperation and contractual relationship with non-automatic methods provided that it is part of the automatic or data recording system.

Those data are able to be processed directly in the presence of the following conditions where your explicit consent is not required because of your express consent within the framework of the 5th article of the LPPD Law numbered 6698. In this scope;

  1. Stipulating in the laws clearly,
  2. Being mandatory for the protection of himself/herself or someone else’s life or bodily integrity of a person who is unable to disclose his/her consent due to actual impossibility or whose consent is not legally become valid,
  3. Being necessary to process personal data of the parties to the agreement provided that it is directly related to the establishment or performance of an agreement,
  4. Being mandatory for the data controller to fulfill his/her legal obligation,
  5. Being made public by the person concerned,
  6. Being mandatory of data processing for the establishment, exercise or protection of a right,
  7. Being mandatory of data processing for the legitimate interests of the data controller provided that it does not harm the fundamental rights and freedoms of the relevant person.

Your private personal data other than health and sexual life are able to be processed in cases stipulated by laws based on your express consent or in accordance with the provisions of the same article within the scope of the 6th Article of the LPPD numbered 6698. In case where you do not have your explicit consent, your personal data regarding health and sexual life may be processed by the persons or authorized institutions and organizations being under confidentiality obligation for the protection of public health, and conducting preventive medicine, medical diagnosis, treatment and care services.

  1. Purpose of Processing Your Personal Data

Your personal data are processed within the purposes shown below by considering the principles of retention for the required period of time that are stipulated in the relevant legislation or required for the purpose for which they are processed within the scope of being compliance with the law and good faith, being accurate and up-to-date when necessary, processing for specific, explicit and legitimate purposes, being connected, limited and measured with the purpose of processing according to the 4th, 5th and 6th Articles of the LPPD numbered 6698.

  1. Executing Emergency Management Processes
  2. Executing Information Security Processes
  3. Executing Employee Candidate / Intern / Student Selection and Placement Processes
  4. Executing Employee Candidates’ Application Processes
  5. Executing Employee Satisfaction and Loyalty Processes
  6. Fulfilling Obligations Arising From Employment Contract And Legislation For Employees
  7. Executing Fringe Benefits and Interests Processes for Employees
  8. Executing Audit / Ethical Activities
  9. Planning and executing activities and organizations such as training, seminars, congresses,
  10. Executing Access Authorities
  11. Executing Activities in Compliance with Legislation
  12. Executing Finance and Accounting Affairs
  13. Executing Loyalty Process to Company / Products / Services
  14. Ensuring Physical Location Security
  15. Executing Recruitment Processes
  16. Following and Executing Legal Affairs
  17. Executing Internal Audit / Investigation / Intelligence Activities
  18. Executing Communication Activities
  19. Planning Human Resources Processes
  20. Executing / Supervising Business Activities
  21. Executing Occupational Health / Safety Activities
  22. Receiving and Evaluating Suggestions for the Improvement of Business Processes
  23. Executing Business Continuity Activities
  24. Executing Logistics Activities
  25. Executing Goods / Service Purchase Processes
  26. Executing Goods / Service After Sales Support Services
  27. Executing Goods / Service Sales Processes
  28. Executing Goods / Service Production and Operation Processes
  29. Executing Customer Relationship Management Processes
  30. Executing Activities Intended to Customer, Guest Satisfaction, Service Quality
  31. Organization and Event Management
  32. Executing Marketing Analysis Studies
  33. Executing Performance Evaluation Processes
  34. Executing Advertising / Campaign / Promotion Processes
  35. Executing Risk Management Processes
  36. Executing Custody and Archive Activities
  37. Executing Social Responsibility and Civil Society Activities
  38. Executing Agreement Processes, Fulfilling the Obligations Assumed by the Performance of the Product and Service Conditions Completely and Correctly
  39. Executing Sponsorship Activities
  40. Executing Strategic Planning Activities
  41. Following Requests / Complaints
  42. Ensuring Security of Movable Goods and Resources
  43. Executing Supply Chain Management Processes
  44. Executing Wage Policy
  45. Executing Marketing Process of Products / Services
  46. Ensuring Security of Data Controller Operations
  47. Foreign Personnel Work and Residence Permit Procedures
  48. Executing Investment Processes
  49. Executing Talent / Career Development Activities
  50. Giving Information to the Authorized Persons, Institutions and Organizations
  51. Executing Management Activities
  52. Creating and Following Visitor Records
  53. Fulfilling Safe Accommodation, Reservation, Holiday Sales Procedures,
  54. Using Surveys, Marketing And Advertising in order to Share In Social Media And Other Environments
  55. Ensuring public safety of customers, employees and related third parties in the workplace,
  56. Implementing first intervention, diagnosis and treatment methods in case where health problems occur,
  57. Conducting activities related to the business and the workplace in accordance with the legislation, company policies and procedures,
  58. Planning and executing special day events and activities such as celebration, party, birthday, marriage, wedding, engagement and anniversary

Your personal data are not processed for purposes other than those shown above. All kinds of technical and administrative measures are taken by the enterprise to prevent the unlawful processing or illegal access of personal data.

  1. Transfer of Your Personal Data

Your personal data can be transferred in country or to abroad in the presence of the following conditions according to the 8th and 9th articles of the LPPD numbered 6698.

            The personal data taken due to the existence of the circumstances in the 5th article of the LPPD numbered 6698 or in line with your express consent can be transferred to the institutions and companies by which it is cooperated, to the persons and institutions by which it is interacted such as supplier and to third parties by and to whom it is received service or provided service in accordance with the provisions of the 8th and 9th articles of the Law in line with the above-mentioned purposes and in order to carry-out the above-mentioned activities.

            Your personal data regarding health can be transferred without the explicit consent of the person concerned by the persons or authorized institutions and organizations that are found under confidentiality obligation in order to protect public health, to carry out preventive medicine, medical diagnosis, treatment and care services, to plan and manage health services and finance provided that adequate precautions are taken.

            Provided that it is clearly stipulated in the laws; that it is mandatory for the protection of life or physical integrity the person who is unable to disclose their consent due to actual impossibility and whose consent is not legally valid; that it is directly related to the establishment or performance of a contract; that it is necessary to process personal data of the parties to the contract; that it is mandatory for the data controller to fulfill his/her legal obligation; that the data is made public; that data processing is mandatory for the establishment, use or protection of a right; and that it does not harm your fundamental rights and freedoms; in cases where data processing is mandatory for the legitimate interests of the data controller and moreover, for the purpose of protection of the public health, preventive medicine, medical diagnosis, treatment and care services and planning and management of health services and financing; on the condition that it is fulfilled by the persons or authorized institutions and organizations that are found under the obligation of secrecy; your personal data can be transferred abroad without your express consent in case there is sufficient protection abroad and there is not enough protection provided that the data controllers found in Turkey and foreign country commit an adequate protection in written form and there is permission of PPD Board.

            The PPD Board can decide whether sufficient protection in the foreign country is transferable abroad and transfer will be given permission to abroad without your express consent in order to evaluate the international agreements that Turkey is a party; the reciprocity condition for transferring data between the country requesting the personal data with Turkey; the nature of personal data and the purpose and duration of its processing regarding each concrete personal data transfer; the relevant legislation and implementation of the country where the personal data will be transferred; the measures undertaken by the data controller in the country where the personal data will be transferred or if needed by taking the opinions of the relevant institutions and organizations. Your personal data can be only transferred to abroad with the permission of Board by taking the opinion of the relevant public institution or organization in cases where the interest of Turkey or you will severely damage without prejudice to the provisions of international agreements.

In this scope your personal data can be transferred

  • To the authorized public institutions and organizations,
  • To the company partners and officials,
  • To the business and solution partners,
  • To the supplier persons and companies,
  • To the real or legal persons with whom it is interacted with the purposes specified below, in other words;

  1. Executing Emergency Management Processes
  2. Executing Information Security Processes
  3. Executing Employee Candidate / Intern / Student Selection and Placement Processes
  4. Executing Employee Candidates’ Application Processes
  5. Executing Employee Satisfaction and Loyalty Processes
  6. Fulfilling Work Contract for Employees and Obligations Arising from Legislation
  7. Executing Fringe Benefits and Interests Processes for Employees
  8. Executing Audit / Ethical Activities
  9. Planning and executing activities and organizations such as training, seminars, congresses,
  10. Executing Access Authorities
  11. Executing Activities in Compliance with Legislation
  12. Executing Finance and Accounting Affairs
  13. Executing Loyalty Processes to Company / Products / Services
  14. Ensuring Physical Location Security
  15. Executing Assignment Processes
  16. Following and Executing Legal Affairs
  17. Executing Internal Audit / Investigation / Intelligence Activities
  18. Executing Communication Activities
  19. Planning Human Resources Processes
  20. Executing / Supervising Business Activities
  21. Executing Occupational Health / Safety Activities
  22. Receiving and Evaluating Suggestions Intended to the Improvement of Business Processes
  23. Executing Business Continuity Activities
  24. Executing Logistics Activities
  25. Executing Goods / Service Purchase Processes
  26. Executing Goods / Service after Sales Support Services
  27. Executing Goods / Service Sales Processes
  28. Executing Goods / Service Production and Operation Processes
  29. Executing Customer Relationship Management Processes
  30. Executing Activities Intended to Customer, Guest Satisfaction, Service Quality
  31. Organization and Event Management
  32. Executing Marketing Analysis Studies
  33. Executing Performance Organization and Event Management Evaluation Processes
  34. Executing Advertising / Campaign / Promotion Processes
  35. Executing Risk Management Processes
  36. Executing Custody and Archive Activities
  37. Executing Social Responsibility and Civil Society Activities
  38. Executing Contract Processes, Fulfilling the Obligations Assumed by the Performance of the Product and Service Conditions Completely and Correctly
  39. Executing Sponsorship Activities
  40. Executing Strategic Planning Activities
  41. Following Requests / Complaints
  42. Ensuring Security of Movable Goods and Resources
  43. Executing Supply Chain Management Processes
  44. Executing Wage Policy
  45. Executing Marketing Process of Products / Services
  46. Ensuring Security of the Data Supervisor Operations
  47. Foreign Personnel Work and Residence Permit Procedures
  48. Executing Investment Processes
  49. Executing Talent / Career Development Activities
  50. Giving Information to the Authorized Persons, Institutions and Organizations
  51. Executing Management Activities
  52. Creating and Following Visitor Records
  53. Fulfilling Safe Accommodation, Reservation, Holiday Sales Transactions,
  54. Using Surveys, Marketing and Advertising in order to Share In Social Media And Other Environments,
  55. Ensuring public safety of customers, employees and relevant third parties in the workplace,
  56. Implementing first intervention, diagnosis and treatment methods in case of health problems,
  57. Carrying out the management and activities of the business and the workplace in accordance with the legislation, company policies and procedures,
  58. Planning and executing special day events and activities such as celebration, party, birthday, marriage, wedding, engagement and anniversary.

  1. Your Rights as a Personal Data Owner

The data owner, in other words, the relevant person has right to 

  1. To learn whether personal data is processed or not,
  2. To request information if personal data has been processed,
  3. To learn the purpose of processing personal data and whether they are used appropriately for their purpose,
  4. To know the third parties in the country or abroad to whom personal data have been transferred,
  5. To request correction of personal data in case of incomplete or incorrect processing,
  6. To request the deletion or destruction of personal data within the framework of the conditions stipulated in the 7th Article of the LPPD,
  7. To request notification of the personal data that are processed incorrectly and requested to be corrected and the personal data requested to be destroyed to third parties to which it is transferred,
  8. To object to the emergence of a result against the person himself/herself by analyzing the processed data exclusively through automated systems,
  9. To request the compensation of the damage in case of damage due to the illegal processing of personal data within the scope of law.

You are required to apply to the personal data controller by primarily using the following communication channels in order for them to use their complaint rights as a personal data owner. No complaint can be made to the PPD Board without exhausting this way.

Your request is answered by our company as a data controller as soon as possible and within 30 days at the latest, depending on the nature of the request.

In case where your application is rejected or the response is insufficient or your application is not answered in time, you can use the right to complain to the PPD Board or apply directly to the judiciary.

Application Address and contact information:

(DREAM WORLD) OPTİMAL TURİZM KUY.TAŞ.İNŞ.DERİ VE TEKS. SAN. LTD.ŞTİ

EVRENSEKİ MH. SAHİL CD. NO: 30   MANAVGAT ANTALYA

E-MAIL                     : [email protected]

  1. Retention Period of Your Personal Data

Your personal data that are required to be processed with the above-mentioned methods and in line with the stated purposes are stored in the data inventory for the period specified by taking into account the timeout and the grace periods. In case where the reasons requiring the processing of your data disappear or when the mandatory periods for the processing of your data in accordance with the legislation have expired, they are deleted, destroyed or anonymized by using any of the methods of destruction at the latest in six-month periods by our company ex officio or within thirty days at the latest upon your request.

The deletion of your personal data is the process of making it inaccessible and unavailable in any way for the relevant users.

The destruction of your personal data is the process of making personal data inaccessible, retrieved and reusable by no one in any way.

The anonymization of your personal data is making the data unrelated to an identified or identifiable natural person, even by using appropriate techniques.

The transactions regarding the deletion, destruction and anonymization of your personal data are recorded. In the face of public requirements, these minutes are written for a period of 5 years.

We present to your information with our respect.

  1. Identity of Data Controller

 

NAME / TITLE        : OPTİMAL TURİZM KUY. TAŞ. İNŞ. DERİ VE TEKS. SAN. LTD.ŞTİ

ADDRESS                : EVRENSEKİ MH. SAHİL CD. NO:30   MANAVGAT ANTALYA

MERSİS NO             : 0644031073500025

TAX OFFICE / NO  :  MANAVGAT  6440310735