INFORMATION TEXT ON THE PROTECTION OF PERSONAL DATA LAW.
Due to legal obligations, this notification is made in accordance with Article 10 of the "Personal Data Protection Law" no: 6698.
This text, has been prepared within the scope of companies, each of which carries the title of data controller in terms of their legal entities. In all of our facilities operating under the Özyer Group and serving under the management of Hotel Management for the Protection of Personal Data. This has been prepared in accordance with the elements specified in the law, and within the framework of considerations included in the Law on Personal Data Protection.
Lykia Tourism Investments Industry and joint Trade Stock Company (Liberty Lykia)
Ayfaba Tourism Investments Construction Joint Stock Company (Liberty Fabay)
Özyer Tourism Industry and Trade Inc. (Liberty Lara, Liberty Golf & Resort Kuşadası, Sundia By Liberty Ölüdeniz, Sundia By Suncity)
Fethiye Energy Industry and Trade Inc. (Sundia Exclusive By Liberty Fethiye)
Ephesus Golf Management Tourism Industry and Trade Inc. (Ramada Resort By Wyndham Kuşadası, Ramada Suite By Wyndham Kuşadası)
Hez Tourism Industry and Trade Inc. (Liberty Signa)
All of the companies as listed above will be referred to as the 'affiliated companies' in the rest of the text.
Affiliated companies; in accordance with the Law, the regulation, which is the secondary regulation of the Law, and other legislation, as a data controller; of your guests, guest nominee, your visitors and its employees,
This text has been prepared in order to determine the processing and protection of the personal data of the partners, and employees of other companies which it is in business partnership with, and of all its interlocutors to determine the maximum storage period required for the purpose they are processed, and the process of fulfilling the requests of the persons concerned with the processed personal data.
The purpose of this text and Liberty Hotels Group's Personal Data Retention and Disposal Policy is to inform you, who choose to book a hotel on our organisations' websites, browse the websites, or fill out the forms provided by our affiliated companies, about the commitments our affiliated companies have undertaken to ensure the protection of their personal data.
In particular, we want to inform you about the personal data we collect from you, how we use this data, how we disclose it, how we protect it, and finally how you can exercise your rights over this data.
1. Purpose of Processing Personal Data
Our affiliated companies process the personal data that you provide us with, and that is relevant to you in the following cases:
When you browse our websites;
• In such instances where you make a reservation at the following hotels directly on the website: Liberty Lykia, Liberty Lara, Liberty Fabay, Sundia Exclusive By Liberty Fethiye, Sundia By Liberty Ölüdeniz, Sundia By Liberty Suncity, Liberty Signa, Liberty Kuşadası Golf & Resort, Ramada Resort By Wyndham Kuşadası and Ramada Suite By Wyndham Kuşadası.
• Where you consent to receive our newsletters and other marketing / commercial material/information from us;
• At any time when you want to contact us to ask a question, make a complaint about our affiliated companies, or to apply for a job via the contact application form.
Personal data (name, surname, date of birth, identity and passport information, work, home and mobile phone number, e-mail address, gender, address, occupation, education, marital status, license plate, accommodation, credit card, expenditure) by our affiliated companies and flight information, shopping information, billing information, consumption preferences, etc.)
• To carry out the necessary work by the business entity in order to benefit the stakeholders from the products and services offered.
• To be able to present products and services, to communicate the products and services received, or to be received by the stakeholders,
• Suggesting products and services by customizing them in accordance to their preferences, usage and needs.
• Products / services offers, (can be used in marketing activities),
• Modeling, reporting, scoring, application of human values policies,
• Ensuring the legal and commercial security of people who are in contact with our affiliated companies.
• Determination and implementation of commercial and business strategies,
• Existing, or new product studies of our affiliated companies and potential customer identification, etc.
• In relation to tourism, marketing, promotion and advertising activities, due to legal obligations, personal data is processed within the terms and purposes of processing as specified in Articles 5 and 6 of the KVKK.
2. General Principles
Our affiliated companies act within the framework of the following principles in all transactions regarding personal data, including but not limited to the acquisition, processing, storage, protection, deletion, destruction and anonymization of personal data:
• Compliance with the law and integrity rules,
• Being accurate and up-to-date when necessary,
• Processing for specific, explicit and legitimate purposes,
• Being connected, limited and restrained with the purpose for which they are processed.
• Preserving for the period required by the relevant legislation or for the purpose for which they are processed, and deleting, destroying or anonymizing personal data at the end of this period, taking into account the request of the person concerned or the periodical deletion periods.
• Responding to the requests of the relevant persons regarding their rights as defined in Article 11 of the Law at the earliest instance.
• To take all necessary technical and administrative measures as specified in the Law, Liberty Hotels Group Personal Data Retention and Disposal Policy and all other relevant legislation in all transactions regarding the storage, deletion, destruction or anonymization of personal data,
• Recording all transactions regarding the deletion, destruction, anonymization of personal data excluding other legal obligations as specified in this text and keeping them for at least 3 years.
3. Transfer of Personal Data
Making the necessary studies by the business concerns in order to benefit the stakeholder of the products and services offered by our personal data companies, offering the products and services, communicating the products and services purchased, or to be purchased, customizing the products and services according to their preferences, usage and needs, offering the product/service (to be used in marketing activities) to ensure the legal and commercial security of the people in contact with our affiliated companies, to determine and implement the commercial and business strategies of the affiliated companies, business partners, suppliers, shareholders, of our affiliated group of companies, legally authorized public institutions, state security departments and private persons within the framework of the personal data processing conditions and purposes as specified in Articles 8 and 9 of the KVKK.
3.1. Guest Personal Data
3.1.1. Guest Data associated with individuals
Personal data such as name-surname, identity or passport number, age, gender, date of birth (identity),
Personal data such as address, telephone number, e-mail address enabling communication (contact).
Personal data such as the first 6 and last 4 digits of their bank credit cards is conveyed to ensure the payment in return for the service provided, or the number of the bank cards, the cardholder's name, surname, validity date (payment),
Information and documents (service components) containing personal data regarding travel products (flight, accommodation, transfer, health tourism, etc.) obtained due to service provided.
The possibility to personalise Personal data such as an IP number (location).
Personal data (practises) that enables the service to be personalised according to the guest's wishes and expectations (thin pillow, jasmine scent, large bathrobe, etc.).
Statistical data that does not provide the opportunity to establish a direct relationship with the person; Anonymous information obtained from solutions partners who receive digital marketing services in order to determine the guest profile and learn of their preferences and to improve the services offered according to this profile, and guest data that can be anonymized by the affiliated companies.
3.1.2. Sources of Guest Personal Data
Our affiliated companies obtain guest data directly from the person, or from the representative of the person concerned, tour operators, agencies, web pages, call centers, mobile phone applications, social media accounts, third-party business and solution partners, and sources made public by the person concerned.
Personal data that are not directly obtained from the relevant person by our affiliated companies and transferred to the affiliated companies in order to benefit from accommodation services are deemed to be in compliance with the will of the relevant person(s) and the law. In the event of any hesitation in this matter, the affiliated companies without delay will take the necessary precautions and measures. When and where necessary, it immediately deletes, destroys or anonymizes personal data, in accordance with the principles set forth in the Liberty Hotels Group Personal Data Retention and Disposal Policy.
3.1.3. Reasons for obtaining, processing and transferring guest data.
Our affiliated companies only collect guest data in accordance with Articles 5.6.8 of the law. It acquires, processes and transfers data for the legitimate purposes as specified in Article 9, and within the framework of the general principles as specified in Article 2 of this text. Our affiliated companies may obtain, process or transfer personal data, limited to the extent and time required by this situation, in cases where there is one or more of the following conditions specified in Articles 5 and 6 of the law, in the absence of the explicit consent of the person concerned:
• It is clearly foreseen in the laws,
• It is compulsory for the protection of the life, physical integrity of the person or someone who is unable to express their consent due to actual feasibility, or whose consent is not legally valid,
• It is necessary to process personal data, provided that the establishment or performance of the contract is concluded by the relevant person directly related with the affiliated companies.
• It is mandatory for the affiliated companies to fulfill their legal obligations as data controllers.
• The personal data has been made public by the person concerned.
• Data processing is mandatory for the establishment, exercise or protection of a right.
• It is mandatory to process data for the legitimate interests of the affiliated companies in the capacity of data controller, provided that it does not harm the fundamental rights and freedoms of the data subject.
Based on the above-mentioned legal grounds, our affiliated companies obtain, process or transfer personal data for the following purposes without limitation, providing it is not contrary to the general principles:
• To carry out the necessary work by the business concerns in order for guests to benefit from the products and services offered by our affiliated companies.
• Suggesting and presenting products and services offered by our affiliated companies according to the preferences, usage and needs of the guests.
• Improving the quality of the services offered by our affiliated companies and development of the quality policy,
• To inform guests and potential guests so that they can benefit from ongoing and special campaigns, promotions, discounts and similar advantages offered by our affiliated companies.
In order to receive services from the channels offered by our affiliates. When the visitors log in with their user names and passwords, the personal data in the relevant channels, their preferences, transactions and the data obtained together with the browsing times, in order to provide the information and services they have requested.
• To be able to make notifications (renewal, expiration, etc.) about all kinds of loyalty cards issued and / or to be issued by our affiliated companies and their related organizations, website memberships of our affiliated companies and related institutions. All aspects of communication with guests, relating to new services and products to be offered. To inform about changes, innovations and similar issues that may occur in personal data policies and membership conditions.
• Legal and commercial security of the persons who are in a business relationship with our affiliates and affiliates (administrative operations for communication carried out by the affiliates, ensuring the physical security and control of the venues of the affiliates,
business partner/guest/supplier (authorized or employees) evaluation processes, legal compliance process, financial affairs, etc.).
• To relay information regarding events and services that the relevant persons will request from the affiliated companies,
• Determining and implementing the commercial and business strategies of our affiliated companies.
• Ensuring the implementation of the human value policies of our affiliated companies, and fulfilling a legal obligation as determined by the legislation, if or when it is clearly stated in the legislation.
It is essential to obtain either directly or indirectly, the informed consent from the guests for the personal data obtained. However, our affiliated companies may operate among their guests, or guest candidates without obtaining explicit consent limited to the matters as specified in paragraph 2 of article 5 of the law. If this requirement becomes obsolete, the data is immediately deleted, destroyed or anonymized if the guest, or guest candidate does not give consent.
Our affiliated companies do not process personal data other than the services they provide and for legitimate purposes, even if the guest's explicit consent is obtained within the framework of the above-mentioned principles, and they do not use the data they have obtained for services contrary to the rules of law and integrity in any way.
3.1.4. Transfer of Guest Personal Data
Our affiliated companies may share the data they have obtained with their business and solution partners, accommodation and transfer service suppliers, and other third parties in order to fulfill their purposes, and to fulfill their obligations within the framework of the concluded contracts, pursuant to the legal grounds as specified in this text.
Affiliated companies may transfer personal data to overseas destinations within the framework of the principles as determined by the Board in order to fulfill the service they have provided for the reasons listed in Article 8 of the law. Except for the reasons as specified in paragraph 8/2 of the Law, the transfer of personal data is dependant on the consent of the person concerned.
Our affiliated companies adopt the principle of acting within the framework of the Law, other relevant legislation, board resolutions and taking the necessary technical and administrative measures whilst sharing data with the persons and organizations to which they transfer.
Our affiliated companies may transfer personal data with the following individuals and institutions and for the purpose of providing services beyond the boundary.
• Suppliers and subcontractors to whom the affiliated companies supply the necessary services in order to provide accommodation services to their guests and at the same time to carry out their commercial activities.
• To the relevant airline companies, in case the guest wishes to take advantage of the air transportation and accommodation services together as a package.
• In the event the guest requests a private transfer service from the airport to the hotel where he/she will stay and/or from the hotel to the airport by road, the supplier and carrier companies that offer this transfer service.
• Solution partners to ensure the implementation of commercial activities for the accommodation services offered by our affiliated companies.
• To public institutions and organizations in order to fulfill their legal obligations,
• Personal data to third parties, public institutions or organizations in order to eliminate a threat to the lives, bodily integrity and the safety of individuals, to eliminate or prevent illegal acts in the event of fraud, intellectual rights and the violations and violation of data policy.
• To attorneys and legal consultations and audit companies, in order to protect the legitimate interests of our affiliated companies, their rights and interests against both themselves and the demands will be forwarded on to them.
3.2. Personal Data Regarding Employees and Employee applicants.
Our affiliated companies may process the personal data of the employees they employ for the purpose of the performance of the established employment contract, the fulfillment of mutual obligations and the fulfillment of legal obligations that fall upon it as the employer and with limited explicit consent for these purposes. In this case, our affiliated companies will undertake the general principles as stated in article 2 of this text as a basis, make aware their employees and to ensure the security of their personal data.
Our affiliated companies may process the personal data contained in the CV and related documents submitted to the employees candidates who apply for employment during the application processes, and until their applications are finalized, providing that they obtain explicit consent.
In the event that the application is not successful, the personal data is completely deleted, destroyed or anonymized following the expiry of the specified retention period. In the event that the application is partially or completely successful, the preservation and continuation of the processing of the personal data obtained is dependent on the conditions of the new legal relationship.
3.3. Special qualified Personal Data
Personal data of a specific nature as listed in Article 6 of the Law; Data on race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, disguise and dress, membership in associations, foundations or unions, union membership, health, sex life, criminal convictions and security measures, are biometric and genetic data.
Our affiliated companies take additional measures regarding the processing, transfer, deletion, destruction or anonymization of personal data as specified in this text and also of a private nature. Transactions to be made for reasons arising from legal obligations or situations envisaged by laws are reserved.
Our affiliated companies act in accordance with the data processing conditions set forth in Article 6 of the Law in the processing of special categories of personal data. In addition to the procedures and principles set forth in this text, it is necessary to take adequate measures as determined in the relevant legislation in order to process sensitive personal data.
Our affiliated companies will be able to process health-related personal data of their employees and guests in the presence of one of the following conditions, provided that they take adequate precautions as stipulated in the relevant legislation, process them in accordance with general principles, and are under obligation to keep secret:
The explicit consent of the person concerned, who is the personal data subject,
Protection of public health.
Preventive medicine, implementation of medical diagnosis, treatment and care services,
Planning and management of health services and financing.
Management of Human Values processes for employees. In cases where there is no explicit consent of the person concerned.
• Private personal data other than health, ones sex life, and only in cases as stipulated by the law.
• Personal data related to ones health and sex life can only be processed by individuals or authorized institutions and organizations that are under obligation to keep confidential, for the purpose of protecting public health, performing preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing.
4. Personal data collection method and legal cause.
Personal data is obtained by our affiliated companies either verbally, written or via all kinds of electronic media in order to provide products and services offered in line with the above-mentioned purposes within the determined legal framework, to accurately and completely fulfill their contractual and legal responsibilities. Personal data collected for this legal reason can be processed and transferred for the purposes as specified in article 1 of this text within the scope of personal data processing conditions and for purposes as specified in Articles 5 and 6 of the KVKK act.
5. Raising awareness and supervision on the protection and processing of personal data.
Our affiliated companies ensure that the necessary training is organized for the business concerns in order to prevent the illegal processing of personal data, illegal data access, and to raise awareness to ensure the preservation of the data.
Our subsidiaries will establish the necessary systems to raise awareness of their current and newly recruited employees on the protection of personal data, and if required, work with consultants. In this respect, our affiliated companies will evaluate participation in related trainings, seminars and informative sessions, and to organize new training sessions in parallel with the updating of the relevant legislation.
6. Terms for processing personal data
Except for the explicit consent of the personal data owner, the basis of the personal data processing activity may only be one of the conditions as stated below, or if more than one condition may also be the basis of the same personal data processing activity. In case the processed data is special quality personal data, the conditions included in Special Quality Personal Data will be applied.
6.1. Procuring the explicit consent of the personal data owner
One of the conditions for the processing of personal data is the explicit consent of the data owner. The explicit consent of the personal data owner should be disclosed on a specific subject based on information and free will.
6.2. Explicitly stipulated in the Law.
If the personal data of the data owner is stipulated explicitly in the law, in other words, if there is a clear provision in the relevant law regarding the processing of personal data, the existence of this data processing condition may be mentioned.
6.3. Failure to obtain the explicit consent of the person related to the cause of actual impossibility.
The personal data of the data owner may be processed if it is necessary to process the personal data of the person who is unable to state his, or her consent due to actual
impossibility, or whose consent cannot be validated, in order to protect the life or physical integrity of himself or that of another person.
6.4. Direct concerns with the establishment or performance of the contract.
Provided it is directly related to the conclusion or performance of a contract to which the data owner is a party to, this condition may be deemed to be fulfilled if the processing of personal data is necessary.
6.5. Fulfilling the legal obligation of the company
Personal data of the data owner may be processed if the processing is necessary for our company to fulfill its legal obligations.
6.6. Making Personal Data Public by the Personal Data Owner.
If the data owner has made his personal data public, the relevant personal data may be processed for the purpose of making it public.
6.7. Mandatory data processing for the establishment or protection of a right.
If data processing is necessary for the establishment, exercise or protection of a right, the personal data of the data owner may be processed.
6.8. Obligatory data processing for the legitimate interest of our company.
Provided that it does not harm the fundamental rights and freedoms of the personal data owner, the personal data of the data owner may be processed if data processing is necessary for the legitimate interests of our Company.
7. The rights of personal data owners
As a personal data owner;
• To ascertain whether personal data is processed or not
• If personal data has been processed, requesting information about it.
• To ascertain the purpose of processing personal data and whether they are used in accordance with this purpose.
• Knowing the third parties to whom personal data is transferred to at home or abroad.
• Requesting amendment of personal data in case of incomplete or incorrect processing and requesting notification of the transaction made within this scope to the third parties to whom the personal data has been transferred.
• Requesting personal data is destroyed in the event that the reasons requiring processing are eliminated despite the fact that it is processed in accordance with the provisions of the KVKK act and the relevant law, and requesting that the process carried out within this scope be notified to the third parties to whom the personal data has been transferred.
• Objecting to the emergence of a result against the person by analyzing the processed data exclusively through automated systems.
• They have the right to demand compensation in case of damage due to unlawful processing of personal data.
Pursuant to paragraph 1 of Article 13 of the KVKK act, you must send the request regarding the exercise of the above-mentioned rights to the affiliates in writing, or by other methods determined by the 'Personal Data Protection Board.
The application must be submitted to our affiliated companies in writing in accordance with the KVKK act. In this context, the channels and procedures through which the application is submitted in writing for applications made to our affiliated companies within the scope of Article 11 of the KVKK act are explained below.
A request that includes identifying information for the use of the above-mentioned rights and explanations regarding the rights requested to be exercised from the rights as specified in Article 11 of the KVKK act.
When you fill out the Application Form, you can personally send a signed copy of the form to the address of the affiliated companies with the documents and a copy of your ID, or it can be sent via a public notary, via registered mail with a return receipt or other methods as specified in the KVKK act.
7.1. Responding to applications by our affiliated companies.
Our affiliated companies take the necessary administrative and technical measures to finalize the applications to be made by the personal data owner in accordance with the Law and secondary legislation.
In the event that the personal data owner duly forwards his request regarding the rights as set forth in section 7 (“Personal Data Owner's Rights”) to our affiliated companies, and depending on the nature of the request, our affliated companies will respond as soon as possible and within 30 (thirty) days at the latest. However, if the transaction requires an additional cost, a fee may be charged in accordance with the tariff as determined by the board.
8. Personal data recording mediums.
Affiliated companies store the above-mentioned personal data in the following recording media:
• Electronic Media: Asya Soft, Netsis, Uyum Soft, Microsoft SQL, File Server, Windows Operating System, IOS operating system, Android operating system
• Physical Environments: Department/unit cabinets, storage boxes and archives.
9. Deletion, destruction and anonymization of personal data.
Our affiliated companies delete the persons data obtained within the framework of the principles and procedures as duly specified in this text and the Law, ex officio, or upon the application of the relevant person in the periodic destruction processes, in accordance with the Law, relevant legislation, Board decisions and guidelines, in the event that the purpose and legal grounds for processing the data disappear, is destroyed or anonymized.
The deletion, destruction or anonymization process carried out are recorded in a report and records of deletion, destruction or anonymization process are kept for at least 3 years, without prejudice to other obligations of our affiliated companies as data controllers.
All technical and administrative measures are taken by the affiliated companies in the process of deleting, destroying or anonymizing personal data.
It is the process of making personal data inaccessible and unusable for the relevant users in any way.
The data processor acting on behalf of our affiliated companies checks that there is no access to the data and issues a report in this respect.
9.1. Deletion techniques of personal data.
Personal Data in paper medium: are deleted using the blackout method.
Office files on the central server: they are deleted with the delete command on the operating system.
Personal Data in Portable mediums: are deleted with appropriate soft ware.
Databases: Relevant rows of personal data are rendered unreadable by database commands.
9.2. Destruction of Personal Data.
Is the process of making personal data inaccessible to any person, not being able to retrieve the data under any circumstances and rendering it unusable again.
Personal Data in Local Systems: De-magnetizing, physical destruction, overwriting are destroyed by using the appropriate method.
Personal Data in Environmental Systems:
Network Devices (switcher, router, etc.): ensures that data is rendered inaccessible by physical destruction methods such as burning, breaking into small pieces.
Sim card and fixed memory cards: Optical or magnetic media data is rendered inaccessible by processes such as melting or burning.
Optical Disks: Data is rendered inaccessible by physical destruction methods such as overwriting or burning, breaking into small pieces, and melting.
Peripherals with Fixed Data Recording Media: ensures that data is rendered inaccessible by physical destruction methods such as overwriting, burning, breaking into small pieces and melting.
Personal Data in Paper and Microfiche Media: data is destroyed by using paper shredders.
Personal data transferred from original paper format to electronic media by scanning are deleted with appropriate software according to their environment.
Cloud Environment: Access is otained with a password during the storage and use of personal data in the said systems. Access of outsourced personnel for purposes such as maintenance and repair is achieved under the supervision of an authorized outsourced personnel. The disks of expired servers are destroyed by breaking them into small pieces.
9.3. Anonymization of Personal Data
The removal or change of all direct and/or indirect identifiers in a data set, preventing the identification of the relevant persons or losing their distinguishability in a group in such a way that cannot be associated with a real person.
Techniques for Making Personal Data Anonymous: the process of making Personal Data Anonymous, one of the methods shown in the text is used in the provisions of the relevant legislation.
9.4. Periods for the deletion, destruction, anonymization of Personal Data.
Providing the person concerned is not obliged to keep their personal data for the period prescribed by law in accordance with legal obligations; The data processed with the consent of the person concerned is deleted, destroyed or anonymized within 30 days at the latest, following the transmission of the request to our affiliated companies, in line with the request of the person concerned.
Personal data processed for the reasons as listed in Article 5 of the Law, which does not require explicit consent, are deleted, destroyed or anonymized in the first periodical erasure, destruction or anonymization period at the end of the period, after the reason and legal justification have disappeared.
In cases where personal data is processed for the reasons listed in Article 5 of the Law without seeking explicit consent, but the person concerned requests it to be deleted, personal data is separated from the data processed with consent and retained by limiting authority and control matrices so that only those concerns related to legal obligations can access it. It is immediately destroyed or anonymized with the removal of the legal justification as specified in the article.
10. Technical and Administrative Measures
10.1. Administrative Measures
Our subsidiaries within the scope of administrative measures;
• Limits authorization and control matrices, taking into account job descriptions, for in-house access to process and stored personal data.
• In case the processed personal data is obtained by others unlawfully, it notifies the person concerned as soon as possible.
• Employs personnel who are knowledgeable and experienced about the processing of personal data and provides the necessary training and warnings.
• Carries out, or has carried out the necessary audits regarding data security within the scope of its own legal entity and within all group companies, and takes the necessary measures regarding issues determined as a result of the audits.
10.2. Technical Measures
• Performs necessary internal checks within the scope of established systems.
• It carries out the processes of information technology risk assessment and business impact analysis within the scope of the established systems.
• It ensures the technical infrastructure to prevent personal data from leaving the institution, and the creation of authorization and control matrices.
• When necessary, provides control of system vulnerabilities by receiving penetration test service at periodic intervals.
• It ensures that the access rights to personal data of employees in information technology units are kept under control.
• The domain where personal data are stored are protected by high-security password technology or cryptographic methods, and abuses are prevented with firewall, SSL Protocol (Secure Socket Layer). Physically held data is kept only in archives that are authorized by affiliated companies.
• Takes necessary measures to ensure cyber security in domains where personal data is stored. In this context, it receives DDOS service from internet service providers against cyber attacks.
• It also uses security soft ware to ensure the security of virtual servers.
• All transactions and movements that take place in the recording domains where personal data are stored, monitored, and in case of security breaches, risk analysis is performed and vulnerabilities are immediately eliminated.
• The physical protection of the recording media, cyber systems and servers in which personal data is located is provided with special security devices and authorization checks.
• Personal data backup disks and servers are protected against external factors such as fire and flooding in locked safes.
• The data kept in the ISP system room is backed up daily with point-to-point lines.
• Authorization checks are provided for access to recording domains.
• DLP solution is used to prevent the risk of data loss.
• External media ports are kept closed against the risk of loss by the authorities.
We present and declare the information for all of our guests.