Book a room
Raffles The Bosphorus - Personal Data Policy
Raffles The Bosphorus - Personal Data Policy

Personal Data Policy

ZORLU YAPI YATIRIM A.Ş. ZORLU CENTER OTELCİLİK ŞUBESİ
PRIVACY POLICY OF PERSONAL DATA PROCESSING

  • Data Controller and Representative

In accordance with the Personal Data Protection Law No. 6698 (“Law“), your personal data may be processed by Zorlu Yapi Yatirim A.Ş. Zorlu Center Otelcilik Şubesi (“Zorlu” orCompany“) as the data controller within the scope described below.

  • Purposes and Legal Reasons for Processing of Personal Data 

Your personal data may be processed by our Company in accordance with the basic principles specified by the Law and within the framework of the personal data processing conditions for the following purposes:

Processed Personal Data  Purposes of Personal Data Processing Terms of processing of personal data 
  • Identity Information (Name, Surname, Identity Number, Passport Information, Date of Birth, Gender, Driver’s License or Identity Information)
  • Contact Information (Phone Number, E-mail, Address)
  • Information on Customer Transaction (Room Preference Information, Room Number Information, Flight Information, Hotel Arrival-Departure Information, Company Travel Information, Travel Agent Information, Customer Request and Complaint Information, Vehicle Information, Information of the Person Accommodated with)
  • Receipt and follow-up of reservations within the scope of hospitality services,
  • Contact to you regarding the transactions carried out within the scope of reservations,
  • Carried out authentication operations,
  • Delivery of accommodation and other services by carrying out sales and registration procedures,
  • Make available that  you use the facilities offered to our guests in the rooms,
  • Presentation of our services regarding the special demands of our guests,
  • Providing with the services of dry cleaning, parking or restaurant, bakery, home textile products,
  • Carrying out the membership procedures for gym service,
  • Providing you with other services such as spas and massages,
  • Presentation of our services within the scope of our customer detox program,
  • Carrying out invitation and event operations,
  • Management of customer relations by receiving, evaluating and finalizing requests or complaints,
  • Arrangement of events and organizations.
  • When the processing of personal data belonging to the parties to a contract is necessary, provided that it is directly related to the establishment or performance of a contract,
  • When data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data owner
  • Identity Information (Name, Surname, Identitiy Number, Passport Information)
  • Contact Information (Phone Number, E-mail, Address)
  • Financial Information (Card Information, Payment Information) 
  • Security Information of Transaction (IP Address Information, Website Login and Logoff Information)
  • Information for Legal Action (Information Recorded in the Event of Any Legal Dispute)
  • Information of Physical Area Security (visitor enter and exit information, CCTV camera footage)
  • Performing intercompany reporting;
  • Ensuring the security of our company’s premises,
  • Execution of information security processes; 
  • Planning and execution of the audit, inspection or control activities of our company; 
  • Planning or execution of the legal activities of our company; 
  • Fulfillment of our legal obligations; 
  • Performing authentication transactions; 
  • Ensuring that personal information is accurate and up-to-date; 
  • Establishing, implementing or defending legal claims by following legal processes, 
  • Execution of accounting and financial processes.
  • When data processing is mandatory for the establishment, exercise or protection of a right,
  • When it is mandatory for the data controller to fulfill its legal obligation,
  • When data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data owner.
  • Personal Data Processing Activities Requiring Explicit Consent 

Within the scope of the law, the explicit consent of the data owner must be obtained in order to process personal data for some purposes. To act in accordance with the personal data processing requirements in the Law, our Company will only be able to process your personal data for the purposes of processing below if you have consented. 

Processed Personal Data  Purposes of Processing Personal Data  Terms of processing of personal data 
  • Identity Information (Name, Surname, Identity Number, Passport Information, Date of Birth, Gender, Driver’s License or Identity Information)
  • Contact Information (Phone Number, E-mail, Address)
  • Marketing Information (Survey Information, Service History Information)
  • Carrying out tailor-made product or service offers, new product announcements, campaigns, promotions and other marketing activities
  • Recommending the services provided by our company which are customized to your tastes, usage habits and needs and, 
  • Carrying out analysis, segmentation or targeting studies,
  • Carrying out survey and customer satisfaction studies,
  • For the above purposes, contacting you by electronic means and in this context your data will be shared with third parties who provide services such as SMS and E-mail.
  • Explicit consent of the data subject
  1. To Whom and For What Purpose the Processed Personal Data Can Be Transferred

Your collected personal data can be transferred in accordance with the personal data processing requirements specified in Article 8 of the Law for the purposes set out above to:

  • Our suppliers who provide the Company with services such as software, maintenance, security and hosting personal data within the scope of information technologies;
  • Financial institutions in line with the realization of payment transactions, 
  • Within the scope of delivering the services offered by our Company to our guests, the agencies who carried out brokerage activities on the behalf and account of our Company, 
  • Individuals and institutions dealing with the arrangement of your trip and accommodation (group travel organizers, companies you work at, agencies, business partners)
  • Zorlu Holding Corporation, which provides services to our Company within the scope of audit, tax consultancy and execution of legal transactions, 
  • Public institutions and organizations authorized to receive information and documents from our Company in accordance with the provisions of the relevant legislation,
  • Private institutions or organizations (independent audit companies, notaries or mediators) which are established in accordance with certain conditions determined by law and continue their activities within the framework determined by law.
  • Methods of Personal Data Collection 

Your personal data is collected in order to make you benefit from the products and services offered by our Company, 

  • In line with the reservations you have made online, our relevant business partners, e-mail, contact center/telephone for bookings made through raffles Hotel & Resort Istanbul website and other agencies;
  • Through the accommodation card used for booking in a physical environment, the procedures carried out face-to-face during your stay, the gym, restaurant, spa and parking lot and channels or other services in accordance with the legal conditions specified in the second article of this text. 
  • Personal Data Owner’s Rights Listed in Article 11 of the Law

As a personal data owner, we inform you that you have the following rights in accordance with Article 11 of the Law: 

  • To find out if your personal data has been processed,
  • Requesting information about your personal data if it has been processed,
  • To find out the purpose of processing your personal data and whether it is used in accordance with its purpose,
  • To find out the third parties to whom your personal data is transferred at home or abroad,
  • To request correction of your personal data if it is incomplete or inaccurately processed, and to request the notification of the transaction carried out within this scope to the third parties to whom your personal data is transferred,
  • To request the deletion or destruction of your personal data if the reasons requiring its processing disappear, even though it has been processed in accordance with the law and other relevant regulations, and in case of incomplete or inaccurate processing of your personal data to request the notification of the transaction carried out within this scope to the third parties to whom your personal data is transferred, 
  • To object to the emergence of a result against the Data Owner due to analyzing the processed data exclusively through automated systems,
  • To request compensation in case of damage due to unlawful processing of your personal data.

You can submit your applications for your rights listed above by filling out the Data Owner Application Form, which can be accessed on https://www.rafflesistanbul.com/privacy-policy/. Depending on the nature of your request, your applications will be finalized free of charge as soon as possible and within thirty days at the latest; however, if the transaction requires a cost, you may be charged according to the tariff to be determined by the Personal Data Protection Board.