2. WHO IS DATA CONTROLLER?
As the data controller, DOĞUŞ OTEL İŞLETMECİLİĞİ ve YÖN. HİZ. A.Ş. („Doğuş Otel“) in its capacty of owner of the website https://www.mythahotels.com/en/ has implemented numerous technical and organizational measures to ensure the comprehensive protection of personal data processed through our website and on our premises. In case of any questions regarding your personal data or our data protection practice, do not hesitate to contact us:
Huzur Mah. Maslak Ayazağa Cad. No:2 34485 Sarıyer / İstanbul / Turkey
Contact Person on Data Protection Issues: firstname.lastname@example.org
3. PERSONAL DATA WE COLLECT
Doğuş Otel collects, processes and stores your personal data and other information, such as traffic data for statistics purposes only.
Booking tool, this tool forwards the traffic to the respective hotel, that you click on and any further data is processed by the respective hotels through their booking engines. We only tracks statistic on reservations, not personal data.
4. HOW WE USE YOUR DATA
Processing of your personal data is based on a particular lawful basis. We fully respect the principle of purpose limitation, so your personal data are collected for specified, explicit and legitimate purposes and will not be further processed in a manner that is incompatible with those purposes.
Primarily, processing of your personal data is necessary for us to provide you with the service you have requested or it is necessary for the performance of a contract with you (e.g. e-mail). In particular, sending e-mails to the addresses shown on our website entails acquisition of the sender's email address, which is necessary to reply to any request, as well as of such personal data contained in the message. Such data is kept for as long as we need to fulfil the purposes we collected it for.
We accept CVs of possible candidates in an electronic format. Sending your CV, means that we our processing of such relates to personal data which are manifestly made public by the data subject, in accordance with GDPR guidelines. At present, CVs are forwarded to the correspondent HR departments the CV has been meant for.
In certain cases we are required to process your personal data to comply with the legal obligations (e.g. with the competent authority).
We strive to provide you with the best possible service, so certain things we consider as our legitimate interests, in accordance with your reasonable expectations. Among others, such legitimate interest would be carrying out a voluntary satisfaction survey after your visit to Dogus Otel, to understand our customer's needs and improve our everyday business.
If you have any concerns regarding purposes for which we process your personal data or wish to obtain more information, please contact us at email@example.com.
We use social media plug-ins, in order to forward you directly to our social media accounts, where your personal data is collected and processed in accordance with such social media websites policies.
6. YOUR RIGHTS
According to the GDPR, you are entitled to exercise the following rights:
Right of access
You have the right to ask us to confirm whether we are processing your personal data and to inform you on how they are being processed, in particular - for what purpose(s), which categories of personal data, are we sharing your data with anyone, how long will they be stored etc. You can also obtain a copy of your personal data being processed by Doğuş Otel.
Right to rectification (correction)
You have the right to request rectification of your personal data that are inaccurate, as well as the right to have your incomplete personal data completed. This can be done through submitting a request to us or providing a supplementary statement.
Right to erasure (“right to be forgotten“)
In certain circumstances, you are entitled to demand erasure of your personal data, in particular when your data is no longer necessary in relation to the purposes for which they were collected and processed, if your data have beeen unlawfully processed or if you withdraw your consent on which the processing was solely based and there is no other legal ground for processing of your personal data. However, in accordance with the GDPR, we shall not comply with your request for erasure of personal data, if processing of such is necessary for compliance with legal obligations, exercising the right of freedom of expression and information, for the establishment, exercise or defence of legal claims and other.
Right to restriction of processing
You have the right to request that Doğuş Otel limits the processing of your personal data in certain cases, such as:
- during the process of responding to your request to update or correct personal data;
- if processing of your data was unlawful, but you do not want us to erase your data;
- in case we no longer require your personal data for the purposes of the processing, but you want us to retain them for the establishment, exercise or defence of legal claims;
- when you have submitted an objection to processing based on our legitimate business interests, pending our response to such objection.
In case you have obtained restriction of processing of your personal data, Doğuş Otel shall inform you prior to lifting such restriction.
Right to data portability
You have the right to request that Doğuş Otel provides you (or a third party that you designate) with your personal data in a structured, commonly used and machine-readable format. Please note that the right to data portability applies only to personal data that you have provided to us, the processing was carried out by automated means and based on your consent or was necessary for the performance of a contract.
Right to object
You have the right to object to processing of your personal data:
- for direct marketing purposes and activities (including profiling related to such marketing);
- for statistical purposes, unless such processing is necessary for the performance of a task carried out for reasons of public interest;
- if the processing is based on our legitimate business interests, unless we are able to demonstrate compelling grounds for such processing or we need to process your personal data in relation to legal claims.
If you have any other questions about our data practices or the exercise of your rights, please do not hesitate to contact us at firstname.lastname@example.org.
7. RECIPIENTS OF YOUR DATA
The hosting company of this website is Siteground Italia Srl.
- Doğuş Holding A.Ş. (www.dogusgrubu.com.tr);
- Doğuş Holding affiliates and subsidiaries (www.dogusgrubu.com.tr);
In conducting our business, providing you with the services you requested and to ensure compliance with our legal obligations, we may share your personal data with other subjects. This includes but is not limited to: public (regulatory or government) authorities, persons and departments within Doğuş Otel responsible for the processing of your personal data, IT administrators, external IT maintenance company, business partners that provide specific travel or leisure services upon your request or other similar service providers and suppliers that work on our behalf for the performance of any contract.
8. HOW LONG WILL YOUR DATA BE STORED?
We take seriously the GDPR principles of data minimisation and purpose and storage limitation. Doğuş Otel retains your personal data for the time necessary to accomplish the purpose for which they were collected, usually for the duration of any contractual relationship and a certain period thereafter. Our retention policy reflects our legitimate business needs, applicable statute of limitation periods and legal requirements. After the expiry of the applicable terms or when the purpose for processing is no more applicable or ceases to exist, your personal data will be securely deleted or anonymized. The storage periods, stated in the legislations are reserved.
9. PERSONAL DATA PROTECTION
Doğuş Otel has implemented various technical and organisational measures to protect your personal data from unauthorized access, loss, disclosure, modification or destruction, and to keep it accurate and up-to-date. In the event that, despite all the security measures undertaken, the confidentiality or availability of your personal data is somehow compromised, we shall immediately notify the competent supervisory authority and/or data subjects, in accordance with the applicable laws or regulations.
10. CHANGES TO THIS POLICY
This policy is in application as of 20.09.2018.