As MAKTUR MAKEL TOURISM AND HOSPITALITY INC. (briefly referred to as “MAKEL” or the “Company”), our priority is to process the personal data of real persons— including our guests, customers, suppliers, and employees—in compliance with the Constitution of the Republic of Türkiye, international conventions to which Türkiye is a party regarding human rights, and primarily the Law No. 6698 on the Protection of Personal Data (“KVKK”), and to ensure that data subjects can effectively exercise their rights.
Accordingly, without limitation, all personal data obtained during our activities— whether obtained by fully or partially automated means or by non-automated means provided that they form part of a data recording system—belonging to our employees, guests, suppliers, customers, website visitors and all other relevant persons, are processed, stored, and transferred in accordance with this MAKTUR MAKEL Personal Data Protection and Processing Policy (briefly, the “Policy”).
Protecting personal data and safeguarding the fundamental rights and freedoms of individuals whose personal data are processed constitute the core principle of our policy. Therefore, all activities involving the processing of personal data are carried out with due regard to the right to privacy, confidentiality of communication, freedom of thought and belief, and the right to effective legal remedies. We take all necessary administrative and technical measures required by the nature of the data in line with applicable legislation and current technology.
This Policy explains the methods we follow regarding the processing, storage, transfer, deletion, or anonymization (where necessary) of personal data shared during our commercial, social responsibility, and similar activities, within the framework of the principles set forth under the KVKK.
This Policy covers all personal data processed by the Company, including but not limited to data belonging to our guests, customers, business contacts, business partners, employees, suppliers, potential employees, guests, customers, and other third parties.
The Policy applies to all personal data processing activities carried out within entities owned or managed by the Company and has been prepared in accordance with the KVKK, other relevant legislation, and international standards on personal data protection.
Company: MAKTUR MAKEL TOURISM AND HOSPITALITY INC.
Explicit Consent: Consent given freely, based on information, specific to a particular matter, clear and unambiguous, and limited solely to that transaction.
Anonymization: Rendering personal data incapable of being associated with an identified or identifiable natural person, even when matched with other data.
Employee: Company personnel.
Data Subject (Relevant Person): The natural person whose personal data are processed.
Personal Data: Any information relating to an identified or identifiable natural person.
Special Categories of Personal Data: Data relating to race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, clothing, membership of associations, foundations or trade unions, health, sexual life, criminal convictions and security measures, as well as biometric and genetic data.
Processing of Personal Data: Any operation performed on personal data such as collection, recording, storage, preservation, alteration, reorganization, disclosure, transfer, acquisition, making available, classification, or prevention of use, whether fully or partially automated or non-automated provided that it forms part of a data recording system.
Data Processor: A natural or legal person who processes personal data on behalf of the data controller based on the authority granted by the data controller.
Data Controller: The natural or legal person who determines the purposes and means of processing personal data and is responsible for establishing and managing the data recording system.
KVK Board: Personal Data Protection Board.
KVK Authority: Personal Data Protection Authority.
KVKK: Law No. 6698 on the Protection of Personal Data, published in the Official Gazette dated 7 April 2016 and numbered 29677.
Policy: MAKTUR MAKEL TOURISM AND HOSPITALITY INC. Personal Data Protection and Processing Policy.
The Personal Data Protection Committee, established within the Company and composed of representatives from Human Resources, Finance, Information Technologies, Front Office, Sales and Marketing Departments, and Senior Management, is responsible for drafting and keeping this Policy up to date. In the event of any breach of the principles set forth herein, the Committee evaluates the matter in accordance with the Personal Data Breach Incident Management Procedure.
When collecting personal data, as the data controller, we inform the data subject about: The purposes of processing personal data, Our identity and, if applicable, the identity of our representative, To whom and for what purposes personal data may be transferred, The method and legal basis of data collection, Measures taken regarding data retention and storage, Rights arising from the law.
We ensure that this publicly available Policy is clear, understandable, and easily accessible.
As the data controller, we take the administrative and technical measures prescribed by legislation to ensure the security of personal data under our control. These measures are detailed in Sections 9 and 10 of this Policy.
Personal data refers to any information relating to an identified or identifiable natural person. Protection of personal data applies only to natural persons; data belonging solely to legal entities that do not contain personal data are excluded.
Special categories include data relating to race, ethnic origin, political opinions, philosophical beliefs, religion, sect or other beliefs, clothing, association/foundation/union membership, health, sexual life, criminal convictions, security measures, biometric and genetic data.
We process personal data in accordance with the following principles: Compliance with law and good faith, Accuracy and up-to-dateness, Processing for specific, explicit, and legitimate purposes, Relevance, limitation, and proportionality, Retention for the period stipulated by law or required for the processing purpose.
Except for cases stipulated by law where explicit consent is not required, we obtain explicit consent from the data subject.
Personal data may be processed for purposes including but not limited to: Conducting company activities and services, Informing individuals about products and services, Delivering services to guests within service standards, Determining preferences and needs and tailoring services accordingly, Fulfilling legal obligations, Conducting market research, advertising, surveys, campaigns, promotions, and sponsorships, Evaluating job applications, Managing supplier/vendor relations and compliance, Legal reporting, invoicing, and security activities, Ensuring safety through camera surveillance and exercising legal rights.
Special categories of personal data are processed only in accordance with legal requirements, with adequate administrative and technical measures, and where explicit consent exists or where processing is mandatory under legislation.
Cookies are used to improve the functionality of our website, enhance user experience, remember preferences, and provide personalized services.
Personal data shared during recruitment and employment processes are processed, stored, and transferred for evaluation and employment purposes within the scope of this Policy.
Personal data may be processed without explicit consent in cases stipulated by law, including but not limited to contractual necessity, legal obligations, protection of vital interests, establishment or protection of rights, and legitimate interests.
Personal data are transferred domestically in compliance with the KVKK and decisions of the KVK Board, subject to explicit consent or legal exceptions.
Personal data are transferred abroad only with explicit consent or under conditions ensuring adequate protection as determined by the KVK Board.
Personal data may be transferred to suppliers, business partners, affiliates, shareholders, legally authorized public institutions, private entities, and service providers in accordance with Articles 8 and 9 of the KVKK.
Personal data are retained for the period required by applicable legislation or necessary for processing purposes and are deleted, destroyed, or anonymized once such purposes cease.
We implement appropriate administrative and technical measures to prevent unlawful processing, access, and to ensure secure storage of personal data.
Data subjects have the right to: Learn whether personal data are processed, Request information if processed, Learn the purpose of processing and whether it is used accordingly, Know third parties to whom data are transferred, Request correction, deletion, or destruction, Object to adverse results arising from automated processing, Request compensation for damages.
Requests may be submitted in writing or via legally accepted electronic methods.
Applications are concluded within 30 days.
Personal data shared via our website are processed in compliance with the KVKK for service provision, communication, reservations, applications, and legal obligations.
Camera surveillance and access controls are used to ensure security within company premises in compliance with legislation.
Personal data are deleted, destroyed, or anonymized when processing purposes cease, in accordance with Article 7 of the KVKK and other applicable laws.
This Policy is stored in both printed and electronic formats.
The Policy is reviewed periodically and updated as necessary.
This Policy enters into force upon publication on the Company’s website.