PRIVACY NOTICE ON PROCESSING OF PERSONAL DATA ISSUED BY SWISSOTEL RESORT BODRUM BEACH, ÇAĞDAŞ INSAAT TURIZM SANAYI VE TICARET A. S.

This Privacy Notice sets forth the principles adopted for processing of your personal data disclosed to Çağdaş İnsaat Turizm Sanayi ve Ticaret A.S. (Swissotel Resort Bodrum Beach) acting as a data controller under the Law on Personal Data Protection no. 6698 (the “Law”).

PRIVACY NOTICE ON PERSONAL DATA PROTECTION LAW

Accor Hotels, the operating group company, and Çağdaş İnsaat Turizm Sanayi ve Ticaret A.S., the business place, (Swissotel Resort Bodrum Beach) take the highest possible level of security precautions to ensure collection, processing, transfer and safekeeping of your personal data in accordance with law and to protect your confidentiality and privacy.

We intend to inform you in regard of collection of your personal data, purposes of processing of your personal data, the parties we share your data with, legal basis for its processing and your rights in most transparent manner as per article 10 of the “Law on Personal Data Protection” no. 6698 in order to guarantee your satisfaction in that regard.

We would like to inform you in regard of collection of your personal data, purposes of processing of your personal data, the parties we share your data with, legal basis for its processing and your rights in this context in most transparent manner.

a) Data Controller
Your personal data will be collected and processed pursuant to the Law on the Protection of Personal Data No. 6698 (Law No. 6698) by Swissotel Hotels & Resorts (“Swissotel” or “Our Company”) as the data controller within the scope described below.

b) What Personal Data Is Collected
Personal Data to be collected may include the following:

• Identity Information (Name, Surname, gender, title, place and date of birth; passport, visa or other identification issued by government);
• Contact Information (Home and business address, phone number and e-mail address, other contact information about you we might obtain through third party travel agents and similar suppliers we do business with);
• Your Preferences and Interests (the hotels where you have stayed, your dates of arrival and departure, goods and services purchased, special requests and services, room types, preferred floor, type of newspaper/magazine, sports and cultural interests, holiday preferences, expected services, age of children or other aspects of the services used);
• Phone numbers dialled, faxes received/sent or phone messages received through connections made to the phone services we provide to guests during their stay);
• Credit and ATM card numbers;
• Le Club Accor Hotels membership information, online user account information, profile or password information and other frequent flier or travel mate program information;
• Employer information or other relevant information if you are an employee, vendor or other type of business partner of a corporate account (e.g. travel agents, event organizers, etc.);
• Social media account identity or user identity
• In case you provide us or our service providers with Personal Data related to other persons in relation to services (e.g. making reservations for another person) you will have agreed that you are authorized to do so and you have his/him consent to use of said information in accordance with this notification.

c) When is Your Personal Data Collected
Personal data may be collected in variety of occasions, including;

• Hotel activities;
• Booking a room;
• Checking-in and paying;
• Eating/drinking at the hotel bar or restaurant during stay;
• Requests, complaints and/or disputes;
• Participation in marketing programs or events:
• Signing up for loyalty programs;
• Participation in customer surveys (e.g. Guest Satisfaction Survey);
• Subscription to newsletters in order to receive offers and promotions via e-mail;
• Transmission of information from third parties:
• Tour operators, travel agencies, reservation systems and others;
• Internet activities;
• Connections to Swissotel websites (IP address, cookies)
• Online forms (online reservations, surveys, Swissotel pages on social networks).

d) Purposes of Processing Personal Data
Swissotel may collect personal data in the categories listed above from parties including potential customers, customers, employee candidates, employees, business partners, travel agencies, tour operators and suppliers.

Collected personal data will be processed in accordance with conditions and purposes of the processing of personal data as specified in Articles 5 and 6 of the Law No. 6698 for purposes of;

- Providing Swissotel products and services to you, meeting our obligations to our customers, registration processes, creation and storage of legal documents and the fulfilment of information sharing, reporting, notification, taxation and other similar obligations specified by local and international legislation;

- Managing your stay at the hotel stay, monitoring your use of service (telephone, bar, pay TV, etc.), managing access to rooms, internal management of lists customers having behaved inappropriately during their stay at hotel (aggressive and antisocial behavior, non-compliance with the hotel contract, non-compliance with safety regulations, theft, damage and vandalism or payment incidents);

- Determining availability of Swissotel services;

- Providing personalized advertisement, campaigns, advantages and other benefits for you in scope of sales and marketing activities conducted towards increasing quality of services and products;

- Making contact for information technology requirements, system infrastructure, requirements of acquired information technology support services, and conveyance of necessary information to you in relation to such services and products;

- Arrangement of Swissotel room reservations;

- Website traffic measurement for purposes of sales and marketing, cross-analysis, statistical analysis, segmentation/profiling and CRM operations on data collected during your reservation or stay for the purpose of providing you with personalized offers;

- Measurement and improvement of customer experience, complaint management, collection of opinions and recommendations regarding new services and products, collecting your problem-error reports, taking into account the right to objection, and providing you with information regarding Swiss Circle and other products and service as well as your complaints and requests;

- Using a dedicated telephone service to search for persons staying in Swissotel in the event of serious events affecting the hotel in question (natural disasters, terrorist attacks etc.);

- Order fulfillment, payment processing, ensuring logistical collaboration with third parties for delivery of products, recommending products and services that might interest you, online behavioral advertisement and marketing, customer portfolio management, service quality measurement and improvement, communication, optimization, auditing, risk management and control, promotion, analysis, personal preferences, scoring, profiling, marketing, sales, advertisement and communication;

- Comparative offers for products and/or services, modelling, product operations and/or development on existing and new products, uses involving purposes related to all kinds of products and services in scope of applicable laws and regulations governing the acts specified under Swissotel charter which involves your disclosure of personal data to Swissotel;

- Complying with information sharing, reporting and notification obligations specified by official institutions, fulfilling requirements of contracts and to perform legal obligations Swissotel is subject to in relation of providing these services;

- Setting business strategies, carrying out financial communication, market research and social responsibility activities, purchasing operations (demand, offer, assessment, order, budgeting, contract), internal company system and application management operations and legal operations towards the purpose of determining and implementing commercial and business strategies for Swissotel;

- Review and assessment of and response to requests from official authorities or you.

e) The Recipients and Purposes of Personal Data Transfers
Collected personal data may be transferred to the extent of purposes listed above to other parties including;

- Subsidiaries, partner companies, affiliates, business partners and shareholders including hotels or restaurants operating under the Accor Hotels, which Swissotel group companies are attached to;

- Hotels and resorts at domestic and foreign destinations with whom you identity and contact information and other necessary information may be shared to convey your requests to hotels at domestic and foreign destinations you might make reservations with, through Swissotel website, call center or other channels;

- Relevant offices and institutions in scope of the Tourism Encouragement Law, Travel Agencies and Travel Agencies Association Law and the Regulations on Documentation and Qualifications of Touristic Facilities;

- Relevant bodies and organizations permitted in scope of the Tax Law, Social Security Institution regulations, Law on Prevention of Laundering of Criminal Revenues, Law on Prevention of Laundering of Anti Money, the Turkish Commercial Code, the Turkish Code of Obligations and other applicable legislations;

- Public offices and institutions, administrative authorities and legal authorities authorized under law;

- Related companies and associates in foreign jurisdictions;

- Real and legal bodies with whom we collaborate and acquire services from in scope of product/service comparison, analysis, assessment, advertisement and other purposes listed above, institutions and organizations partnering in these programs, organizations with whom we have agreements for transfer of messages sent to our customers, and cargo companies performing delivery of orders to you, in accordance with conditions and purposes processing personal data specified under Article 8 and 9 of Law No. 6698.

f) Methods and Legal Basis for Collection of Personal Data Swissotel collects your personal data in scope of legal provisions for the purposes listed above through various channels including;

• Online services like our internet site and other service or hosting provider web sites: When you make reservations or purchase products or services from us in any other manner, when you contact us through online messaging services, when you inform us regarding your special requests or preferences, when you subscribe for a newsletter, survey, contest or promotion offer.
• On all kinds of physical environments used for exchange of oral and written information and through customer services:
  For example, we may collect offline Personal Data from you when you visit one of our facilities, when you demand to enjoy our services, when you inform us about your preferences, when you make reservations on the phone, or when you contact customer services.
• Through other sources like our business partners, suppliers and travel agencies: We might obtain your Personal Data from sources like joint marketing partners and third parties. These may include information obtained from your travel agency, air travel company, your credit card and other business partners.
• Through our social media accounts;
  Provided the execution of contract or being directly related to performance of the contract and being necessary for compliance with our legal obligations and in scope of other exceptions specified under Article 5 of the Law.

g) Rights of the Data Subject as Specified in Article 11 of Law No. 6698
In case you contact us as data subject regarding your requests related to your rights Swissotel will process and conclude your requests as soon as possible and in thirty days at the latest, according to nature of the request.

Responses to such requests will be free of charge up to ten pages. 1 Turkish Lira in processing fees will be collected for each page beyond ten. In case the response to the request is presented on a storage environment like a CD or Flash memory the fee charged by our company will not exceed the cost of said storage environment.

In this scope, data subjects have the rights to;

• Learn whether or not your personal data have been processed;
• Request information concerning the processing if your personal data have been processed;
• Learn the purpose for the processing of your personal data and whether your personal data have been used in accordance with the purpose;
• Know the third parties within Turkey or abroad to whom personal data have been transferred;
• Request rectification in case your personal data have been processed incompletely or inaccurately and request notification of the operations made within this context to third parties to whom your personal data have been transferred;
• Request deletion or destruction of your personal data in case the reasons necessitating their processing cease to exist, despite your personal data have been processed in accordance with Law No.6698 or other relevant laws, and request notification of the operations made within this context to third parties to whom your personal data have been transferred;
• Object to occurrence of any result deriving from a decision based solely on automated processing and that is to your detriment ; and
• Request compensation for the damages in case you incur damages due to unlawful processing of personal data.

You can sent your requests regarding use of your rights listed above, drawn in Turkish language, in written form or using the registered electronic mail (KEP) address, secure electronic signature, mobile signature or the electronic mail address previously notified to Swissotel and registered in our systems, in accordance with Article 13 of the Law No. 6698 and the General Notice on Procedure and Principles of Data Subject Requests to Data Controller numbered 30356 and dated 10 March 2018.

Swissotel reserves the right to verify your identity before responding.

Your requests must include;

1. Your name, surname and your signature, if the application is made in writing;
2. Your Republic of Turkey Identification Number for Turkish citizens or your nationality, passport number or identification number if you are a foreign national;
3. Your residence or work address for due service of official notices;
4. Your electronic mail address, phone number or fax number for due service of official notices;
5. Subject of your request;

and other information and documentation related to your request should also be enclosed with the application.

Written applications enclosed with necessary documentation can be addressed to our Company in capacity of data controller at its address of Turgutreis Mahalles, Gazi Mustafa Kemal Bulvarı No: 42 Bodrum, Muğla, Turkey. You can find the application form here.

If you wish to submit an application through e-mail, please send your application to E bodrum@swissotel.com. Also, you may file applications through KEP system by sending your e-mail to bodrum@swissotel.com.

Based on the nature of your request, please make sure to submit the necessary information and documentation completely and accurately. Failure to provide the required information and documentation may lead Swissotel to suffer from significant problems in terms of the full and qualified performance of the investigation process in response to your request. In such cases, Swissotel shall reserve its legal rights arising therefrom. Therefore, you are required to submit your application along with all the necessary information and documentation completely and accurately. Swissotel The Bosphorus, İstanbul shall evaluate and conclude your request within maximum 30 (thirty) days in line with the provisions of the Law. Although it is our policy to conclude the requests free of charge, Swissotel Resort Bodrum Beach reserves the right to charge a certain fee based on the tariff determined by the Personal Data Protection Board.

This Privacy Notice is meant to inform data subjects about the principles and procedures adopted for processing of personal data collected through closed circuit television (CCTV) systems available at Çağdaş İnşaat Turizm Sanayi ve Ticaret A.Ş. – Swissotel Resort Bodrum Beach in line with the Law on the Protection of Personal Data No. 6698 (the “Law”).

Please note that the details of the matters specified in this Privacy Notice are available in Çağdaş İnşaat Turizm Sanayi ve Ticaret A.Ş. – Swissotel Resort Bodrum Beach Privacy Notice About Protection and Processing of Personal Data at https://www.accorhotels.com/security-certificate/index.tr.shtml

1. Purposes of Processing Personal Data
   The personal data to be collected shall be processed with a view to promoting legal, technical and business - occupational safety of persons engaged in any business relationship with the Hotel as well as ensuring security of the Hotel locations in line with the processing conditions and purposes provided in articles 5 and 6 of the Law.
2. Recipients and Purposes of Personal Data Transfers
   The personal data to be collected may be disclosed to legally authorized institutions and organizations with a view to promoting legal, technical and business-occupational safety of persons engaged in any business relationship with the Hotel as well as ensuring security of the Hotel locations in line with the processing conditions and purposes provided in articles 8 and 9 of the Law.
3. Methods and Legal Basis for Collection of Personal Data
   The personal data shall be collected through closed circuit television systems available at the locations. Upon collection in line with the legal purposes provided above, the personal data may be processed and transferred for the purposes provided in articles 1 and 2 of this Privacy Notice in compliance with the processing conditions and purposes provided in articles 5 and 6 of the Law no. 6698.
4. Rights of Data Subjects and Use of Rights
   Pursuant to article 11 of the Law, data subjects shall be entitled to:
• Learn whether or not their personal data have been processed;
• Request information concerning the processing if their personal data have been processed;
• Learn the purpose for the processing of their personal data and whether their personal data have been used in accordance with the purpose;
• Know the third parties within Turkey or abroad to whom personal data have been transferred;
• Request rectification in case their personal data have been processed incompletely or inaccurately and request notification of the operations made within this context to third parties to whom their personal data have been transferred;
• Request deletion or destruction of their personal data in case the reasons necessitating their processing cease to exist, despite the fact that their personal data have been processed in accordance with Law or other relevant laws, and request notification of the operations made within this context to third parties to whom their personal data have been transferred;
• Object to occurrence of any result deriving from a decision based solely on automated processing which is to their detriment; and
• Request compensation for the damages in case they incur damages due to unlawful processing of personal data.

Data subjects may exercise the relevant rights by duly informing the Hotel in line with the methods specified in Çağdaş İnşaat Turizm Sanayi ve Ticaret A.Ş. – Swissotel Resort Bodrum Beach – Privacy Notice About Protection and Processing of Personal Data at https://www.swissotel.com/hotels/bodrum-beach/. Upon which the Hotel shall evaluate and conclude the application within 30 (thirty) days. Although it is our policy to conclude the requests free of charge, the Hotel reserves the right to charge a certain fee based on the tariff determined by the Personal Data Protection Board.