GÜZEL OTELLER TURIZM INŞAAT SAN. VE TIC. A.Ş. SWISSOTEL BÜYÜK EFES IZMIR, PRIVACY NOTICE ON THE PROCESSING OF PERSONAL DATA

This privacy notice is drawn in compliance with Law No. 6698 on the Protection of Personal Data (“the Law”) to present the details regarding processing of personal data that you have shared with Güzeloteller Turizm Inşaat San. Ve Tic. A.Ş (Swissotel Büyük Efes, Izmir).

INFORMATION ON THE LAW ON THE PROTECTION OF PERSONAL DATA

Our operating group company AccorResort and business place Güzeloteller Turizm Inşaat San. Ve Tic. A.Ş. Ve Tic. A.Ş. A.Ş. (Swissotel Büyük Efes, Izmir) take the highest possible security measures to protect your privacy and ensure that your personal data is collected, stored and shared in compliance with the law.

We aim to inform you in the most transparent manner as per Article 10 of “Law No. 6698 on the Protection of Personal Data,” about the collection methods and processing purposes of your personal data, with whom they are shared, the legal basis thereof, and your rights to ensure your satisfaction.

a) Data Controller
Pursuant to Law No. 6698 on the Protection of Personal Data (“Law No. 6698”), your data will be collected and could be processed by Swissotel Hotels & Resorts (“Swissotel”) as the data collector within the framework disclosed hereafter.

b) Which Personal Data Is Collected
The Personal Data we collect could include the following:

• Identity information (first name, last name, gender, date of birth, nationality, details of passport, or other official identification);
• Contact information (home and business address, phone number, and email address);
• Preferences (hotel room/accommodation-related private preferences such as proximity to elevator, smoking/non-smoking room, preferred floor, and type of newspaper);
• Credit and debit card numbers
• Email address and membership number for Accor ALL Loyalty Card
• If, as an employee, affiliate, or another type of partner of a corporate account, your invoice is to be issued on behalf of your company’s name, your employer information, and other relevant information (e.g., travel agency or meeting/activity organizer).

c) Which Processes are Used to Collect Your Personal Data
Your Personal Data could be collected on various occasions, including:

• Hotel activities:
• Booking a room
• Checking-in and paying
• Eating/drinking at the hotel bar or restaurant during your stay
• Requests, complaints, and/or disputes.
• Participation in marketing programs or events:
• Signing up for loyalty programs
• Participation in customer surveys (e.g., the Guest Satisfaction Survey)
• Subscription to newsletters to receive offers and promotions via email.
• Transmission of information from third parties:
• Tour operators, travel agencies, reservation systems, and others
• Activity Management:
• Supplier manager and supplier employee

d) For What Purposes is Your Data Processed
Swissotel could collect personal data through the occasions listed above from parties like potential customers, guests, supplier managers, or supplier employees.
Your collected personal data will be processed under the personal data processing conditions and purposes specified in Articles 5 and 6 of Law No. 6698 for the following purposes:

- To present you with Swissotel products and services, meet our obligations to our customers, manage records and documents, comply with information storage, reporting, disclosure, tax, and other obligations stipulated by local and international regulations;
- To manage your hotel accommodation: monitoring your use of services (telephone, bar, pay TV, and so on), managing access to rooms, internal management of lists of customers having behaved inappropriately during their stay at the hotel;
- To ascertain the availability of Swissotel services;
- To present customized advertisements, promotions, advantages, and other benefits for sales and marketing activities to enhance the quality of services and products;
- To notify you of the requirements and structure of information processing, the necessity of IT support services, and all other information regarding these services and products;
- To manage the reservation of rooms in Swissotel;
- To measure and enhance customer satisfaction, complaint management, receive your opinions and suggestions about new services and products, receive your notes on problems/failures, regard your right to object, notify you about your complaints and requests about Accor ALL membership and other products and services;
- To use private phone services to call the accommodating people in the occurrence of a significant event (e.g., natural disasters, terrorist attacks, and so on) that affects the hotel;
- To receive your orders and help you conduct your payments;
- To comply with information storage, reporting, and notification obligations stipulated by the official bodies, fulfill the liabilities of contracts, and perform the legal obligations to which Swissotel is subject to regarding utilization of the services mentioned above;
- To manage the financial operations, communication, market research, and social responsibility activities, purchasing operations (e.g., demand, proposal, evaluation, ordering, budgeting, and contracts), internal system and application management operations and legal operation executed by Swissotel in line with the objective of establishing and implementing Swissotel’s commercial and business strategies; and
- To examine, assess, and respond to demand from official authorities and our customers.

e) With Whom and For What Purposes Your Data Could be Shared
Under the personal data processing conditions and purposes established in Articles 8 and 9 of Law No. 6698, limited to performance of the purposes noted above, your personal data could be shared with the following:

- Hotels operating as part of FRHI (Fairmont, Raffles) Hotels & Resort with which Swissotel group companies are affiliated;
- Related institutions and organization pursuant to the Law for the Encouragement of Tourism, the Law Concerning Travel Agencies and the Association of Travel Agencies, and the Directive on Documentation and Qualities of Tourism Facilities;
- The persons or institutions permitted by the Tax Procedure Law, Social Security Legislation, Law on the Court of Accounts, Law on the Prevention of Laundering Proceeds of Crime, Law on the Prevention of Money Laundering, Turkish Commercial Code, Code of Obligations, and the other applicable regulations;
- Legally authorized public institutions and organizations, administrative agencies, and legal authorities;
- Overseas companies and subsidiaries;
- The real or legal entities with whom we cooperate or receive services from to compare products and services, make analysis, do assessments, place advertisements, and perform the purposes mentioned above; our program partners; the institutions contracted for sending messages to our customers, and the cargo companies delivering your orders.

f) The Method and Legal Basis of Collecting Personal Data
Your personal data could be collected

• Via our website and online services on contracted websites: When you book a reservation or purchase a product or service from us by other means, when you reach us through online messaging services, when you inform us about your private requests or preferences, or when you register to a survey, bulletin, competition or promotion offer.
• Via customer services and all types of physical media through which verbal and written information is shared: We could collect personal data offline when, for instance, you visit one of our facilities, when you make a request to use our services, when you notify us about your preferences, or when you book a reservation or reach the customer services through phone call.
• Via other sources such as our business partners, suppliers, and travel agencies: We might obtain your personal data from other sources such as common marketing partners or third parties. These could include the information received from your travel agency, airline company, credit card, and other partners.

Swissotel collects your personal data as per the legislation, for the purposes specified above, on the condition that this collection is directly related to the establishment or performance of the contract and that it is mandatory to comply with our legal obligations and with the exceptions listed in Article 5 of the Law.

g) Personal Data Owners’ Rights as listed in Article 11 of Law No. 6698
As personal data owners, when you apply your requests related to your rights through the methods established hereinafter, Swissotel will process your application as soon as possible depending on the nature of your request and latest within 30 days.
The response will be free of charge for up to 10 pages. One Turkish lira will be charged for each page exceeding 10 pages. If our response to your application is presented in a storage device such as CD or flash memory, the fee claimable by our company will not exceed the cost of the storage device.
Within this framework, the personal data owners have the right to

• Learn whether their personal data are processed;
• If their personal data are processed, request information related thereto;
• Learn the processing purpose of their personal data and whether they are being used according to this purpose;
• Know the third parties to whom their personal data are transferred in Turkey or abroad;
• In case their personal data are processed incompletely or incorrectly, request correction thereof and request that the third parties to whom their personal data have been provided are notified about the corrections accordingly;
• Request deletion or destruction of their personal data, and request notification of the third parties to whom their personal data have been provided about such deletion or destruction accordingly, if the reasons for processing no longer apply to their personal data, which in any event, has been processed in compliance with Law No. 6698 and other applicable regulations;
• Object to any unfavorable conclusions resulting from exclusively automated analysis of their processed data;
• Request compensation for any loss incurred because of unlawful processing of their personal data

Pursuant to Article 13, paragraph 1 of Law No. 6698 and Communique No. 30356 on the Procedures and Principles for Application to Data Controller dated March 10, 2018, you might make a request about your above-specified rights in Turkish language and in writing or by registered electronic mail (REM), secure electronic signature, mobile signature, or by using the email address previously notified to Swissotel and registered in our system.

Swissotel reserves the right to validate your identification before responding.
You must include the following in your request:

1. First and last name, and, if applied in writing, signature,
2. TR Identification number for Turkish citizens; and nationality, passport number or, if available, identification number for foreigners,
3. Residential or work address for delivering notices,
4. If any, email address, phone number, and fax number for notifications,

d) The subject of the request.
You should also include the relevant information and documents, if any. You could send your requests and any attachments by registered letter to the Data Controller located at: Güzel Oteller Turizm Inşaat San.ve Tic.A.Ş. Kozyatağı Mah. Bayar Cad.Gülbahar Sok.KVK Plaza No: 14 K:9 Kadıköy-ISTANBUL/Turkey

You could submit your requests via email to Izmir@swissotel.com. You could also send an email to our REM address: guzeloteller@hs01.kep.tr

Depending on the nature of your request, you should provide us with complete and accurate information and documents. Swissotel will conduct an investigation regarding your request. If you do not provide us with the necessary information and documents, we will be not able to carry out an extensive and thorough investigation. In such an event, Swissotel reserves its legal rights. Thus, depending on the nature of your request, you should present all the information we need to know and all the documents we require.
Your request will be processed and concluded by Swissotel Büyük Efes, Izmir latest within 30 days as stipulated by the Law. Although no fees is charged for the requests in principle, Swissotel Büyük Efes, Izmir still reserves the right to charge the fees based on the tariffs set by the Personal Data Protection Board.

Swissotel Büyük Efes, Izmir Phone Audio Record System Privacy Notice

1. The personal data comprising the first and last names, contact information, and audio records shared by the people who call the phone numbers below that belongs to Swissotel Büyük Efes, Izmir
   4140000 (1000-1002-1003 operator numbers), 4145041 (LCC), 4145042 (LCC), 4145043 (LCC), 4145044 (LCC), 4145045 (LCC), 4145150 (Concierge), 4145152 (Concierge), 4145121 (FO), 4145070 (Reservation), 4145071 (Reservation), 4145072 (Reservation), 4145073 (Reservation), 4145074 (Reservation), 4145077 (Reservation)
   are recorded to
1. correctly address a caller;
2. confirm a call and determine the number of calls for statistical purposes;
3. ensure the provision of our information consultancy services;
4. use as evidence in possible disputes.
2. These personal data are not shared with third parties.
3. These personal data are processed automatically based on the legal grounds that “processing is compulsory for the legitimate interests of the data processor on the condition that such processing does not harm the fundamental rights and freedoms of the data subject” as stipulated by Article 5 of the Law.
4. Under Article 11 of the Law that sets out your rights, you may send your requests via postal mail to the address “Güzel Oteller Turizm Inşaat San. ve Tic. A.Ş. Kozyatağı Mah. Bayar Cad. Gülbahar Sok. KVK Plaza No:14 K:9, Kadıköy, Istanbul, Turkey” or via registered email to guzeloteller@hs01.kep.tr in accordance with the Communiqué on the Procedures and Principles of Application to the Data Controller.

Privacy Notice on the CCTV System of Swissotel Büyük Efes, Izmir

1. This privacy notice is drawn up by Swissotel Büyük Efes, the data processor, on behalf of Güzel Oteller Turizm Inşaat San. ve Tic. A.Ş., the data controller, under Article 10 of Law No. 6698 on the Protection of Personal Data (“Law”) and the Communiqué on the Principles and Procedures for Fulfillment of Disclosure Obligation.
2. To ensure security of the guests, employees, and the property, the entrance gates, indoors areas, surrounding areas, parking lot, and the gardens are continuously monitored and recorded using 328 security cameras located within the premises, and the recording process is controlled by the Security Department. The videos logs are stored for one month.
3. Such personal data are processed automatically on the legal basis that “processing is mandatory for the data processor to fulfill its legal obligation,” and that “processing is compulsory for the legitimate interests of the data processor provided that such processing does not harm the fundamental rights and freedoms of the data subject” as stipulated by Article 5 of the Law.
4. Such personal data may be provided to resolve legal disputes or if requested by legal authorities or law enforcement officers pursuant to the applicable legislation.
5. Under Article 11 of the Law that sets out your rights, you may send your requests via postal mail to the address “Güzel Oteller Turizm Inşaat San. ve Tic. A.Ş. Kozyatağı Mah. Bayar Cad. Gülbahar Sok. KVK Plaza No:14 K:9, Kadıköy, Istanbul, Turkey” or via registered email to guzeloteller@hs01.kep.tr in accordance with the Communiqué on the Procedures and Principles of Application to the Data Controller.

Güzel Oteller Turizm Inşaat San.ve Tic.A.Ş. (Swissotel Büyük Efes, Izmir) Privacy Notice (Front Desk)

1. Data Controller’s Identity: This privacy notice is drawn up by the Front Desk of Swissotel Büyük Efes, the data processor, on behalf of Güzel Oteller Turizm Inşaat San. ve Tic. A.Ş., the data controller, under Article 10 of Law No. 6698 on the Protection of Personal Data (“Law”) and the Communiqué on the Principles and Procedures for Fulfillment of Disclosure Obligation.
2. The chart below lists which personal data of our guests are processed for what purposes, for how long such data are retained, and the third parties with whom we share such data, as well as the legal basis of processing.
    
3. The rights of the data subject under Article 11 of the Law No. 6698; As per Article 11 of the Law that sets out your rights, you may send your requests via postal mail to the address “Güzel Oteller Turizm Inşaat San. ve Tic. A.Ş. Kozyatağı Mah. Bayar Cad. Gülbahar Sok. KVK Plaza No:14 K:9, Kadıköy, Istanbul, Turkey” or via registered email to guzeloteller@hs01.kep.tr in accordance with the Communiqué on the Procedures and Principles of Application to the Data Controller.

Güzel Oteller Turizm Inşaat San.ve Tic.A.Ş. (Swissotel Büyük Efes, Izmir) Privacy Notice (LCC)

1. Data Controller’s Identity: This privacy notice is drawn up by the Loyalty Club Card (LCC) Department of Swissotel Büyük Efes, the data processor, on behalf of Güzel Oteller Turizm Inşaat San. ve Tic. A.Ş., the data controller, under Article 10 of Law No. 6698 on the Protection of Personal Data (“Law”) and the Communiqué on the Principles and Procedures for Fulfillment of Disclosure Obligation.
2. The chart below lists which personal data of the LCC members are processed for what purposes, for how long such data are retained, and the third parties with whom we share such data, as well as the legal basis of processing.
    
3. The rights of the data subject under Article 11 of the Law No. 6698; As per Article 11 of the Law that sets out your rights, you may send your requests via postal mail to the address “Güzel Oteller Turizm Inşaat San. ve Tic. A.Ş. Kozyatağı Mah. Bayar Cad. Gülbahar Sok. KVK Plaza No:14 K:9, Kadıköy, Istanbul, Turkey” or via registered email to guzeloteller@hs01.kep.tr in accordance with the Communiqué on the Procedures and Principles of Application to the Data Controller.

Güzel Oteller Turizm Inşaat San.ve Tic.A.Ş. (Swissotel Büyük Efes, Izmir) Privacy Notice (Spa)

1. Data Controller’s Identity: This privacy notice is drawn up by the Spa Department of Swissotel Büyük Efes, the data processor, on behalf of Güzel Oteller Turizm Inşaat San. ve Tic. A.Ş., the data controller, under Article 10 of Law No. 6698 on the Protection of Personal Data (“Law”) and the Communiqué on the Principles and Procedures for Fulfillment of Disclosure Obligation.
2. The chart below lists which personal data of our spa customers are processed for what purposes, for how long such data are retained, and the third parties with whom we share such data, as well as the legal basis of processing.
    
3. The rights of the data subject under Article 11 of the Law No. 6698; As per Article 11 of the Law that sets out your rights, you may send your requests via postal mail to the address “Güzel Oteller Turizm Inşaat San. ve Tic. A.Ş. Kozyatağı Mah. Bayar Cad. Gülbahar Sok. KVK Plaza No:14 K:9, Kadıköy, Istanbul, Turkey” or via registered email to guzeloteller@hs01.kep.tr in accordance with the Communiqué on the Procedures and Principles of Application to the Data Controller.

Güzel Oteller Turizm Inşaat San.ve Tic.A.Ş. (Swissotel Büyük Efes, Izmir) Privacy Notice (Human Resources)

1. Data Controller’s Identity: This privacy notice is drawn up by the Human Resources Department of Swissotel Büyük Efes, the data processor, on behalf of Güzel Oteller Turizm Inşaat San. ve Tic. A.Ş., the data controller, under Article 10 of Law No. 6698 on the Protection of Personal Data (“Law”) and the Communiqué on the Principles and Procedures for Fulfillment of Disclosure Obligation.
2. The chart below lists which personal data of the employees, candidates, suppliers, supplier employees, and trainees are processed for what purposes, for how long such data are retained, and the third parties with whom we share such data, as well as the legal basis of processing.
      
3. The rights of the data subject under Article 11 of the Law No. 6698; As per Article 11 of the Law that sets out your rights, you may send your requests via postal mail to the address “Güzel Oteller Turizm Inşaat San. ve Tic. A.Ş. Kozyatağı Mah. Bayar Cad. Gülbahar Sok. KVK Plaza No:14 K:9, Kadıköy, Istanbul, Turkey” or via registered email to guzeloteller@hs01.kep.tr in accordance with the Communiqué on the Procedures and Principles of Application to the Data Controller.

Güzel Oteller Turizm Inşaat San.ve Tic.A.Ş. (Swissotel Büyük Efes, Izmir,) Privacy Notice (Head Office)

1. Data Controller’s Identity: This privacy notice is drawn up by the Head Office of Swissotel Büyük Efes, the data processor, on behalf of Güzel Oteller Turizm Inşaat San. ve Tic. A.Ş., the data controller, under Article 10 of Law No. 6698 on the Protection of Personal Data (“Law”) and the Communiqué on the Principles and Procedures for Fulfillment of Disclosure Obligation.
2. The chart below lists which personal data the Head Office processes for what purposes, for how long such data are retained, and the third parties with whom the Head Office shares such data, as well as the legal basis of processing.
    
3. The rights of the data subject under Article 11 of the Law No. 6698; As per Article 11 of the Law that sets out your rights, you may send your requests via postal mail to the address “Güzel Oteller Turizm Inşaat San. ve Tic. A.Ş. Kozyatağı Mah. Bayar Cad. Gülbahar Sok. KVK Plaza No:14 K:9, Kadıköy, Istanbul, Turkey” or via registered email to guzeloteller@hs01.kep.tr in accordance with the Communiqué on the Procedures and Principles of Application to the Data Controller.

Swissotel Büyük Efes, Izmir Staff Entrance Privacy Notice

1. As the data processor of our data controller Güzel Oteller Turizm Inşaat San. ve Tic. A.Ş.,
2. Owing to the legal obligation of the data processor and to register entries to the hotel premises,
3. Swissotel Büyük Efes registers the first and last names, TR identity numbers, and phone numbers of the guests and employees with temporary contracts, to the Enibra Security module in an electronic environment. These personal data are not transferred to anywhere and deleted automatically within one year of registry. The electronic records are not printed. Please be rest assured that we take all types of technical and administrative measures to ensure the security of your personal data.
4. Under Article 11 of the Law that sets out your rights, you may send your requests via postal mail to the address “Güzel Oteller Turizm Inşaat San. ve Tic. A.Ş. Kozyatağı Mah. Bayar Cad. Gülbahar Sok. KVK Plaza No:14 K:9, Kadıköy, Istanbul, Turkey” or via registered email to guzeloteller@hs01.kep.tr in accordance with the Communiqué on the Procedures and Principles of Application to the Data Controller.

Swissotel Büyük Efes, Izmir Parking Lot Membership Privacy Notice

1. Data Controller’s Identity: This privacy notice is drawn up by the Finance Department of Swissotel Büyük Efes, the data processor, on behalf of Güzel Oteller Turizm Inşaat San. ve Tic. A.Ş., the data controller, under Article 10 of Law No. 6698 on the Protection of Personal Data (“Law”) and the Communiqué on the Principles and Procedures for Fulfillment of Disclosure Obligation.
2. Purpose of processing personal data: We process the personal data of the parking lot members comprising their first and last names, mobile phone numbers, license plate numbers, and TR identity numbers, to manage contractual processes. Their personal data are stored for three years.
3. With whom and for what purpose the processed data could be shared: The personal data of our parking lot members are not transferred to and shared with anyone (in Turkey or abroad). In the event of a car crash inside the parking lot, the video records are provided to legal authorities upon request.
4. The method and legal basis of collecting personal data: The parking lot members’ personal data are collected through their verbal declarations. We process all their personal data to enter into and execute contracts with them.
5. The rights of the data subject under Article 11 of the Law No. 6698; As per Article 11 of the Law that sets out your rights, you may send your requests via postal mail to the address “Güzel Oteller Turizm Inşaat San. ve Tic. A.Ş. Kozyatağı Mah. Bayar Cad. Gülbahar Sok. KVK Plaza No:14 K:9, Kadıköy, Istanbul, Turkey” or via registered email to guzeloteller@hs01.kep.tr in accordance with the Communiqué on the Procedures and Principles of Application to the Data Controller.