Guest Personal Data Protection and Processing Privacy Notice

GUEST PERSONAL DATA PROTECTION AND PROCESSING PRIVACY NOTICE

1. Data Controller In accordance with the Law on the Protection of Personal Data No. 6698 (“KVKK”), your personal data may be processed by İstanbul Akvaryum Turizm Ticaret A.Ş. (Crowne Plaza Istanbul Florya) (hereinafter referred to as the “Hotel” or “Company”) acting as the Data Controller, within the scope described below.

2. Your Processed Personal Data During the process of receiving services from our Hotel, your personal data in the following categories is processed:

  • Identity Information: Name, surname, Turkish ID/Passport number, place and date of birth, nationality, signature.
  • Contact Information: Phone number, e-mail address, home/business address.
  • Financial Information: Credit card details (masked), bank account information, payment history.
  • Service and Transaction Information: Accommodation dates, room number, license plate information (if parking is used), special requests.
  • Visual and Audio Recordings: Security camera (CCTV) footage recorded in general hotel areas (corridors, lobby, exterior).
  • Health Information (Special Categories of Personal Data): Information shared only with your explicit consent or request (e.g., allergies, disability status, dietary restrictions).

3. Purposes of Processing Personal Data Your personal data is processed for the following purposes:

  • Providing hotel services (accommodation, spa, restaurant, etc.) and managing reservation processes.
  • Fulfilling the obligation to notify law enforcement agencies (Police/Gendarmerie) instantly pursuant to the Identity Notification Law No. 1774.
  • Maintaining financial records, issuing invoices, and complying with tax law requirements.
  • Ensuring the physical security and transaction security of the Hotel.
  • Managing the IHG (InterContinental Hotels Group) loyalty program (IHG One Rewards) membership processes (if you are a member).
  • Measuring customer satisfaction and fulfilling your requests.

4. Transfer of Personal Data Your personal data may be transferred to the following parties in line with the purposes stated above and within the framework of the conditions specified in Articles 8 and 9 of the KVKK:

  • General Directorate of Security and relevant law enforcement agencies (via the KBS system) due to our legal obligations.
  • Revenue Administration and authorized financial advisors due to financial obligations.
  • InterContinental Hotels Group (IHG) companies based abroad for global reservation and loyalty program management, as our Hotel is an IHG brand (based on your explicit consent or the execution of the contract).
  • Suppliers from whom we receive services (IT support, transfer services, etc.).

5. Method and Legal Reason for Personal Data Collection Your personal data is collected through reception (check-in) forms, the website, call centers, travel agencies (Booking, Expedia, etc.), and security cameras.

This data is processed based on the legal grounds specified in Article 5 of the KVKK:

  • It is explicitly provided for by the laws (Law No. 1774, Tax Procedure Law).
  • It is necessary for the establishment or performance of a contract (Accommodation service).
  • It is mandatory for the data controller to fulfill its legal obligation.
  • Data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject. (Note: Separate "Explicit Consent" is obtained for sending marketing e-mails/SMS.)

6. Rights of the Data Subject (Article 11) Pursuant to Article 11 of the KVKK, you have the right to apply to our Company to:

  • Learn whether your personal data is processed or not,
  • Request information if your personal data has been processed,
  • Learn the purpose of processing your personal data and whether they are used in accordance with their purpose,
  • Know the third parties to whom your personal data is transferred in the country or abroad,
  • Request correction of personal data if it is incomplete or incorrectly processed,
  • Request the deletion or destruction of personal data within the framework of the conditions stipulated by law.

7. Application Method You can submit your requests regarding these rights in writing or via registered electronic mail (KEP), secure electronic signature, or mobile signature to the addresses of our Company specified below.

  • Address: Şenlikköy Mah., Yeşilköy Halkalı Cd. No: 95, 34153 Bakırköy/İstanbul – Türkiye
  • E-mail: kvkk@cpistanbulflorya.com