BOOKUP, the brand of our company, HSC GRUP TUR. Ltd. is entitled as 'data controller' within the scope of the Law on the Protection of Personal Data No.6698 (the 'Law') in respect to personal data of its customers and this Enlightenment and Consent Text aims at enlightening its customers with regard to personal data processing activities of BOOKUP.COM.TR and obtaining their express consent in relation to the circumstances specified in Article 3 below, pursuant to the Law.
2. Purpose of Processing the Personal Data of Customers and Collection Method:Depending on the products and services provided by and business operations of our company, personal data of our customers are collected orally, in writing or electronically with automatic or manual tools via offices, branch offices, vendors, call centers, web sites, social media channels, mobile applications etc. The collected data are processed basing on the statements of customers. BOOKUP.COM.T isis not obliged to investigate the accuracy of the data declared by individuals. For this reason, the declarant shall be legally responsible in case of any dispute in this respect.
The collected personal data are processed pursuant to the conditions and purposes of processing personal data stipulated in articles 5 and 6 of the Law including performance of necessary works by business units to enable the related people benefit from the services provided by BOOKUP.COM.TR and execution of related processes, planning and execution of commercial and/or business strategies of BOOKUP.COM.TR, ensuring legal, technical and commercial-business security of BOOKUP.COM.TR and third parties having business relationship with BOOKUP.COM.TR, planning and executing the activities needed to customize the services provided by BOOKUP.COM.TR in accordance with appreciation, usage habits and needs of relevant individuals and offering and promoting them to relevant individuals.
Processing and Protection of Personal Data Pursuant to the Law No.6698:Within the scope of the Law No.6698, BOOKUP.COM.TR defines the personal data as “all kinds of information in relation to identified or identifiable real and legal persons” and processing as “all kinds of processes conducted to obtain the personal data in fully or partly automatic ways or in non-automatic ways provided that they are a part of any data recording system, record, store, preserve, alter, rearrange, disclose, transfer, take over, make available, classify them or prevent their usage”.
Personal Data;| Identity Information: | All information included in documents such as driving license, identification card, passport, attorney ID, marriage certificate (e.g. TRIN, passport no., serial number of identification card, name-surname, place of birth, date of birth, age, place of registry, certificate of identity register copy) |
| Contact Information: | Information used to communicate with the individual (e.g. e-mail address, phone number, cellphone number, address) |
| Customer Information: | Information about customers who benefit from our services (e.g. Booking information, customer no., occupation etc.) |
| Customer Transaction Information: | Information regarding all kinds of transactions made by the customers who benefit from our services (e.g. Booking, requests and instructions, payment information etc.) |
| Physical Space Security Information: | Data related to records made at entry to and stay in physical space and submitted documents (e.g. entry and exit logs, information regarding the visit, camera recordings etc.) |
| Process Security Information: | The data processed to provide technical, administrative, legal and commercial security of our company and related parties (e.g. information like Internet pass code and password that shows the transaction matched with the owner of personal data, the authority to match the said individual with the transaction and the authority of the said individual to make the said transaction) |
| Risk Management Information: | Personal data processed to manage commercial, technical and administrative risks of our company (e.g. records like IP address, Mac ID, etc.) |
| Financial Information: | Personal data created according to the nature of the relationship with the owner of personal data which show all kinds of financial results within the scope of information, documents and records (e.g. information showing the financial result of the transactions made by the owner of personal data, amount of credit, card information, credit payments, amount and rate of the interest, debit balance, credit balance etc.) |
| Marketing Information: | Data to be used by our company for marketing activities (e.g. reports and assessments containing habits and tastes of the individual and collected for marketing purposes, targeting information, cookie records, data enrichment activities) |
| Legal Transaction and Compliance Information: | Personal data processed to determine and keep track of legal receivables and rights, and fulfillment of debts and legal obligations (e.g. data included in documents such as court decisions and decisions of administrative authorities) |
| Supervision and Inspection Information: | Personal data processed within the scope of our company's legal obligations and compliance with company policies (e.g. supervision and inspection reports, interview recordings and similar recordings) |
| Request/Complaint Management Information: | Personal data related to obtaining and assessing all kinds of requests and complaints filed against our company (e.g. Requests and complaints filed against the company, records and reports thereof) |
| Audio Visual Data: | Audio visual recordings associated with the owner of personal data (e.g. photos, camera recordings and voice records) |
The personal data can be conveyed by our company, HSC GRUP TUR. Ltd. Company to our officials, affiliates, business partners, hotels where our online module is installed, our shareholders, legally competent public institutions and organizations and private institutions.
If a contractual relationship is established between our company and our customers, the personal data collected may be used without the consent of the customer. However these data are used in line with the purpose of the contract. The data are used to the extent required to execute the contract better and in accordance with the requirements of the service and they are updated by contacting with customers. None the less, the data provided by our prospects (potential customers) are processed to provide more convenient and quality service to them. In case of their request, these data are deleted if no contractual relationship is established.
In its capacity of data controller, our company enlightens the data owners under its obligations specified in Article 10 of the Law before obtaining personal data of individuals. In case any data processing process performed by our company doesn't fulfill the conditions stipulated in the Law and detailed inII.a and b above, express consents of data owners are obtained and the related processes are conducted within the framework of the said express consents.
Explicit consent is defined in the Law as 'the enlightenment-based consent related to a certain matter expressed with free will'. Our company enlightens the data owners in this line pursuant to Article 10 of the Law and obtains their express consents.
Even though any period is not specified in the Law to keep the personal data, retaining the personal data for a period stipulated in the relevant legislation or necessary for processing them constitutes the basis in accordance with general principles. In order to determine the retention periods in conformity with said principles, our Company makes an assessment based on the legislation in force and the purpose of retention period in respect of each and every data processing process. Accordingly, our Company retains the personal data at least for the period required by its legal obligations and in any event, until the expiry of the prescription period. Including the expiry of the said periods, if the purpose of processing the related personal data is not valid anymore within the scope of any process, our Company anonymizes, deletes or destroys the personal data in accordance with the Law. The Law defines anonymization as 'making the personal data not associable with any identified or identifiable individual even by matching them with other data' and our Company performs anonymization activities in compliance with the legislation in force.
Paragraph 2 of Article 28 of the Law stipulates that the data owner cannot make any claim from the data controller except compensation of his/her damages in certain circumstances. Pursuant thereto, the aforementioned rights related to relevant data shall not be exercised in circumstances when processing personal data is required to prevent committing a crime or for criminal investigation; the personal data anonymized by the related individual are processed; processing personal data is required for commissioned and authorized public institutions and organizations, and public professional organizations to perform their duties to supervise or regulate under the authority granted them by the Law and disciplinary proceeding; processing personal data is required to protect economic and financial interest of the state in relation to budgetary, tax and financial matters.
4. Personal Data to be Processed in Line with Explicit Consent of Customers and Purposes of Processing:In below circumstances when the conditions with regard to processing personal data included in articles 5/2 and 6/3 of the Law are not met, BOOKUP.COM.TR is required to obtain express consent of customers to process the personal data.
In this context, personal data can be processed in line with the express consent of the customer and shared with the parties specified in this Enlightenment and Consent Text for planning and conducting the processes of sales and marketing of BOOKUP.COM.TR, establishing and/or enhancing loyalty to services provided by BOOKUP.COM.TR including forming campaigns for customers, making cross-sales, determining target audiences, keeping track of customers’ activities, carrying out activities to increase user experience, developing the operation of the website and mobile application of BOOKUP.COM.TR and customizing them in line with the needs of customers, carrying out direct and indirect marketing, tailor-made marketing and remarketing activities, carrying out tailor-made segmentation, targeting, analysis and in-company reporting activities, planning and executing market research and customer satisfaction activities and planning and executing customer relations processes.
5. Transfer of Customers' Personal Data:Personal data of customers may be shared with company officials, affiliates, business partners, shareholders of HSC GRUP TUR. Ltd. Company, legally authorized public institutions and organizations, and private institutions pursuant to terms and purposes of processing personal data specified in articles 8 and 9 of the Law including performance of necessary works by work units to make the related individuals to benefit from the services provided by BOOKUP.COM.TR and execution of related business processes, performance of required works by the relevant work units to actualize commercial activities of BOOKUP.COM.TR and execution of related business processes, planning and execution of commercial and/or business strategies of BOOKUP.COM.TR, providing legal, technical and commercial-business security of BOOKUP.COM.TR and real and legal persons having business relations with BOOKUP.COM.TR, and customizing and offering the services provided by BOOKUP.COM.TR in accordance with tastes, usage habits and needs of related individuals.
6. Method of Collecting Personal Data and Legal Reason:Personal data are collected from the customers in electronic environment. Due to the aforementioned legal reasons, collected personal data can be processed and transferred for the purposes stipulated in articles 5 and 6 of the Law and in this Enlightenment and Consent Text.
7. Customers' Rights as Owners of Personal Data:In accordance with Article 11 of the Law, data owners have the rights to;
The copy of the request form with wet signature regarding the exercise of aforementioned rights and documents confirming the identity of the related data owner can be delivered by hand or through a notary public or by any other way specified in the Law to the address at Güzeloba Mah. 2272 sok. No: 82 Muratpaşa/Antalya.
The requests of data owners delivered with aforementioned methods are evaluated and replied by our company within thirty days at the most. Our company reserves the right to request additional information and documents from the applicant to confirm whether he/she is the related data owner.
As a rule, applications of data owners are evaluated by our Company free-of-charge. However if a fee is specified with regard to the claim of data owner by the Personal Data Protection Board, our Company shall have the right to charge a fee on the basis of the said fee.
