We reserve the right to make changes to this Notice in order to provide accurate and up-to-date information concerning practices and regulations relating to the protection of personal data. Additionally, data subjects will be informed by appropriate means in the event of a substantial change to the Notice.
This Notice is prepared in order to provide information concerning which personal data Sultan Hotel processes within the scope of its commercial activities, the purposes for processing, the parties to whom personal data are transferred and the purposes for such transfers. This Notice covers the following channels through which personal data are collected:
booking offices, check-in counters, kiosks, inflight entertainment system, requests and complaints, boarding checkpoints, surveys, fairs and events; by verbal, written or electronic environments, by automatic and non-automatic means,
Sultan Hotel website and mobile applications,
Agencies authorized to sell Sultan Hotel products and services and sales channels on the web, social media, passenger and customer conversations, SMS channels, business intelligence, contracted merchants, business/program partners and other airlines; by verbal, written or electronic environments, by automatic and non-automatic means.
The website located at Sultan Hotel (“Website”); software and applications provided through computers or other smart devices (“Application”); social media accounts administered by persons authorized to provide services on behalf of Sultan Hotel (“Social Media”) and other channels shall be referred to as “Digital Platforms”.
2. Which personal data do we process?
Personal data processed by our Company differ in accordance with the nature of the legal relationship established with our Company. In this respect, categories of personal data collected by our Company through all channels, including Digital Environments, are as follows:
Identification Information (personal data provided in the course of creating an account on our Website or Application, reserving a seat on a plane or benefiting from privileged services offered by Sultan Hotel and its business partners such as name, surname, identification and passport number etc.)
Contact Information (personal data provided in the course of creating an account on our Website or Application, reserving a seat on a plane or benefiting from privileged services offered by Sultan Hotel and its business partners such as e-mail address, phone number, mobile phone number, social media contact information, address etc.)
Location Data (location data collected by way of location-based tools such as airport directions, map view, Sultan Hotel Lounge, nearest car parking space)
Advance Passenger Information (“API”) (personal data relating to name, nationality, date of birth, gender, the type and number of travel documents, date of issue and expiry as well as the issuing authority)
Information Relating to Family and Relatives (identification information, contact information, information regarding profession and education etc. relating to data subject’s children spouse etc.)
Customer Process Information (personal data recorded in channels such as call centers, credit card statements, box office receipts, customer instructions including reservation, purchase, cancellation, postponement and other changes relating to an instruction or request attributable to a person)
Process Security Information (information relating to website password etc. provided in the course of benefiting from products and services offered in digital environments)
Risk Management Information (results and records of various query provided by public institutions relating to the data subject, records of security checks concerning whether you prohibited from boarding on a plane, records of address recording system, IP tracking records etc.)
Financial Information (credit/debit card information, bank account information, IBAN information, balance information, credit balance information and other financial information)
Physical Environment Security Information (entry/exit logs in Company’s physical environments, visit information, camera and voice records etc.)
Legal Procedure and Compliance Information (information provided within information requests and decisions of judicial and administrative authorities etc.)
Audit and Inspection Information (information relating to all kinds of records and processes concerning the exercise of our legal claims and rights associated with the data subject)
Special Categories of Personal Data (special categories of personal data processed limited to the circumstances expressly envisaged under the laws and where required for the Company’s operations and upon your explicit consent such as data relating to race, ethnic origin, political opinion, philosophical belief, religion, sect and other beliefs, dress and appearance, memberships to associations, organizations and unions, health and sexual life, criminal convictions and security measures, as well as biometric and genetic data.)
Marketing Information (reports and evaluations containing information indicating preferences, taste, usage and travel habits attributable to the data subject and used for the purposes of marketing, targeting information, cookie records, data generated within data enrichment operations, records of surveys, satisfaction surveys, information and evaluations obtained as a result of campaigns and direct marketing activities etc.)
Request/Complaint Management Information (information and records collected in relation with requests and complaints concerning our products or services and information contained within reports regarding the conclusion of such requests by our business units etc.)
Audio Visual Information (photographs, camera and voice records etc.)
3. Transfer of personal data
Your personal data may be shared with parties who provide product or service to us or on behalf of our company and with our suppliers and business partners that we get support for the establishment, execution and termination of our relationship, including the parties collaborating with us for the purposes of providing products and services to you. Your personal data may also be shared with public institutions and private persons authorized by law within the scope of their authorization. In such cases, our company takes all precautionary measures to ensure that the parties carry processing and transfer activities in accordance with the rules stated in this Notice and other related law.
Personal data may be shared with group companies, business partners, public institutions and private persons authorized by law pursuant to conditions and purposes of processing personal data as stated under Article 8 and 9 of the Law, and may be transferred abroad, limited with the stated purposes and in accordance with the principles and procedures stated under Article 9 of the Law and decisions of the Personal Data Protection Board.
Your personal data may only be transferred abroad where;
your explicit consent is obtained, or
where your explicit consent is not obtained but one or more data processing condition(s) which stated in the Law are met,
the transferred country found to be offering adequate protection by the Personal Data Protection Board decision or;
in case of the protection in the transferred country found to be inadequate, a written undertaking to provide adequate protection between our Company and the Data Controller that the data are being transferred to have been reached and the approval of the Personal Data Protection Board have been obtained.
4. Retention of personal data
Our company determines the retention periods by taking into consideration of the applicable law and purposes of data processing. In this respect, where applicable, we particularly consider the issues of period of limitation and legal obligations regarding the processing of personal data. Once the purpose for processing personal data ceases, unless another legal reason or basis allowing the retention of the personal data exists, data will be deleted, destroyed or anonymized.
5. Principles relating to personal data privacy
Our company acts in accordance with the principles stated below in all data processing activities. “Acting in accordance with the law and in good faith”, “Authenticity and Being Up-to-date”, “Processing for specific, clear and legitimate purposes”, “Being relevant, limited and proportionate with the purposes”, “Retention as stated in the related law or as long as necessary for the relevant purpose”
6. Use of digital platforms
Your personal data may be processed while your use of Digital Platforms to manage and operate the Website, to perform activities for optimizing and improving the user experience related to the Website and Application, to detect in what ways the Website is being used, to support and enhance the use of location based tools, to manage your online accounts and to inform you about the services offered near you.
In case you desire to benefit from the offered product and services, your personal data will be processed only to make you get such product and services.
7. The exercise of rights by the data subjects
You can easily use your rights mentioned above and easily communicate the related requests to us via contact information below.
Data subjects’ requests concerning the above-listed rights shall be concluded by us within thirty days at the latest, in accordance with the limitations provided by the Law.
In principle, data subject requests shall be concluded free of charge. However, Sultan Hotel reserves its right to demand a fee from the tariff specified by the Board, in case the request requires additional costs.
Our Company may request certain information from the data subject in order to determine that the applicant is in fact the Data Subject, and additional questions can be directed to the applicant to clarify matters regarding the applications.
AVUZ SOKAK NO:1
Goreme/ Nevsehir 51080
+90 (384) 271 27 63
+90 (384) 271 25 31
+90 (538) 400 25 20
+90 (538) 400 25 20
+90 (538) 400 25 20
8. Data security
We take all appropriate technical and organizational measures to safeguard your personal data and to mitigate risks arising in connection with unauthorized access, accidental data loss, deliberate erasure of or damage to personal data.
In this respect our Company;
Ensures data security by utilizing protection systems, firewalls and other software and hardware containing intrusion prevention systems against virus and other malicious software,
Access to personal data within our company is carried out in a controlled process in accordance with the nature of the data and within the framework of the authority on the basis of unit / role / practice,
Ensures the conduct of necessary audits to implement the provisions of the Law, in accordance with Article 12 of the Law,
Ensures the lawfulness of the data processing activities by way of internal policies and procedures,
Applies stricter measures for access to special categories of personal data,
In case of external access to personal data due to procurement of outsource services, our Company obliges the relevant third party to undertake to comply with the provisions of the Law,
It takes necessary actions to inform all employees, especially those who have access to personal data, about their duties and responsibilities within the scope of the Law.