Disclosure Text on the Processing of Personal Data

As Tursoy Otelcilik ve Turizm Yatırımları A.Ş. ("Richmond Hotels"), we place great emphasis on the privacy and security of your personal data. Within this framework and in accordance with Law on the Protection of Personal Data No. 6698 ("LPPD"), it is one of our priorities to process and protect all kinds of personal data belonging to all individuals related to Richmond Hotels including our guests who use our services and products, and with whom our company have business relationship with.

In accordance with the LPPD, in the capacity as Data Controller, and with the awareness of this responsibility, we would like to inform you hereunder about the purposes of processing your personal data, the methods and reasons for collecting your data, your rights regarding the processing of your personal data and the application procedures and principles which are the method of exercising these rights.

As Richmond Hotels, we collect personal data of our guests, visitors and business contacts (including the shareholders, officers and employees of corporations with whom our company have a business relationship with, such as travel agencies, suppliers, and subcontractors), if necessary, and in accordance with the LPPD. We collect the following personal information:

-Identity Information: Information we collect from our guests, visitors and business contacts (including the shareholders, officers and employees of corporations with whom our company have a business relationship with, such as travel agencies, suppliers, and subcontractors) such as name, surname, Turkish Identity Number, nationality, vehicle license plate number, and a copy of the ID card.
-Contact Information: Communication information we collect from our guests, visitors and business contacts (including the shareholders, officers and employees of corporations with whom our company have a business relationship with, such as travel agencies, suppliers, and subcontractors) such as phone number, address, e-mail address.
-Information Concerning Family Members and Relatives: Information about the family members, relatives or the persons accompanying our guests during their stay. We collect this data from our guests in line with the related legislation and/or in order to protect the legal and any other interests of our Company or the person concerned.
-Financial Data: Information regarding wage, salary, payment, credit card that we collect from our guests and business contacts in line with the legal relationship established by our Company with the data subject.
-Personal Benefits Information: All kinds of personal information that is the basis for the employee personal rights of the natural persons who are in a work relationship with our Company and that we collect from the officials and employees of the corporations that our Company has a business relationship with, such as subcontractors and so on.
-Physical Space Security Data: Personal data such as security and camera recordings received during the entrance to or stay at the physical space that we collect from our guests, visitors and business contacts (officials and employees of the corporations that our Company has a business relationship with, such as subcontractors and so on.)
-Audio/Visual Data: Personal data that are not part of the physical space security information, including photographs, audio and video recordings that we collect from our guests and business contacts (shareholders, officers and employees of corporations with whom our company have any kind of business relationship).
-Transactions Data: Personal information that we collect from our guests related to the guest's transactions such as booking information, records of the accommodation or visit, product or service purchases, the membership information, groups and activities related to the accommodation, and personal preferences.
-Communication and Complaint Management Data: Personal data obtained from our guests, visitors, business contacts (including the shareholders, officers and employees of corporations with whom our company have a business relationship with, such as travel agencies, suppliers, and subcontractors) and other third parties in the process of receiving and evaluating any kinds of requests and complaints against our Company.
-Private Personal Data: Information that we collect from our guests, visitors and business contacts concerning health data, association and foundation membership, biometric data (audio and video recordings), blood type and criminal conviction information, specified in the Article 6 of LPPD.
-Other Data: Information that we collect from our guests, visitors, business contacts (including the shareholders, officers and employees of corporations with whom our company have a business relationship with, such as travel agencies, suppliers, and subcontractors) and other third parties that are collected automatically through data processed for technical transaction security, risk management information, legal proceedings data, marketing data, location data, cookies and other means.

-Booking, registration/entry to our facilities and other communication methods including printed and electronic forms you filled out during your stay in our facilities,
-Our websites, our social media accounts operated on behalf of Richmond Hotels and its brands,
-E-mails, phone calls, text or multimedia messages and other forms of communication methods including printed and electronic forms that we use as part of Richmond Hotels sales and marketing activities,
-Closed circuit camera systems in Richmond Hotels head office and accommodation facilities,
-The applications (sending messages via TVs in the rooms, etc.) in our accommodation facilities,
-Contracts that we signed with you or your company as part of our business activities, commercial offers, printed and electronic forms, documents, correspondences, applications that are submitted to us,
-Business cards and other documents provided by you within the scope of our job interviews and events,
-Third parties such as Richmond Hotels' group companies, business contacts, travel agencies, service/product suppliers
-We process your personal data that we collect with the methods mentioned above, based on one or more of the following legal reasons:

Your explicit consent,

-If the applicable laws and regulations of the Republic of Turkey dictates the processing necessary,
-In case it is mandatory to preserve the life or bodily integrity of you or someone else while you are physically incapacitated and therefore unable to give consent.
-In case it is required for the performance of the contract we have concluded with you or your company,
-When it is necessary to process your personal data in order to fulfill our legal obligations,
-If you publicized your personal data,
-If it is required for the exercise or protection of our legal or contractual rights as a company,
-In case the processing of your personal data is necessary for our legitimate interests, without damaging your fundamental rights and freedoms.

We protect all your personal data that we process in accordance with the deadlines set by the LPPD and other legislation, and in all cases, taking all necessary administrative and technical measures, as long as the above-mentioned legitimate objectives are valid.

We process your Personal Data for the following purposes:

(1) Performing our hotel management activities, carrying out your requests and meeting the expectations with the products and services offered to you by Richmond Hotels, providing our guests with the desired level of hospitality and personal experience,

(2) Carrying out the planning, evaluation and other activities for enabling our guests to use our products and services,

(3) Contacting our guests and business contacts directly to provide and manage services within the scope of our hotel management activities; providing correspondence, notifications and booking confirmations regarding our hotel and accommodation services;

(4) Carrying out advertising and marketing activities related to products and services offered by Richmond Hotels; informing about activities such as promotions, special offers, campaigns, newsletters, events and so on; conducting corporate communication activities; offering products and services tailored to people's tastes, usage habits and needs,

(5) Carrying out Marketing and Guest Relations Management activities; managing loyalty programs,

(6) Organizing and providing information about events, promotions and receptions within corporate communications activities; conducting market research,

(7) Producing statistics on the number, type, visit frequency, behaviors, and geographic locations of users in order to improve our digital platforms and to provide the platform users with an efficient and personalized experience; offering personalized content, promotions and advertisements according to the interests and needs of the platform users; using cookies for this end,

(8) Following up and evaluating requests, suggestions and complaints; guest satisfaction management and implementation of planning, statistics and satisfaction evaluations in this context,

(9) Performing quality assessment and improvement studies to provide better and more reliable products and services and to ensure sustainability; supervision of suppliers, subcontractors and persons with whom we have similar business relations,

(10) Managing business and commercial relations with business contacts, travel agencies, suppliers, subcontractors and companies with whom we have similar business relationship,

(11) Ensuring legal and commercial security of Richmond Hotels and for persons who have business relations with Richmond Hotels; planning of administrative operations for the services provided by our Company; evaluating and auditing processes of the partners/customers/suppliers (officials or employees), such as legal compliance process,

(12) Ensuring physical security and supervision of facilities operated by Richmond Hotels,

(13) Planning and execution of occupational health and safety processes,

(14) Exercising legal rights, including the use of transaction history information as evidence in case of discontinuation of the legal relationship,

(15) Determining and implementing commercial, legal and business strategies,

(16) Conducting policies regarding financial affairs; e-invoice management,

(17) Planning, auditing and conducting information security processes, management of information technology infrastructure,

(18) Planning, reporting, producing visitor/customer statistics and similar research within the scope of our Company's activities,

(19) Ensuring compliance with the relevant domestic legislation, provision of information requested by public institutions and organizations, fulfillment of reporting obligations.

In order to maintain our company's activities and business processes, we may transfer your personal data to our group companies at home and/or abroad; to our business partners that provide services to our company; to our agencies and business contacts who offer online hotel reservation service; to our suppliers; to our third-party service providers; to our insurance companies; to banks and financial institutions; to our consultancy firms that offer legal and taxation advice; to company officials, shareholders, legally authorized public institutions and private individuals; to our service providers, who process personal data on behalf of our Company at home and/or abroad, from whom we receive storage, archiving and information technologies support (server, hosting, software, cloud computing etc.), in accordance with the provisions set out in the LPPD, as long as the legal reasons mentioned above are valid. As Richmond Hotels, we are committed to securely protecting and processing your personal data in accordance with the law.

i. Your Rights About Your Personal Data

We would like to inform you that you have the following rights regarding your data processed by the Company:

(1) To learn whether your personal data is processed or not,

(2) To request information if your personal data is processed,

(3) To learn the purposes of processing personal data and whether your data is used for the intended purposes,

(4) To know what part of your personal data is transferred to which domestic or foreign third party,

(5) To request correction of any incomplete or inaccurate data,

(6) In case your personal data is corrected, deleted or destroyed, to request notification of such operations to third parties to whom your personal data has been transferred,

(7) To request the deletion or destruction of your personal data if the reasons that require the processing of your personal data are no longer valid or your personal data is out of date,

(8) To object to any unfavorable consequence occurred as a result of the automatic analysis of your data,

(9) To request compensation for the damages arising out of the unlawful processing of your personal data.

ii. Application

You may send your requests regarding your rights mentioned above, by filling in the application form below and posting it to our company in written form or by registered electronic mail address, secure electronic signature, mobile signature or by e-mail address which you have previously given us and registered in our system. Please click here for the application form.

Richmond Hotels will respond to your requests as soon as possible, no later than 30 days after we receive it depending on the nature of the request, free of charge. If there is a cost regarding fulfilling your requests, we can only charge you the fees in the tariff determined by the Personal Data Protection Board.

We may accept any requests directed to the Company or deny the request with justification, and disclose our decision in written or electronic form to the applicant. If the request is accepted, as Richmond Hotels, we are obliged to fulfill the request immediately.

iii. Complaint

In the event that your request from Richmond Hotels is rejected by the Company, you are not satisfied with the response given by the Company, or you are not responded to; you can file a complaint to the Personal Data Protection Board within 30 days after the date of notification or if you are not responded to, within 30 days beginning from the end of the 30-day period.

DATA CONTROLLER IDENTITY AND CONTACT INFORMATION

This disclosure text has been issued by Tursoy Otelcilik ve Turizm Yatırımları A.Ş., established in Turkey, in the capacity of Data Controller to the related data owners.

Trade Name: Tursoy Otelcilik ve Turizm Yatırımları A.Ş.

Mailing address: Değirmen Yolu Cad. Asia Ofis Park No: 28 A Blok Kat: 1

34752 Ataşehir – Istanbul

Mersis No: 0871005355000015

Telephone: +90216 571 4900

Fax: +90216 410 4270

KEP address: [email protected]

This disclosure text involves personal data processing activities of all of our hotels (Richmond Ephesus Resort, Richmond İstanbul, Richmond Nua Wellness-Spa and Richmond Pamukkale Thermal hotels) that are operating under Richmond Hotels, tied to Tursoy Otelcilik ve Turizm Yatırımları A.Ş. ("Richmond Hotels").