NORM GRUP OTELCİLİK VE TURİZM İŞLETMESİ ANONİM ŞİRKETİ

WEBSITE HOMEPAGE PRIVACY NOTICE FOR THE PROTECTION OF PERSONAL DATA / PRIVACY POLICY

By visiting this website and using the services offered through it, the information we obtain about you and the services you request is subject to the terms set forth in this policy. By visiting this website and requesting the services offered through it, you agree to the terms outlined in this policy. The data you provide during reservation and/or purchase will not, under any circumstances, be shared with third parties without your knowledge or explicit instruction, nor will it be used for commercial purposes outside the scope of our operations or be sold. Aside from the personal data we process via email addresses and reservation forms, visitor behavior and preferences observed during your use of the website are not analyzed or evaluated by us. However, these statistical data, which do not contain any personal information, may be shared with our business partners. The information you share with us will only be disclosed to official authorities if such disclosure is requested in accordance with legal regulations and we are obliged to do so under the applicable mandatory provisions of the law. All information you enter into the system is accessible only by you and can only be modified by you. It is not possible for any third party to access or alter this information.

The credit card information requested on the payment page is not stored on the servers of this website or those of the service providers operating it, in order to ensure the highest level of security for our valued customers. All payment-related transactions are carried out exclusively through the interfaces of the respective payment service providers. By using this website, you agree that your financial information may be shared with third parties (e.g., banks, credit card companies) necessary for the execution of the transaction. Otherwise, the purchase process cannot be completed. To protect your personal data, we have taken all necessary measures and ensured that our system and internet infrastructure are maintained at the highest possible level of security.


By visiting this website, the following personal data may be processed:

Identity data, contact data, transaction security information, IP address, product/service information, and request/complaint management information.


Purposes of processing your personal data:

The personal data collected during your visit to this website may be processed by the organization in accordance with Articles 5 and 6 of the Turkish Personal Data Protection Law (KVKK) for the following purposes:
• To enable the use of services offered through our website, to carry out reservations and conclude contracts, and to provide customer services related to the purchased or requested services,
• To respond to questions related to our services and our website,
• With the visitor’s consent: to send information about promotions, prize draws, campaigns, announcements, and marketing offers that may be of interest to the visitor, and to conduct analyses to determine product preferences in order to deliver personalized content,
• To carry out activities aimed at improving the functionality of our website, such as data analysis, security measures, testing, development or modification of our services, and identifying usage trends,
• To perform accounting, invoicing, reconciliation, and collection processes.


Sharing of Your Personal Data:

Access to all personal data processed by us is strictly limited to authorized personnel and designated managers within our organization. Even authorized individuals are not permitted to copy your personal data unless it is absolutely necessary. To ensure the security of your personal data, server rooms and all other locations where such data is stored are physically secured, and access to these areas is continuously monitored. All necessary administrative and technical measures are taken to prevent unauthorized access to personal data. Your personal data is only transferred to third parties in the cases specified under Articles 8 and 9 of the Turkish Personal Data Protection Law (KVKK). In accordance with the conditions and purposes for processing personal data outlined in these articles, your data may be shared with our business partners (e.g., external service providers, hosting companies, market research firms, call centers), shareholders, subsidiaries, legally authorized public institutions, and natural or legal persons (e.g., auditors, insurance companies, lawyers, accountants, banks).


Retention Period of Your Personal Data:
Even if your personal data has been processed in accordance with the law and relevant legal provisions, it will be deleted, destroyed, or anonymized by the organization once the purposes that required its processing no longer apply.
In line with the applicable law, your personal data may be retained for the duration of legally mandated limitation periods in order to be used in the event of potential legal disputes. In such cases, the stored personal data will not be accessed for any other purpose and will only be accessed if and when it is necessary in the context of the respective legal dispute.

Your Rights Regarding Your Personal Data:

In accordance with Article 11 of the Turkish Personal Data Protection Law (KVKK), you have the following rights regarding your personal data:
• To learn whether your personal data is being processed,
• To request information if your personal data has been processed,
• To learn the purpose of processing your personal data and whether it is used in accordance with this purpose,
• To know the third parties to whom your personal data is transferred, whether domestically or abroad,
• To request correction of your personal data if it is incomplete or inaccurate, and to request that such corrections be communicated to third parties to whom your data has been transferred,
• To request the deletion or destruction of your personal data if the reasons requiring its processing no longer exist, even if it has been processed in accordance with the law, and to request that such actions be communicated to third parties to whom your data has been transferred,
• To object to any outcome to your detriment that arises from the analysis of your data solely by automated systems,
• To request compensation if you suffer damage due to the unlawful processing of your personal data.
• If you submit your requests concerning your rights through the methods specified in the Data Subject Application Form, your request will be processed free of charge and concluded as soon as possible, and no later than thirty (30) days, depending on the nature of the request.
• For more detailed information about the protection of your personal data, you may refer to our KVKK Policy available at the following link: https://www.thenormhotels.com/ .


PERSONAL DATA PROTECTION AND PRIVACY POLICY


DATA OF OUR EMPLOYEES

Processing of the data for business relations
NORM GRUP OTELCİLİK VE TURİZM İŞLETMESİ ANONİM ŞİRKETİ behält sich das Recht vor, Änderungen an den Erklärungen auf dieser Seite vorzunehmen. Auf der Startseite der Webseite gibt es einen Link, der den Zugang zur aktuellen "Richtlinie zum Schutz personenbezogener Daten und zum Schutz der Privatsphäre" gewährt. Das letzte Mal, als die Richtlinie aktualisiert wurde, und die Aktualisierungsnummer sind am Ende des Textes auf der Seite www.thenormhotels.com/kvvv angegeben. Alle Änderungen an der Richtlinie werden mit der Veröffentlichung der geänderten Erklärung auf der Webseite wirksam. Durch die Nutzung der Webseite, unserer Produkte und Dienstleistungen infolge dieser Änderungen erklären Sie sich mit der zu diesem Zeitpunkt geltenden geänderten Erklärung einverstanden.

Processing as per Legal Obligations
NORM GRUP OTELCİLİK VE TURİZM İŞLETMESİ ANONİM ŞİRKETİ may also process the personal data of the employees without obtaining a separate consent to fulfil a legal obligation stipulated in the legislation or in case it’s explicitly specified in the legislation. This case is limited to the obligations arising from the Law.

Processing in Favour of the Employees
NORM GRUP OTELCİLİK VE TURİZM İŞLETMESİ ANONİM ŞİRKETİ may process the personal data without obtaining the consent for the procedures in favour of company employees like private health insurances. For the disputes arising from the business relations, the company may also process the data of the employees.

Processing of data of special nature
Due to our direct communication and interaction with our guests, it is necessary for our employees to have their Covid-19 related information processed by our company in order to protect public health. Therefore, our employees' records of having contacted Covid-19, vaccination card details (vaccination dates or non-vaccination information) will be stored in their personnel files for a period of 5 years during and after the pandemic. Pursuant to the Law, race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, clothes, membership of association, foundation or union, health, sexual life, juridical sentence and data regarding safety measures and biometric and genetic data are among the special quality data. Besides the consent of the relevant person, NORM GRUP OTELCİLİK VE TURİZM İŞLETMESİ ANONİM ŞİRKETİ also takes adequate measures determined by the Board for the processing of special quality data. Special quality data may be processed limited to and related to the cases permitted by the Law without the consent of the person. The quality data obtained from the employees shall only be used for the corresponding purpose to allow them to benefit from the insurance and health services.

Data processed with automatic systems
The data processed regarding the employees with automatic systems may be used for in-house promotions and performance assessments. The employees reserve the right to appeal to the unfavourable results against them and they should perform this process in compliance with the internal procedures. Appeals of the employees shall be evaluated again within the company.


Telecommunication and internet
The computers, telephone, e-mail and other applications allocated to the employees within the company shall only be used for business purposes. The employee cannot use any of these means allocated to himself/herself by the company for private purposes or communication. The company may control and monitor all communication on these tools within the scope of ensuring the continuity of intercompany relations, contracts and commercial communication for a maximum of 1 year, even after the employee leaves the job. The employee undertakes not to keep any data or information apart from the business purposes on the computer, telephones or other means allocated to himself/herself as of his/her employment date.

It is the user's responsibility to pay attention to the use of mobile devices (mobile phone, portable computer, tablet, etc.) in public places, meeting rooms and other unprotected areas. Mobile devices must also be physically protected from theft in places such as cars and other transportation vehicles, hotel rooms, conference centers and meeting rooms. When a mobile device is lost or stolen, it should be forwarded to IT units without delay.


TRANSFERRING OF THE PERSONAL DATA DOMESTICALLY AND INTERNATIONALLY

Your personal data may be shared with business and solution partners by NORM GRUP OTELCİLİK VE TURİZM İŞLETMESİ ANONİM ŞİRKETİ for the purpose of offering accommodation, transfer, ticketing, invoicing, survey sending services. Your personal data may be transferred to foreign countries ("Countries with Adequate Protection") declared to have sufficient protection by the Personal Data Protection Board. In the absence of adequate protection, your personal data may be transferred to foreign countries ("Adequate Countries with Data Controllers Committing Adequate Protection"), where data controllers in Türkiye and the relevant foreign country have committed to providing sufficient protection in writing and have obtained permission from the Board. The transfers will be carried out meticulously, ensuring that the data security commitments in the respective country are thoroughly examined, using only the necessary information and up-to-date data protection methods.

NORM GRUP OTELCİLİK VE TURİZM İŞLETMESİ ANONİM ŞİRKETİ may transfer personal data to the individuals and institutions listed below for specific purposes:
a) NORM GRUP OTELCİLİK VE TURİZM İŞLETMESİ ANONİM ŞİRKETİ's business partners, within the scope of the established business partnership, for the purpose of offering services (transfer planning, ticketing, pre-flight hospitality services).
b) NORM GRUP OTELCİLİK VE TURİZM İŞLETMESİ ANONİM ŞİRKETİ’s suppliers, to offer services necessary for the company's commercial activities that are sourced externally from the supplier (server, storage, archiving, GSM services, hosting, IT support, legal and similar consultancy firms),
c) NORM GRUP OTELCİLİK VE TURİZM İŞLETMESİ ANONİM ŞİRKETİ, Ets Ersoy Turistik Servisleri A.Ş. and other solution partners, limited to ensure the execution of our company's commercial activities requiring the participation of subsidiaries (loyalty card discounts, ticketing, transfer, guide services).
d) The potential employers requesting references or requesting information within the scope of occupational health and safety, with the consent of our former employees limited to sharing the necessary documents within the scope of relevant legislation,
e) Institutions or organizations established in compliance with specific conditions determined by the relevant legislation and continuing their activities within the framework defined by the law (independent audit firms, international accredited institutions).

NORM GRUP OTELCİLİK VE TURİZM İŞLETMESİ ANONİM ŞİRKETİ ensures full compliance with the Law on Personal Data Protection no. 6698 and related legislation when transferring your data domestically and internationally. Additionally, your Personal Data may be transferred to state institutions, judicial bodies, and foreign missions established by international agreements (embassies, consulates, etc.) in accordance with legal obligations and when deemed necessary.


CONFIDENTIALITY PRINCIPLE

The data of the employees and other persons within ‘’Voyag Turizm and MRA Turizm’’ are confidential. Nobody can use, copy, reproduce, transfer these data for other purposes apart from the business purposes without the compliance with the contract or the law.


PROCESS SECURITY

All necessary technical and administrative measures are taken to protect the personal data received by NORM GRUP OTELCİLİK VE TURİZM İŞLETMESİ ANONİM ŞİRKETİ and to prevent the retention of them by unauthorized persons and to prevent the damage on our customers and potential customers. Within this framework, it’s ensured that the software complies with the standards, third parties are selected with care and data protection policy is followed within the company. Measures related with the security are constantly renewed and developed.


CHANGES TO BE MADE IN PERSONAL DATA PROTECTION AND PRIVACY POLICY

NORM GRUP OTELCİLİK VE TURİZM İŞLETMESİ ANONİM ŞİRKETİ reserves the right to make changes on the declarations here. There is a link attached on the homepage of the website to access the up-to-date ‘Personal Data Protection and Privacy Policy’. When the last time this Policy was updated and update number are given at the end of this text at www.thenormhotels.com/kvvv. Each change made on the Policy becomes effective upon the publication of the changed declaration on the website. By using the website or any of our products and services following such changes, you accept the changed declaration that is effective at that time.

NORM GRUP OTELCİLİK VE TURİZM İŞLETMECİLİĞİ A.Ş

COOKIES POLICY

The purpose of this Cookie Policy is to provide you information about the processing of personal data obtained by the Platform users/members/visitors (“Data Subject”) via the use of cookies during the operation of the website ……………………………………. (“Website”) and the mobile application (together refferred to as “Platform”) by “Adalı Otelcilik Turizm Organizasyon Anonim Şirketi” and “Doora Otelcilik Turizm Yatırım İşletmeciliği İnşaat Sanayi ve Tic. A.Ş.”

The “personal data” contained in this policy includes the following information:
• Customer Information
• Device Information
• Behaviors
• Demographic Information
• Marketing Information
• Behavioral Advertising

You may visit the Platform without providing and personel information. Cookies are used during your visits in order to gather information regarding your use of the Platform, so that you may benefit from the Platform in the most effective way and to improve the user experience.

By visiting the Platform, you have consented that the cookies and such information collected through the cookies are used in compliance with the Policy on the Protection and Processing of Personal Data. If you do not wish to accept the use of cookies in this way, you should edit your browser settings or not use the Platform. Disabling the cookies we are using may affect your user experience on the Platform.

What are Cookies and Why Are They Used?

Cookies are small text files that are stored on your device or network server through browsers by websites you have visited. Cookies cannot collect any information, including personal data that are stored on your computer or files. For more information about cookies, please visit www.aboutcookies.org and www.allaboutcookies.org

The main purposes of the use of cookies in the Platform are listed below:
• To improve the services offered to you by increasing the functionality and performance of the Platform,
• To improve the Platform and to provide new features through the Platform and to customize the provided features according to your preferences,
• To ensure the legal commercial security of the Platform, you and our Company,
• To use within the scope of direct and indirect marketing activities,


Categories of the Cookies Used in the Platform

Technical Cookies Technical cookies provide for the operation of the Website, and detect inoperative pages and areas.
Authentication Cookies Should visitors use a password to access the Website, such cookies ensure that the visitor is authenticated to be a website user on each page visited on the Website, and prevent the user from re-entering the password on each page.
(Flash Cookies Flash cookies are used to activate image or audio contents contained in the Website.
Customization Cookies Customization cookies ensure that users’ preferences are remembered on different pages of different websites (e.g. your language preference’s being remembered).
Analytical Cookies Analytical cookies provide the production of analytical results including the number of visitors, pages displayed on the Website, time spent on the Website, Website navigation, etc.

Cookies Used in the Platform

Analytical Cookies

Advertising It is used to show behavioral and target-oriented advertisements to visitors. It is possible to accept or decline through browser settings.
Market Analysis It is used to carry out market analyses. It is possible to accept or decline through browser settings.
Special Offer / Promotion It is used to evaluate the results of special offers. It is possible to accept or decline through browser settings.
Facebook Such cookies ensure the tracking of Facebook users (or non-users) for market analysis and product improvement. It is possible to accept or decline through browser settings.
Twitter Such cookies are used to track users, who are members or nonmembers of social media networks, for market analysis and product improvement. It is possible to accept or decline through browser settings.
Google Analytics Such cookies collect all statistical data and thus improve the presentation and use of the Website. Google provides us a better understanding of users by the addition of social statistics and data regarding subjects to such statistics. Our website uses Google Analytics cookies. The data gathered through such cookies are transferred to Google servers located in the USA and such data are retained in compliance with Google’s data protection principles. You may click here for more information regarding Google’s analytical data processing activities and principles on the protection of personal data.
Control of Cookies
https://tools.qooqle.com/dlpaqe/qaoptout

Technical Cookies

Session Session cookies are used to ensure session continuity. It is possible to accept or decline through browser setting.
Load Balancing Load balancing cookies are used to reduce the server load by the distribution of the load. It is possible to accept or decline through browser settings.
Security Security cookies are used to perform security controls. It is possible to accept or decline through browser settings.
Fraud Detection It is used to detect click frauds. It is possible to accept or decline through browser settings.

Authentication Cookies

User ID The user ID is used to ensure that users only see their own information. It is possible to accept or decline through browser settings.

Customization Cookies

Language It saves user’s language preferences and provides options accordingly. It is possible to accept or decline through browser settings.
Mobile If the user visits the Website via a mobile device, it is used to display the main website. (E.g. the device activates Flash or is on a mobile website that does not need Flash). The source website is saved to provide a better understand of user preferences. It is possible to accept or decline through browser settings.

Flash Cookies

Flash Cookies It activates audio and video contents. It is possible to accept or decline through browser settings.

Can the Use of Cookies Be Blocked by Data Subjects?
Data subjects may customize their preferences regarding cookies by changing their browser settings. If the browser used offers this option, it is possible to change preferences relating to Cookies through the browser settings. Thus, depending on the options offered by the browser, data subjects may block the use of cookies, choose to receive alerts before a cookie is used, or deactivate or delete only some cookies.

Cookie preferences may be made separately, specific to each device on which the user accesses the Platform.

Visitor records:

Dear Visitor,
Our company, as the data controller under law no. 6698, has obtained an official document in exchange for the visitor card provided to you during your visit to our property. The purpose of obtaining this document is to ensure the safety of both our company and you, and to provide you with a secure service. Your personal data is only used for the purposes listed and processed based on the legitimate interest of the data controller, as regulated in Article 5/2 (f) of the KVKK (Law on Personal Data Protection). It is our policy to not share your collected personal data with any third party or institution. However, it may be shared if there are demands from legally authorized public institutions and organizations to fulfill the legal obligations set forth in article 5/2(ç) of the law. The information collected will be destroyed within a maximum of two years after the purpose of collection has been fulfilled.