PRIVACY POLICY AND PERSONAL DATA POLICY

We want you to know that protecting your personal information is very important to us and we respect its privacy. We have prepared this Privacy and Personal Data Policy to explain how we use and protect the personal information that you share with us. This Privacy Policy and Personal Data Policy have also been prepared for the Data Controller to fulfill the Clarification Obligation in accordance with Article 10 of the Personal Data Protection Law no. 6698.

This Policy applies to all users who use our www.zeyrekcinilihamam.com and zeyrekcinilihamam.axess.shop (“Site”) services, who purchase products and services, as well as purchase tickets, and all information given to us.

We emphasize that by purchasing a ticket, product or service, you will be considered to have read, reviewed and accepted the Privacy and Personal Data Policy as it is. By using our website and services and/or purchasing tickets, you accept the practices and rules set forth in this Privacy and Personal Data Policy.

Istanbul Turizm ve Otelcilik A.Ş., the owner and operator of Zeyrek Tiled Turkish Bath, is the Data Controller in accordance with the Personal Data Protection Law No. 6698 (PDPL). The Data Controller complies with the legal regulations in Türkiye regarding privacy and Protection of Personal Data. Those who choose to use our website do so on their own initiative and at their own risk and are responsible for complying with all local laws, rules and regulations.

Visitors from outside of Türkiye using this website accept that this site is subject to the laws and regulations of the Republic of Türkiye and waive all their requests that may arise under their own national laws.

Istanbul Turizm ve Otelcilik A.Ş. reserves the right to change, amend, add or remove the provisions of this Privacy and Personal Data Policy within the scope of the legislation. Changes to this Privacy and Personal Data Policy will also be posted on this website. We encourage you to check our website from time to time to stay up to date with the most current version of our Privacy and Personal Data Policy. By looking at the “Last Updated” date on this page, you can understand whether the Privacy and Personal Data Policy has been revised since your last visit to our site. Please read this Privacy and Personal Data Policy carefully. By using our site and/or purchasing tickets, products or services, you agree to be bound by this Privacy and Personal Data Policy without any limitation, eligibility or change. If at any time you do not accept all the terms and conditions herein, you must immediately stop using this site.

 

1) Which Information we collect
We collect two types of information through our website: “Personal Information” and “Non-Personal Information”.

Personal Information is information that identifies or can identify you as an individual (such as residence address, telephone number or billing information), and Non-Personal Information is aggregate information, demographic information, IP addresses, and other information that does not directly identify you.

a. Non-personal information: When you visit or interact with our site, the third parties contracted by Istanbul Turizm ve Otelcilik A.Ş. to provide services to Istanbul Turizm ve Otelcilik A.Ş. may collect your Non-Personal Information (for example, a catalog of the Site pages that you visit). Non-Personal Information is information that is anonymous and does not personally identify you. Non-Personal Information is generally collected through our Site from four different sources: Internet protocol addresses and web logs; cookies, pixel tags and other similar technologies, and other Non-Personal Information that you voluntarily provide as described below.

i. IP Protocol addresses and web logos: We collect and store your IP address to identify problems on our servers, to manage our website, to ensure that you access the data service that will enable you to connect with the site/application in the fastest way, and to provide a personalized experience in terms of the language used in your visits and the region where the Site is accessed, in line with your preference. Our site’s web servers automatically collect visitors’ Internet Protocol (IP) addresses and log files. Your IP address is an identification number automatically assigned to your computer by your Internet Service Provider (ISP). The number is automatically identified and stored in our server log files when you visit the Site, along with the time of your visit(s) and the page(s) you visit. This information is collected generally and does not contain any Personal Information. We only use your IP address and IP addresses of all users for purposes such as calculating Site usage levels, diagnosing problems with Site servers, and administering the Site. Collecting IP addresses is standard practice on the internet and is done automatically by many websites. In addition to the Non-Personal use of IP addresses described above, we may associate your Personal Information with your IP address in order to prevent fraud and similar crimes.

ii. Cookies: We and our third-party service providers may use a standard technology called “cookies” to collect information about how you use our site. Cookies stay on your computer and help recognize your computer browser as a known visitor to our site. For example, when you log into your Istanbul Turizm ve Otelcilik A.Ş. account, cookies will be used to save your email address and name. So, the next time you visit from the same computer, we will “remember” your name and email address to speed up your process and make it simpler. From time to time, a “session cookie” may also be set to help us administer our site. The session cookie expires when you close your browser and does not retain any information about you after it expires. If you do not want the information to be collected through the use of cookies, you should change your browser preferences to provide you with choices regarding cookies. If you choose to refuse cookies, you may not be able to use certain services of our site (e.g. services that require you to log in to the site). In the case of personal data collected with cookies, permission will be requested with the method and content detailed below in accordance with the Personal Data Protection Law.

iii. Pixel tags: We and our service providers use “pixel tags”, “web beacons”, “clear GIFs” (which will be collectively referred to as “Pixel Tags”) or similar tools and HTML-formatted email messages in connection with the pages of our website that monitor your use of our website in order to provide you with more useful information and a more personalized experience on your next visit. A Pixel Tag is usually a single pixel (1X1) electronic image that is not normally seen by visitors of our site and can be associated with cookies on visitors’ hard drives. Pixel Tags do not contain Personal Information and allow us to count users who have visited certain pages of our site to provide branded services and to help determine the effectiveness of promotional or advertising campaigns. When used in HTML-formatted email messages, Pixel Tags can tell the sender whether an email has been opened.

b. Personal information: Your personal data that you share with us or that may be subject to processing, if necessary, are as follows:
Identity Data: Your name, surname, T.R. Identity Number, Tax Identity Number
Contact Data: Your phone number, full address information, email address
Finance Data: Bank Credit Card Information

 

2) For what purpose do we use Personal Data?

  • We will record, store, update, disclose and transfer to third parties, classify and process your personal information in cases and to the extent permitted by the legislation. Your personal data is used for the following purposes:
  • Confirming the identity information of the shopper/shopping enabler via the website/mobile applications,
  • Recording the address and other necessary information for communication and billing,
  • Communicating with our customers about the conditions, current status and updates of the agreements we have concluded under the relevant articles of the Distance Sales Agreement and the Law on the

Protection of the Consumer,
being able to provide the necessary information.

  • Organizing all records and documents that will be the basis of the transaction in electronic (internet/mobile etc.) or paper environment,
  • Fulfilling the obligations undertaken in accordance with the agreements we have concluded under the relevant articles of the Distance Sales Agreement and the Law on the Protection of the Consumer,
  • Providing information to public officials on matters related to public safety upon request and in accordance with the legislation.
  • Providing our customers with a better shopping experience, informing our customers about our products that may be of interest to them by “taking into account the interests of our customers”, and conveying campaigns.
  • Increasing customer satisfaction, being able to recognize our customers who shop from websites and/or mobile applications and using them in customer environment analysis, using them in various marketing and advertising activities, and organizing surveys in electronic and/or physical environments through contracted institutions in this context.
  • Being able to offer suggestions to our customers by our contracted institutions and solution partners, informing our customers about our services
  • Being able to evaluate customer complaints and suggestions about our services
  • Being able to fulfill our legal obligations and using our rights arising from the current legislation

 

3) Users’ Rights Regarding Personal Data
In accordance with Article 11 of the Personal Data Protection Law (“PDPL”), Users and
Members have the right to apply to Istanbul Turizm ve Otelcilik A.Ş. and/or to the representative to be announced by Istanbul Turizm ve Otelcilik A.Ş. and;

  • To learn whether their personal data is processed or not,
  • To request information about personal data if it has been processed,
  • To learn the purpose of processing personal data and whether they are used in line with the purpose,
  • To know the third parties to which personal data is transferred domestically or abroad,
  • To demand correction in case of deficient/incorrect processing,
  • To request deletion/destruction within the framework of the conditions stipulated in Article 7 of the PDPL,
  • To request notification about the transactions to the third parties to whom personal data is transferred in accordance with the above subparagraphs of (d) and (e),
  • To object to the occurrence of a result against the person himself/herself by analyzing the processed data exclusively through automated systems,
  • To request compensation for the damage in the event of loss due to the unlawful processing of personal data.

You can make your applications and requests regarding your personal data,

  • By sending them with a petition with an original signature and a photocopy of ID card to the Company’s registered office at the address of Osmanlı Sokak No: 9 Taksim-Beyoğlu-Istanbul,
  • By applying in person with a valid ID document to our Company’s registered office at the address of Osmanlı Sokak No: 9 Taksim-Beyoğlu-Istanbul,
  • By sending an email to our registered email address istanbulturizmveotelcilikas@hs01.kep.tr and using a registered electronic mail address (REM) and secure electronic signature or mobile signature.

In accordance with the Communiqué on the Principles and Procedures of Application to Data Controller, it is obligatory to include the relevant Person’s name, surname, signature if the request is written, T.R. ID No., (passport number if the applicant is a foreigner), residence or workplace address for notification, if there are any email address, telephone number and fax number for notification and information on the subject of the request.

In order to exercise the rights mentioned above, the Relevant Person shall clearly and understandably state the requested matter in their application about the right to be made and requested to be exercised. Information and documents regarding the application must be attached to the application.

The subject of the request must be related to the applicant, however, if the applicant is acting on behalf of someone else, the applicant must be specially authorized in this regard and this authority must be documented (special power of attorney). In addition, the application must contain identity and address information and documents confirming the identity must be attached to the application.

Requests made by unauthorized third parties on behalf of someone else will not be taken into consideration.

 

4) How do we use the information we collect?
We know that protecting the information that you share with us is very important. We take appropriate security measures under legislation to help protect this information from unauthorized access and disclosure. For example, we may access, procure, use and process your personal information and/or transfer it domestically or abroad within the scope of the legislation. We also encrypt credit card numbers and other sensitive information from your computer before sending them to ours. We also use firewalls to help prevent unauthorized access to your personal information. You can feel safe while using our website. However, no system is completely secure. Although we take all necessary steps to protect your information, there is always the possibility that you may be out of security. For this reason, you should be very careful when carrying and disclosing your personal information. For example, avoid sending personal information by email.

a. Non-Personal Information: Since Non-Personal Information cannot personally identify you, we may use this information for any purpose. For example, we may use it to measure visit hours, average time spent on our site and pages viewed, and to diagnose problems with our servers and to manage our site, to analyze and improve our site’s features and functionality. In addition, we reserve the right to share this non-personal information that does not personally identify you with third parties for any purpose. We can also share this information with third parties who are not part of the Istanbul Turizm ve Otelcilik A.Ş. family to use for advertising purposes or in aggregate or in other ways that will not disclose any of your Personal Information.

b. Approval: Istanbul Turizm ve Otelcilik A.Ş. Customers, who purchase products, services or tickets from our website, users of our website and/or persons sharing personal data consent to the collection, processing and transfer of their personal data abroad, within the scope stipulated by the legal regulation, by clicking on the “Approval Text” published on our website.

Your personal data will be kept for as long as the legal statute of limitations specified in the relevant legislation or required for the purpose for which they are processed. Istanbul Turizm ve Otelcilik A.Ş. does not accept any responsibility and Istanbul Turizm ve Otelcilik A.Ş. has no responsibility in the case of failure of ticket sales and of purchasing products or services due to the inability to give the required approval for the procurement of the personal data, its process and/or transfer,

 

5) How will your Personal Data be processed?
Your personal and/or private data obtained within your approval may be completely or partly acquired, saved, kept, stored, modified, updated, checked periodically, re-edited, categorized, conserved for the duration as much as required for the purpose they are processed or stipulated by the law, and in cases of actual legal or service-related requirements it may be shared with/transferred to real persons/legal entities that our company works with or public institutions and organizations that our company is obliged to as per law and/or 3rd party real persons/legal entities that reside in Türkiye or abroad, insurance companies, banks, and in cases of actual legal or service-related requirements it may be transferred abroad or it may be processed including the prevention of its use by our company by our Company, as Istanbul Turizm ve Otelcilik A.Ş., in the capacity of data controller, and our sales channels, call centers, affiliated companies on behalf of our Company, or via any channel including and not limited to our internet websites and social media pages. In this respect, in accordance with the Law, all kinds of operations on data such as obtaining, recording, storing, preserving, modifying, re-editing, disclosing, transferring, taking over, making available, categorizing your personal and/or private personal data that you share with our Company within your approval, or preventing its use by automatic or, provided that it is a part of any data recording system, non-automatic means, in whole or in part can be performed by us.

 

6) How is your Personal Data collected?
Your personal and/or private personal data can be collected within the framework of your approval verbally, in writing or electronically through all channels including but not limited to our website, sales and marketing department employees, forms collected during customer visits, digital marketing and call center/website/social media/organizers/business partners. In addition, your personal data may be collected verbally, in writing or electronically through channels such as the General Directorate, internet branch, social media and call center, social media.

 

7) What is the status of the data prior to the publication of the law?
Pursuant to the provisions of the Law, “Your personal data processed before the publication date of this Law will be brought into compliance with the provisions of this Law within two years from the date of publication. On the other hand, consents obtained in accordance with the legal order before the publication date of the Law are deemed to have been accepted in accordance with this Law, unless a statement of intent is made to the contrary within one year.

 

8) What are the purposes and legal reasons for the processing of your personal data?
We will collect and process your personal and/or private personal data that you share with us in accordance with the Personal Data Protection Law No. 6698 and the relevant legislation in order to foremost sell, market and deliver tickets, products or services that our customers request from Istanbul Turizm ve Otelcilik A.Ş., to perform the services we provide to our customers in accordance with the requirements of the agreement and technology, and to improve the products and services we offer to you. In addition, being able to sell tickets, using them in the sale of all kinds of products and services within the scope of the legislation, determining the information of the transaction owner and recording information such as the identity, address and other necessary information in order to offer services to our customers that they demand from Istanbul Turizm ve Otelcilik A.Ş., arranging all records and documents that will be the basis of the transaction in the electronic or paper environment; complying with the obligations requested by the competent authorities within the scope of the legislation such as information storage, reporting, informing, etc; fulfilling the requirements of the product/service sales agreement also constitute the purposes and reasons for the processing of your personal data. As a rule, it will be possible to process personal data without requiring the explicit consent of the relevant person in case of any of the situations such as “it is mandatory to process the personal data of the parties to the agreement, provided that it is directly related to the establishment or performance of an agreement”, “Data processing is mandatory for the establishment, exercise or protection of a right”, “It is mandatory for the data controller to fulfill its legal obligations”, “it has been made public by the relevant person themself”, “The data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the relevant person” and/or “it is explicitly stipulated in the laws”.

 

9) Information about the persons or institutions to whom we can transfer your personal data
The persons/institutions to which your personal and/or private data that you shared with us can be transferred within your approval are the program-service partner persons and institutions, Banks, domestic/foreign institutions and other relevant 3rd parties from which we receive services/with which we cooperate to carry out our activities for the above-mentioned purposes. In this context, we hereby state that the necessary personal and/or private personal information belonging to you can be shared with banks and/or other relevant third parties (people or institutions related to the service provided including but not limited to insurance companies, courier/cargo companies) according to the scope of the requested service and transferred within the country and/or to abroad.

 

10) Security of your personal information
Istanbul Turizm ve Otelcilik A.Ş. uses security measures within the scope of legislative provisions, including physical, electronic and operational measures, to ensure the security of Personal Information collected through its site and to prevent unauthorized access. Although Istanbul Turizm ve Otelcilik A.Ş. takes all necessary steps to protect the Personal Information under its control, all data communications or forms of data storage over the Internet cannot be guaranteed to be 100% secure. We are not responsible for any damages you may suffer as a result of interruption, alteration or misuse of information during these transfers.

 

11) Online and Offline Practices
Note that this Policy applies only to online information collection and dissemination practices in connection with our site, and not to any of our offline practices.

 

12) Contacting with Istanbul Turizm ve Otelcilik A.Ş regarding the site
When you have any questions or other requests regarding this Policy, you can send these questions and/or requests to info@zeyrekcinilihamam.com via email note that email communications may not necessarily be secure. For this reason, do not use your credit card information and other sensitive information in your email correspondence with us.