KVKK

PRIVACY POLICY
Website Privacy Notice (KVKK Compliance)

This Privacy Policy sets forth the terms governing how the information obtained from you in connection with your visit to this website and your use of the products and services offered through this website is used and protected. By visiting this website and requesting to benefit from our products and services, you accept the terms set forth in this Privacy Policy.

This Policy has been prepared in accordance with the Turkish Personal Data Protection Law No. 6698 (“KVKK”).

I. Purpose of the Personal Data Protection and Processing Policy

As KARPİEN İNŞAAT SAN VE TİCARET LTD. ŞTİ., due to the sensitive nature of our operations, all data received from our Guests and prospective Guests has always been kept confidential and has never been shared with third parties unlawfully.

The protection of personal data is a fundamental policy of our Company. We undertake to comply with all obligations introduced under the KVKK. Our principles regarding the protection of personal data also apply to our affiliates.

II. Scope and Amendment of the Policy

This Policy has been prepared in compliance with KVKK. Personal data obtained with your explicit consent or on other lawful grounds stipulated in the Law may be processed to improve the quality of our services and enhance our service and quality policies.

Certain data may be anonymized and used for statistical purposes. Such anonymized data falls outside the scope of the KVKK.

Our Company reserves the right to amend this Policy in compliance with the Law and for the purpose of providing better protection of personal data.

III. Fundamental Principles for Processing Personal Data
a) Lawfulness and Fairness

We ensure that personal data is collected and processed in accordance with the law and principles of good faith.

b) Accuracy and Currency

We attach importance to ensuring that all processed data is accurate and updated upon notification of any changes.

c) Processing for Specific, Explicit and Legitimate Purposes

Personal data is processed only for clearly defined and lawful purposes and within the scope of the services provided.

d) Relevance, Limitation and Proportionality

Data is processed only to the extent necessary for the intended purpose.

e) Retention for the Required Period

Personal data is retained for the period required by applicable legislation, contractual obligations, and limitation periods under commercial and tax law. Once the purpose ceases, data is deleted, destroyed, or anonymized.

IV. Data Minimization Principle

In accordance with the principle of data minimization, only data necessary for the intended purpose is processed. Unnecessary data is not collected, and excess information is deleted or anonymized.

Special categories of personal data, particularly health data, are processed solely to provide better services and to protect the health and safety of our Guests.

V. Processing of Guest, Prospective Guest and Business Partner Data
Contractual Relationship

Where a contractual relationship exists, personal data may be processed without additional consent strictly within the scope of the contract. Data of prospective Guests is processed to provide improved services and deleted upon request if no contractual relationship is established.

Business and Solution Partners

Data sharing with business and solution partners is carried out lawfully and limited to the extent required by the service. Necessary data security measures are contractually ensured.

Processing for Advertising Purposes

In accordance with the Law on Regulation of Electronic Commerce and related legislation, commercial electronic communications are sent only to individuals who have provided explicit consent. Consent may be obtained in written or electronic form.

Processing Due to Legal Obligations

Personal data may be processed without consent where explicitly required by law or to fulfill a legal obligation.

VI. Special Categories of Personal Data

Special categories of personal data (including but not limited to data regarding race, ethnic origin, political opinion, religion, health, criminal record, biometric and genetic data) are processed only with explicit consent or where permitted by law and subject to adequate safeguards determined by the Personal Data Protection Board.

VII. Cookies and Website Usage

When you visit Garden of Sun Hotel website (www.gardenofsun.com.tr
), cookies may be used in accordance with this Privacy Policy.

Types of Cookies Used:

Mandatory Cookies:
Necessary for the proper functioning of the website. These do not require consent.

Functional and Analytical Cookies:
Used to remember preferences and analyze website usage to improve performance.

Third-Party Cookies:
Used by trusted advertising and analytics providers to analyze visitor behavior and provide personalized advertising.

Commercial Cookies:
Used to provide advertisements tailored to your interests.

Cookies may generally remain active for approximately two (2) months. You may manage or delete cookies through your browser settings.

VIII. Employee Data

Personal data of employees may be processed without consent where necessary for employment relationships, social security, and legal obligations. Employee data confidentiality is strictly maintained.

Data processed through automated systems (e.g., for performance evaluation or promotion) is handled in accordance with the Law, and employees have the right to object to decisions derived from automated processing.

Company-provided communication tools (computers, telephones, e-mail) are allocated strictly for business purposes. The Company reserves the right to monitor such systems.

IX. Transfer of Personal Data Domestically and Abroad

Personal data may be shared domestically and internationally with:

Business partners

Suppliers

Affiliates

Authorized public institutions

Transfers are carried out in compliance with KVKK Articles 8 and 9 and subject to appropriate safeguards.

X. Rights of the Data Subject (Article 11 of KVKK)

You have the right to:

Learn whether your personal data is processed

Request information regarding processing

Learn the purpose of processing

Know third parties to whom data is transferred

Request correction of inaccurate or incomplete data

Request deletion or destruction under Article 7

Request notification of corrections/deletions to third parties

Object to automated decision-making

Request compensation for damages arising from unlawful processing

Applications must be submitted in writing via the application form available on our website. Requests will be answered within 30 days at the latest.

XI. Confidentiality and Data Security

All personal data is confidential. Access within the Company is restricted to authorized personnel only. Necessary technical and administrative measures are taken to prevent unauthorized access, loss, or misuse. Security measures are continuously updated and improved.

XII. Audit and Breach Notification

The Company conducts regular internal and external audits regarding personal data protection.

In the event of a data breach, necessary corrective measures are immediately taken, and the matter is reported to the Personal Data Protection Authority where required.

Contact Information

KARPİEN İNŞAAT SAN VE TİCARET LTD. ŞTİ.
Garden of Sun Hotel
Çamlık Mah. Karadeniz Cad. 548 Sok. No:2
Didim, Aydın – Türkiye

Tel: +90 (256) 813 64 04
Fax: +90 (256) 813 64 01
KEP: gardenofsun@hs01.kep.tr

E-mail: muhasebe@gardenofsun.com.tr

Website: www.gardenofsun.com.tr