Whatsapp us, save 10% discount!

Privacy Notice

PRIVACY POLICY

As MOCA TEKSTİL SANAYİ VE GAYRİMENKUL GELİŞTİRME KİRALAMA TİC. A.Ş. Company ("Company" or "Our Company"), acting as the data controller (or Controller under GDPR), we will process your personal data in compliance with the law and take necessary security measures to protect your privacy. Our goal is to use your personal data in accordance with relevant legislation and to provide you with transparent information, as required by Article 10 of the Turkish Personal Data Protection Law No. 6698 ("Law") and Article 13 of the European Union General Data Protection Regulation ("GDPR"). This includes how your personal data is collected, the purposes for which it is processed, the entities with whom it may be shared, the legal grounds for processing, and your rights.

Our Company has appointed Ms. Ahu Kırmızıoğlu as the “Data Protection Officer” under the GDPR.

1. General Information About the Law and GDPR

The Law was enacted on March 24, 2016, and published in the Official Gazette No. 29677 on April 7, 2016. The Law aims to protect individuals' fundamental rights and freedoms, particularly regarding privacy in the processing of personal data, and to regulate the obligations and procedures that real and legal persons processing personal data must comply with.

GDPR is a regulation in EU law focused on data protection and privacy for individuals within the European Union and the European Economic Area. It came into effect 20 days after its publication in the Official Journal of the European Union on May 24, 2016, and has been enforced since May 25, 2018.

2. Scope of the Privacy Policy

This Privacy Policy applies to our customers, potential customers, business partners, suppliers, website visitors, and other third parties who share their personal data with our Company.

3. What Are the Purposes and Legal Grounds for Processing Your Personal Data?

If you choose not to share your personal data with us, except for data where explicit consent is required, our Company may not be able to fulfill its contractual obligations to customers or provide adequate information and assistance to potential customers.

For personal data requiring explicit consent, if the data subject is a child, the consent must be given by the person with parental authority over the child.

A. Managing Relationships with Business Partners and Suppliers

We process the personal data of our business partners and suppliers, such as name, surname, email address, phone number, address, ID number, date of birth, and place of birth, based on the necessity to establish or perform a contract or verify the authority of authorized personnel. This is in accordance with the need to process personal data of contractual parties for the performance of a contract.

B. Sales and Marketing

With the necessary permissions obtained under the Law on the Regulation of Electronic Commerce, we may process personal data such as name, surname, email address, phone number, address, call center voice records, and survey data for traffic measurement, statistical analysis, customer segmentation, customer satisfaction, and marketing purposes. This is done based on your explicit consent and the necessity to fulfill our legal obligations. Cookies and similar technologies may be used to collect and store such data when you visit our website or use our mobile application. You can control and adjust your cookie preferences by configuring the relevant settings—please refer to our Cookie Policy on our website (https://www.galata-m84.com) for more information.

C. Complaint Management and Call Center Services

We process personal data, such as name, surname, email address, phone number, and address, based on the necessity for processing to fulfill our legitimate interests, provided that your fundamental rights and freedoms are not harmed. This includes managing complaints, resolving inquiries, ensuring accurate communication, and using such data as evidence in potential disputes.

D. Reservation and Customer Relationship Management

To manage reservations and related services, such as event planning, dining, meetings, pool, and spa services, we may process personal data like name, surname, email address, phone number, address, bank account number, and ID number based on the necessity for processing to perform or establish a contract. If you consent to providing your credit card information (card number, expiration date, CVV), we process it to guarantee payments for services like minibar or dining. Credit card information is immediately deleted after checkout, not stored, and not shared with third parties. If you do not consent, you may be asked to provide a cash deposit or make prepayments for services.

E. Security

For the security of our facilities and to prevent or report incidents, we process audio and video data via monitoring devices, based on the necessity to process data to fulfill our legitimate interests without violating your fundamental rights and freedoms.

F. Compliance with the Law on Identity Reporting

Your name, surname, ID number, place of birth, and date of birth are collected during the reservation process to comply with our obligations under the Law on Identity Reporting and reported to the General Directorate of Security.

4. Information on the Transfer of Your Personal Data

In addition to the purposes mentioned above, your personal data may be transferred to:

1. Companies in which our Company holds a direct or indirect share,

2. Persons or entities required by Tax Procedure Law, Court of Accounts Law, Anti-Money Laundering Law, Turkish Commercial Code, Obligations Law, Identity Reporting Law, and other applicable legislation,

3. Public institutions and organizations, such as the Governor’s Office, Ministry of Interior, law enforcement, General Directorate of Security, prosecutor's offices, and other authorized judicial and administrative authorities,

4. Natural or legal persons with whom we collaborate for product/service comparison, analysis, evaluation, and advertising, or entities with whom we have a service agreement for sending communications to our customers, within the scope of Articles 8 and 9 of the Law and Chapter V of GDPR.

5. How Is Your Personal Data Collected?

Your personal data may be collected orally, in writing, or electronically via our website, sales and marketing personnel, reservation personnel, forms collected during customer visits, digital marketing, contracts, applications, forms, offers, and cookies used by our website.

We process your personal data based on the conditions stipulated in Articles 5 and 6 of the Law and Articles 6 and 9 of GDPR. If explicit consent is required for processing, your data will only be processed with your consent. Otherwise, the processing will rely on other legal grounds outlined in Article 3 of this Information Notice.

6. Rights of the Data Subject under the Law and GDPR

As a personal data subject, if you submit a request to exercise your rights, our Company will respond within the shortest time possible and no later than thirty days. No fees will be charged for responses up to ten pages; a fee of 1 Turkish lira will be charged for each additional page. If the response is provided on a CD, flash drive, or other media, a fee may apply.

Within this scope, data subjects have the following rights:

1. To learn whether their personal data is being processed,

2. To request information if their personal data has been processed,

3. To learn the purpose of processing their personal data and whether it is used in accordance with the intended purpose,

4. To know the third parties to whom personal data is transferred, whether domestically or abroad,

5. To request the correction of incomplete or inaccurate personal data, to request the update of personal data that has become outdated, and to request that such actions be communicated to third parties to whom the personal data has been transferred,

6. Even if the data has been processed in accordance with the law, to request the deletion or destruction of personal data if the reasons for processing no longer exist and to request that such actions be communicated to third parties to whom the personal data has been transferred,

7. To object to any outcome resulting from the exclusive analysis of the processed data by automated systems, if such an outcome is detrimental to the person,

8. To object to the unlawful processing of personal data and to demand compensation for any damages incurred as a result,

9. To withdraw consent for the processing of their personal data,

10. To file a complaint with the Personal Data Protection Authority or the European Data Protection Board (EDPB) in case of unlawful processing of personal data under applicable laws such as the Turkish Law or GDPR.

Additionally, data subjects whose personal data is processed under GDPR have the “right to restriction of processing” pursuant to Article 18 of the GDPR. In this regard, data subjects can request the restriction of their personal data's use until their request has been fulfilled, if they have requested the correction or update of their personal data, or the deletion of their personal data due to unlawful processing, or because the Company's purpose for processing the data no longer exists.

You may submit your request to exercise your rights as stated above, in accordance with Article 13(1) of the Law and the Regulation on the Procedures and Principles for Applications to the Data Controller, published in the Official Gazette No. 30356 on 10.03.2018, in writing in Turkish, or by using your registered electronic mail (KEP) address, secure electronic signature, mobile signature, or via an email address previously provided to the Company and recorded in our system. Only information related to the applicant will be provided in response to your application, and it will not be possible to obtain information about other family members or third parties. The Company reserves the right to verify your identity before responding.

Your application must include:

1. Your name, surname, and signature if the application is in writing,

2. Your Turkish Republic ID number (for citizens of Turkey), or your passport number or identity number if you are a foreigner,

3. Your residence or workplace address for notification,

4. Your email address, telephone, and fax number (if available),

5. The subject of your request and any relevant information or documents.

If you wish to submit a written application, you may do so by sending the necessary documents to our Company’s email address as the data controller. Applications via KEP can be sent to our KEP address: [email protected]

The aforementioned email and KEP addresses also serve as the contact information for our Data Protection Officer.

Depending on the nature of your request, it is necessary to provide complete and accurate information and documents to verify your identity. Failure to provide the requested information and documents properly may result in delays or obstacles in the processing of your request. In such cases, the Company reserves its legal rights. Therefore, it is important that your application is submitted with the required information and documents according to the nature of your request.