Zena Resort Hotel




Document Information

Document Name:

Personal Data Protection Policy

Document Relevance:

The purpose of the Personal Data Protection Policy is SEED TURİZM VE OTEL HİZMETLERİ İNŞAAT VE TİC.A.Ş  by planning process for the protection of personal data and to determine the principles to be applied on this subject.

Release date:


Version No:


Reference / Justification:

Personal Data Protection Law No. 6698 and other legislation

Approval Authority:




  1. OBJECTIVE                  

The right of every individual to demand the protection of personal data about himself is a sacred right arising from the Constitution. Seed Turizm ve Otel Hizmetleri İnşaat ve Tic. A.Ş  , we consider it one of our most valuable duties to fulfill the requirements of this right. For this reason, we attach importance to the processing and protection of your personal data in accordance with the law.

As a result of the importance we attach to the protection of personal data, Corporate Personal Data Protection Policy has been prepared in order to determine the principles and procedures we apply while processing and protecting personal data.

  1. SCOPE

Politics Seed Turizm ve Otel Hizmetleri İnşaat ve Tic. A.Ş.  All personal data managed by  is obtained, recorded, stored, preserved, changed, rearranged, disclosed, transferred, taken over, made available through fully or partially automatic means or non-automatic means provided that it is a part of any data recording system. covers all kinds of operations performed on data, such as classification or prevention of use.

Politics Seed Turizm ve Otel Hizmetleri İnşaat ve Tic. A.Ş.  It relates to all personal data of partners, officials, customers, employees, supplier officials and employees, and third parties.

Seed Turizm ve Otel Hizmetleri İnşaat ve Tic. A.Ş It may change the Policy to comply with the legislation and the decisions of the Personal Data Protection Authority and to better protect personal data.





Buyer Group



The category of natural or legal persons to whom personal data is transferred by the data controller.

Open Consent

Consent on a specific subject, based on information and expressed with free will.



Making personal data unrelated to an identified or identifiable natural person under any circumstances, even by matching other data.


Related person

 The natural person whose personal data is processed.


Related User

Except for the person or unit responsible for the technical storage, protection and backup of the data, they are the persons who process personal data within the organization of the data controller or in line with the authorization and instruction received from the data controller.


Deletion, destruction or anonymization of personal data.

Law / KVKK

Personal Data Protection Law No. 6698.

 Recording Media

Any medium containing personal data that is fully or partially automated or processed in non-automatic ways, provided that it is a part of any data recording system.

Personal Data

Any information pertaining to an identified or identifiable natural person.

Data Inventory


Personal data processing activities carried out by data controllers depending on the business processes; The inventory that they have created by associating with the data category, the recipient group and the data subject group of personal data processing purposes and the legal reason, explaining the maximum retention period required for the purposes for which the personal data is processed, the personal data foreseen to be transferred to foreign countries and the measures taken regarding data security.


 Your Personal Data


Obtaining, recording, storing, preserving, changing, reorganizing, disclosing, transferring, taking over, making available, classifying or using personal data by fully or partially automated or non-automatic means provided that they are part of any data recording system. Any action taken on the data, such as blocking .


Personal Data Protection Board.


Personal Data Protection Authority


Special Quality Personal Data

Individuals' race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, costume and dress, association, foundation or union membership, health, sexual life, criminal conviction and security measures, and biometric and genetic data.


Periodic Destruction

The deletion, destruction or anonymization process to be carried out ex officio at repetitive intervals specified in the personal data storage and disposal policy in case all of the conditions for processing personal data in the Law are eliminated.




Personal Data Protection Policy


Data Processor

The natural or legal person who processes personal data on behalf of the data controller based on the authority given by the data controller.



Data Supervisor


Natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system.



  1. GENERAL PRINCIPLES           

Seed Turizm ve Otel Hizmetleri İnşaat ve Tic. A.Ş.  checks the compliance of the data to be processed in the preparation phase of each new personal data processing workflow with the following principles. Workflows that are not found suitable are not implemented. Seed Turizm ve Otel Hizmetleri İnşaat ve Tic. A.Ş.  when processing personal data;

(I) Complies with the law and good faith.

(II) Ensures that personal data are accurate and up-to-date when necessary.

(III) It takes care that the purpose of the processing is specific, clear and legitimate.

(IV) It checks that the processed data is linked for the purpose of processing, that it is processed to the extent that it should be processed, and that it is measured.

(V) It preserves the data only as much as stipulated in the relevant legislation or as required for the purpose of processing, and destroys it when the purpose of processing disappears.


Seed Turizm ve Otel Hizmetleri İnşaat ve Tic. A.Ş. It takes all necessary technical and administrative measures to (i) prevent unlawful processing of personal data, (ii) prevent unlawful access to personal data , (iii) ensure the protection of personal data, and to ensure the appropriate level of security.


(I) Network security and application security are provided.

(II) Security measures are taken within the scope of procurement, development and maintenance of information technology systems.

(III) Access logs are kept regularly.

(IV) Current anti-virus systems are used.

(V) Firewalls are used.

(VI) Necessary security measures are taken for entering and exiting physical environments containing personal data

(VII) Physical environments containing personal data are secured against external risks (fire, flood, etc.).

(VIII) The security of environments containing personal data is ensured.

(IX) Personal data are backed up and the security of backed up personal data is also ensured.

(X) User account management and authorization control system is applied and their follow-up is also performed.

(XI) Log records are kept without user intervention.

(XII) Intrusion detection and prevention systems are used.

(XIII) Encryption is done.


(I) There are disciplinary regulations that include data security provisions for employees.

(II) Training and awareness activities on data security are carried out periodically for employees.

(III) Institutional policies on access, information security, use, storage and disposal issues have been prepared and implemented.

(IV) Data masking measures are applied when necessary.  

(V) Confidentiality commitments are made.

(VI) An authority matrix has been created for the employees.

(VII) Employees who have a change of position or leave their jobs are abolished.

(VIII) The signed contracts contain data security provisions.

(IX) Personal data security policies and procedures have been determined.

(X) Personal data security problems are reported quickly.

(XI) Personal data security is monitored.

(XII) Personal data are reduced as much as possible.

(XIII) Periodic and / or random inspections are made and made in-house.

(XIV) Current risks and threats have been identified.

(XV) Protocols and procedures for special quality personal data security have been determined and implemented.

(XVI) If personal data of special nature will be sent by e-mail, they are necessarily sent encrypted and using KEP or corporate mail account.

(XVII) Awareness of data processing service providers on data security is ensured.


Contact person Seed Turizm ve Otel Hizmetleri İnşaat ve Tic. A.Ş.   It can make a request by applying to:

(I) Learning whether your personal data is being processed,

(II) Requesting information if personal data has been processed,

(III) To learn the purpose of processing personal data and whether they are used in accordance with their purpose,

(IV) To learn the third parties to whom personal data has been transferred domestically or abroad,

(V) To request correction of personal data in case of incomplete or incorrect processing, and to request notification of the transaction made within this scope to third parties to whom personal data are transferred,

(VI) Although it has been processed in accordance with the provisions of the KVKK and other relevant laws, in case the reasons requiring its processing disappear, to request the deletion, destruction or anonymization of your personal data and to request the third parties to whom the personal data has been transferred,

(VII) To object to the occurrence of an unfavorable result by analyzing the processed data exclusively through automated systems,

(VIII) To request the compensation of the damage in case of damage due to the processing of your personal data illegally.



Seed Turizm ve Otel Hizmetleri İnşaat ve Tic. A.Ş.    employees report the work, action or fact that they think violates the provisions of KVKK and / or the Policy to the Commission. The committee will convene after this violation notification, if it deems necessary, and prepare an action plan regarding the violation.

If the violation occurred through the unlawful acquisition of personal data to others, the Commission shall notify the relevant person and the Board within 72 hours within the scope of the Board's decision dated 24.01.2019 and numbered 2019/10 .

  1. CHANGES   

The changes on the policy are prepared by the Commission and Seed Turizm ve Otel Hizmetleri İnşaat ve Tic. A.Ş.  It is submitted for the approval of the Board of Directors. The Updated Policy can be sent to employees via e-mail or posted on the website.


This version of the Policy has been approved by the Board of Directors on 23.09.2020 and entered into force.

Copyrights © 2019 Zena Resort Hotel. All Rights Reserved.
0 242 606 12 60