POLICY ON THE PROCESSING OF SPECIAL CATEGORIES OF PERSONAL DATA

Home

1. Purpose

The purpose of this Policy on the Processing and Protection of Special Categories of Personal Data (hereinafter referred to as the “Policy”) is to establish the specific rules and enhanced safeguards for ensuring that special categories of personal data processed by ISG Airport Hotel (“Hotel”) are processed and protected lawfully, in accordance with Article 6 of the KVKK, other relevant legislation, and the decisions of the Board.

2. Scope

This Policy covers the following special categories of personal data, which may be processed by the Hotel and could lead to discrimination or victimization if disclosed:

  • Health Data: Information declared by guests to ensure a comfortable and safe stay.
  • Criminal Convictions and Security Measures: Criminal record checks for specific employee positions under legal requirements.
  • Membership of Associations: Membership information provided for group/event accommodation.
  • Religious Beliefs: Indirectly obtained from older ID card photocopies.

3. Definitions

For terms used in this Policy that are not otherwise defined herein, the definitions provided in the Hotel’s Personal Data Security Policy and Article 3 of the KVKK shall apply.

4. Definition of Special Categories of Personal Data (KVKK Article 6)

As per KVKK Article 6(1), special categories of data include race, ethnicity, political opinion, religion, association membership, health, sexual life, criminal convictions, biometric, and genetic data.

5. Conditions for Processing Special Categories of Personal Data

  • Explicit Consent: Health data of guests is processed only with separate and informed consent for specific purposes.
  • Exceptions Without Consent:
    • Explicitly required by law.
    • Protection of life or physical integrity.
    • Establishment, exercise, or protection of legal rights.

Important Note: As the Hotel is not a healthcare provider, guest health data is processed only with explicit consent.

6. Adequate Measures for Processing Special Categories of Data

6.1. Measures for Employees

  • Training for authorized personnel.
  • Confidentiality clauses and NDAs in employment contracts.
  • Immediate revocation of access on termination.

6.2. Measures in Electronic Environments

  • Data encrypted with cryptographic methods.
  • Access and transactions are logged with timestamps.
  • Regular vulnerability and penetration testing.
  • Two-factor authentication for remote access.

6.3. Measures in Physical Environments

  • Double-locked cabinets for printed sensitive forms.
  • Protection against fire, theft, and flooding.

6.4. Measures for Data Transfer

  • Secure internal messaging with phone confirmation or encrypted corporate email.
  • Paper transfers in sealed envelopes marked “CONFIDENTIAL”.

7. Processed Special Data, Purpose, and Additional Safeguards

The main processed special category is guest health data to personalize service and ensure safety. These are destroyed after use and not used for marketing.

8. Data Subject Rights and Application

Data subjects have all the rights outlined in Articles 9 and 10 of the Hotel’s Personal Data Security Policy.

9. Review and Update

This Policy is reviewed and updated at least annually or upon legal changes.

10. Entry into Force

This Policy entered into force with the approval of the Hotel Management.