*This notice describes how we process your personal data.
If you book a hotel room with ‘Club Viva Hotel’, controller is ‘Club Viva Hotel’
See below for contact information on specific topics.
You have the right to object to some of the processing which Club Viva Hotel carries out. More information about your rights and how to exercise these is set out in the section headed “Your rights” below.
This notice applies to:
❖ Callers; and
❖ Other customers.
And anyone contacting, visiting or using our:
◆ Socail Media Pages;
◆ Reservation Centre;
◆ Guest Relations Team; and
◆ Hotels and other premises.
Summary of the purposes for processing your personal data and the legal basis for doing so:
- We process personal data to make, amend and administer room bookings, provide hotel services, process and store payment details and provide other products and services (such as meals and car parking). We also deal with enquires, gather customer feedback, undertake market research and direct marketing (including analysis to create profiles), in our legitimate interests to promote our business and improve our service and delivery.
- When booking with us, we can ask for accessibility, dietary, health or other sensitive personal data if its necessary if required by law. ( 6698 sayılı Kişisel Verilerin Korunması Kanunu ve Avrupa Birliği Genel Veri Koruma Tüzüğü «EU General Data Protection Regulation» GDPR )
If you (or someone on your behalf) do provide such information to us, please be aware we may need to ask for your explicit consent. In some cases, it may be permissible for us to have such data as it is in your vital interests that we do so.
- On our websites we use third party marketing and analytical cookies plus similar technologies areincluded in our marketing emails, as explained in our http://www.clubvivahotel.com You can reject and block cookies in your browser settings.
- We monitor social media to respond to comments or complaints about our business and with the permission of the platform owner we may reproduce your comments on our website, on the lawful basis of our legitimate interests.
- In our legitimate interests, we also seek to prevent and detect crime as well as protect our business and premises.
- In order to fulfil the above purposes: we disclose your personal data to payment providers, technology providers, insurers, and other specialist professional and technical service providers and advisers, to manage your bookings, arrange payments, and provide services.
İf it requires, we may transfer your personal data outside the European Economic Area (the EU Member States plus Iceland, Lichtenstein and Norway) and, where we do this, we will use safeguards to protect your data.
- We keep your data to enable us to fulfil our contract with you or to provide services, where required by law, to respond to a question or complaint, to obey rules about keeping records, to uphold or protect contractual or legal rights or where it is in your or another party’s vital interests or our legitimate interests. Where we process personal data on the basis of your consent, we will retain it for as long as required for the specified purpose. We also keep your data in line with any statutory limitation periods and for tax, legal or regulatory purposes.
- Any consent(s) you give us may be withdrawn at any time.
- You have an absolute right to object to direct marketing (and any profiling for the purposes of direct marketing) at any time.
- You also have the qualified right to: request access, rectify, and erase your personal data; object to processing for any purpose where we rely on our legitimate interests as the legalbasis; restrict processing; and supply or transfer your personal data in a portable format.
Where you exercise any of your rights, we will process your personal data to comply with your request in accordance with our legal obligations.
- Where we use automated decision-making, you have the right to human intervention, to add a statement, and to have the decision reviewed.
You have the right to lodge a complaint with the data protection supervisory authority of the country in which you are resident, work or in which your complaint arises.
We may provide additional information during the booking and check-in process and at other points at which we collect your personal data.
If you wish to exercise your rights, please visit our http://www.clubvivahotel.com
You will be directed to an enquiry form. Then please select “Privacy” from the “Reason for contact” dropdown box.
*Personal information we collect
We collect personal information when you book with us or request or use our services. This includes hotel and restaurant visits, using our websites or apps, or corresponding with us. We may also receive personal data about you from another source. This includes:
- Personal Identifiers – title, name, marital status, postal and email addresses, postcode, IP addresses and contact telephone numbers, passport coppies. We may also collect the names of those who are part of a group booking where necessary, and the age of children to meet your needs (e.g. to provide a cot) and enable us to confirm any restrictions that may apply to a room booking;
- Business-to-Business Information – for corporate customers and corporate business leads and contacts: job title, business address and business email address;
- Financial Transaction Information – payment, reservation and booking details, including meals, beverages & car parking;
- Membership information – membership details for rewards and Club Viva Hotel Business Account programmes;
- Customer special requests and feedback including complaints – via call centres, emails and online free text fields.
We also collect;
- Comunication records – Communication data that can be obtained through the company’s communication and information systems: Corporate phone call records, corporate mail and e-mail records and their contents
- Visual and Audio Records – Photographs, cameras and sound recordings that can be taken outside the scope of physical location security of personal data owners and other documents to which these data are transferred: Photographs attached to the forms, video interview and meeting records, etc.
- Legal Actions – The data processed within the scope of the legal obligations of the Company with the determination of legal receivables and rights, follow-up and execution of its debts: Power of attorney information, court and administrative authority decisions, information in correspondence with judicial authorities, information in case files, etc.
- Physcial Space Security- Personal data regarding the records and documents taken while entering and inside the physical spaces of the company: Entry-exit records, magnetic card records, security camera records, license plate, etc.
Third parties, including where we are joint controllers, that we receive personal data from may include:
- Travel agents, booking agents, other agents, tour operators and schools;
- Corporate customers and public information sources such as Companies House;
- Comparison and review websites;
- Social networks;
- Car park operators;
- Business Account management operators;
- Market researchers;
- Marketing service providers and advertising technology providers;
- Government and law enforcement agencies;
- Other licensees in accordance with licensing requirements;
- Other hotel providers and other organisations as part of their contingency plans; and
- Whitbread Group plc and other companies in the Whitbread Group.
*How do we use your information, and what is the legal basis for this use?
Our company collects the personal data, in line with the purposes specified in this text; fully or partially by automatic or non-automatic means; in all kinds of verbal, written, electronic media; but not limited to the following channels:
- Job application forms,
- Customer information forms,
- Various documents submitted to the company,
- Mail and e-mails forwarded to the Company,
- Call center,
- Company website,
- Social media tools,
- Persons and companies to whom the company provides or receives service and third parties such as business partners, subcontractors, companies and group companies that provide services / products,
- Employment companies and job search portals,
- Mobile applications,
- Corporate communication accounts and devices,
- Company information systems and devices,
- Security cameras,
The legal basis for these use are;
- The express consent of the person concerned,
- It is clearly stipulated in the laws;
- Personal data is made public by the person concerned,
- It is necessary to process personal data of the parties to the contract, provided that it is directly related to the establishment or performance of a contract,
- It is mandatory for our company to fulfill its legal obligation,
- Data processing is mandatory for the establishment, use or protection of a right,
- It is mandatory for our Company to process data for its legitimate interests, provided that it does not harm the fundamental rights and freedoms of the relevant persons.
You will appreciate that If the information we request is not provided, we may not be able to enter into or comply with a contract or our legal obligations.
- In our legitimate interests regarding the conduct of our business, in particular: Ensuring customer satisfaction, maintaining goodwill and dispute resolution, we provide technical support and investigate and process any complaints about our website or our products or services, and to maintain appropriate records for internal administrative purposes. We reserve the right to request evidence to support any claims or complaints.
- We will process health information, such as dietary, accessibility, and allergy information you or a party on your behalf provides to us (we may also be able to do this where it is in your vital interests); and on other occasions where we ask you for consent, we will use the personal data for the purpose which we explain at that time.
We can collect your personel data for raising brand awareness; to understand you better as a customer by analysing your transactions and other information you provide to us or which we learn through your interactions with us; for marketing (including creating profiles), competitions and promotions by post, email, text and push notification where permitted to do so by law (for an alternative lawful basis, seeconsent below); we may use your data to provide personalised promotional offers to you; we may also use your data to provide you with personalised promotional offers on selected partner websites (for example, you might see an advertisement for our products on a partner site such as Facebook and Google); we also share some of your information with marketing service and ad technology providers and digital marketing networks, such as Facebook, Google to present advertisements that might interest you.
For example we may transfer information about you to such providers so that they may recognize your devices and deliver interest-based content and advertisements to you.
The information may include your name, email, device ID, or other identifier in encrypted form. The providers may process the information in hashed form. These providers maycollect additional information from you, such as your IP address and information about your browser or operating system; may combine information about you with information from other companies in data sharing cooperatives in which we participate; and may place or recognize their own unique cookie on your browser.
These cookies may contain demographic or other data in de-identified form; we may use personal data for monitoring the use of our websites, apps and social media pages in order to improve their performance, understand how people are engaging with them and optimise our media spend.
We may use personal data of some individuals to invite them to provide feedback or take part in market research; and for developing corporate business and applying rates.
Our company processes personal data in accordance with the relevant legislation and the requirements of the rule of honesty and uses it within these limits. In accordance with the principle of compliance with the principle of honesty, our Company takes into account the interests and reasonable expectations of the relevant persons while trying to achieve its goals in data processing. It acts in a way that prevents the occurrence of results that the person concerned does not expect and does not have to wait. In accordance with the principle, it also ensures that the data processing activity in question is transparent for the person concerned; acts in accordance with the information and warning obligations.
You have the right to withdraw consent at any time.
*Service Providers and Other Parties
For some activities Club Viva Hotel uses third party service providers including where we are joint controllers.
Your personal data will be disclosed to such organisations where this is necessary to provide a service to you, or where it is in our legitimate interests.
For example, we use third parties to:
- administer bookings;
- security services,
- cleaning services,
- provide Wi-Fi;
- provide parking and transferring facilities,
- undertake customer feedback surveys;
- provide analytics;
- send promotional offers;
- provide personalised advertisements;
- provide insurance;
- provide IT development, support, maintenance and hosting, including the provision of applications
- website hosting;
- meeting requests such as transfer, welcome, sending forgotten items,
- process payments to enable you to pay by credit or debit card;
- provide credit checks and fraud checks; and
- provide CCTV systems and maintenance.
However, personal data may be shared with regulators, government authorities and/or law enforcement officials for the prevention or detection of crime, if required by law or if required for a legal or contractual claim or regulatory purposes.
We disclose your personal data to payment providers, technology providers, insurers, and other specialist professional and technical advisers, to manage your bookings, arrange payments, and provide services.
With your consent, we will also disclose your personal data to Ombudsman services.
A very small number of stores using the Club Viva Hotel brand are run by a franchisee partners.
Your data will be shared with such franchisee where you book one of those stores to enable them to fulfil your booking and any related services requested by you. Such stores is committed to protecting your privacy.
Sometimes we may need to send or store your data outside of the European Economic Area (the EU plus Iceland, Lichtenstein and Norway) (‘EEA’). For example, to follow your instructions, comply with a legal duty or to work with or receive services from our service providers who we use to help run your accounts and our services.
If we do transfer information outside of the EEA, we will make sure that it is protected by using one of these safeguards:
- Transfer it to a non-EEA country with privacy laws that give the same protection as the EEA. Some countries have been deemed adequate by the EU.
- Put in place a contract with the recipient that means they must protect it to the same standards as the EEA or use other mechanisms and measures to achieve adequate protection. We also may use the Standard Contractual Clauses published by the EU.
- Transfer it to organisations that are part of Privacy Shield. This is a framework that sets privacy standards for data sent between EU countries and the US. It makes sure those standards are similar to what is used within the EEA.
- Binding corporate rules. These are internal rules adopted by group companies to allow international transfers of personal data to entities within the same corporate group located in countries which do not provide an adequate level of protection.
For some of our service providers in the Europe, we rely on Privacy Shield. For example the party who helps us with our customer feedback surveys. We rely on contractual measures for a small number of our suppliers who have or use offices outside the EEA and who have restricted access to some data to provide us with IT services including development, testing, support and maintenance.
When we evaluate in terms of Significant automated decision making, we would like to point out that, like many businesses, we use these rules for financial and other information to detect and prevent fraud. In this case, such information, when used, may identify a risk and consequently a specific action may not be taken.
*How long will you retain my personal data?
We keep your data to enable us to fulfil our contract with you or to provide services, where required by law,to respond to a question or complaint, to obey rules about keeping records, to uphold or protect contractual or legal rights or where it is in your or another party’s vital interests or our legitimate interests. Where we process personal data on the basis of your consent, we will retain it only for as long as required for the specified purpose. We also keep your data in line with any statutory limitation periods and for tax, legal or regulatory purposes.
The period for which we will retain your personal data depends on the purposes for which we are processing it and where the same personal data is processed for two or more purposes, we will retain it for the longest period.
You have the qualified right to request deletion of your personal data at any time, or we may choose or be obliged to erase your personal data earlier, for example, if we no longer need to process it.
You can find detailed information about our storage and disposal periods by following our company’s “Personal Data Retention and Disposal Policy”.
*How we defend your personel data ?
Besides all administrative and legal measures taken, we have ISO 27001 certificate, which can be used for Monitor, test and control the performance and security of our systems, networks, processes and premises to prevent and detect fraud and protect our business.
This system provides protection and control to ensure the reliability of the stored information. And also protects the confidentiality and integrity of information with risk management and controls the authority regarding accessibility.
We process your personal data in accordance with this data by performing risk analysis, risk assessment and rating.
We may monitor and record your communications with the call center, including e-mails, in order to achieve business performance and improvement and the objectives of our quality policy or safety & security of our quests and employees or . developing and marketing products and services.
What rights do I have?
- Withdrawing consent or otherwise objecting to direct marketing,
- Wherever we rely on your consent, you will always be able to withdraw that consent. We will continue to process your personal data for other purposes on a different lawful basis (other than consent) where that applies.
- In some cases, we are able to send you direct marketing without your consent, where we rely on our legitimate interests. You have an absolute right to opt-out of direct marketing, and any profiling we carry out for direct marketing, at any time. You can do this by reaching our phone, website, or anyway you can choose.
- Where you have a relationship with another organisation, such as a social media platform like İnstagram, we may ask them to send marketing to you. If you object to receiving marketing from us we will stop marketing to you. However, please contact the organisation directly if you want to object or withdraw your consent to such organisation marketing to you.
Other qualified rights
- You have the right to know whether or not we process information about you and to access that information.
- You have the right to update, correct and complete any information we hold about you which is inaccurate or incomplete.
- You have the right to obtain the personal data you provide to us for a contract or with your consent in a commonly used, structured, and machine-readable format, and to ask us to share (port) this personal data to another controller.
- You have the right to ask that we erase or restrict (stop active) processing of your personal data.
- In addition, you can object to the processing where the lawful basis is our legitimate interests. These rights may be limited, for example if fulfilling your request would reveal personal data about another person or you ask us to erase information which we are required by law to keep. Where you object to us processing personal information we may have a compelling justification for processing it. Relevant exemptions are also included within the data protection laws that apply in the Europe. We will inform you of relevant exemptions we rely upon when responding to any request you make.
To exercise any of these rights, you can get in touch with us using the details set out below. If you have concerns, you have the right to complain to the data protection supervisory authority of the EU Memberm State in which you are resident, work or in which your complaint arises. In the Türkiye, the supervisory authority is the Kişisel Verileri Koruma Kurulu (Personal Data Protection Board).