Privacy Policy and Data Notice on Processing of Personal Data

LAST UPDATED: 04 MARCH 2020

Norm Elektronik Ltd.Şti., together with our websites, services, Saas or other mental properties we own, operate or manage (“Properties”) (together, “Norm Elektronik Ltd.Şti.”, respect the privacy of every individual who visits our Properties and/or uses any of our websites or services.

This Privacy Policy applies to personal data that:

• is provided to us when you use our softwares or services; and
• we collect from you when you visit any of Norm Elektronik Ltd.Şti.’s websites or which we obtain from any communications with you.

The following sections of this Privacy Policy describe the types of personal data we collect, how and for what purposes we use that personal data, with whom we share it, and the choices and rights available to you regarding our use of your personal data. We also describe the measures we take to protect the security of the personal data we hold and how to contact us about our privacy practices, and to exercise your rights.

The list below of sections:

1. Data Controller
2. Personal data we collect
3. Use of personal data
4. Sharing personal data
5. Your rights
6. Data transfers
7. How we protect your personal data
8. How long we keep personal data for
9. Links to other websites
10. Cookies
11. Childrens privacy protection act compliance
12. Updates to our Privacy Policy
13. How to contact us

1. Data Controller

Norm Elektronik Ltd.Şti. (company Mersis number 0631007749900017) is the Norm Elektronik Ltd.Şti. data controller and is registered with the TR Information.

2. Personal data we collect

2.1 Personal data you provide on a voluntary basis

We will collect, store and process information about you if you voluntarily provide us with such information in connection with the following:

• filling in a form on any of our websites;
• filling in a physical registration card;
• opting in to receive marketing information with us;
• creating an on-line account with us and managing your preferences;
• contacting us by telephone or face to face;
• sending us a letter, e-mail or social media message;
• subscribing to receive a service from us (e.g. a newsletter, blog or by following us on social media);
• requesting promotional information from us;
• participating in a survey, competition or prize draw;
• contributing content to us;
• opt-in to our database in any method;

The types of information we may obtain include:

• Any;

‘Special category’ personal data

We do not collect data which is, by its nature, particularly sensitive (e.g. genetic data, biometric data, data revealing racial or ethnic origin, political opinions, sex life, sexual orientation, religion or other beliefs, data concerning health, criminal background or trade union membership) unless it is volunteered by you.

We may use certain sensitive (or “special category”) personal data where you have given your explicit consent to us doing so, to better serve and meet your needs. Such sensitive data is only shared with other members of the Norm Elektronik Ltd.Şti. or our third party service providers acting as data processors for the purpose of providing the services you request and will not be shared or used by us for any other purposes.

2.2 Personal data we collect automatically

When you visit a Norm Elektronik Ltd.Şti. website, we may also collect certain data through the use of “cookies” and other automated means. Cookies are small pieces of data that are stored by your browser on your computer's hard drive. Such data may comprise the following data:

• date and time;
• originating IP address;
• domain name;
• type of browser and operating system used (if provided by the browser);
• URL of the referring page (if provided by the browser);
• object requested;
• completion status of the request;
• geographic location; or
• language preferences.

2.3 Personal data we collect for eArşiv Fatura Gönderimi Extension

We collect and store your personal or sensitive data (including personally identifiable information like your name and email, financial and payment information like your invoice) from your downloaded invoice at https://earsivportal.efatura.gov.tr/ for sending your invoice to your customer.

We do not collect and do not store your other sensitive data, including browsing history, cookies, cached items, form data, web browsing activity, health information, authentication information, website content and resources, etc.

3. Use of personal data

As a provider of luxury hospitality experiences worldwide, Norm Elektronik Ltd.Şti. has a legitimate business interest in operating and improving its business and the services it offers. Norm Elektronik Ltd.Şti. therefore uses and processes your personal data to:

• help us create content that is relevant to our visitors;
• make improvements to our websites and social media pages and ensure that content on these is presented in the most effective manner for you;
• provide you with information, products or services that you request from us or which we feel may interest you;
• facilitate bookings, payment and other administrative processes related to your stay or travel;
• assess and help us understand general trends and patterns relating to our business;
• provide for the safety and security of our guests and visitors;
• manage general record keeping;
• enable us to compile anonymous, aggregated statistics that allow us to understand how users use our websites and to help us improve the structure of our websites;
• enable you to make reservations, buy Norm Elektronik Ltd.Şti. gift cards and payments;
• meet any legal and/or regulatory requirements;
• provide the products or services you request from us including providing personalised services; and
• improve our products and services and to ensure our products and services are of interest to you.

Even where Norm Elektronik Ltd.Şti. has a legitimate interest in processing your personal data, it will not do so to the extent that processing would override your interests, rights and freedoms to protect your personal data.

We may also use your personal data to protect against and prevent fraud, claims, and other liabilities and to comply with or enforce applicable legal requirements, industry standards, and our policies and terms. We use personal data for these purposes when it is necessary to protect, exercise or defend our legal rights, or when we are required to do so by applicable law.

In the situations set out below, we will only process your personal data when you have given us your specific consent and you have the right to withdraw your consent at any time (see Your rights below):

• marketing and profiling purposes which are managed solely by Norm Elektronik Ltd.Şti. as data controller for the Norm Elektronik Ltd.Şti. . Your decision to provide your data for such purposes is optional and will have no consequence on your ability to stay with us or benefit from the requested services;
• all purposes concerning your booking, your stay and to provide you with the services you have requested, which are managed by Norm Elektronik Ltd.Şti. and the Norm Elektronik Ltd.Şti. property(ies) you visit as joint controllers. Your decision to provide personal data (including special category/sensitive personal data) to us is voluntary, however, if you do not provide such personal data you may no longer be able to benefit from our services.

We may process your personal data by both automated and manual means. We may use your personal data in other ways for which we provide specific notice at the time of collection.

4. Sharing personal data

We do not sell, otherwise disclose, or share data we collect and hold about you, except as described in this Privacy Policy.

We may share your personal data with third parties as described below:

• other members of the Norm Elektronik Ltd.Şti. , or our affiliated companies, which may use this data to offer products and services to you consistent with the purposes identified in this Privacy Policy;
• third party service providers who have been appointed as data processors to perform functions and services on our behalf and who will be provided only with personal data necessary to perform the services on our behalf but are not authorised by us to use such data for any other purposes (e.g. providers of services in respect of web hosting, payment processing, information technology systems, customer relationship management, booking and reservations management, marketing, auditing, administration);
• third party providers of components of any package holiday, excursion, transfer, concierge arranged activity/experience or other service we arrange for you;
• to our advisors and insurers in the event of a claim, dispute or where otherwise necessary;
• where the Norm Elektronik Ltd.Şti. Property you visit is operated, but not owned by the Norm Elektronik Ltd.Şti. , the owner of that Norm Elektronik Ltd.Şti. Property (and its advisors and representatives);
• if we are required to do so by law or pursuant to legal process or to comply with any applicable rules or regulations, or in response to a request from a law enforcement authority or other government official;
• we reserve the right to transfer personal data about you in the event that we sell or transfer all or a portion of our business or assets, in accordance with applicable law. Should such a sale or transfer occur, we will use reasonable efforts to direct the transferee to use data you have provided to us in a manner that is consistent with this Privacy Policy. Following such a sale or transfer, you may contact the entity to which we transferred your data with any inquiries concerning the processing of that data.

5. Your rights

We will only send you marketing communications if you “opted in” to receiving such communications. You have the right to “opt out” of receiving marketing communications, whether by email or otherwise, at any time. You can do this by (i) clicking the unsubscribe link displayed in any of the marketing e-mails you receive, (ii) emailing ahmet.can.uslu@5g-soft.com to indicate you no longer wish to receive marketing communications, or (iii) writing to us at the address set out in How to contact us below.

If you are a “data subject” under applicable data protection law in the TR, EU, US or United Kingdom, you will have the following rights in relation to personal data that we hold about you:

• Right to Access - to request confirmation of whether we process personal data relating to you, and if so, to request a copy of that personal data;
• Right to Rectification - to request that we rectify or update any personal data that is inaccurate, incomplete or outdated;
• Right to Erasure - to request that we erase your personal data in certain circumstances, such as where we collected personal data on the basis of your consent and you withdraw your consent;
• Right to Restriction of Processing - to request that we restrict the use of your personal data in certain circumstances, such as while we consider another request that you have submitted, for example a request that we update your personal data;
• Right to Withdraw Consent - where you have given us consent to process your personal data, to withdraw your consent; and
• Right to Data Portability - to request that we provide a copy of your personal data to you in a structured, commonly used and machine readable format in certain circumstances.

To exercise your rights as set out above or to make a complaint or submit an inquiry about our privacy practices, please contact us at ahmet.can.uslu@5g-soft.com.

To help protect your privacy and maintain security, we may take steps to verify your identity before we can action your request.

6. Data transfers

We may transfer to, and store the data we collect about you in, countries other than the country in which the data was originally collected, including the United States, Canada or other destinations outside the European Economic Area (“EEA”). Those countries may not have the same data protection laws as the country in which you provided the data. When we transfer your data to other countries, we will protect the data as described in this Privacy Policy and comply with applicable legal requirements providing adequate protection for the transfer of data to countries outside the EEA and outside the United Kingdom.

If you are located in the TR, EEA, US or the United Kingdom, we will only transfer your personal data if:

• the country to which the personal data will be transferred has been granted a European Commission adequacy decision;
• the recipient of the personal data is located in the US and has certified to the US-EU Privacy Shield Framework; or
• we have put in place appropriate safeguards in respect of the transfer, for example we have entered into EU standard contractual clauses with the recipient, or the recipient is a party to binding corporate rules.

You may request more information about the safeguards that we have put in place in respect of transfers of personal data by contacting us as described in How to contact us below.

6.1 Personal data we collect for eArşiv Fatura Gönderimi Extension

We transmit personal or sensitive data (including personally identifiable information like your name and email, financial and payment information like your invoice) to our secure servers for sending your invoice to the customer's secure/insecure smtp server.

We do not transmit other informations at all. Your contact list and your data stored at your local storage. The processing is done locally by using an extension API and an origin-isolated extension frame, on your own system (computer).

7. How we protect your personal data

We maintain administrative, technical and physical safeguards designed to protect the personal data you provide against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use. Service providers and contractors who might have access to your data in order to provide services on our behalf will be contractually obliged to keep such data in confidence, provide adequate data security measures, and may not use that data for any other purpose.

For your own protection, we encourage you not to include sensitive personal data, credit card or similar personal data in any e-mails you send us or our staff.

8. How long we keep personal data for

Norm Elektronik Ltd.Şti. only retains your personal data for as long as needed to fulfil the purposes for which it is collected, unless we are required or permitted by law to keep the personal data for longer.

Your personal data will be anonymised or deleted if your last interaction with Norm Elektronik Ltd.Şti. was over 10 years ago. “Interaction with Norm Elektronik Ltd.Şti.” includes for example visiting a Norm Elektronik Ltd.Şti. Property or opening marketing communications from Norm Elektronik Ltd.Şti..

9. Links to other websites

Our websites may provide links to other websites for your convenience and information. These websites operate independently from us. Linked websites may have their own privacy policies, which we strongly suggest you review. To the extent that any linked websites you visit are not owned or controlled by us, we are not responsible for the websites’ content, any use of the websites, or the privacy practices of the websites.

10. Cookies

A “cookie” is an element of data that a website can send to your browser which may then be stored on your system. We use cookies to gather data about the visitors to our websites (as they enable us to improve our websites and deliver a better and more personalised service). We do not associate the data in a website visitor’s cookie with any other data about that visitor.

We do not control the use of such third party technology and we are not responsible for any actions or policies of such third parties. When you access our websites you will receive a clear notice advising you that the website you are visiting intends to use cookies and that:

• by continuing to use the website you consent to their use; or
• you must click an “I accept” box in order for cookies to be placed.

Unless you have adjusted your browser setting so that it will refuse cookies from our websites, our system will issue cookies.

11. Childrens privacy protection act compliance

We are in compliance with the requirements of COPPA (Childrens Online Privacy Protection Act). Our extension and related services are not intended for people under 13 years of age and are not directed at children. We do not knowingly solicit and do not collect personally identifiable information from anyone under 13 years of age.

12. Updates to our Privacy Policy

This Privacy Policy may be updated periodically and without prior notice to you to reflect changes in our processing of your personal data and privacy practices. We will post a prominent notice on each of Norm Elektronik Ltd.Şti.’s websites to notify you of any significant changes to our Privacy Policy and indicate at the top of the Privacy Policy when it was most recently updated.

13. How to contact us

If you have any questions or comments about this Privacy Policy, the use of cookies, if you would like us to update personal data we have about you or your preferences, or to exercise Your rights (as detailed above), please email us at;

Data Protection Officer
Norm Elektronik Ltd.Şti.
ahmet.can.uslu@5g-soft.com