COMMERCIAL ELECTRONIC MESSAGE EXPLICIT CONSENT TEXT

KVKK Information Notice
 PRIVACY AND PERSONAL DATA PROTECTION PRINCIPLES

1. PURPOSE AND SCOPE

These Privacy and Personal Data Protection Principles (hereinafter referred to as the “Principles”) set out the principles adopted by Fine Otel Turizm İşletmecilik A.Ş. and all brands within its structure such as The Land of Legends, Nickelodeon Play!, Rixos Hotels (hereinafter referred to as the “Company”) regarding the protection of personal data, and aim to inform all relevant groups of data subjects within the scope of the Personal Data Protection Law No. 6698 (hereinafter referred to as “KVKK No. 6698”).

2. PRINCIPLES REGARDING THE PROCESSING OF PERSONAL DATA

As the Company, acting in the capacity of Data Controller, we process your personal data in accordance with the principles set out below.

2.1 Processing in Compliance with Law and the Principle of Good Faith

In processing your personal data, the principles introduced by legal regulations and the general principles of trust and good faith are observed. In accordance with this principle, while striving to achieve our purposes for processing personal data, we take your interests and reasonable expectations into consideration, do not abuse our rights, and act in line with the principle of transparency in our data processing activities.

2.2 Ensuring that Personal Data is Accurate and Up-to-Date When Necessary

In line with this principle, which emphasizes the importance of the accuracy and up-to-dateness of personal data, periodic checks and updates are carried out and necessary measures are taken to ensure that processed data are accurate and current, taking into account your legitimate interests. Within this scope, systems are established within the Company to verify the accuracy of personal data and to make necessary corrections. In addition, the accuracy of the sources from which personal data are collected is checked, and requests arising from inaccuracies in personal data are taken into consideration. Therefore, this principle is implemented in compliance with your right to request the correction of your personal data pursuant to KVKK No. 6698.

2.3 Processing for Specific, Explicit and Legitimate Purposes

Your personal data are processed based on explicit, specific, and legitimate purposes. In this context, we ensure that our personal data processing activities are clearly understandable by data subjects and we determine and expressly state, in Article 3 of these Principles, which purposes and legal grounds they are based on.

2.4 Being Related, Limited and Proportionate to the Purpose of Processing

Your personal data are processed in a proportionate, purpose-related and limited manner to the extent necessary for the realization of the envisaged purpose(s), and processing of personal data that is not related to or not needed for the fulfillment of the purpose is avoided. Likewise, within the scope of this principle, personal data are not collected or processed for purposes that do not currently exist or are considered to arise in the future.

2.5 Retention for the Period Stipulated in Relevant Legislation or Required for the Purpose

Your personal data are retained only for the period stipulated in relevant legislation or required for the purpose for which they are processed. In this regard, the Company takes and implements the necessary administrative and technical measures. Within this scope, first it is determined whether a retention period is prescribed in relevant legislation; if a period is prescribed, personal data are retained in accordance with that period; if not, personal data are retained for as long as necessary for the purpose of processing. If the necessity of the related processes ceases, access to your personal data by irrelevant departments is prevented within the scope of deletion as set out in KVKK No. 6698. Upon expiration of the retention period or disappearance of the reasons requiring processing, and in the absence of a legal ground allowing longer processing, your personal data are destroyed or anonymized in accordance with personal data protection legislation.

3. CONDITIONS FOR PROCESSING PERSONAL DATA

3.1 Explicitly Stipulated by Law

Within the scope of KVKK No. 6698, your personal data and sensitive personal data may be processed under the conditions set out below.
The main rule is that personal data cannot be processed without the explicit consent of the data subject. However, in cases where processing of personal data is explicitly stipulated by law, your personal data may be processed without seeking your explicit consent.

3.2 Inability to Obtain Explicit Consent Due to Actual Impossibility

Your personal data may be processed if the data subject is unable to express consent due to actual impossibility or if such consent cannot be legally recognized, and processing is mandatory to protect the life or physical integrity of the data subject or another person.

3.3 Directly Related to the Establishment or Performance of a Contract

Your personal data may be processed if it is necessary to process personal data belonging to the parties to a contract, provided that processing is directly related to the establishment or performance of that contract.

3.4 Fulfillment of the Company’s Legal Obligations

Your personal data may be processed if processing is mandatory for the Company to fulfill its legal obligations arising from the legislation, contracts, or similar legal duties to which it is subject or responsible.

3.5 Personal Data Being Made Public by the Data Subject

If your personal data have been made public by you, meaning shared with the public by your own will, they may be processed in a manner that is related and proportionate to the purpose of such disclosure.

3.6 Processing Being Mandatory for the Establishment, Exercise or Protection of a Right

Your personal data may be processed if processing is mandatory for the establishment, exercise, or protection of a right within the scope of conducting and managing processes related to the Company’s legal and commercial rights.

3.7 Processing Based on Legitimate Interest

Your personal data may be processed if processing is necessary for the legitimate interests of the Company. Where processing is carried out on this legal ground, our Company evaluates the matter by also considering your fundamental rights and freedoms, and makes a decision based on the outcome of this assessment.

3.8 Processing Based on Explicit Consent

Although processing based on explicit consent is the main rule, explicit consent is not relied upon when other conditions specified in this article exist; otherwise, this could constitute abuse of rights. Accordingly, if none of the conditions set out in these Principles apply, your personal data are processed based on your explicit consent. In particular, unless otherwise stated, your explicit consent for the sending of commercial electronic messages may be interpreted as covering campaign and announcement communications of all brands within the Company (The Land of Legends, Nickelodeon Play!, Rixos, etc.).

3.9 Processing of Sensitive Personal Data

Sensitive personal data are processed only under the conditions below, pursuant to Article 6 of KVKK No. 6698:
a) The data subject has explicit consent,
b) Explicitly stipulated in laws,
c) Mandatory to protect the life or physical integrity of the data subject or another person, where the data subject cannot express consent due to actual impossibility or where consent is not legally recognized,
ç) Related to personal data made public by the data subject and in line with the intention of disclosure,
d) Mandatory for the establishment, exercise, or protection of a right,
e) Necessary for the protection of public health, preventive medicine, medical diagnosis, treatment and care services, and planning, management and financing of health services by persons under confidentiality obligation or authorized institutions and organizations,
f) Mandatory for fulfilling legal obligations in the fields of employment, occupational health and safety, social security, social services and social assistance,
g) Related to current or former members and affiliates of foundations, associations and other non-profit organizations or formations established for political, philosophical, religious or trade union purposes, provided that processing is in line with their legislation and purposes, limited to their field of activity, and not disclosed to third parties, as well as persons who are in regular contact with such organizations.

4. TRANSFER OF PERSONAL DATA

Your personal data and sensitive personal data may be transferred, within the scope of Article 2 of these Principles, for the purposes of carrying out cross-marketing activities, managing joint loyalty programs, and providing integrated services, to other brands within the Company (Nickelodeon Play!, The Land of Legends, etc.), our domestic business partners, public institutions and organizations and similar entities, or our business partners abroad. While carrying out such transfers, compliance with Articles 8 and 9 of KVKK No. 6698 is observed. Where necessary, your explicit consent is obtained and the transfer is made within that framework.

5. SECURITY OF PERSONAL DATA

In order to ensure the security of personal data and prevent unlawful processing, the Company takes all reasonable administrative and technical measures to prevent risks of unauthorized access, accidental data loss, intentional deletion of data, or damage to data.

Reasonable technical and physical measures are taken to prevent access to personal data by unauthorized persons other than those with access authority. In this context, especially the authorization system is designed in a way that prevents individuals and systems from accessing more personal data than necessary. The Company conducts and commissions necessary audits to ensure the implementation of KVKK No. 6698 within its own organization.

The measures taken are as follows:

  • Network security and application security are ensured.

  • Closed system networks are used for personal data transfers via network.

  • Security measures are taken in the procurement, development and maintenance of information technologies systems.

  • Security of personal data stored in the cloud is ensured.

  • Disciplinary regulations including data security provisions for employees exist.

  • Training and awareness activities on data security are conducted for employees at regular intervals.

  • An authorization matrix has been created for employees.

  • Access logs are kept regularly.

  • Corporate policies on access, information security, use, retention and destruction have been prepared and implemented.

  • Confidentiality undertakings are executed.

  • Access authorizations of employees who change roles or leave employment are revoked.

  • Up-to-date anti-virus systems are used.

  • Firewalls are used.

  • Signed contracts include data security provisions.

  • Additional security measures are taken for personal data transferred via paper, and relevant documents are sent in confidential document format.

  • Personal data security policies and procedures have been determined.

  • Personal data security issues are reported promptly.

  • Monitoring of personal data security is performed.

  • Necessary security measures are taken regarding entry and exit to physical environments containing personal data.

  • Physical environments containing personal data are secured against external risks (fire, flood, etc.).

  • Security of environments containing personal data is ensured.

  • Personal data are minimized as much as possible.

  • Personal data are backed up, and security of the backups is also ensured.

  • User account management and authorization control systems are implemented and monitored.

  • Periodic and/or random internal audits are conducted and commissioned.

  • Log records are kept in a way that prevents user intervention.

  • Existing risks and threats are identified.

  • Protocols and procedures for the security of sensitive personal data are determined and implemented.

  • If sensitive personal data will be sent via electronic mail, it is sent encrypted and via KEP or a corporate e-mail account.

  • Attack detection and prevention systems are used.

  • Penetration tests are carried out.

  • Cyber security measures are taken and their implementation is continuously monitored.

  • Sensitive personal data transferred via portable memory, CD, DVD media are encrypted.

  • Service providers processing data are audited periodically regarding data security.

  • Awareness of service providers processing data regarding data security is ensured.

6. RIGHTS OF THE DATA SUBJECT, APPLICATION PROCEDURE AND PRINCIPLES

As a data subject, if you have a request regarding your rights listed in Article 11 of Law No. 6698, and if you are a citizen of the European Union, regarding your rights under GDPR such as withdrawing your explicit consent, obtaining information about and accessing your data, correcting, deleting or restricting the processing of your personal data in certain cases, data portability under certain conditions, objecting to the processing of your personal data and similar rights, you may submit your requests to us through the methods below by filling out the Application Form Regarding the Protection of Personal Data, which you can download by clicking, or by submitting an application meeting the minimum conditions set out in the Communiqué on the Procedures and Principles of Application to the Data Controller.

The Company will finalize your application free of charge as soon as possible and at the latest within thirty days depending on the nature of your request. However, if the transaction requires an additional cost, the fee in the tariff determined by the Personal Data Protection Board will be charged by the Company. In cases where your application is rejected, the response is found insufficient, or no response is given within due time, you may inform us accordingly. In addition, as a data subject, you have the right to lodge a complaint with the competent data protection authority in your country within thirty days from the date you learn of our response and in any case within sixty days from the date you duly submit your application.

Awesome!

We’ve got your request.

Error

Oops. Something went wrong while processing your request. Please try again in a moment.

NICKELODEON PLAY!
Branded ZonesNickelodeon JourneysFood & BeverageNickelodeon ShopTicket Refund & Exchange
CONTACT
info@nickelodeonplayistanbul.comT: +90 212 377 58 00F: +90 212 377 58 00

Camii Kebir Taşkızak Tersane Cad. No:5 Kasımpaşa Beyoğlu İstanbul

A The Land of Legends Website

© 2025 Viacom International Inc. All Rights Reserved.

Web Privacy and Personal Data Protection Law Principles
NEW
Coming Soon!
The Wait Is Almost Over. The Fun Is Just Beginning.
Nationality
Awesome!

We’ve got your request.

Error

Oops. Something went wrong while processing your request. Please try again in a moment.

Coming Soon
COMMERCIAL ELECTRONIC MESSAGE EXPLICIT CONSENT TEXT

This document includes my explicit consent regarding the sending of commercial electronic messages in accordance with Law No. 6563 on the Regulation of Electronic Commerce and the Regulation on Commercial Communication and Commercial Electronic Messages.

I hereby consent to Fine Otel Turizm İşletmecilik A.Ş. sending me commercial electronic messages in compliance with the applicable legislation for the following purposes: announcing general and special offers related to the services provided, conducting satisfaction surveys regarding the offered services, informing me about current developments, sending congratulatory messages, sharing contents such as presentations and newsletters, and carrying out promotions and advertisements.

I acknowledge that my contact information, identification details, and marketing data may be collected and processed for the purpose of conducting product/service sales and advertisement/campaign/promotion activities, and that messages will be sent to me via the communication channels I have chosen.

I understand that I may change my communication preferences at any time, or stop the communication without providing any reason by following the rejection procedure indicated in the messages I receive.

I also give my consent for commercial electronic messages to be sent to me by SMS/text message, automated calls, phone calls, pop-ups, push notifications, social media and online advertising networks, e-mail/mail, and other electronic communication tools/channels, and for my personal data to be processed by Fine Otel Turizm İşletmecilik A.Ş. for this purpose, as well as shared with its business partners as necessary for this process.By accepting this document, I declare that I have read and understood the text and give my explicit consent to the matters explained herein.

⁠  ⁠