1. PERSONAL DATA PROTECTION LAW (KVKK) INFORMATION NOTICE

GARDAN HOTEL WEBSITE USERS AND GUESTS PERSONAL DATA PROTECTION INFORMATION NOTICE

  1. Identity of the Data Controller

In accordance with the Personal Data Protection Law No. 6698 (“KVKK”), your personal data may be processed by DK TURİZM GIDA İNŞAAT OTOMOTİV DIŞ TİCARET LTD ŞTİ (‘Company’ or “Gardan Hotel”) as the data controller within the scope described below.

  • Title: DK TURİZM GIDA İNŞAAT OTOMOTİV DIŞ TİCARET LTD ŞTİ
  • Tax Number: 3021309938
  • Tax Office: Beylikdüzü
  • Address: Barış Neighborhood, Zafer Street, No: 4B 34500 BEYLİKDÜZÜ/ ISTANBUL
  • Phone: +90 (212) 855 77 77
  • Website Address: https://www.gardanhotel.com/
  1. Purpose for Which Personal Data Will Be Processed

Your collected personal data will be processed by our Company for the purposes listed below, within the scope of the personal data processing conditions specified in Articles 5 and 6 of the KVKK, in order for you to benefit from the services offered by our Company:

  • The provision of our hotel and accommodation services, including the processing, management, and confirmation of your reservations (online or by phone).
  • Contacting you based on the contact forms you fill out on the website (https://www.gardanhotel.com/).
  • Reviewing and responding to your requests, suggestions, and complaints regarding our services.
  • Establishment and performance of the accommodation service contract.
  • Execution of finance and accounting processes (invoice preparation, payment transactions).
  • Compliance with Legal Obligations: Compliance with our legal obligations under the Identity Reporting Law No. 1774, the Tax Procedure Law, and other relevant legislation (e.g., reporting guest information to the competent authorities).
  • Implementing information security processes and ensuring the security of our website.
  • Determining and implementing our company’s commercial and business strategies.
  • Marketing and Promotion (Subject to Obtaining Your Explicit Consent): If you consent, we may send you commercial electronic communications (e-mail, SMS) about our campaigns, promotions, and new services.
  1. Categories of Personal Data Processed

Our company may process the following categories of personal data through our website (online reservations, contact forms, etc.) or other channels (phone, email):

  • Identity Information: First name, last name, Turkish ID Number (TCKN), passport number (for foreign nationals), date of birth.
  • Contact Information: Phone number, email address, address.
  • Financial Information: Credit card information (processed only for payment and authorization transactions via a secure payment infrastructure), billing information.
  • Customer Transaction Information: Reservation number, check-in/check-out dates, room type, accommodation preferences, special requests (e.g., request for a room for people with disabilities), spending information.
  • Transaction Security Information: IP address, website entry and exit records (log records), cookie information.
  1. Method and Legal Basis for Collecting Personal Data

Your personal data is collected by our Company through reservation forms, contact forms, cookies, telephone, email, and other electronic means on the https://www.gardanhotel.com/ website, or verbally or in writing in physical environments (at the reception desk). You can review our cookie policy.

These data are processed in accordance with Article 5 of the KVKK;

  • Directly related to the formation or performance of a contract (Article 5/2-c) (Provision of reservation and accommodation services),
  • It is mandatory for the data controller to fulfill their legal obligations (Article 5/2-c) (Identity Disclosure Law, Tax Laws).
  • Processing is necessary for the legitimate interests pursued by the data controller (Article 5/2-f) (Website security, request/complaint management),
  • And it is processed based on legal grounds requiring your explicit consent (Article 5/1) (Sending commercial communications for marketing and promotional purposes).
  1. To Whom and for What Purpose Processed Personal Data May Be Transferred

Your personal data will be processed in accordance with the purposes listed above and in compliance with Articles 8 and 9 of the KVKK, provided that the necessary security measures are taken;

  • To Authorized Public Institutions and Organizations: As required by law (e.g., pursuant to Law No. 1774, to Law Enforcement Agencies, Tax Offices, etc.)
  • To Suppliers and Business Partners: For the purpose of providing the service (accommodation, payment) (e.g., banks, online payment service providers, reservation infrastructure providers, IT service providers, email delivery service providers).
  • To Group Companies and Shareholders: For the purposes of internal management and reporting activities, it may be transferred to the extent necessary.
  1. Rights of the Data Subject (Relevant Person) (KVKK Article 11)

As a data subject, you have the following rights under Article 11 of the KVKK:

  1. a) To learn whether personal data has been processed, b) To request information regarding the processing of personal data, c) To learn the purpose of processing personal data and whether it is being used for its intended purpose, d) To know the third parties to whom personal data has been transferred within or outside the country, e) To request the correction of personal data if it has been processed incompletely or incorrectly, f) Requesting the deletion or destruction of personal data within the framework of the conditions set forth in Article 7 of the KVKK, g) To request that the actions taken in accordance with subparagraphs (e) and (f) be communicated to third parties to whom the personal data has been transferred, h) To object to the emergence of a result against the person through the analysis of the processed data exclusively by means of automated systems, i) Requesting compensation for damages incurred due to the unlawful processing of personal data.
  2. Application Method

You may submit your requests regarding the above-listed rights to the Company in writing or via registered electronic mail (KEP) address, secure electronic signature, mobile signature, or the email address you previously provided to the Company and which is registered in our system (info@gardanhotel.com), in accordance with the “Communication on Procedures and Principles for Applications to the Data Controller.”

You can send your written applications with a wet signature to our address at “Barış Mahallesi Zafer Caddesi No: 4B 34500 BEYLİKDÜZÜ/ İSTANBUL”.

Your application must include your first name, last name, Turkish ID number (or passport number if you are a foreign national), your residential or business address for notification purposes, your email address and phone number for notification purposes (if applicable), and the subject of your request.