Privacy Policy - union hotel

1. Data Controllers

This Privacy Policy applies to the hotels listed below, each of which operates as a separate legal entity. Each company is considered an independent Data Controller within the scope of the Turkish Personal Data Protection Law No. 6698 (“KVKK”) with respect to the personal data processed within its own operations.

Data Controller Companies:

1. Doruk Palace Turizm LTD. ŞTİ.

(Doruk Palas Hotel)

2. Union Hotel Turizm Ltd. Şti.

(Union Hotel Port – Union Hotel Karaköy)

3. Biz Akaryakıt İnşaat ve Turizm Sanayi ve Ticaret A.Ş.

(Union Hotel Platinn)

Whichever hotel the guest makes a reservation with, the company operating that specific hotel shall be deemed the relevant the Data Controller.

2. What Personal Data Do We Collect?

Within the scope of our website, reservation system, and accommodation processes, the following personal data may be collected:

Identity and Contact Information

Name – Surname
Nationality
Country of residence / reservation
ID / Passport information
Date of birth
Phone number
Email address

Reservation and Accommodation Information

Check-in – check-out dates
Room preferences
Special requests
Companion information

Payment and Financial Information

Credit card information (for pre-authorization transactions)
Invoice information
IP address
Transaction records

Technical Data

IP address
Cookie data
Log records
Device and browser information

Marketing Data (If Explicit Consent Is Given)

Newsletter subscription
Campaign preferences
Analytics and advertising cookie data

3. Purposes of Processing Personal Data

Your personal data is processed for the following purposes:

1️⃣ Provision of Accommodation Services (Performance of Contract)

Creating and managing reservations
Online check-in processes
Room allocation
Fulfilling guest requests

2️⃣ Fulfillment of Legal Obligations

Notification to law enforcement authorities under the Identity Notification Law
Issuing invoices under tax legislation
Maintaining accounting records
Responding to requests from official authorities

3️⃣ Payment and Financial Transactions

Credit card pre-authorization transactions
Collection and refund processes
Financial reporting

4️⃣ Ensuring Security

Maintaining CCTV camera recordings
Hotel entry-exit control
Prevention of security risks

5️⃣ Customer Communication and Satisfaction

Sending reservation confirmations
Satisfaction surveys
Complaint and request management

6️⃣ Marketing Activities (With Explicit Consent)

Campaign notifications
Sending e-newsletters
Offering special deals

⚠️ Marketing activities are carried out only if explicit consent is obtained.

7️⃣ Conducting Legal Processes

Using data as evidence in potential disputes
Managing litigation and enforcement proceedings

4. Method and Legal Basis for Collecting Personal Data

Your data is collected through:

Website reservation form
Online check-in form
Transfer request form
Newsletter subscription form
Third-party reservation software
Call center and email communications
CCTV systems
Cookies

Legal bases:

KVKK Art. 5/2 (Performance of contract)
KVKK Art. 5/2 (Legal obligation)
KVKK Art. 5/2 (Legitimate interest)
Explicit consent

5. Transfer of Personal Data

Your personal data may be transferred to:

Authorized public institutions and organizations
Accounting and financial advisors
Banks and payment institutions
Reservation software service providers
IT and hosting companies
Legal advisors

International data transfers (for example, for analytics or advertising tools) are carried out only in compliance with Article 9 of KVKK and, where required, subject to explicit consent and appropriate safeguards.

6. Use of Cookies

On our website:

Mandatory Cookies
Functional Cookies
Analytical Cookies (Google Analytics, etc.)
Marketing Cookies (Meta Pixel, etc.)

Mandatory cookies are used within the scope of performance of contract and legitimate interest; other cookies are used based on explicit consent.

You may manage your cookie preferences through the Cookie Preference Panel available on our website.

7. Data Retention Period

Personal data is retained:

For the period necessary for the purpose for which it is processed
For the retention periods prescribed under applicable legislation
For 10 years under tax and accounting legislation
Identity notification records for the period required by relevant legislation

At the end of the retention period, data is deleted, destroyed, or anonymized in accordance with KVKK.

8. Data Security Measures

To ensure data security:

Administrative Measures

Preparation of a data inventory
Implementation of authorization matrix
Confidentiality agreements
KVKK training
Data processing agreements
Data breach response plan

Technical Measures

SSL certificate
Firewall and antivirus
PCI-DSS compliant payment infrastructure
Maintaining log records
Access control systems
Regular backups

Physical Security

Restricted access to server areas
Locked archive systems

9. Your Rights Under KVKK

Under Article 11 of KVKK, you have the right to:

Learn whether your data is processed
Request correction
Request deletion
Learn third parties to whom data is transferred
Object to automated analyses

Applications are concluded within 30 days at the latest.

10. Your Rights Under GDPR (For EU Guests)

Guests located in EU countries have the right to:

Access
Rectification
Erasure
Data portability
Restriction of processing
Objection
Withdrawal of explicit consent

Applications are concluded within 1 month at the latest.

11. Contact Information

Doruk Palas Hotel

📞 +90 539 334 44 25

📧 info@dorukpalas.com

Union Hotel Port

📞 +90 537 349 47 23

📧 info@unionotel.com

Union Hotel Karaköy

📞 +90 531 968 88 97

📧 karakoy@unionotel.com

Union Hotel Platinn

📞 +90 506 039 60 45

📧 info@platinnhotel.com

12. Policy Changes

This Privacy Policy may be updated in line with legislative amendments or operational requirements. The updated version enters into force on the date it is published on our website.