Privacy Policy - union hotel
1. Data Controllers
This Privacy Policy applies to the hotels listed below, each of which operates as a separate legal entity. Each company is considered an independent Data Controller within the scope of the Turkish Personal Data Protection Law No. 6698 (“KVKK”) with respect to the personal data processed within its own operations.
Data Controller Companies:
1. Doruk Palace Turizm LTD. ŞTİ.
(Doruk Palas Hotel)
2. Union Hotel Turizm Ltd. Şti.
(Union Hotel Port – Union Hotel Karaköy)
3. Biz Akaryakıt İnşaat ve Turizm Sanayi ve Ticaret A.Ş.
(Union Hotel Platinn)
Whichever hotel the guest makes a reservation with, the company operating that specific hotel shall be deemed the relevant the Data Controller.
2. What Personal Data Do We Collect?
Within the scope of our website, reservation system, and accommodation processes, the following personal data may be collected:
Identity and Contact Information
- Name – Surname
- Nationality
- Country of residence / reservation
- ID / Passport information
- Date of birth
- Phone number
- Email address
Reservation and Accommodation Information
- Check-in – check-out dates
- Room preferences
- Special requests
- Companion information
Payment and Financial Information
- Credit card information (for pre-authorization transactions)
- Invoice information
- IP address
- Transaction records
Technical Data
- IP address
- Cookie data
- Log records
- Device and browser information
Marketing Data (If Explicit Consent Is Given)
- Newsletter subscription
- Campaign preferences
- Analytics and advertising cookie data
3. Purposes of Processing Personal Data
Your personal data is processed for the following purposes:
1️⃣ Provision of Accommodation Services (Performance of Contract)
- Creating and managing reservations
- Online check-in processes
- Room allocation
- Fulfilling guest requests
2️⃣ Fulfillment of Legal Obligations
- Notification to law enforcement authorities under the Identity Notification Law
- Issuing invoices under tax legislation
- Maintaining accounting records
- Responding to requests from official authorities
3️⃣ Payment and Financial Transactions
- Credit card pre-authorization transactions
- Collection and refund processes
- Financial reporting
4️⃣ Ensuring Security
- Maintaining CCTV camera recordings
- Hotel entry-exit control
- Prevention of security risks
5️⃣ Customer Communication and Satisfaction
- Sending reservation confirmations
- Satisfaction surveys
- Complaint and request management
6️⃣ Marketing Activities (With Explicit Consent)
- Campaign notifications
- Sending e-newsletters
- Offering special deals
⚠️ Marketing activities are carried out only if explicit consent is obtained.
7️⃣ Conducting Legal Processes
- Using data as evidence in potential disputes
- Managing litigation and enforcement proceedings
4. Method and Legal Basis for Collecting Personal Data
Your data is collected through:
- Website reservation form
- Online check-in form
- Transfer request form
- Newsletter subscription form
- Third-party reservation software
- Call center and email communications
- CCTV systems
- Cookies
Legal bases:
- KVKK Art. 5/2 (Performance of contract)
- KVKK Art. 5/2 (Legal obligation)
- KVKK Art. 5/2 (Legitimate interest)
- Explicit consent
5. Transfer of Personal Data
Your personal data may be transferred to:
- Authorized public institutions and organizations
- Accounting and financial advisors
- Banks and payment institutions
- Reservation software service providers
- IT and hosting companies
- Legal advisors
International data transfers (for example, for analytics or advertising tools) are carried out only in compliance with Article 9 of KVKK and, where required, subject to explicit consent and appropriate safeguards.
6. Use of Cookies
On our website:
- Mandatory Cookies
- Functional Cookies
- Analytical Cookies (Google Analytics, etc.)
- Marketing Cookies (Meta Pixel, etc.)
Mandatory cookies are used within the scope of performance of contract and legitimate interest; other cookies are used based on explicit consent.
You may manage your cookie preferences through the Cookie Preference Panel available on our website.
7. Data Retention Period
Personal data is retained:
- For the period necessary for the purpose for which it is processed
- For the retention periods prescribed under applicable legislation
- For 10 years under tax and accounting legislation
- Identity notification records for the period required by relevant legislation
At the end of the retention period, data is deleted, destroyed, or anonymized in accordance with KVKK.
8. Data Security Measures
To ensure data security:
Administrative Measures
- Preparation of a data inventory
- Implementation of authorization matrix
- Confidentiality agreements
- KVKK training
- Data processing agreements
- Data breach response plan
Technical Measures
- SSL certificate
- Firewall and antivirus
- PCI-DSS compliant payment infrastructure
- Maintaining log records
- Access control systems
- Regular backups
Physical Security
- Restricted access to server areas
- Locked archive systems
9. Your Rights Under KVKK
Under Article 11 of KVKK, you have the right to:
- Learn whether your data is processed
- Request correction
- Request deletion
- Learn third parties to whom data is transferred
- Object to automated analyses
Applications are concluded within 30 days at the latest.
10. Your Rights Under GDPR (For EU Guests)
Guests located in EU countries have the right to:
- Access
- Rectification
- Erasure
- Data portability
- Restriction of processing
- Objection
- Withdrawal of explicit consent
Applications are concluded within 1 month at the latest.
11. Contact Information
Doruk Palas Hotel
Union Hotel Port
Union Hotel Karaköy
Union Hotel Platinn
12. Policy Changes
This Privacy Policy may be updated in line with legislative amendments or operational requirements. The updated version enters into force on the date it is published on our website.