Privacy Notice KVKK & GDPR

Last updated: February 26, 2026

1. Identity of the Data Controller

This Personal Data Protection Information Notice ("Information Notice") has been prepared in accordance with the Law on the Protection of Personal Data No. 6698 ("KVKK") by the data controller:

HOTELSURF TURIZM VE DANISMANLIK LIMITED SIRKETI
Address: Sisli / Istanbul / Turkiye
Tax Number: 4642131779
MERSIS Number: 0464213177900001
Trade Registry Number: 1075948

("HOTELSURF" or the "Company").

2. Categories of Personal Data Processed

Within the scope of services provided through the Platform, the following categories of personal data may be processed:

2.1. Identity Data

Name, surname.

2.2. Contact Data

Email address, phone number.

2.3. Customer Transaction Data

Reservation information, transaction history, cancellation/refund requests.

2.4. Transaction Security Data

IP address, log records, device and access information.

2.5. Financial Data

Limited information related to payment transactions.
(Credit card and debit card details are not stored or processed by HOTELSURF.)

2.6. Legal Transaction Data

Records related to requests, complaints, disputes, and legal processes.

3. Purposes of Processing Personal Data

Your personal data are processed for the following purposes:

conducting hotel reservation processes through the online platform,

establishing and performing contracts,

carrying out payment transactions,

communicating with users and providing support services,

ensuring information security and preventing fraud,

fulfilling legal obligations, and

providing information to authorized public institutions and organizations as required by law.

4. Legal Grounds for Processing Personal Data

Your personal data are processed in accordance with Article 5 of KVKK based on the following legal grounds:

being directly related to the establishment or performance of a contract,

fulfilling the legal obligations of the data controller,

the legitimate interests of the data controller, and

explicit consent (where required).

5. Transfer of Personal Data

Your personal data may be transferred, limited to the purposes stated above and in accordance with Articles 8 and 9 of KVKK, to:

hotels and accommodation providers,

banks and payment service providers (virtual POS infrastructure),

information technology and infrastructure service providers, and

authorized public institutions and organizations.

6. Methods of Collecting Personal Data

Your personal data are collected through:

forms on the Platform,

electronic communication channels,

reservation and payment transactions, and

automated or partially automated methods.

7. Retention Periods of Personal Data

Personal data are retained:

for the periods required by applicable legislation, or

for the period necessary for the purposes for which they are processed.

At the end of these periods, the data are deleted, destroyed, or anonymized in accordance with KVKK.

8. Rights of Data Subjects

Pursuant to Article 11 of KVKK, data subjects have the right to:

learn whether their personal data are processed,

request information if their personal data have been processed,

learn whether personal data are used for their intended purpose,

request correction if personal data are processed incorrectly or incompletely,

request deletion or destruction of personal data,

learn the third parties to whom personal data are transferred, and

request compensation in case of damages due to unlawful processing.

9. Application Method

Data subjects may submit their requests regarding their rights under KVKK to HOTELSURF in writing. Requests will be concluded within the time periods specified in the relevant legislation.

10. Entry into Force

This Information Notice enters into force on the date it is published on the Platform.