PERSONAL DATA PROTECTION AGREEMENT (KVKK COMPLIANCE NOTICE)
Effective Date: 23.10.2025
Data Controller: Soothe Hotel
Address: Akdeniz Caddesi Menekse Sokak No:25, Kalkan, Kaş, Antalya, Türkiye
Websites: https://soothehotels.com & https://soothe.rezervasyonal.com
E-mail: kvkk@soothehotel.com
Phone: +90 242 844 10 90 – +90 549 778 57 87
1. PURPOSE AND LEGAL BASIS
This agreement is prepared in accordance with the Turkish Personal Data Protection Law No. 6698 (KVKK), the Turkish Code of Obligations, the Identity Notification Law No. 1774, and relevant legislation to define the procedures and principles regarding the collection, processing, storage, transfer, and protection of personal data of guests by Soothe Hotel (“Data Controller”).
Soothe Hotel undertakes to maintain the highest level of security in the processing and protection of personal data.
2. DEFINITIONS
In this agreement:
-
Personal Data: Any information relating to an identified or identifiable natural person,
-
Sensitive Personal Data: Information such as health data, ID number, religion, nationality, sexual life, etc.,
-
Data Controller: Soothe Hotel,
-
Data Processor: A third party processing data on behalf of the Hotel (e.g., reservation infrastructure provider).
3. PERSONAL DATA COLLECTED
Soothe Hotel may collect the following personal data:
-
Identity Information (Full name, National ID number, Passport number, Date of birth),
-
Contact Information (Phone number, E-mail address, Home address),
-
Reservation Details (Check-in/check-out dates, room type, special requests),
-
Payment Information (Credit card and billing details – card data stored securely by payment service providers),
-
Online Check-in Data (ID document photo, document number, signature, etc.),
-
Security Camera Footage (from common areas for security purposes),
-
IP address, device and browser information (during website usage).
4. PURPOSES OF DATA PROCESSING
Personal data are processed in accordance with Articles 5 and 6 of the KVKK for the following purposes:
-
Providing reservation and accommodation services,
-
Performing legal identity notification obligations (pursuant to Law No. 1774),
-
Carrying out billing, payment, and accounting processes,
-
Measuring and improving guest satisfaction,
-
Conducting campaigns, promotions, and communications (with explicit consent),
-
Managing complaints, suggestions, and requests,
-
Ensuring the security of the hotel and its guests (including CCTV),
-
Organizing personalized room settings and services,
-
Fulfilling legal reporting obligations arising from regulations.
5. TRANSFER OF PERSONAL DATA
Personal data may be transferred, in accordance with Articles 8 and 9 of the KVKK, to the following entities and institutions:
-
Public authorities and law enforcement when legally required,
-
Tax offices and financial authorities for invoicing and compliance purposes,
-
Reservation infrastructure providers (e.g., Rezervasyonal.com),
-
Hotel’s contracted service providers (IT support, payment gateways, cleaning, or security partners),
-
Overseas service providers or cloud systems, only with the explicit consent of the guest.
No personal data shall be sold or rented for commercial purposes.
6. RETENTION AND DESTRUCTION OF PERSONAL DATA
6.1. Personal data are retained for legally required periods:
-
Reservation and accommodation records: 2 years (as required by the Identity Notification Law),
-
Financial records (invoices, payments): 10 years (pursuant to the Tax Procedure Law),
-
CCTV recordings: 30 to 60 days,
-
Other data: until the processing purpose ceases to exist.
6.2. Upon expiration of these periods, personal data are securely deleted, destroyed, or anonymized.
7. SECURITY MEASURES FOR PERSONAL DATA
In accordance with Article 12 of the KVKK, Soothe Hotel undertakes to:
-
Protect databases through encrypted systems,
-
Apply access control to prevent unauthorized access,
-
Restrict access to authorized personnel only,
-
Use SSL-secured data transmission for all digital processes,
-
Notify both the Personal Data Protection Authority (KVKK Institution) and the affected individuals in the event of a data breach.
8. RIGHTS OF THE GUEST (ARTICLE 11 OF THE KVKK)
Guests have the right to apply to Soothe Hotel and:
-
Learn whether their personal data have been processed,
-
Request information about the processing of their data,
-
Learn the purpose of processing and whether it has been used accordingly,
-
Know the third parties to whom their data have been transferred domestically or abroad,
-
Request correction of incomplete or inaccurate data,
-
Request deletion or destruction of data when the legal reason for processing no longer exists,
-
Object to outcomes generated by automated data analysis,
-
Request compensation for any damage suffered due to unlawful processing.
Requests should be submitted in writing to kvkk@soothehotel.com.
9. EXPLICIT CONSENT STATEMENT
The guest hereby gives explicit consent to the following:
✅ The processing of my personal data during reservation, accommodation, and communication processes,
✅ Receiving information and satisfaction surveys via SMS and/or e-mail from the Hotel,
✅ The analysis of my data for improving service quality,
✅ The transfer of my data to domestic and foreign service providers for necessary purposes.
The guest may withdraw their consent at any time by written notification to the Hotel.
10. CONTACT DETAILS OF THE DATA CONTROLLER
Data Controller: Soothe Hotel
Address: Akdeniz Caddesi Menekse Sokak No:25, Kalkan, Kaş, Antalya, Türkiye
E-mail: kvkk@soothehotel.com
Phone: +90 242 844 10 90 – +90 549 778 57 87
Websites: https://soothehotels.com & https://soothe.rezervasyonal.com
11. ENFORCEMENT AND ACCEPTANCE
By registering on the website or completing a reservation process,
the guest declares that they have read, understood, and accepted all terms and conditions of this Personal Data Protection Agreement (KVKK Notice).
This agreement enters into force on the date of publication.