Cactus Hotels GDPR

Website Privacy Policy

This "Privacy Policy" outlines how the information we obtain about you and the services you request during your visit to this website will be used and protected. By visiting this website and requesting the services offered through it, you agree to the terms specified in this "Privacy Policy."

I. Purpose of the Personal Data Protection and Processing Policy

Due to the sensitivity of the business activities of BAB TURİZM TİC. A.Ş., GÜMÜŞTUR GÜMÜLDÜR TURİZM İŞL.VE TİC.A.Ş., and BOYTUR TURİZM İNŞ.TİC.İŞL. VE SAN.A.Ş. (“Cactus Hotels”), the data received from our customers or potential customers has always been kept confidential and has never been shared with third parties. Protecting personal data is the fundamental policy of our company. Even before any legal regulations were introduced, our company and its subsidiaries have always prioritized the confidentiality of personal data and instructed its employees to follow these principles. We, as “Cactus Hotels,” are committed to complying with all responsibilities imposed by the Personal Data Protection Law. The principles regarding the protection of personal data by our companies also cover our subsidiaries.

II. Scope and Changes to the Personal Data Protection and Processing Policy

This Policy has been prepared in accordance with the Personal Data Protection Law No. 6698 (“KVKK”). As of today, the entire law has come into effect. The data obtained from you, either with your consent or as required by law, will be used to improve the quality of the services we provide and to improve our quality policy. Some of the data we hold is anonymized and used for statistical purposes, which is not subject to the Law and our Policy. The “Cactus Hotels Personal Data Protection and Processing Policy” aims to protect the data of our customers, potential customers, employees, partners, and any other individuals whose data is obtained automatically.

Our company reserves the right to amend our policy and regulation - provided that it complies with the law and ensures better protection of personal data.

III. Basic Rules for Processing Personal Data

a) Compliance with the Law and Integrity: “Cactus Hotels” questions the source of the data it collects or that comes from other companies and ensures that they are obtained lawfully and in accordance with the rules of integrity.

b) Accuracy and Updating When Necessary: “Cactus Hotels” ensures that all data within the institution is accurate, does not contain incorrect information, and is updated when changes occur.

c) Processing for Specific, Explicit, and Legitimate Purposes: “Cactus Hotels” processes data only for specific, explicit, and legitimate purposes.

d) Being Relevant, Limited, and Proportionate: “Cactus Hotels” uses the data limited to the purposes for which they are processed and to the extent required by the service.

e) Retention for the Period Required by Relevant Legislation or for the Purpose for which they are Processed: “Cactus Hotels” retains the contractual data as required by the statutes of limitation of the Law, commercial and tax laws. When these purposes cease to exist, it either deletes or anonymizes the data.

These principles apply whether the data is collected based on consent or through legal compliance.

Maximum Saving Principle

According to the maximum saving principle, or the principle of thrift, the data received by “Cactus Hotels” is processed into the system only as necessary. The data to be collected is determined according to the purpose. Unnecessary data is not collected.

Deletion of Personal Data

The personal data processed upon the expiration of the legal retention periods, completion of judicial processes, or other requirements are deleted, destroyed, or anonymized by our company on its own motion or upon the request of the data subject.

Accuracy and Data Freshness

The data within “Cactus Hotels” is processed as declared by the individuals. “Cactus Hotels” is not obligated to verify the accuracy of the data declared by the data subjects and does not do so due to legal and ethical principles. The declared data is considered accurate. It updates the personal data processed upon the receipt of official documents or upon the request of the individual.

Privacy and Data Security

Personal data is confidential, and “Cactus Hotels” respects this confidentiality. Personal data can only be accessed by authorized individuals within the company. All necessary technical and administrative measures are taken to protect the personal data collected by “Cactus Hotels” and to prevent unauthorized access. These measures are continually updated and developed.

IV. Data Processing Purposes

The personal data collected and processed by “Cactus Hotels” will be executed in line with the purposes specified in the disclosure text. The data is collected and processed to establish contracts and provide better service to customers.

V. Customer, Potential Customer, Business Partner, and Solution Partner Data

As “Cactus Hotels,” we process your personal data within the scope of the Personal Data Protection Law No. 6698 and other relevant regulations. The categories and descriptions of personal data to be processed are as follows:

Identity Information: Name-surname, the name-surname of accompanying guests, nationality, place and date of birth; TC identity, driver's license, and passport numbers (including the date and place of issuance).

Contact Information: Address, phone number, email address.

Financial Information: Mobile invoice information, bank account details, payment card number, and other payment information.

Customer Feedback and Complaint Data: Preferences in accommodation, marketing, and communication; evaluations, opinions, or complaints about brands and facilities.

Others: Reservation information, travel history; participation in competitions, sweepstakes, or marketing programs; information on vehicles used to reach the facility; reserved hotel, airline, and rental car packages; group affiliations for accommodation, frequent flyer or Travel Partner Program memberships and member numbers, information provided during membership and account applications.

Collection and Processing of Data for Contractual Relationships

If a contractual relationship has been established with our customers or potential customers, the collected personal data can be used without the consent of the customer. However, this usage is for the purpose of the contract. The data is used to better execute the contract and meet service requirements.

Business and Solution Partner Data

“Cactus Hotels” acts in compliance with the law when sharing data with business and solution partners. Data sharing is done to the extent required by the service and with a data privacy commitment.

Processing Data for Analyzing and Improving Services Offered at the Facilities

Data may be processed for surveys to measure the provided services, marketing communications, or management of relations with guests during and after their stay.

Reservation Data Management

In the event of system errors or interruptions during the reservation process, our call center representative will contact you.

How to Delete Cookies

Most web browsers are set to automatically accept and use cookies from the time they are installed on your computer. You can use the help or settings menus of your internet browser to block cookies or get a warning when cookies are sent to your device.

Collection and Processing of Security Data at the Facilities

As the data controller under the Law No. 6698, “Cactus Hotels” collects security camera footage for the safety of both our company and you during your visit.

Processing Data for Business and Employee Benefits

Personal data of employees may be processed for health insurance and other employee benefits without consent. Data can also be processed for resolving disputes arising from employment relationships.

International and Domestic Data Transfer

“Cactus Hotels” may share personal data with its business partners and affiliates for the purpose of providing the service. This transfer is done within the framework of the law and with the consent of the individual.

Rights of the Data Subject

“Cactus Hotels” acknowledges the right of the data subject to determine the fate of their data after it has been processed. Requests related to personal data can be submitted by completing the application form on our official website, including a photocopy of the ID card, and sending it via registered mail.

Privacy Principle

All data at “Cactus Hotels” is confidential. No one may use, copy, reproduce, transfer to third parties, or use the data outside the purposes of the contract and the law without authorization.

Transaction Security

All necessary technical and administrative measures are taken to protect personal data collected by “Cactus Hotels” and to prevent unauthorized access. These measures are continually updated and developed.

Audits

“Cactus Hotels” conducts necessary internal and external audits for the protection of personal data.

Notification of Violations

“Cactus Hotels” takes immediate action upon notification of any personal data breach. It minimizes the damage and compensates for the loss. In the event of unauthorized access to personal data by third parties, the situation is reported to the Personal Data Protection Board immediately.

Changes to the Personal Data Protection and Privacy Policy

“Cactus Hotels” reserves the right to make changes to this statement. Any significant changes will be notified on the website’s main page, providing a link to the updated statement. Guests registered for any of our products or services will be informed through the contact channel provided to the facilities.

Contact

For questions regarding the privacy policy, you can contact us using the information below.

kvkk@cactushotels.com