top of page

GUEST INFORMATION NOTICE

GUEST INFORMATION NOTICE

Point HOTEL Management A.Ş. (hereinafter referred to as the “HOTEL”), as the Data Controller, processes personal data / special category personal data of its guests within the scope of the Personal Data Protection Law No. 6698 (hereinafter referred to as “KVKK”).

This Information Notice has been prepared pursuant to Article 10 of KVKK in order to inform you, as the Data Subject, about our identity as the Data Controller, the purposes of processing your personal data, the parties to whom and the purposes for which your personal data is transferred, the methods and legal grounds for processing your personal data, and your rights, in relation to the forms you have filled out, reservation transactions, and contact information provided to benefit from the services offered via the website https://www.pointhotel.com.tr.

1) DATA CONTROLLER

Address: Topçu Street No: 6, Beyoğlu / ISTANBUL
Phone Number: +90 212 313 50 00
E-mail: kvkkpointtaksim@pointhotel.com
KEP: pointhotel@hs01.kep.tr
MERSIS No: 0730036964500036

2) SCOPE OF THE INFORMATION NOTICE

This Information Notice covers website visitors, guests who make reservations, and visitors/guests who contact us to obtain information.

3) PROCESSED PERSONAL DATA AND PURPOSES OF PROCESSING

The categories of personal data processed regarding guests and the purposes of processing are listed below:

Personal Data — Purpose of Processing

Identity Information
(Name – Surname, Turkish ID Number, Passport Number)
For the performance of HOTEL reservation services; creating guest records, verifying guest information, establishing a contractual relationship between the parties, and fulfilling obligations arising from the Law.

Contact Information
(E-mail Address, Phone Number)
To ensure continuous and uninterrupted communication between the guest and HOTEL personnel and, optionally, to benefit from advertising and marketing services.

Camera Recordings
(Cameras within the HOTEL)
To ensure physical premises security of the HOTEL, protect the legitimate interests of the employer, safeguard the life and property of guests, employees, or third parties, and obtain evidence suitable for proof in possible disputes.

Health Information
(Allergen Records, Food Intolerance Information)
To protect guests’ health by determining suitable foods during their stay and fulfilling special dietary requests.

Payment Information
(Credit Card Information, Bank Account Information)
To complete reservation-related transactions, collect accommodation fees, and facilitate payment transactions for guests.

Invoice Information
To issue e-invoices/e-archive invoices in accordance with tax legislation, submit legal declarations, and conduct accounting processes.

License Plate Information
(Vehicle Information)
To create and track guest records and control HOTEL entry and exit.

SPA Information
To register guests who benefit from SPA services, determine SPA occupancy rates, ensure the safekeeping of valuables prior to SPA use, and protect guests’ life and property security.

4) PARTIES TO WHOM PERSONAL DATA MAY BE TRANSFERRED

Personal data subject to this Information Notice may be transferred for the purposes of fulfilling legal obligations, performance of the contract between the parties, and ensuring the legitimate interests of the employer.

Your personal data may be transferred domestically or abroad in accordance with Articles 8 and 9 of KVKK.
Transfers abroad are made solely for data security and storage purposes to server and cloud service providers operating in countries for which the European Commission has issued an Adequacy Decision in line with GDPR.

Personal Data Categories — Recipient Parties

Identity Information
Judicial Authorities and Law Enforcement Agencies

Contact Information
Authorized Public Institutions, Travel Agencies, CRM Companies, Supplier Authorities, and Supplier Employees

Camera Recordings
Judicial Authorities and Law Enforcement Agencies

Payment Information
Banks, Financial Institutions, Certified Public Accountants, Foreign Cloud Systems, Service Providers, and Servers

Invoice Information
Authorized Public Institutions and Certified Public Accountants

5) PROTECTION OF PERSONAL DATA

Pursuant to Article 12 of KVKK, we take all necessary technical and administrative measures to prevent unlawful processing of your personal data, prevent unlawful access, ensure data security, and prevent unauthorized access.

Administrative Measures — Technical Measures

  • KVKK Awareness Trainings: Periodic trainings are provided to HOTEL personnel on personal data protection and current KVKK legislation.

  • Cybersecurity Measures: HOTEL IT systems are protected by up-to-date firewalls, antivirus software, and intrusion detection systems.

  • Confidentiality Agreements with Suppliers: Confidentiality agreements are executed with third-party service providers.

  • Physical Security: Physical archives and server rooms are protected against natural disasters, and access is restricted to authorized personnel only.

  • Authorization Matrix: Access to personal data is limited to authorized personnel who require access.

  • Encryption and Secure Communication: SSL certificates and cryptographic encryption methods are used for reservation and payment transactions.

  • Data Retention and Destruction Policy: Personal data is deleted, destroyed, or anonymized periodically in accordance with our Data Retention and Destruction Policy.

  • Access Logs: All accesses to databases and reservation systems are logged.

  • Data Recovery Procedures: Procedures exist for restoring data in case of cyberattacks or data loss.

  • Backup Systems: Data is regularly backed up in secure environments.

6) METHODS AND LEGAL GROUNDS FOR COLLECTING PERSONAL DATA

Your personal data is collected through our website, call center, reception records, agencies, and security cameras.

Collection Method — Legal Ground

Identity Information
Collected digitally via online reservations or physically at reception.
KVKK Art. 5/2-(ç): Necessary for compliance with legal obligations
(Pursuant to Law No. 1774, identity information must be reported to law enforcement.)

Contact Information
Collected via website forms, reservations, phone calls, or e-mail.
KVKK Art. 5/2-(f): Necessary for the legitimate interests of the data controller.

Payment Information
Collected digitally during reservation transactions.
KVKK Art. 5/1: Explicit consent of the data subject.

Invoice Information
Collected physically via verbal declaration or digitally via online payments.
KVKK Art. 5/2-(ç): Necessary for compliance with legal obligations.

Camera Recordings
Collected via security cameras in common areas during the stay.
KVKK Art. 5/2-(f): Necessary for legitimate interests.

Health Information
Collected upon verbal or written declaration by the guest.
KVKK Art. 6/3-(a): Explicit consent of the data subject.

License Plate Information
Collected during vehicle entry to the HOTEL.
KVKK Art. 5/2-(f): Necessary for legitimate interests.

SPA Information
Collected physically during SPA entry-exit registration.
KVKK Art. 5/2-(f): Necessary for legitimate interests.

7) RETENTION PERIOD OF PERSONAL DATA

Personal data retention periods are listed below; upon expiry, data is destroyed.

Personal Data

Retention Period

Identity Information

1 year

Contact Information

10 years

Payment Information

1 year

Invoice Information

10 years

Health Information

1 year

Camera Recordings

15 days

License Plate Information

3 months

SPA Information

1 year

8) RIGHTS OF THE DATA SUBJECT

Pursuant to Article 11 of KVKK, data subjects have the right to:

  • Learn whether personal data is processed,

  • Request information if personal data has been processed,

  • Learn the purpose of processing and whether data is used accordingly,

  • Know third parties to whom data is transferred domestically or abroad,

  • Request correction of incomplete or inaccurate data,

  • Request deletion or destruction of personal data,

  • Request notification of such actions to third parties,

  • Object to adverse outcomes arising from automated processing,

  • Claim compensation for damages due to unlawful processing.

You may submit your requests in writing to
Kocatepe, Topçu Street No: 2, 34437 Beyoğlu / Istanbul
or via e-mail to kvkk@pointhotel.com.tr.

Requests will be concluded free of charge as soon as possible and within thirty (30) days at the latest. If the process requires additional costs, fees determined by the Board may be charged.

This Information Notice may be revised by the HOTEL when deemed necessary.

I have read and understood this Information Notice prepared by Point HOTEL Management A.Ş.

bottom of page