Data Protection Disclosure

Under Turkish GDPR (KVKK Law No. 6698)

1. Data Controller

Data Processor: Hotel AI (Technical infrastructure provider)

Primary Data Controller: Hotel (Owner of guest data)

Hotel AI processes data on behalf of hotels. The hotel is the primary controller of guest data.

2. Processing Basis

Explicit Consent (KVKK Art.5)

Processed with KVKK approval in QR check-in form

Legal Obligation (KVKK Art.5/2-ç)

Under accommodation service provision obligation

3. Processed Data Types

  • Identity Data: First name, Last name
  • Contact Data: Phone number
  • Stay Details: Check-in/out dates, room number
  • Communication Records: WhatsApp message logs

4. Processing Purposes

  • Providing hotel accommodation services
  • Managing guest requests and issues
  • Providing automated messaging capabilities
  • Complying with legal obligations

5. Data Transfer

Your personal data may be transferred to the following third parties:

  • Meta/WhatsApp: Messaging infrastructure (Cross-border transfer)
  • Google (Gemini API): Artificial intelligence service (Cross-border transfer)
  • Authorized Authorities: Where legally mandated

6. Your Rights (KVKK Art.11)

  • Learn if your personal data is processed
  • Request information if processed
  • Learn the processing purpose
  • Learn domestic/international transfers
  • Request correction
  • Request deletion/destruction
  • Request compensation for damages

7. Retention and Deletion

Your personal data is deleted once the processing purpose ceases to exist and legal retention periods expire.

Post-stay: Data is stored for the duration of the hotel membership and is permanently deleted within 30 days of cancellation.

8. Contact

To exercise your KVKK rights:

Email: [email protected]

Response Time: Within 30 days