Privacy Policy

Last updated: February 26, 2026

1. Purpose and Scope

This Privacy Policy ("Policy") has been prepared to define the principles and procedures regarding the privacy of users' personal data within the scope of services provided through the website and online platform ("Platform") operated by:

HOTELSURF TURIZM VE DANISMANLIK LIMITED SIRKETI
(Sisli / Istanbul / Turkiye, Tax No: 4642131779, MERSIS No: 0464213177900001, Trade Registry No: 1075948)

("HOTELSURF" or the "Company").

This Policy applies to all natural persons who visit, use, or make reservations through the Platform.

2. Fundamental Principles

HOTELSURF adopts the protection of user privacy as a core principle and processes personal data in accordance with the following principles:

in compliance with the law and principles of good faith,

accurate and up to date,

for specific, explicit, and legitimate purposes,

limited, relevant, and proportionate to the purposes for which they are processed, and

retained for the period required by applicable legislation or for the purpose for which they are processed.

3. Personal Data Processed

Within the scope of the Platform, the following categories of personal data may be processed:

Identity Information: name, surname
Contact Information: email address, phone number
Customer Transaction Information: reservation details, transaction history
Transaction Security Information: IP address, log records, device information
Financial Information: limited data related to payment transactions
(Credit/debit card details are not stored by HOTELSURF)
Legal Transaction Information: records of requests, complaints, and disputes

4. Purposes of Processing Personal Data

Personal data may be processed for the following purposes:

conducting reservation processes,

providing and improving Platform services,

carrying out payment transactions,

communicating with users,

fulfilling legal obligations,

managing information security processes, and

providing information to authorized institutions and organizations as required by law.

5. Payment Security and Card Information

5.1. Payments made through the Platform are processed via bank virtual POS infrastructures.

5.2. HOTELSURF:

does not store credit or debit card information,

is not a party that records or processes card data, and

does not access payment card data.

5.3. Payment transactions are carried out by relevant banks and authorized payment institutions in accordance with applicable legislation and security standards.

6. Transfer of Personal Data

Personal data may be transferred, limited to the purposes stated above, to:

hotels and accommodation providers,

banks and payment service providers,

information technology and infrastructure service providers, and

authorized public institutions and organizations,

in compliance with applicable legislation.

7. Data Security Measures

HOTELSURF takes the necessary technical and administrative measures to ensure the confidentiality and security of personal data, including:

technical measures preventing unauthorized access,

restriction of data access authorizations,

secure infrastructure and encryption methods, and

logging and monitoring systems.

8. Data Retention Periods

Personal data are retained:

for the periods required by relevant legislation, or

for the period necessary for the purposes for which they are processed.

At the end of these periods, the data are deleted, destroyed, or anonymized.

9. Third-Party Links

If the Platform contains links directing users to third-party websites, HOTELSURF is not responsible for the privacy practices of those websites.

10. Policy Changes

HOTELSURF may update this Privacy Policy in accordance with legislative changes or operational requirements. The updated Policy enters into force on the date it is published on the Platform.

11. Contact

All questions and requests regarding this Privacy Policy may be submitted to HOTELSURF in writing.