Data Protection and Privacy

Privacy Statement for Website Visit Processes

At HotelRunner, we respect the personal data of everyone who visits our website and contacts us. With this awareness, we take the necessary measures to ensure that all kinds of personal data belonging to all real persons related to our Company, including those who benefit from our products and services, are processed and stored in accordance with the Law on Personal Data Protection No. 6698 (“Law”). Being aware of this responsibility and with the capacity of “Data Controller” as defined in the Law, we process your personal data as described below and within the limits set by the legislation as stated in this Privacy Statement for Website Visit Processes (“Privacy Statement”).

  1. Types of Personal Data Processed

In this Privacy Statement, the term “your personal data” refers to any data that makes your identity or the identity of a third party specific or identifiable. These data typically include, but are not limited to, your name, Turkish ID number, address, card information, e-mail address, telephone number, IP address, and previous transactions you have performed on our Company’s website.

  1. Collection and Processing of Personal Data and Processing Purposes 

Your personal data may be collected verbally, in writing, or electronically through automated or non-automated methods, websites, social media, mobile applications, and similar means. Your personal data may be processed as long as you benefit from the products and services offered by our Company.

Your personal data may be processed when you use our call centers or our website to use our Company’s services, when you visit offices of our Company or our website, when you participate in campaigns, training programs, seminars, or events organized by our Company. In addition, we collect the required details, such as card number and mobile phone number, in order to complete the service offered to you.

Your personal data collected is processed within the limits of the following purposes in accordance with Articles 5 and 6 of the Law for (i) the establishment and performance of the contract, (ii) the fulfillment of a legal obligation to which our Company is subject, (iii) the establishment, use, or protection of the right, and (iv) the legitimate interest of our Company, provided that it does not harm your fundamental rights and freedoms, and (v) arising from the law:

  • Carrying out the necessary work by our business units for you to benefit from the products and services offered by our Company,
  • If you give your consent, our Company will customize it according to your preferences, usage habits, and needs and recommend it to you,
  • Ensuring the legal and commercial security of persons who have a business relationship with our Company,
  • Carrying out our Company’s administrative operations related to communication,
  • Ensuring the physical security and supervision of our Company’s locations,
  • Carrying out processes such as customer evaluation/complaint management processes, reputation research processes, legal compliance processes and audits,
  • Determining and implementing our Company’s commercial and business strategies.

The main examples of the purposes of use of such data can be listed more concretely as follows:

  • If requested by you, we may send newsletters, such as e-newsletters or marketing communications.
  • We may use your personal data anonymously for market research, planning, and statistical analyses.
  • We may process your personal data to ensure the security of users and our website.
  1. To Whom and What Purpose the Processed Personal Data Can be Transferred

Your personal data shall not be shared with third parties other than those specified in this Privacy Statement, except as stipulated in the legislation.

We may share your personal data 

  • with third parties such as IT service providers that provide support services for our Company, service providers that host or operate our sites, service providers that analyze data, service providers that help deliver products and services to you, and service providers that provide customer service and manage payments,
  • with Company officials, our shareholders, and legally authorized public institutions within the framework of the personal data processing conditions and purposes specified in Articles 8 and 9 of the Law.

The relevant third parties provide access to the relevant personal data necessary to fulfill the service in question. In this case, such third parties shall only use your personal data to provide services on behalf of our Company, and they shall be under the obligation to keep these personal data confidential and not to use them for any other purpose within the framework of their contractual obligations.

  1. Method and Legal Reason for Collecting Personal Data

Your personal data are obtained in all kinds of verbal, written, or electronic media, by automated or non-automated means in line with the above-mentioned reasons in order to provide the products and services offered by our Company within the legal framework determined and to fulfill our Company’s obligations arising from the contract and legislation in a complete and accurate manner.

Your personal data collected for the above-mentioned legal reasons may also be processed and transferred for the reasons specified in Sections (2) and (3) of this text within the scope of the personal data processing conditions and purposes specified in Articles 5 and 6 of the Law.

  1. The Rights of the Personal Data Owner Listed in Article 11 of the Law

We would like to remind you that you have the following rights under Article 11 of the Law:

  • To learn whether your personal data have been processed or not,
  • To demand for information as to if your personal data have been processed,
  • To learn the purpose of the processing of your personal data and whether these personal data are used in compliance with the purpose,
  • To know the third parties to whom your personal data have been transferred within the country or abroad,
  • To request the rectification of your personal data in case of incomplete or inaccurate processing and to request reporting of the transaction carried out within this scope to third parties to whom your personal data have been transferred, 
  • To request deletion or destruction of personal data in case the reasons necessitating their processing cease to exist, although personal data have been processed in accordance with the provisions of Law and relevant other law, and to request notification of the transactions made within this context to third parties to whom your personal data have been transferred,
  • To object to any adverse consequences arising as a result of being analyzed exclusively by automatic systems,
  • To claim compensation in case of damage due to unlawful processing. 

On the other hand, you may always update your personal data in person through your specially defined membership account.

  1. Right of Petition of Personal Data Subject

If you request to exercise your rights, you may apply in writing, by sending an e-mail to dataprivacy@hotelrunner.com with the subject title “Information Request Regarding the Law on Personal Data Protection”, or by other methods specified by the Personal Data Protection Board.

Your application should include your name and surname, your signature if your application is in writing, your Turkish ID number if you are a citizen of the Republic of Türkiye, your nationality and passport number if you are a foreigner, your place of residence for notification, your e-mail address or telephone number for notification, and the subject of your request. 

Depending on its nature, your request shall be finalized as soon as possible and within 30 (thirty) days at the latest. We would like to point out that we reserve the right to refuse and to charge you for your right to information regarding requests that are unreasonably repetitive, require a disproportionate level of technical effort, jeopardize the privacy of others, or are otherwise excessively difficult.