GDPR Notification

Dear guests

As Natur Garden Hotel, we are aware of the importance of the personal data of our valued guests; therefore, we take high security measures to protect your personal data from unauthorised access. In order to protect your fundamental rights and freedoms, especially the privacy of private life, we process your personal data within the framework of the limits prescribed by the Law No. 6698 on the Protection of Personal Data and the secondary regulations issued in accordance with this law and other relevant legislation.

Identity of the data controller;

Pursuant to Law No. 6698 on the Protection of Personal Data, Top Turizm ve Yatırım A.Ş. (“Company”) has the title of “data controller”.

Within the scope of the “Disclosure Obligation of the Data Controller” in Article 10 of the LPPD and the “Rights of the Data Subject” in Article 11 of the LPPD; we would like to inform you about the purpose for which your personal data will be processed, to whom and for what purpose your processed personal data can be transferred, the method and legal reason for the collection of your personal data and your rights, with this “Disclosure and Consent Text on the Protection of Personal Data” prepared with the aim of fulfilling our obligation to inform our guests, visitors and business partners in our capacity as data controller.

1. Collection, Processing and Processing Purposes of Personal Data
Our Company processes the personal data of its guests to be specified in this Clarification Text primarily during the establishment of contracts. The personal data processed in this context are limited to identity information, contact information and bank account information and camera records that take 24-hour video recordings for the general security of our guests in the facility, and these data are processed within the scope of explicit consent or based on the legal reasons for the establishment and performance of the relevant contract or the fulfilment of legal obligations. Your personal data are stored especially for the execution of service procurement processes, contract management, fulfilment of accounting transactions and security purposes, and the personal data processed in this context are deleted or destroyed after the end of the contract based on the commercial relationship, if there is no legitimate purpose for their storage. However, the data that our Company may need to keep as a means of proof within the scope of possible commercial disputes will be kept by our Company during the statutory litigation statute of limitations.
Identity information of real persons who enter the facilities of our Company as guests, entry-exit times to the facilities, vehicle licence plates, purpose of visit, names of the people they visit and image records in security cameras are processed for legal reasons to protect the legitimate interests of our Company, to ensure the security of both our Company and our guests, and to ensure that our Company can safely serve our guests. Your personal data are also processed in order to ensure the security of the facilities and employees and are stored partially in written, partially in electronic and digital media for the required period in accordance with the legislation. Personal data collected in this context are not used for purposes other than those listed.
Our company collects personal data such as name, telephone number, e-mail address, date of birth and other identification information, workplace information, contact person information, credit card information and traffic information that can be collected automatically by the website, which are shared by the guests through the website for legal reasons to fulfil legal obligations, to ensure the establishment and continuation of the service contract and to protect legitimate interests, and keeps some of them only in physical environment, some in social media channels, and some in both physical and digital environment.
All kinds of administrative and technical measures are taken by our Company in order to ensure the security of the aforementioned data shared by our Company through the website. All personal data collected through our Company’s website are collected and processed only for the following purposes:
– To enable the purchase of services, making reservations and establishing contracts through our website, to carry out customer service activities related to our services purchased or requested,
– Responding to questions about our services and our website,
– In case of the approval of our guest who visits the website, to send information about advertisements, sweepstakes, promotions, announcements and campaigns that we think may be of interest to our guest, to determine product preferences in this context and to make analyses in order to reach only the content that may be of interest to our guest,
– Activities to improve the functionality of our website, such as data analysis, security, testing, developing, improving or changing our services, identifying usage trends,
– To fulfil accounting, invoicing, reconciliation and collection activities.
In addition, your personal data collected will be processed within the personal data processing conditions and purposes specified in Articles 5 and 6 of the KVK Law for the purposes of ensuring legal and commercial security (administrative operations for communication carried out by our Company, ensuring the physical security and supervision of the Company’s facilities, business partner / customer / supplier (authorised or employees) evaluation processes, legal compliance process, financial affairs, etc.), determining and implementing our Company’s commercial and business strategies and ensuring the execution of our Company’s human resources policies.


2. To whom and for what purpose is the processed personal data transferred?
All your personal data stored by the Company can only be accessed by the personnel and managers who are determined within the Company and who have access permission. Your personal data held by the Company cannot be copied even by those who have access permission, unless there is an absolute necessity. In order to ensure the security of your personal data held by our Company, our Company continuously monitors the physical security of the server rooms and other places where personal data are located and access to these places. All kinds of administrative and technical measures to prevent unauthorised personnel from accessing your personal data are taken by our Company, and all key personnel are trained to increase the sensitivity of the company regarding personal data. Our company does not transfer your personal data to third parties except for the cases specified in Articles 8 and 9 of the KVKK. The data transfers to be made by our company within this scope are limited to business partners, including those abroad, suppliers, shareholders, legally authorised public institutions and private persons, audit firms, insurance agencies, lawyers and accountants, banks and public institutions and organisations.
3. Method and Legal Grounds for Collecting Personal Data
Your personal data is obtained in all kinds of verbal, written or electronic media in order to provide the products and services offered by the Company in accordance with the above-mentioned purposes within the legal framework determined and in this context, in order for our Company to fulfil its contractual and legal obligations in a complete and accurate manner. Your personal data collected for these legal reasons can also be processed and transferred for the purposes specified in Articles (1) and (2) of this text within the scope of the personal data processing conditions and purposes specified in Articles 5 and 6 of the KVK Law.
4. Rights of the Personal Data Owner listed in Article 11 of the KVK Law
As personal data owners, if you submit your requests regarding your rights to our Company by the methods set out below in this Clarification Text, our Company will finalise the request free of charge within thirty days at the latest, depending on the nature of the request. However, if a fee is stipulated by the Personal Data Protection Board, the fee in the tariff determined by our Company will be charged. In this context, personal data owners;
– To learn whether personal data is processed or not,
– Request information if personal data has been processed,
– To learn the purpose of processing personal data and whether they are used in accordance with their purpose,
– To know the third parties to whom personal data are transferred domestically or abroad,
– To request correction of personal data in case of incomplete or incorrect processing and to request notification of the transaction made within this scope to third parties to whom personal data is transferred,
– Although it has been processed in accordance with the provisions of the KVK Law and other relevant laws, to request the deletion or destruction of personal data in the event that the reasons requiring its processing disappear and to request notification of the transaction made within this scope to third parties to whom personal data is transferred,
– To object to the emergence of a result to the detriment of the person himself/herself by analysing the processed data exclusively through automated systems,
– In case of damage due to unlawful processing of personal data, to demand compensation for the damage


Pursuant to paragraph 1 of Article 13 of the KVK Law, you can submit your request to exercise your rights mentioned above to our Company in writing or by other methods determined by the Personal Data Protection Board.
In this context, the channels and procedures to submit your written application to our Company within the scope of Article 11 of the KVK Law are explained below.
In order to exercise your rights mentioned above, you can send your request, which includes information identifying your identity and your explanations regarding the right you request to exercise among the rights specified in Article 11 of the KVK Law, to the address of let’s write the e-mail address with secure electronic signature.
You can exercise your above-mentioned rights in accordance with the KVK Law and the relevant current legislation by using the application form at;
– By applying in person with a wet signed petition to the Title/Address address or by sending it to this address via notary public,
– You can use Registered Electronic Mail by sending an e-mail to e-mail address.
Your applications to be sent must be sent to the above-mentioned addresses with the description “Information Request within the Scope of the Law on the Protection of Personal Data”.
In this context, your requests that you will duly forward to our Company will be finalised within 30 days at the latest. If the finalisation of your requests requires an additional cost, our Company will charge the applicant the fee in the tariff determined by the Personal Data Protection Board (“Board”).
Our Company may request information from the relevant person in order to determine whether the applicant is the owner of personal data or not, and may ask questions to the relevant person regarding the application in order to clarify the issues specified in the application.
Our Company may reject the application of the applicant by explaining the reason in the cases specified in the relevant legislation.
Pursuant to Article 14 of the KVK Law, the personal data owner may file a complaint to the Board within 30 days from the date he/she learnt the answer of our Company and in any case within 60 days from the date of application in case the application is rejected, the answer given is insufficient or the application is not responded in due time.