Informatıon on PDPL


About the Law on the Protection of Personal Data:

This General Enlightenment Text is presented by the KARAHAYIT DOĞA TERMAL TURİZM İNŞAAT SANAYİ A.Ş. (“DOĞA THERMAL HOTEL”), in its capacity as Data Controller, to inform you about the purpose for which your personal data will be processed, to whom and for what purpose your processed personal data may be transferred, and the method and legal basis for the collection of your personal data in accordance with Article 10 “Obligation of Controller to Inform” and Article 11 “The Rights of Data Subject” in the Law on Protection of Personal Data No. 6698 (“PDPL”), and your other rights listed in Article 11 of the PDPL, as well as obtain your consent in the following matters.

We care to maintaining the privacy and security of the personal data that you disclose to us. Accordingly, we protect your personal data from being accessed, damaged, lost, or disclosed by unauthorised parties by implementing the required administrative and technological safeguards.

The Enlightenment Text for Personnel contains information regarding the personal data of our employees.

Your Collected Personal Data and Purpose for Collection:

DOA THERMAL HOTEL processes your personal data that you provide through the website ( and other methods that are indicated in this enlightenment text, but only limited for the purposes stated herein. The full address of DOĞA THERMAL HOTEL is Karahayıt Mahallesi 147 Seyir Sokak No: 9-1 Karahayıt, PAMUKKALE / DENİZLİ, and it operates under the tax office GÖKPINAR, with the tax number 5120400206. In accordance with the PDPL, our business is classified as a "Data Controller."

When you visit the website of DOĞA THERMAL HOTEL and/or share your personal data with DOĞA THERMAL HOTEL for processing purposes indicated herein, you are deemed to have been informed of the provisions in this enlightenment text, as well as the privacy policy on our website.

We, as DOĞA THERMAL HOTEL, in its capacity as Data Controller collect personal data within the framework of, primarily, Regulation on Relations of Tourism Enterprises with the Ministry, Each Other and Customer, Identity Notification Law No. 1774, Regulation on Thermal Springs and similar sectoral legislations, as well as Law on Protection of Personal Data No. 6698 (“PDPL”), Turkish Penal Code No. 5237, Law No. 5651 On Regulation Of Publications On The Internet And Combating Crimes Committed By Means Of Such Publication (“The Internet Law”), and, without limitation, within the context of our legal duties arising from any applicable laws, as well as in all actions and procedures with our customers, suppliers, and visitors in order to keep our business running.

Personal Data Collected from Potential Customers Who Call Us, Request Information Through Our Website, or Who We Contact at Organizations, Such as Fairs, etc.: Name-Surname, Phone Number, E-Mail Address, and photographs shot in fair organisations (with their express consent).

Personal Data Collected From Our Customers Who Make Reservations Through Our Website, Holiday Sites, Telephone or Call Center (0850 4449399): Name-Surname, Phone Number, E-Mail Address, and Bank Account Number (If the prepayment is made by EFT/Money Order).

Personal Data Collected From Our Customers Who Stay At Our Hotel: Name-Surname, Turkish Identity Number / Passport Number, Nationality, Date of Birth, Gender, Parent Name, Phone Numbers, E-Mail Address, Address Details, photographs or videos shot during the stay (with their explicit consent), images taken with security cameras, voices captured by security cameras at the reception, Lobby Bar, and Snack Bar, the vehicle licence number if they have arrived by their own vehicles, Room numbers, expenditures charged on Room number, customer preferences for hotel services, their satisfaction notices for hotel services, health records if make use of a thermal therapy service, the caller or called number if the hotel phone has been used, and credit card details (this information is not saved); our guests under the age of 18 have their data collected with the consent of their parents or guardians. Due to regulatory obligations, within the framework of protective measures pertaining to the pandemic Covid-19 infection, the countries and travel itineraries of all of our guests who have been with us during the last fourteen days, as well as the personal data contained herein, shall be recorded.

Personal Data Collected From Our Customers Who Make Use of Hotel Services Without Staying (Weddings, gala dinners, breakfasts, meals, training organizations, daily pool or thermal therapy services, etc.): Name-surname, phone number, e-mail address, billing information, photographs shot with security cameras, voices captured by security cameras at the reception, Lobby Bar, and Snack Bar, photographs or videos captured during services (with their explicit consent), credit card details (this information is not saved). During any event, the owner of the organisation may employ photographers to shoot photographs or videos of the attendees.

Personal Data Collected from Notifications on Hotel Reviews on Travel Websites: Name and contact details of the guest who posted the remark.

Personal Data Collected from Agencies: Name-surname, phone number, and email address of the agency representative or employee contacted, etc.

Personal Data Collected from Tourist Guide, Tourist Bus Drivers, and Group Leaders: Personal data described in section c) if they stay in our hotel with the group.

Personal Data Collected from Our Suppliers that Organize Entertainments: Name-surname, photos or videos, images on a promotional banner or announcement, security camera footage, contact details, etc.

Personal Data Collected from Our Suppliers: During the procurement of a product or service, the name and surname of the supplier representative and staff, their contact details (phone, e-mail), other personal data of supplier staff who offer the service based on the nature of the service, and Footage from security cameras in case of visiting our company, etc.

Personal Data Collected from Those Who Have Visited Our Website, Social Media Pages: Data collected through cookies, Google Analytics, etc., their name and surname if they post, photo or video, etc. in case of tagging.

Personal Data Collected from the Candidates Who Apply for a Job: Identity, contact details, professional experience (training, education, and employment history), criminal record, nationality, place and date of birth, gender, marital status, military status, membership to any association, health / disability, etc. The candidate may have provided data in his/her CV that was not required by our organization; these data are not individually recorded, processed, assessed, and disclosed to another person, institution, or organisation by DOĞA THERMAL HOTEL.

Other: Names, surnames, and contact details gathered from other parties with whom contacted within the course of business operations.

Our VERBIS database provide information on the storage periods of the collected data.

Our Processing Purposes: (All of them are accessible in our VERBIS database on a categorised basis.)

Our processing purposes include, but are not limited to:
  • Ensure that accommodation services are provided in accordance with legal requirements, as well as receiving, reporting, and storing data as required by law,
  • Carry out activities, such as marketing, promotion, advertising, communication, campaigns, publicizing the established campaigns, and increasing recognition,
  • Develop strategies for our company's sphere of operation,
  • Collaborate with agencies and provide consumers with the best possibilities, making accommodation contracts
  • Make and manage bookings for individuals or groups,
  • Keep our business operations running smoothly and perform internal audits
  • Making identity confirmations and notify the customers who will be accommodated, as well as accomplish check-in and check-out processes
  • Inform the units in the hotel in order to provide quality service,
  • Inform customers on how to get the most out of thermal therapies, recommend the best treatment programme, etc.
  • Keep track of and invoice for hotel services,
  • Execute accounting and financial transactions, as well as collections,
  • Manage customer satisfaction and complaints, as well as respond to incoming queries,
  • Do research to improve service quality,
  • To direct customers, with or without reservations, to solution partners so that they are not exploited,
  • Maintain safe conditions in our facilities, monitor physical space security,
  • Manage emergencies, including notification of authorised individuals, institutions, and organisations,
  • Execute job application procedures and candidate evaluation (for job applicants).

These personal data will be processed by taking all necessary information security measures, retained for as long as legal retention period or as required by the processing purpose, and destroyed or used by anonymizing at the end of the period required by the processing purpose in order for you to benefit from the services we offer as DOĞA THERMAL HOTEL, based on your explicit consent or in other cases, as stipulated in paragraph 2 of Article 5 of the PDPL, especially the legal legislation to which we are subject, so long as it is not used for purposes other than those specified in this Information on the Protection of Personal Data.

By What Means We Collect Your Personal Data:

Personal data provided to DOĞA THERMAL HOTEL directly by you: All information and documents provided by you, including reservation requests, proposal queries, offer forms, contracts, contact form on, job application form or CVs, etc. Personal data collected during service provision: Reservation details, registration cards, expense records etc.

Personal data collected from fair organizations, customer or suppliers’ visitors, etc.: Information and documents collected in sectoral fair organizations or mutual visits, meetings.

Personal data collected during your visits to DOĞA THERMAL HOTEL: Shooting with a security camera in places marked with security camera signs from the security gate (Images, and sound and video at three points)

Personal data collected through cookies and similar technologies: Your personal data may be automatically collected electronically through provided that it is in accordance with the law. When you visit our website, the following data is automatically collected and may be used for anonymous statistical trend and demographic analysis:

  • IP Address of the Client: The genuine IP address of the user requesting the connection,
  • User Agent Information: Internet browser information (eg. Explorer/chrome)
  • Version of the Operating System: Version of the operating system of the computer requested for connection (eg. Windows10/xp)
  • Date and time of your visit to our website
  • Also, if you use the wifi connection of DOĞA THERMAL HOTEL, your IP No, Turkish Identity No and Room No are recorded.

With Whom We Share Your Personal Data:

DOGA THERMAL HOTEL may share and transfer your personal data to the relevant parties, based on your explicit consent or in other cases stipulated in article 5/f.2 of PDPL, in particular the legislation to which we are subject, within the framework of the security and privacy principles specified in PDPL, provided that adequate precautions are taken. Your personal data that you have provided to us shall not be shared with third parties except for the purposes of processing and sharing stipulated in the KVKK or without your explicit consent.

Pursuant to the Identity Notification Law No. 1774, the Identity Notification System reports the identity details, egardless of whether they are domestic or international, to the law enforcement officers.

Your data that is saved in our Hotel Management System is processed using the appropriate software, and it is stored both on a server that is housed inside our corporation and on other servers that provide data hosting services.

The footage that are taken with the security camera are not controlled or viewed by anybody other than the managers who are authorised by our organisation during retention period. Images and audio recordings may be provided if law enforcement or judicial authorities request them for security concerns. Security cameras are installed in the pools and the thermal therapy section, taking care of the privacy of our guests.

The job application forms of the candidates, their information sent over the our website, or CVs delivered by hand/e-mail are not transferred to other people or organisations without their explicit consent. If the personal data collected from other parties is required to be transferred in line with the processing purpose, it may be sent to authorised individuals, institutions, or organisations with the explicit consent of the data owner in circumstances where explicit consent is necessary, as required by law, or as a requirement for non-consensual processing.

DOĞA THERMAL HOTEL does not disclose any information (name, surname, contact details or room number, etc.) of the person who was inquired, regardless of whether the inquiry is made over the phone or in person. The information that has been sought is supplied in accordance with the legal requirement upon the request of the law enforcement officers.

In the event of an emergency, DOĞA THERMAL HOTEL notifies public institutions, such as 112 Emergency Line, Law Enforcement Forces, etc. to respond to the emergency and receive the necessary assistance.

The Rights of Data Subject

As per PDPL, each person has the right to apply to the controller and

  • To learn whether his personal data are processed or not,
  • To request information if his personal data are processed,
  • To learn the purpose of his data processing and whether this data is used for intended purposes,
  • To know the third parties to whom his personal data is transferred at home or abroad,
  • To request the rectification of the incomplete or inaccurate data, if any,
  • To request the erasure or destruction of his personal data under the conditions laid down in Article 7,
  • To request notification of the operations carried out to third parties to whom his personal data has been transferred,
  • To object to the processing, exclusively by automatic means, of his personal data, which leads to an unfavourable consequence for the data subject, and
  • To request compensation for the damage arising from the unlawful processing of his personal data as per PDPL.

Within the framework of the Law on Protection of Personal Data No. 6698, any demands you make in this regard must be in writing. You may do this by sending an e-mail to with the documentation proving your identification and an explanation of the right you intend to exercise, or by going through a notary public.

If your application for these reasons requires an extra charge, you may be required to pay the amount in the tariff imposed by the Personal Data Protection Board. Your demands in your application will be processed as soon as feasible and within 30 (thirty) days at the most, depending on their nature.

Contact Us: If you have any concerns or queries about the General Enlightenment Text or any other data protection procedures, or if you want to make an access request, please contact us at Karahayıt Mahallesi 147 Seyir Sokak No: 9-1 Karahayıt, PAMUKKALE / DENİZLİ, or by phone 0258 271 44 00.

Enforcement and Revisions

This enlightenment text becomes effective on 07/04/2020.
If the law or the Personal Data Inventory is amended, the revision number and date shall also be revised, and the stakeholders shall be notified.