Data Protection Commitment

RoomsWithMKHotel is committed to protecting your personal data in accordance with GDPR, Turkish Data Protection Law (KVKK), and other applicable privacy regulations. This notice explains how we process your personal data and your rights.

1. Data Controller Information

RoomsWithMKHotel

Registered Address

ul. MarszaƂkowska 123
00-102 Warszawa, Poland

Tax Number

1234567890

Trade Registry

Poland Trade Registry
Registration No: 123456

Contact Email

info@roomswithmkhotel.com

Phone

+90 (212) 555-0123

Data Protection Officer

dpo@roomswithmkhotel.com

Data Controller Role

As the data controller, RoomsWithMKHotel determines the purposes and means of processing your personal data. We are responsible for ensuring compliance with applicable data protection laws and protecting your privacy rights.

2. Data Processing Activities

We process your personal data for the following activities:

Accommodation Services

  • Processing reservation requests
  • Managing check-in and check-out
  • Providing room and hotel services
  • Handling special requests and preferences
  • Managing loyalty programs

Financial Operations

  • Processing payments and refunds
  • Managing billing and invoicing
  • Handling financial guarantees
  • Preventing fraud and financial crimes
  • Tax reporting and compliance

Customer Relations

  • Providing customer support
  • Handling complaints and feedback
  • Conducting customer satisfaction surveys
  • Managing communication preferences
  • Providing information about services

Marketing Activities

  • Sending promotional communications
  • Personalizing offers and recommendations
  • Managing newsletter subscriptions
  • Conducting market research
  • Analyzing customer preferences

Legal Compliance

  • Meeting regulatory requirements
  • Maintaining guest registration records
  • Complying with tax obligations
  • Responding to legal requests
  • Ensuring health and safety compliance

Security & Safety

  • Ensuring guest and staff safety
  • Monitoring security systems
  • Preventing unauthorized access
  • Investigating security incidents
  • Maintaining emergency contact information

3. Legal Basis for Processing

We process your personal data based on the following legal grounds:

Contract Performance

Article 6(1)(b) GDPR / KVKK Article 5(2)(c)

  • Processing reservation and booking data
  • Providing accommodation services
  • Managing payment transactions
  • Fulfilling contractual obligations

Legal Obligation

Article 6(1)(c) GDPR / KVKK Article 5(2)(a)

  • Guest registration requirements
  • Tax reporting obligations
  • Health and safety regulations
  • Anti-money laundering compliance

Legitimate Interest

Article 6(1)(f) GDPR / KVKK Article 5(2)(f)

  • Fraud prevention and security
  • Direct marketing (existing customers)
  • Website analytics and improvement
  • Business development activities

Consent

Article 6(1)(a) GDPR / KVKK Article 5(1)

  • Marketing communications to prospects
  • Optional cookies and tracking
  • Newsletter subscriptions
  • Special category data (if applicable)

Vital Interests

Article 6(1)(d) GDPR / KVKK Article 5(2)(d)

  • Medical emergencies
  • Life-threatening situations
  • Emergency contact procedures
  • Health and safety incidents

Public Interest

Article 6(1)(e) GDPR / KVKK Article 5(2)(e)

  • Public health measures
  • Statistical reporting
  • Regulatory compliance
  • Official investigations

4. Categories of Personal Data

We process the following categories of personal data:

Identity Data

  • Name: First name, last name, title
  • ID Information: Passport number, national ID
  • Demographics: Date of birth, gender, nationality
  • Photos: Profile pictures, ID document copies

Contact Data

  • Address: Home, billing, and business addresses
  • Phone: Mobile and landline numbers
  • Email: Personal and business email addresses
  • Emergency Contacts: Names and contact details

Booking Data

  • Reservations: Check-in/out dates, room type
  • Preferences: Room preferences, special requests
  • Guest Details: Number of guests, ages
  • History: Previous stays, loyalty status

Financial Data

  • Payment Info: Credit card details (encrypted)
  • Billing: Invoices, payment history
  • Transactions: Purchase records, refunds
  • Financial Status: Credit checks (if applicable)

Digital Data

  • Website Usage: Pages visited, time spent
  • Device Info: IP address, browser type
  • Cookies: Preferences, session data
  • Communications: Emails, chat logs

Security Data

  • CCTV Footage: Security camera recordings
  • Access Logs: Key card usage, entry records
  • Incident Reports: Security-related incidents
  • Background Checks: If required by law

Special Category Data

We may process special categories of personal data (health information, dietary requirements) only with your explicit consent or when necessary for health and safety purposes. This data is subject to additional protection measures.

5. Data Recipients and Transfers

We Never Sell Your Personal Data

Your personal data may be shared with the following categories of recipients:

Internal Recipients

  • Hotel management and staff
  • Reservations and front desk teams
  • Customer service representatives
  • Security and maintenance personnel
  • Finance and accounting departments

Service Providers

  • Payment processing companies
  • IT service providers and cloud hosts
  • Email and communication services
  • Cleaning and maintenance contractors
  • Security service providers

Business Partners

  • Travel agencies and tour operators
  • Online booking platforms
  • Transportation service providers
  • Event organizers and venues
  • Loyalty program partners

Legal Authorities

  • Law enforcement agencies
  • Tax and regulatory authorities
  • Courts and judicial authorities
  • Government agencies
  • Data protection authorities

Emergency Services

  • Medical emergency services
  • Fire and rescue services
  • Police and security forces
  • Insurance companies
  • Healthcare providers

Analytics Providers

  • Website analytics services
  • Marketing analytics platforms
  • Customer feedback services
  • Business intelligence providers
  • Research organizations

International Data Transfers

Some of our service providers may be located outside Poland. When transferring data internationally, we ensure adequate protection through:

  • European Commission adequacy decisions
  • Standard Contractual Clauses (SCCs)
  • Binding Corporate Rules (BCRs)
  • Certification schemes and codes of conduct

6. Your Data Protection Rights

Under GDPR and KVKK, you have the following rights regarding your personal data:

Right to Information

Learn about data processing

You can request information about:

  • What personal data we process
  • Purposes of processing
  • Categories of recipients
  • Retention periods
  • Your rights and how to exercise them

Right of Access

Obtain a copy of your data

You can request:

  • Copy of your personal data
  • Details about processing activities
  • Information about data sources
  • Data in a structured format
  • Confirmation of processing

Right to Rectification

Correct inaccurate data

You can request:

  • Correction of inaccurate data
  • Completion of incomplete data
  • Update of outdated information
  • Verification of data accuracy
  • Notification to third parties

Right to Erasure

Request deletion of data

Applicable when:

  • Data no longer necessary
  • Consent is withdrawn
  • Data processed unlawfully
  • Legal obligation to delete
  • Data processed for direct marketing

Right to Restriction

Limit data processing

You can restrict processing when:

  • Accuracy is contested
  • Processing is unlawful
  • Data no longer needed by us
  • Objection is pending verification
  • Legal proceedings require data

Right to Portability

Transfer data to another service

Includes:

  • Structured, machine-readable format
  • Commonly used format
  • Direct transfer when possible
  • Data provided by you
  • Automated processing based on consent

Right to Object

Object to certain processing

You can object to:

  • Processing for legitimate interests
  • Direct marketing activities
  • Profiling for marketing
  • Scientific or historical research
  • Statistical purposes

Right to Withdraw Consent

Withdraw consent at any time

Important notes:

  • Withdrawal doesn't affect past processing
  • Easy as giving consent
  • May affect service provision
  • Alternative legal basis may apply
  • Clear instructions provided

Rights Related to Automated Decision-Making

Protection from automated decisions

You have the right to:

  • Not be subject to automated decisions
  • Human intervention in the process
  • Express your point of view
  • Contest the decision
  • Obtain explanation of logic involved

7. Data Retention Periods

We retain your personal data only for as long as necessary for the purposes for which it was collected:

Booking and Stay Data

  • Active Reservations: Until completion + 1 year
  • Guest Registration: 3 years (legal requirement)
  • Payment Records: 10 years (tax law)
  • Loyalty Program: Until membership termination + 2 years

Marketing Data

  • Email Marketing: Until consent withdrawal
  • Newsletter: Until unsubscription + 6 months
  • Customer Preferences: 3 years from last interaction
  • Marketing Analytics: 2 years

Security Data

  • CCTV Footage: 30 days (unless incident)
  • Access Logs: 1 year
  • Incident Reports: 7 years
  • Security Investigations: Until resolution + 3 years

Website Data

  • Session Cookies: End of browser session
  • Analytics Data: 26 months (Google Analytics)
  • Website Logs: 12 months
  • User Preferences: 2 years from last visit

Customer Service Data

  • Support Tickets: 3 years from resolution
  • Complaint Records: 5 years
  • Communication Logs: 2 years
  • Feedback Surveys: 3 years

Legal and Compliance

  • Tax Records: 10 years
  • Legal Proceedings: Until statute of limitations
  • Regulatory Reports: As required by law
  • Audit Records: 7 years

Retention Policy

We regularly review our data retention practices and delete data when it's no longer needed. Some data may be retained longer if required by law or for legitimate business purposes. You can request deletion of your data subject to legal and contractual obligations.

8. Contact Information and Applications

Data Protection Officer

Email: dpo@roomswithmkhotel.com

Phone: +90 (212) 555-0125

Address: RoomsWithMKHotel, Data Protection Officer
ul. MarszaƂkowska 123
00-102 Warszawa, Poland

When contacting the DPO:

  • Clearly state your request and rights you wish to exercise
  • Provide sufficient information to identify you
  • Include proof of identity for data access requests
  • Specify the time period or data categories if relevant

Application Form

Download our official data subject rights application form for formal requests.

Form includes sections for:

  • Personal identification information
  • Specific rights you want to exercise
  • Detailed description of your request
  • Preferred response method

Application Process

Step 1: Submit Application

Send your request via email, post, or in person with required documentation.

Immediate acknowledgment

Step 2: Identity Verification

We verify your identity to protect your personal data from unauthorized access.

1-3 business days

Step 3: Processing

We process your request and gather the necessary information or take required actions.

Up to 30 days

Step 4: Response

We provide a comprehensive response to your request via your preferred method.

Within legal timeframes

Response Timeframes

We will respond to your requests within 30 days under GDPR and KVKK. For complex requests, we may extend this period by up to 60 days with proper notification. Urgent requests related to data breaches or security issues will be prioritized.

Right to Lodge a Complaint

If you're not satisfied with our response, you have the right to lodge a complaint with the relevant supervisory authority:

  • Poland: Personal Data Protection Authority (KVKK)
  • EU: Your local Data Protection Authority
  • Contact: You can also contact us to resolve issues before escalating