top of page

GDPR

Luxury Garden Suites Privacy Policy

1. Introduction

At Luxury Garden Suites (hereinafter referred to as "we," "us," or "the Property"), we explain in this Privacy Policy how we process your personal data collected via our website, communication channels, or during your stay. The privacy of our guests is our highest priority. We are committed to processing your data with utmost transparency and security, in compliance with the European Union's General Data Protection Regulation (GDPR) and relevant local legislation.

2. Data Controller

The Data Controller responsible for the processing of your personal data is:

Luxury Garden Suites [Your Full Address] [Your Phone Number] [info@luxurygardensuites.com]

3. What Personal Data Do We Collect?

To provide our services, meet your expectations, and continuously enhance your experience, we may collect the following types of personal data:

  • Identity and Contact Information: First name, last name, email address, phone number, home address, passport/ID details (as required by local legal notification obligations).

  • Reservation Information: Reservation details such as check-in/check-out dates, apartment type, number of guests, special requests, preferred breakfast times, and food/beverage setup preferences.

  • Payment Information: Credit card details (processed securely via encrypted and secure payment systems for transaction security), billing information.

  • Communication Records: Records of your correspondence and conversations with us via email, phone, or other communication channels.

  • Usage Data: Information about how you use our website (IP address, browser type, pages visited, access times) – this data may be collected via cookies.

  • Special Requests and Health Information: Information you voluntarily share, such as allergies, special dietary requirements, health conditions, or other specific needs (used solely to enhance service quality and ensure your safety).

4. For What Purposes and On What Legal Grounds Do We Process Your Personal Data?

We process your personal data for the following purposes and in accordance with the legal bases specified in the GDPR:

  • Reservation Management and Contract Performance:

    • Purpose: To process, confirm, manage your reservations, and to establish and fulfill the accommodation service contract with you.

    • Legal Basis: Performance of a Contract (GDPR Article 6(1)(b)).

  • Service Provision and Operational Requirements:

    • Purpose: To provide our services such as apartment access, cleaning, additional services (breakfast, food/beverage setup), and beach transfers, and to meet your expectations.

    • Legal Basis: Performance of a Contract (GDPR Article 6(1)(b)) and Legitimate Interest (GDPR Article 6(1)(f) – maintaining service quality and ensuring operational efficiency).

  • Communication and Support:

    • Purpose: To provide information related to your reservation, answer your questions, fulfill your requests, and provide customer support.

    • Legal Basis: Performance of a Contract (GDPR Article 6(1)(b)) or Legitimate Interest (GDPR Article 6(1)(f) – effective communication and customer satisfaction).

  • Fulfillment of Legal Obligations:

    • Purpose: To comply with legal requirements such as identity reporting, billing, tax obligations, and other local legal mandates.

    • Legal Basis: Legal Obligation (GDPR Article 6(1)(c)).

  • Service Improvement and Website Analytics:

    • Purpose: To analyze and enhance the performance of our website and services, improve user experience, and refine our marketing strategies.

    • Legal Basis: Legitimate Interest (GDPR Article 6(1)(f) – business development and continuous improvement of customer experience).

  • Direct Marketing Communications:

    • Purpose: To send you information about special offers, discounts, news, and events, if you have given your consent.

    • Legal Basis: Consent (GDPR Article 6(1)(a)). You have the right to withdraw your consent at any time.

  • Fulfillment of Special Requests (Sensitive Data):

    • Purpose: To accommodate your special requests involving sensitive personal data, such as allergies or health conditions.

    • Legal Basis: Explicit Consent (GDPR Article 9(2)(a)) or Protection of Vital Interests (GDPR Article 9(2)(c)).

5. With Whom Do We Share Your Personal Data?

We may share your personal data with third parties only when necessary and with the following legal grounds and safeguards:

  • Service Providers: Trusted third-party service providers (data processors) we work with for operational needs such as payment processing, IT support, cleaning, security, or transfer services. These providers may use your data solely for the specified purposes and within the framework of strict confidentiality and data protection agreements.

  • Legal and Regulatory Authorities: If requested, for the purpose of fulfilling our legal obligations, complying with court orders, responding to legal processes, or protecting our rights.

  • Business Partners: If you grant permission, limited data may be shared with our business partners offering joint discounts or promotions, such as The Land of Legends.

  • International Data Transfers: Your personal data may be transferred to a country outside the European Union (EU) or European Economic Area (EEA), such as Turkey. When such transfers occur, adequate protection for your data is ensured by implementing appropriate safeguards specified by GDPR. These safeguards typically include Standard Contractual Clauses (SCCs) approved by the European Commission, or an Adequacy Decisionregarding the relevant country. Please contact us for more information regarding transfers.

6. Cookies and Similar Technologies

Our website uses cookies and similar technologies to personalize and enhance your experience, analyze website usage, and support our marketing activities. Cookies are small text files that allow our website to remember information about you. Detailed information about cookie usage and how to manage your preferences can be found in our Cookie Policy at [Link to Cookie Policy].

7. Data Retention Period

We retain your personal data for as long as necessary for the purposes for which it was collected or as required by applicable legal obligations. Once the retention period expires, your data will be securely deleted or anonymized.   

8. Your Rights (Data Subject Rights)

Under GDPR, you have the following rights regarding your personal data:

  • Right of Access (GDPR Article 15): You have the right to obtain confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data.   

  • Right to Rectification (GDPR Article 16): You have the right to request the correction of inaccurate or incomplete personal data concerning you.   

  • Right to Erasure ('Right to be Forgotten') (GDPR Article 17): You have the right to request the deletion of your personal data under certain conditions (e.g., when the data is no longer necessary for the purpose for which it was collected, or if you withdraw your consent).   

  • Right to Restriction of Processing (GDPR Article 18): You have the right to request the restriction of the processing of your personal data under certain circumstances (e.g., when you contest the accuracy of the data).

  • Right to Data Portability (GDPR Article 20): You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format and have the right to transmit those data to another data controller without hindrance.   

  • Right to Object (GDPR Article 21): You have the right to object to the processing of your personal data, particularly for direct marketing purposes or when based on our legitimate interests.   

  • Right to Object to Automated Individual Decision-Making (GDPR Article 22): You have the right not to be subject to a decision based solely on automated processing (including profiling), which produces legal effects concerning you or similarly significantly affects you.

  • Right to Withdraw Consent (GDPR Article 7(3)): Where processing is based on consent, you have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.   

To exercise these rights or for any questions or concerns regarding data privacy, please contact us as the Data Controller using the contact information provided in Section 2 of this Policy. Your requests will be responded to within one month, in accordance with applicable laws.   

9. Right to Lodge a Complaint

If you believe that your personal data is not being processed in accordance with the GDPR, you have the right to lodge a complaint with a supervisory authority (for Turkey, the Personal Data Protection Authority - KVKK; or the relevant data protection authority in your EU country of residence).

10. Changes to the Privacy Policy

This Privacy Policy may be updated from time to time to reflect changes in legal requirements or our data processingpractices. When any significant changes are made, we will inform you by publishing the updated policy on our website or through direct communication.   

11. Contact

If you have any questions, comments, or concerns about our Privacy Policy or data practices, please do not hesitate to contact us using the contact information provided in Section 2 of this Policy.   

bottom of page