get in touch

LPPD

1. PURPOSE AND SCOPE

Pursuant to the Personal Data Protection Law No. 6698, Blue Sea Hotel (hereinafter referred to as the “Company” or the “Data Controller”) sets out the principles it has adopted regarding the protection of personal data and determines the principles governing the processing of personal data belonging to Customers (Guests), Employees, Job Applicants, Visitors, Potential Customers, Suppliers, Third Parties, and Online Website Visitors (collectively referred to as “Data Subject Groups”), and aims to inform the relevant individuals and groups accordingly.

2. PRINCIPLES REGARDING THE PROCESSING OF PERSONAL DATA

The Company processes your personal data in its capacity as Data Controller within the framework of the following principles.

2.1 Processing in Compliance with Law and the Principle of Good Faith

Personal data are processed in accordance with the principles set forth under Law No. 6698 and in line with the general principles of trust and good faith.

2.2 Ensuring Accuracy and, Where Necessary, Keeping Data Up to Date

Taking into account your personal interests and rights, periodic checks and updates are carried out to ensure the accuracy and currency of the processed data. For this purpose, responsible units have been established within the Company to verify the accuracy of personal data and to make necessary corrections, and appropriate measures have been taken.

2.3 Purpose of Processing

Your personal data are processed for explicit, specific, and legitimate purposes in accordance with the law.

2.4 Processing in a Limited and Proportionate Manner

The Company processes personal data in a manner that is proportionate, relevant, and limited to achieving the intended purposes, and ensures that personal data that are not relevant or necessary for achieving such purposes are not processed.

2.5 Retention Period of Data

The Company retains personal data only for the period stipulated in the relevant legislation or for as long as required for the purpose for which they are processed. If a retention period is specified in the legislation, such period is complied with. If no period is specified, personal data are retained for as long as necessary within the scope of the services provided by the Company. Upon the expiration of the retention period or if the reasons requiring processing cease to exist, and in the absence of a legal ground permitting longer retention, personal data are deleted, destroyed, or anonymized in accordance with the Company’s Personal Data Retention and Destruction Procedure.

3. CONDITIONS FOR PROCESSING PERSONAL DATA

The Company ensures that all personal data are processed in accordance with the conditions and purposes set out below:

3.1 Conditions and Purposes Prescribed by Law

Where the processing of personal data is explicitly required or mandated by law, personal data may be processed by the Company.

3.2 Being Directly Related to the Establishment or Performance of a Contract

If processing personal data belonging to the parties of a contract is necessary, provided that it is directly related to the establishment or performance of a contract, the Company may process such personal data.

3.3 Situations Where Explicit Consent Cannot Be Obtained Due to Impossibility

Personal data may be processed if processing is mandatory to protect the life or physical integrity of the data subject or another person where the data subject is unable to give consent due to actual impossibility or where consent cannot be legally recognized.

3.4 Data Made Public by the Data Subject

If personal data have been made public by the data subject, such data may be processed by the Company.

3.6 Necessity of Processing for the Establishment or Protection of a Right

The Company may process personal data within the framework of the law if processing is mandatory for the establishment, exercise, or protection of a right.

3.7 Processing Based on Legitimate Interest

The Company may process personal data if processing is necessary for the protection of its legitimate interests, provided that such processing does not harm the fundamental rights and freedoms of the data subject.

3.8 Processing Based on Explicit Consent

The Company may process personal data based on verbal or written explicit consent obtained from the relevant party.

4. CLASSIFICATION OF PERSONAL DATA

Personal data processed by the Company are classified as follows under the scope of Law No. 6698 on the Protection of Personal Data:

4.1 Identity Information

Name, surname, date of birth, age, and similar data used to identify a person.

4.2 Contact Information

Phone number, email address, address details, and similar contact data.

4.3 Customer Transaction Information

Reservation details, accommodation dates, request and complaint records, and service usage information.

4.4 Financial Information

Information related to payment transactions (credit card information is not stored in the Company’s systems and is processed only through authorized payment institutions).

4.5 Transaction Security Information

IP address, website login and logout details, browser information, log records, and similar electronic transaction security data.

4.6 Marketing Information

Preferences and consent records regarding campaigns, promotions, surveys, and e-newsletter processes.

4.7 Visual and Audio Records

Image recordings obtained through security cameras (for the purpose of ensuring facility security).

5. PURPOSES OF PROCESSING PERSONAL DATA

Within the scope of the personal data processing conditions specified in Articles 5 and 6 of Law No. 6698, the Company may process personal data for the following purposes:

Personal data of customers and potential customers may be processed to enable them to benefit from the products and services offered by the Company today and in the future, subject to the data processing conditions set forth in Articles 5 and 6 of the Law. Data processing will be carried out after obtaining written or verbal consent from the customer or potential customer.

Personal data of employees and job applicants may be processed for the purposes of planning and executing human resources processes, conducting personnel affairs, fulfilling legal obligations, planning and implementing benefits, and managing recruitment processes.

Personal data of visitors may be processed for ensuring the security of buildings and facilities, creating and monitoring visitor records, safeguarding assets and resources, ensuring occupational health and safety, ensuring operational security, and providing information to authorized public institutions as required by law.

Personal data of third parties may be processed for conducting necessary business and operational processes, carrying out commercial activities, executing related business processes, customizing and promoting products and services, and fulfilling contractual obligations.

Personal data of suppliers and business partners may be processed for conducting necessary business and operational processes and executing commercial activities related to the products and services provided by the Company.

Personal data of online visitors may be processed for conducting marketing analysis activities, managing advertising, campaign, and promotion processes, carrying out communication activities, developing products and services, and fulfilling legal obligations.

6. SHARING OF PERSONAL DATA IN WHOLE OR IN PART

The Company may transfer personal data, in a limited manner, to domestic and international business partners, customers, suppliers, legally authorized public institutions, and legally authorized private entities within the scope of the principles and purposes set out in Articles 3 and 5 of this Policy and in accordance with Articles 8 and 9 of Law No. 6698.

7. METHOD AND LEGAL BASIS OF COLLECTING PERSONAL DATA

Based on the legal grounds set out in Article 5 of Law No. 6698—such as necessity for the establishment or performance of a contract, fulfillment of the data controller’s legal obligations, and necessity for the legitimate interests of the data controller—personal data are processed automatically by obtaining them from the data subject or third parties through written, verbal, physical, or electronic means.

Additionally, within the scope of a potential employment contract, personal data are processed automatically through electronic application forms or physical forms based on the same legal grounds.

8. SECURITY OF PERSONAL DATA

The Company takes reasonable technical and administrative measures to ensure the security of personal data, prevent unlawful processing, unauthorized access, accidental data loss, intentional deletion, or damage. Access to personal data is restricted to authorized personnel only, and authorization systems are designed to prevent excessive access.

The Company conducts and commissions necessary audits to ensure compliance with the provisions of Law No. 6698.

9. APPLICATION PROCEDURES AND PRINCIPLES

If you wish to exercise your rights under Article 11 of Law No. 6698, you may submit your request by completing the Personal Data Protection Application Form available at https://blueseakarpasia.com, or by sending a mobile-signed or e-signed email from your registered email address to blueseahotel@lesahotel.net, or by submitting a written, wet-signed application in person or via a notary to the address: Blue Sea Hotel, Karpaz Anayolu, Dipkarpaz 99890, TRNC.

Your application will be finalized free of charge as soon as possible and within thirty (30) days at the latest. However, if the process requires additional costs, the fee determined by the Personal Data Protection Board may be charged.

As a data subject, you have the right to:

  • a) Learn whether your personal data are processed,

  • b) Request information if your personal data have been processed,

  • c) Learn the purpose of processing and whether data are used in accordance with such purpose,

  • d) Know the third parties to whom personal data are transferred domestically or abroad,

  • e) Request correction of incomplete or inaccurate personal data,

  • f) Request deletion or destruction of personal data under the conditions set out in Article 7 of the Law,

  • g) Request notification of transactions carried out under items (d) and (e) to third parties to whom data have been transferred,

  • h) Object to a result against you arising from the analysis of data exclusively through automated systems,

  • i) Request compensation for damages incurred due to unlawful processing of personal data.

+90 548 865 66 66

info@blueseakarpasia.com

Karpaz Anayolu, Dipkarpaz
99890 KKTC

All rights reserved | 2026 © Blue Sea Hotel

Instagram Facebook Whatsapp