Privacy Policy

Privacy Policy

TaksimFlat (“us”, “we”, or “our”) operates the https://taksimflat.com website and provides accommodation services (collectively, the “Service”).

This Privacy Policy explains how TaksimFlat, as the Data Controller, collects, uses, processes, stores, and discloses your personal data when you use our Service. It also outlines your rights regarding your data and how we protect it.

We are committed to protecting your privacy in compliance with the Turkish Personal Data Protection Law (Law No. 6698, “KVKK”), the General Data Protection Regulation (EU) 2016/679 (“GDPR”), and other applicable data protection regulations for our international clientele, including relevant US state privacy laws.

By using our Service, you agree to the collection and use of information in accordance with this policy. Unless otherwise defined in this Privacy Policy, terms used herein have the same meanings as in our Booking Policy and Terms and Conditions, accessible from https://taksimflat.com.

1. Information We Collect
We collect several different types of information for various purposes to provide and improve our Service to you.

1.1. Personal Data
While using our Service (e.g., when making a booking, contacting us, or registering an account), we may ask you to provide us with certain personally identifiable information (“Personal Data”) that can be used to contact or identify you. This Personal Data may include, but is not limited to:

Identity Data: First name, last name, date of birth, nationality, passport/ID number (as required by Turkish law for accommodation registration) and names of all guests (including infants) for private transfer/tour services
Contact Data: Email address, phone number, address (street, city, state/province, ZIP/Postal code, country).
Reservation Data: Booking details (arrival/departure dates, apartment type, number of guests, special requests).

1.2. Usage Data
We may also collect information about how the Service is accessed and used (“Usage Data”). This Usage Data is generated automatically and may include information such as:

Your computer’s Internet Protocol address (e.g., IP address).
Browser type and version.
The pages of our Service that you visit.
The time and date of your visit.
The time spent on those pages.
Unique device identifiers.
Other diagnostic data data related to website performance and security.

1.3. Tracking & Cookies Data
We use cookies and similar tracking technologies (such as beacons, tags, and scripts) to track activity on our Service and hold certain information.

Cookies are files with a small amount of data that may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device.
Tracking technologies are also used to collect and track information and to improve and analyze our Service.
You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

Examples of Cookies we use:

Session Cookies: We use Session Cookies to operate our Service (essential for navigation and functionality).
Preference Cookies: We use Preference Cookies to remember your preferences and various settings.
Security Cookies: We use Security Cookies for security purposes.

2.CCTV and Security Monitoring
For the safety and security of our guests, property, and staff, TaksimFlat utilizes Closed-Circuit Television (CCTV) cameras. These cameras are strategically placed in:

Common areas inside the building: Such as lobbies, hallways, entrance/exit points and each floor in the building.
Outside the building: Covering external entrances and perimeters.
Please note: These cameras record both video and audio. The audio recording is specifically for environmental monitoring, such as detecting sirens, unusual noises, or other sound-based alerts, contributing to overall security. There are no cameras inside the individual apartments or rooms.

Appropriate signage indicating the presence of CCTV, including audio recording for security monitoring purposes, is displayed at the entrance of the building.

3. How We Use Your Data (Purposes of Processing and Legal Basis)
TaksimFlat uses the collected data for various purposes, based on the following legal grounds as outlined by KVKK, GDPR, and other applicable laws:

4. Data Retention
TaksimFlat will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy, including for the purposes of satisfying any legal, accounting, or reporting requirements.

Booking-related data: Typically retained for a minimum of 5 years after your stay to comply with Turkish tax, commercial, and other legal obligations.
Internet Access Logs (Law No. 5651): As required by Turkish Law No. 5651, internet access logs (IP addresses, connection times) are retained for a minimum of 6 months to combat crimes committed via the internet.
Cookies and Usage Data: Retained for varying periods depending on their purpose (e.g., session cookies for the duration of your visit; preference/security cookies for longer periods as needed for functionality).
When the retention period expires, your personal data will be securely deleted, destroyed, or anonymized in accordance with KVKK and relevant regulations.

5. Transfer Of Data
Your information, including Personal Data, may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ from those in your jurisdiction.

If you are located outside Turkey (e.g., in the European Union/European Economic Area or the United States) and choose to provide information to us, please note that we transfer the data, including Personal Data, to Turkey for processing. Turkey is considered a ‘third country’ by the GDPR. For transfers of Personal Data from the EU/EEA to Turkey, TaksimFlat primarily relies on your explicit consent to the transfer for the performance of our contract (i.e., your booking and stay with us), as such transfer is necessary for fulfilling the service you requested.

Conversely, as TaksimFlat is located in Turkey, but uses web servers and mail providers located in Europe or the US, your Personal Data may also be transferred from Turkey to these regions for storage and processing by our service providers. For these onward transfers from Turkey to countries outside Turkey (including EU/EEA and US), TaksimFlat ensures that such transfers comply with Turkish Personal Data Protection Law (KVKK) by relying on:

Your explicit consent, where applicable and required.
Contractual necessity, where the transfer is essential for the performance of our contract with you (e.g., storing your booking confirmation on a European server to send you emails).
Appropriate safeguards such as Standard Contractual Clauses (SCCs) issued by the European Commission, where required for transfers to EU/EEA countries (which generally provide adequate protection) or to the US (if the specific US provider has certified under the EU-US Data Privacy Framework or if SCCs are otherwise implemented).
Other legal bases as allowed by KVKK for international data transfers.
TaksimFlat will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and applicable data protection laws. No transfer of your Personal Data will take place to an organization or a country unless there are adequate controls in place, including the security of your data and other personal information, and only in compliance with KVKK’s and GDPR’s international data transfer requirements.

6. Disclosure Of Data

TaksimFlat may disclose your Personal Data in the good faith belief that such action is necessary and where there is a legal basis for doing so. We may share your Personal Data with the following categories of recipients:

Service Providers: We engage third-party companies and individuals to perform services on our behalf, as detailed in Section 7. These include web hosting providers, email service providers, marketing automation platforms, and transfer service partners.

Governmental and Legal Authorities: To comply with a legal obligation, such as responding to court orders, subpoenas, or legal processes, or fulfilling mandatory reporting requirements to government authorities (e.g., identity reporting to law enforcement/GİYKIM system as per Turkish Law No. 1774, and registration for transfer services as required by government regulations).

Other Parties:
To protect and defend the rights or property of TaksimFlat, including enforcing our Terms and Conditions.
To prevent or investigate possible wrongdoing in connection with the Service, such as fraud, security breaches, or misuse.
To protect the personal safety of users of the Service or the public.
To protect against legal liability.

7. Security Of Data
The security of your data is of paramount importance to us. We implement appropriate technical and organizational measures to protect your Personal Data against unauthorized access, alteration, disclosure, loss, or destruction. These measures include encryption, access controls, regular security audits, staff training.

However, please remember that no method of transmission over the Internet, or method of electronic storage, is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.

8. Service Providers
We may employ third-party companies and individuals to facilitate our Service (“Service Providers”), to provide the Service on our behalf, to perform Service-related services, or to assist us in analyzing how our Service is used. These include, but are not limited to, web hosting providers, email service providers and private transfer/tour service partners.

These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose. We ensure that these Service Providers are compliant with applicable data protection laws and have appropriate security measures in place, including entering into data processing agreements and, for international transfers, utilizing legally recognized safeguards such like Standard Contractual Clauses (SCCs) or relying on explicit consent where appropriate.

8.1. Marketing Communications (Email)
We may send you marketing communications, including holiday greetings, newsletters, special offers, and information about our services. These communications are sent to you only if you have provided explicit consent to receive them, or if there is another valid legal basis under applicable laws (e.g., in some jurisdictions, an existing customer relationship might allow for marketing of similar products/services with an easy opt-out).

Opting Out: You can opt-out of receiving marketing communications from us at any time by following the unsubscribe link provided in the emails you receive, or by contacting us directly using the “Contact Us” details.
Third-Party Email Service Providers: We use third-party email service providers (e.g., Mailchimp, SendGrid, etc. – you can name them here if you wish, or keep it generic) to manage and send our email campaigns. These providers process your email address and other relevant data (e.g., name, engagement metrics like opens/clicks) on our behalf.

8.2. WhatsApp Communication
We provide a WhatsApp chat button on our website to facilitate direct communication with our guests. When you choose to use this feature, you will be communicating with us via the WhatsApp platform, which is owned and operated by Meta Platforms, Inc.

Data Processed: When you initiate a chat with us via WhatsApp, your phone number, username (if set in WhatsApp), and any information you send in your messages will be shared with us.
Third-Party Platform: WhatsApp is a separate third-party service provider. Your use of WhatsApp is subject to WhatsApp’s own Terms of Service and Privacy Policy. We encourage you to review their policies for information on how WhatsApp processes your data.
Our Use of Data via WhatsApp: We use the data you provide via WhatsApp solely to respond to your inquiries, manage your bookings, provide customer support, and for purposes directly related to your request.
Consent: By initiating a chat with us through the WhatsApp button, you consent to us communicating with you via this channel for the purpose of your inquiry. If we wish to send you any marketing messages via WhatsApp, we will seek your explicit consent separately.

8.3. Analytics
We may use third-party Service Providers to monitor and analyze the use of our Service.

Google Analytics
Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network.

You can opt-out of having made your activity on the Service available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js, and dc.js) from sharing information with Google Analytics about visits activity.

Google Search Console
We use Google Search Console to monitor and maintain our website’s presence in Google search results. While Search Console doesn’t directly collect personal data from website visitors, it provides us with aggregated data about search traffic and website performance.

Google Fonts (via Cloudflare)
As described above, we use Cloudflare to serve Google Fonts, which helps improve privacy and performance.

For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: https://policies.google.com/privacy?hl=en

8.4. Cloudflare

We use Cloudflare, Inc. (a U.S. company) to enhance the security, performance, and reliability of our website. Cloudflare acts as a Content Delivery Network (CDN) and a reverse proxy, processing all traffic to and from our website. This involves the collection of certain Usage Data (like IP addresses and browser information) to identify and mitigate threats, optimize load times, and ensure continuous service availability.

Cloudflare Analytics
We utilize Cloudflare Analytics to gather aggregated, privacy-focused insights into website traffic and performance. Cloudflare states that its Web Analytics service does not collect or log visitors’ personal data.

Cloudflare Fonts
We use Cloudflare Fonts to deliver website fonts. This helps improve privacy by reducing direct data exchange with third-party font providers and enhances website performance. Cloudflare states it does not collect or log user data during the font delivery process.

Data Processing and Transfers
Your data processed by Cloudflare may be transferred to and stored on Cloudflare’s global network of servers. Cloudflare complies with relevant data protection frameworks for international transfers, including certification under the EU-US Data Privacy Framework and offering Standard Contractual Clauses (SCCs) to its customers. For more information, please refer to Cloudflare’s Privacy Policy.

For more information, please refer to Cloudflare’s Privacy Policy.

9. Your Data Protection Rights (KVKK, GDPR, and US State Privacy Laws)
Under KVKK, you have certain rights regarding your personal data. You have the right to:

Be informed about whether your personal data is processed, the purposes of processing, the categories of personal data processed, and recipients to whom personal data is transferred.
Request access to your personal data.
Request rectification of inaccurate or incomplete personal data.
Request erasure or destruction of your personal data when the purposes for processing no longer exist (the “right to be forgotten”).
Request restriction of processing of your personal data under certain conditions.
Object to the processing of your personal data, particularly in cases of automated decision-making or direct marketing.
Request notification of third parties to whom your data has been disclosed about any rectification, erasure, or restriction of processing.
Request compensation for damages arising from the unlawful processing of your personal data.
If you are a resident of the European Union/European Economic Area, you also have the following rights under the GDPR:

The Right to Data Portability: To receive a copy of your Personal Data in a structured, commonly used, and machine-readable format and to transmit that data to another controller where technically feasible.
The Right to Lodge a Complaint: To lodge a complaint with a supervisory authority, particularly in the Member State of your habitual residence, place of work, or where an alleged infringement of GDPR has occurred.
For Residents of Certain US States (e.g., California, Virginia, Colorado, Utah, and Connecticut):

If you are a resident of certain US states, you may have additional privacy rights regarding your personal information, which can include:

The Right to Know: To request information about the categories and specific pieces of personal information we have collected about you, the sources from which we collected it, the purposes for collecting or selling it, and the categories of third parties with whom we share it.
The Right to Delete: To request the deletion of personal information that we have collected from you, subject to certain exceptions.
The Right to Opt-Out of Sale or Sharing: To opt-out of the “sale” or “sharing” of your personal information (as these terms are defined by applicable state law). Please note that TaksimFlat does not sell your personal information in the traditional sense, nor do we “share” it for cross-context behavioral advertising.
The Right to Correct: To request the correction of inaccurate personal information we maintain about you.
The Right to Limit Use and Disclosure of Sensitive Personal Information: (For certain sensitive categories, if collected, such as precise geolocation, health data, or financial account details combined with access credentials. Based on your current data collection, this might be less applicable but good to be aware of).
To exercise any of these rights, please contact us using the “Contact Us” details provided below. We will respond to your request within 30 days, as required by KVKK and GDPR, and in accordance with applicable US state law.

10. Children’s Privacy
Our Service does not address anyone under the age of 18 (“Children”).

We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your Child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information from our servers.

11. Links To Other Sites
Our Service may contain links to other sites that are not operated by us. If you click on a third-party link, you will be directed to that third party’s site. We strongly advise you to review the Privacy Policy of every site you visit.

We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

12. Changes To This Privacy Policy
We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page.

We will let you know via email and/or a prominent notice on our Service, prior to the change becoming effective and update the “Effective Date” at the top of this Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

13. Contact Us
If you have any questions about this Privacy Policy, your personal data, or wish to exercise your rights, please contact us:

By email: [email protected]
By visiting this page on our website: https://taksimflat.com/contact-us

14. Policy Updates & Governing Law
This Booking Policy and any disputes arising out of or in connection with it shall be governed by and construed in accordance with the laws of the Republic of Turkey. Any disputes shall be subject to the exclusive jurisdiction of the courts of Istanbul, Turkey.

Effective Date: April 01, 2026
Last Updated: April 01, 2026