• 280 Augusta Avenue, M5T 2L9 Toronto, Canada
Book Now

Privacy & Personal Data Protection Policy

Privacy Policy

Zuma Hotel Privacy & Personal Data Protection Policy

1. Introduction

Zuma Hotel Cyprus (“we”, “our”, “us”) is committed to protecting the personal data of our guests, website visitors, employees and other data‐subjects in accordance with the applicable data protection laws, including the Turkish Law on Protection of Personal Data No. 6698 (“KVKK”) and related regulations. This Privacy & Personal Data Protection Policy (“Policy”) explains how we collect, use, disclose, store and protect personal data, and what rights you have under applicable law.

2. Data Controller

The data controller pursuant to the KVKK is:
Zuma Hotel Cyprus
[Address]
[City, Country]
Contact: [email address] / [phone number]

3. Purposes of Processing Personal Data

We collect and process personal data for the following purposes:

  • To enable reservation, check-in, accommodation and check-out services;

  • To communicate with guests about their bookings, stay and related services;

  • To perform housekeeping, room service, leisure and dining services;

  • To manage your requests, complaints and feedback;

  • To send marketing communications (only with your prior consent, where required);

  • To comply with legal, regulatory and accounting obligations;

  • To carry out quality control, statistical and anonymised analyses;

  • For security, facility management, access control and other legitimate interests.

4. Categories of Personal Data Collected

Depending on the service and interaction, the categories of personal data we may collect include:

  • Identity information: name, surname, nationality, ID number or passport number, date of birth;

  • Contact information: email address, telephone number, postal address;

  • Booking & stay information: room reservation details, arrival/departure dates, payment data (card or bank), billing address;

  • Communication data: guest inquiries, feedback, preferences;

  • Usage and technical data: IP address, device type, browser type, cookies, website usage logs;

  • Special categories of personal data (only if provided voluntarily): health information (e.g., dietary requirements, allergens).

5. Legal Basis for Processing

We process your personal data based on one or more of the following legal bases under KVKK and applicable regulation:

  • Your explicit consent (where required);

  • Execution of a contract or provision of services requested by you;

  • Compliance with legal obligations;

  • Our legitimate interests (provided your rights and freedoms are not overridden).

6. Recipients and Sharing of Personal Data

Your personal data may be shared with:

  • Service providers acting on our behalf (e.g., payment processors, IT providers, housekeeping agencies);

  • Business partners (e.g., travel agents, third-party booking platforms, concierge services);

  • Public authorities or courts if required by law;

  • Third parties only with your explicit consent (e.g., marketing partners).

We ensure that any third-party service providers implement appropriate data protection measures.

7. Transfer Abroad

Since Zuma Hotel Cyprus operates in Northern Cyprus, personal data may from time to time be transferred or accessed from abroad (e.g., to service providers located outside the Turkish Republic of Northern Cyprus). If any such transfer takes place and the recipient country does not ensure adequate protection, we will put in place appropriate safeguards (such as contractual clauses) in line with legal obligations.

8. Data Retention and Deletion

We retain personal data only for as long as necessary for the purposes set out in section 3 and to comply with legal obligations. Unless otherwise required by law, we will delete, anonymise or archive personal data once it is no longer needed. Specific retention periods include:

  • Reservation & billing data: [e.g., 10 years]

  • Marketing data (with consent): until you withdraw consent or request deletion

  • Website logs: [e.g., 1 year]
    Please contact us to obtain the specific retention period for your data.

9. Your Rights Under Applicable Law

Under KVKK, you have the following rights:

  • To learn whether your personal data is processed;

  • To request information if your data has been processed;

  • To learn the purpose of processing and whether your personal data is used for the intended purpose;

  • To know the categories of personal data processed;

  • To request correction of incomplete or inaccurate data;

  • To request deletion or destruction of personal data if:

    • It is processed unlawfully;

    • The reason requiring processing no longer applies;

    • You withdraw your consent;

    • The data must be erased under law.

  • To request that processing of your personal data be restricted;

  • To object to the processing of your personal data;

  • To request data portability;

  • To claim compensation in case of damages due to unlawful processing of your personal data.

To exercise your rights, please contact us at [email address] or [postal address]. We will respond within the legally required timeframe.

10. Cookies & Tracking Technologies

Our website uses cookies and other tracking technologies to enhance your experience, analyze traffic, and offer certain features. You may adjust your browser settings or opt out where applicable. A separate Cookies Policy is available on our website.

11. Security Measures

We implement appropriate technical and organisational measures to protect your personal data against unauthorised or unlawful processing, accidental loss, destruction or damage. These include encryption, access-controls, secure networks, staff training, and periodic audits.

12. Changes to This Policy

We reserve the right to modify this Policy at any time. The current version is available on our website and we will notify you of material changes in a timely manner.