This Privacy Policy explains how your personal data is processed and protected when you visit our website or use our services. By using our website, you agree to these terms.
Voyag Turizm Otelcilik İşletmesi ve İnş. San. Ticaret A.Ş, MRA Turizm ve Otel İşletmeciliği A.Ş process your personal data as data controllers under the Personal Data Protection Law (KVKK), securely store it, and do not share it with third parties in compliance with legal regulations. We ensure full compliance with KVKK and implement the necessary security measures. This policy applies to all businesses affiliated with our company.
Your personal data is collected and processed based on your explicit consent or legal obligations. These data are used to enhance service quality and provide you with better service. Anonymized data is used for statistical analysis.
Voyag Tourism and MRA Tourism are committed to protecting the personal data of their guests, employees, and business partners and reserve the right to update their policies in compliance with KVKK.
Fundamental Principles of Personal Data Processing
Voyag Tourism and MRA Tourism adhere to the following principles when processing personal data:
- Compliance with Law and Principles of Honesty: Personal data is obtained and processed lawfully. Service providers and business partners are informed about personal data protection.
- Accuracy and Up-to-Dateness: Data is kept accurate and up to date. Updates are made when changes are reported.
- Processing for Specific, Clear, and Legitimate Purposes: Data is processed only for predetermined and approved purposes and is not used for any other purposes or shared with third parties.
- Processing Relevant, Limited, and Proportionate to the Purpose: Personal data is used only to the extent required by the service.
- Storage for the Necessary Duration: Data is stored for the period specified in the relevant legislation and is deleted or anonymized after this period expires.
These principles apply to all data processing activities of Voyag Tourism and MRA Tourism, ensuring full compliance with KVKK.
Minimum Data Retention Principle (Data Economy Principle)
Voyag Tourism and MRA Tourism collect and process only the necessary personal data. Data that does not serve the intended purpose is not recorded in our system, and redundant information is deleted or anonymized for statistical analysis.
Sensitive health data is collected solely to provide better service to our guests, protect their health, and improve service quality, and it is safeguarded with high-security standards.
Deletion of Personal Data
Once the legally required retention periods expire, judicial processes are completed, or other necessities cease, personal data is automatically or upon request deleted, destroyed, or anonymized by our company.
Data Accuracy and Updates
Data within "Voyag Tourism and MRA Tourism" is processed based on the statements of the relevant individuals. "Voyag Tourism and MRA Tourism" is not obliged to verify the accuracy of the provided data and does not do so due to legal and operational principles. The declared data is considered accurate. The company adopts the principle of ensuring the accuracy and up-to-dateness of personal data.
Our company updates personal data obtained from official documents or upon the request of the data subject and takes the necessary measures for this purpose.
According to the law, our company is responsible for keeping your personal data accurate and up to date. If your data is incorrect or has changed, please contact us via the email address you shared with the hotel to update it.
Application Email Address: [email protected]
Voyag Tourism and MRA Tourism protect data owners' rights under Article 13 of KVKK. Personal data owners may submit their requests via email, physical application, or the application form on our website.
Guest, Potential Guest, and Business & Solution Partner Data
As Voyag Tourism Hospitality Management and Construction Industry Trade Inc. & MRA Tourism and Hotel Management Inc., we process your personal data in our shared database as data controllers under the Law No. 6698 on the Protection of Personal Data and related regulations.
The categories and explanations of the personal data to be processed are as follows:
- Identity Information: Name-surname, accompanying guests’ names and surnames, nationality, place and date of birth; Turkish ID, driver’s license, and passport numbers (including issuance date and place).
- Contact Information: Address, phone number, email address.
- Financial Information: Mobile billing details, bank account information, payment card number, and other payment details.
- Loyalty Program Memberships: Information regarding purchased products or services.
- Guest Feedback and Complaints: Preferences in accommodation, marketing, and communication; evaluations, opinions, or complaints about brands and facilities.
- IP Address Processing: When subscribing to the email newsletter or inquiring about a loyalty card, your IP address is masked and processed under Article 5, Paragraph 2 (d) and (f) of KVKK to prevent misuse, ensure system security, and prevent fake registrations. This process is conducted to prevent fraudulent accounts, deliberate manipulation of the system, and abuse attempts. The IP address is used solely for these purposes and is automatically and permanently deleted after two months.
- Other Information: Reservation details, travel history, participation in contests, sweepstakes, or marketing programs, transportation details used to reach the facility, reserved hotel, airline, and rental car packages, associated travel groups, frequent flyer or Travel Partnership Program memberships and numbers, and information provided during membership and account applications.
Data Collection and Processing for Contractual Relationships
If a contractual relationship is established with our guests or potential guests, personal data collected may be used without explicit consent, but only within the scope of the contract. The data is used and updated as necessary to improve service quality and fulfill contractual obligations. However, data provided by potential guests is processed to offer them better and more convenient services and is deleted if it does not result in a contractual relationship.
Business and Solution Partner Data
"Voyag Tourism and MRA Tourism" strictly adheres to legal compliance when sharing data with business and solution partners. Data is shared only to the extent necessary for the service, and partners are required to implement data security measures.
Data Processing for Service Management, Analysis, and Improvement
- Conducting surveys to measure service quality.
- Communicating with guests for marketing purposes in accordance with communication permissions granted under applicable laws.
- Maintaining internal correspondence regarding guests who violate regulations beyond those set by the Ministry of Tourism, facility, and general etiquette rules and compiling a list of guests who will not be accepted into the facility.
- Recording guest reviews on social media, blogs, and review portals to analyze service feedback.
- Processing guest service data to provide a personalized holiday experience for Sales and Marketing activities.
- Segmenting reservation history, travel preferences, and purchased services for accurate marketing management.
- Managing claims/complaints related to services and facilities on complaint pages and social media platforms.
- Keeping guests’ personal data updated and combining it with data obtained from third-party sources for analytical purposes.
- Managing golf game reservation services for guests at the facility.
- Evaluations and requests (Feedback, survey responses, emails, WhatsApp messages related to our services).
- Special service requests (Upon guest request and consent, data related to health conditions, disabilities, allergies, special dietary needs, vehicle transfer details, and related documents before, during, and after their stay).
- Fraud prevention (Device ID information, device names, installation ID, IP address, location data, login date, browser type).
E-Invoice & E-Archive Invoice
Within this program, guests are automatically registered in the system, and invoices are sent via the email address they provide to the facility. It is the guest's responsibility to ensure that the email address given upon check-in or updated later is correct and is their preferred email address for this communication. If a reservation is made using this email address for another family member or individual, the relevant e-invoice will be sent to the email owner’s address. e-Invoice refers to invoices prepared electronically, not printed on paper, and transmitted between the buyer and/or seller via servers. It was introduced through the 397th Communiqué of the Turkish Republic Tax Procedure Law (VUK) and has been in effect since March 5, 2010.
As required by VUK, an e-Invoice contains all the necessary details found in a standard invoice, and the transmission between the buyer and the seller takes place electronically.
e-Archive Invoice is an application that allows invoices, which are legally required to be issued, stored, and presented in paper format under the Tax Procedure Law, to be prepared electronically in compliance with the conditions outlined in the 433rd Communiqué of the Tax Procedure Law. The second copy of these invoices is stored and presented in electronic format. All invoices, except for those issued for taxpayers registered under the e-Invoice Application, are referred to as e-Archive Invoices.
Data Processing for Advertising Purposes
In compliance with Law No. 6563 on the Regulation of Electronic Commerce and the Regulation on Commercial Electronic Communications, electronic mail for advertising purposes is sent to guests who have provided prior consent. Voyag Tourism and MRA Tourism comply with the legal details of the required consent as specified in the relevant legislation. Communication consent may be obtained in written form in a physical environment or through any electronic communication channel. Some or all of the following data—name, surname, event, agency, loyalty card information, city, country, and email address—may be shared with the service provider Related Marketing Cloud (RMC) in compliance with Law No. 6698 on the Protection of Personal Data.
Data Processing Due to the Company’s Legal Obligations or Explicit Legal Provisions
Personal data may be processed without additional consent if its processing is explicitly stipulated in relevant legislation or is necessary for fulfilling a legal obligation defined by law. The type and scope of data processing must be legally permitted and comply with applicable legal provisions.
Within this framework, the email communication permission granted by our guests during their stay will be shared with IYS, the National Data Registry System, which was established by the Regulation No. 30998 published in the Official Gazette on January 4, 2020. IYS allows service providers to store and manage communication permissions such as calls, messages, and emails, while enabling recipients to view and revoke their permissions, report unauthorized messages, and monitor complaint statuses via websites, SMS numbers, and call centers. All permissions will be securely recorded with a timestamp.
For more detailed information, you can visit the IYS website at https://iys.org.tr.
Data Processing via the Company’s Mobile Application
The Maxx Royal Resorts Guest Application, hosted within the shared infrastructure of Voyag Tourism and MRA Tourism and located within Turkey's borders, is used solely for providing services during your stay. You may leave the group at any time or inform your assistant, and your request will be processed immediately. Unless you have a specific request, the group will automatically close 36 hours after your vacation ends.
Conversations with your assistant are stored in a separate and secure system for three years to resolve potential disputes.
Additionally, these conversations cannot be published or shared with third parties in any format without the written and explicit consent of Voyag Tourism or MRA Tourism.
For more information about our personal data policies and practices, you can visit maxxroyal.com/en/kvkk or contact us via [email protected].
Processing of Special Category Data
Voyag Tourism and MRA Tourism process special category personal data only with the explicit consent of the concerned individuals and solely for predetermined purposes. Our facilities may require certain health-related data due to legal regulations, such as those imposed for Covid-19. These data are processed strictly within the scope of legal obligations and may only be shared with authorized public institutions. They are not processed without explicit consent and are never used beyond their intended purpose.
Voyag Tourism and MRA Tourism ensure that special category personal data is processed only for the specified purposes and only with explicit consent, to improve service quality. In cases where legal regulations require it, our facilities may request certain health-related data, such as for Covid-19 measures. These data are strictly shared only with authorized public institutions, processed within the scope of legal obligations, and are not used for any other purposes or processed without explicit consent.
Data Processed by Automated Systems
Voyag Tourism and MRA Tourism fully comply with KVKK regulations regarding data processed by automated systems. Personal data cannot be analyzed using automated systems in a way that produces adverse outcomes for the individual without explicit consent.
Additionally, individuals have the right to object to any decisions that negatively affect them based solely on automated systems by contacting [email protected]. This right is protected under Article 11 of KVKK.
Collection and Processing of Security Camera Data in Facilities
Voyag Tourism and MRA Tourism, acting as the data controller under Law No. 6698 on the Protection of Personal Data (KVKK), process security camera footage collected in our facilities to ensure the safety of both our company and guests while providing a secure service. Your personal data is not used for any purpose beyond those specified and is processed based on the legitimate interest legal basis outlined in Article 5/2(f) of KVKK.
As a general rule, collected personal data is not shared with third parties or institutions. However, in compliance with Article 5/2(ç) of KVKK, data may be shared solely with authorized public institutions and organizations upon request, in order to fulfill legal obligations. Data is destroyed once the purpose of collection has been fulfilled.
Use of Thermal Cameras
Upon entering our facilities, body temperature measurements are conducted using thermal cameras and thermometers. These data are used exclusively for public health protection purposes and are not processed for any other reason.
Transfer of Personal Data Within and Outside the Country
Your personal data may be shared by Voyag Tourism Hospitality Management and Construction Industry Trade Inc. & MRA Tourism and Hotel Management Inc. with business and solution partners to facilitate accommodation, transfers, ticketing, invoicing, surveys, marketing notifications, and loyalty card deliveries.
Voyag Tourism and MRA Tourism may transfer personal data in compliance with Article 9 of KVKK. Data transfers to countries without adequate protection are permitted only when secured by standard contracts approved by the KVKK Board. Transfers will be conducted solely in accordance with legal obligations, using up-to-date data protection methods, and/or with the explicit consent of the individual concerned.
Voyag Tourism Hospitality Management and MRA Tourism may share personal data with the following parties for specific purposes:
- Business partners: Data may be shared with Voyag Tourism and MRA Tourism business partners within the scope of established partnerships to provide services such as transfer planning, ticketing, and pre-flight hospitality.
- Suppliers: Data may be shared with Voyag Tourism and MRA Tourism suppliers solely for providing necessary services related to the company’s commercial activities, such as server hosting, storage, archiving, GSM services, IT support, legal consultation, and similar consultancy services.
- Affiliates and solution partners: Data may be shared with Voyag Tourism, MRA Tourism, ETS Ersoy Touristic Services Inc., and other solution partners for conducting commercial activities involving affiliates, such as loyalty card discounts, ticketing, transfers, and tour guide services.
- Potential employers and occupational health and safety entities: If a former employee consents, necessary documentation may be shared with potential employers requesting references or new employers requiring information under occupational health and safety regulations.
- Auditing and accreditation institutions: Data may be shared with institutions established under legal regulations, such as independent auditing firms and internationally accredited organizations, to ensure compliance with relevant laws.
Voyag Tourism and MRA Tourism fulfill all obligations under Law No. 6698 on the Protection of Personal Data and relevant regulations when transferring personal data within or outside the country. Additionally, where legally required, personal data may be shared with government institutions, judicial authorities, and foreign diplomatic missions (embassies, consulates, etc.) established under international agreements.
Deletion, Destruction, or Anonymization of Personal Data
Your personal data is destroyed using physical, technical, and administrative methods as stipulated in Article 7 of KVKK and the Regulation on Deletion, Destruction, or Anonymization of Personal Data.
Additionally, individuals have the right to request the deletion or destruction of their personal data under KVKK. For any inquiries regarding our policy, you may contact us at [email protected].
Rights of Data Subjects
Voyag Tourism and MRA Tourism recognize and protect the rights of personal data owners under KVKK. In this regard, individuals have the right to:
- Learn whether their personal data is being processed,
- Request information if their data has been processed,
- Learn the purpose of processing and whether data is being used appropriately,
- Know the third parties to whom data has been transferred,
- Request correction of incomplete or inaccurate data,
- Request deletion or destruction of personal data under Article 7 of KVKK,
- Request notification of correction or deletion to third parties with whom data was shared,
- Object to unfavorable outcomes resulting from data processing by automated systems,
- Claim compensation if data processing in violation of the law causes damage.
Data subjects do not have any rights over anonymized data. Personal data may be shared with relevant authorities as required by legal regulations and requests from public institutions.
Privacy and Information Security Principles
Voyag Tourism and MRA Tourism are committed to maintaining the confidentiality of personal data and fully complying with KVKK. Personal data is accessible only to authorized personnel, and necessary technical and administrative security measures are implemented to prevent unauthorized access.
Data Security and Protection Measures
- Protection against unauthorized access: Personal data can only be processed and shared as per contractual or legal requirements.
- Technical and administrative security measures: Up-to-date software systems are used to ensure data security, third-party service providers are carefully selected, and internal data protection policies are followed.
- ISO/IEC 27001 Information Security Management: Our company conducts internal and external audits under ISO/IEC 27001 certification to manage information security processes.
Security measures are continuously updated and improved. Voyag Tourism and MRA Tourism remain committed to protecting personal data in full compliance with KVKK requirements.
ISO/IEC 27001 Information Security Management System Certification
Reporting Data Breaches
Voyag Tourism and MRA Tourism take all necessary technical and administrative measures to prevent personal data breaches and take immediate action in case of a violation. In the event of unauthorized access or data leakage, affected individuals will be notified, and the KVKK Board will be informed as required.
Additionally, personal data owners may submit inquiries through the procedures outlined at www.maxxroyal.com/en/kvkk. To process requests, individuals must provide the necessary identity verification documents.
Important Notes
- Requests are limited to the data of the individual making the request. Requests on behalf of third parties will not be accepted.
- Incomplete or incorrect applications will not be processed.
- Even if data deletion requests are fulfilled, data may still be shared with official authorities upon legal request.
[Click here for the application form]
VERBIS (Data Controller Information)
The data controller information reported to the Personal Data Protection Authority by Voyag Tourism and MRA Tourism can be accessed via the following links:
VOYAG TURİZM OTELCİLİK İŞLETMESİ VE İNŞ.SAN.TİC.A.Ş.
MRA TURİZM VE OTEL İŞLETMECİLİĞİ A.Ş.
Changes to the Personal Data Protection and Privacy Policy
Voyag Tourism and MRA Tourism reserve the right to modify the statements on this page. An updated "Personal Data Protection and Privacy Policy" is always accessible via a link on the website's homepage. The date of the last update and the revision number are stated at the end of this document.
Any changes to the policy become effective upon publication on the website. The latest updates are indicated in bold and italic text. By continuing to use the website, products, or services following such changes, you accept the revised policy in effect at that time.
Contact Information
For any questions regarding the privacy policy, you can contact us using the details below:
Maxx Royal Resorts & Voyage Hotels
Central Sales & Marketing Office
Güzeloba Mah. 2134 Sokak No:30/101
07230 - Muratpaşa / Antalya, TURKİYE
Policy Update Publication Date: February 1, 2025 | Revision: 1