Privacy Policy

Protecting your personal data is important to us

1. General Information

As Eskişehir Formercity Hotel, we process your personal data in accordance with the Personal Data Protection Law No. 6698 ("KVKK"), GDPR 2025 updates, AI Act (European Artificial Intelligence Act) and related legislation provisions. This Privacy Policy has been prepared to inform you about how your personal data is collected, processed, stored and protected.

2. Personal Data Categories

The personal data categories we process are as follows:

Identity Data: Name, surname, T.C. ID number, date of birth, gender
Contact Data: Address, phone number, email address
Customer Transaction Data: Reservation information, payment information, accommodation history
Marketing Data: Preferences, likes, subscription status
Technical Data: IP address, cookie information, browser information
Biometric Data: Facial recognition, fingerprint (for security purposes)
Digital Identity Data: Self-Sovereign Identity (SSI) information
IoT Data: Data collected from smart devices

3. Methods of Collecting Personal Data

Your personal data is collected through the following methods:

Forms filled out on our website
During reservation processes
Contact forms and customer services
Cookies and similar technologies
From third-party business partners
From IoT sensors (smart rooms)
From biometric systems (security)
From blockchain and Web3 platforms

4. Purposes of Processing Personal Data

Your personal data is processed for the following purposes:

Conducting reservation processes
Providing customer services
Fulfilling legal obligations
Marketing and promotional activities
Increasing customer satisfaction
Security and quality control
AI-supported personalization
Metaverse and VR services
Blockchain-based transactions

5. Personal Data Retention Periods

Your personal data is retained for as long as required by the processing purpose:

Reservation Data: 10 years
Customer Communication Data: 5 years
Marketing Data: Until cancelled
Technical Data: 2 years
Biometric Data: 1 year (for security purposes)
Blockchain Data: Permanent (immutable)
AI Model Data: 3 years (for training purposes)

6. Sharing of Personal Data

Your personal data may be shared with third parties in the following situations:

For fulfilling legal obligations
With service provider business partners
With customer's explicit consent
For public safety and order
For AI model training (anonymized)
With blockchain networks (encrypted)
With metaverse platforms

7. Data Security

We take the following measures to ensure the security of your personal data:

SSL encryption technology
Secure server infrastructure
Regular security updates
Staff training
Access control and authorization
Quantum-safe cryptography
Zero Trust architecture
Edge computing security protocols
Blockchain verification systems

8. Cookies

Cookies are used on our website to improve user experience. Cookie types:

Essential Cookies: Required for site functionality
Analytical Cookies: Site usage statistics
Marketing Cookies: Personalized content
AI Cookies: For machine learning
Blockchain Cookies: For Web3 integration

9. Your Rights

Under KVKK and GDPR 2025, you have the following rights:

Learn whether your personal data is being processed
Request information about your processed personal data
Learn the purpose of processing and whether they are used appropriately
Know the third parties to whom they are transferred domestically or abroad
Request correction if they are incomplete or incorrectly processed
Request deletion or destruction under certain conditions
Request notification of correction, deletion or destruction to third parties
Object to a result arising against you due to analysis by automatic systems
Data Portability: Download your data in JSON/XML format
API Access: Programmatic data access
Self-Sovereign Identity: Manage your own digital identity

10. Contact

You can submit your requests regarding your personal data through the following ways:

Email: kvkk@formercityotel.com
Mail: Formercity Mahallesi, Eskişehir
Phone: +90 222 123 45 67
Web3 Platform: Voting with DAO governance token

11. Artificial Intelligence and Automated Decision Making

As of 2025, we use the following artificial intelligence applications:

Chatbot Services: Customer service automation
Price Optimization: Dynamic pricing algorithms
Personalization: Content and service recommendations
Security Analysis: Abnormal behavior detection
Predictive Analytics: Customer behavior prediction
Computer Vision: Facial recognition and security
Natural Language Processing: Multi-language support

12. Data Portability and API Access

In compliance with KVKK and GDPR 2025, you have the following rights:

Data Download: Download your personal data in JSON/XML format
API Access: Programmatic data access (for developers)
Data Transfer: Transfer data to other service providers
Real-time Access: Query instant data status
GraphQL API: Flexible data querying
RESTful API: Standard web services

13. Blockchain and Cryptocurrency Payments

Payment methods we accept in 2025:

Cryptocurrency: Bitcoin, Ethereum, USDT, Cardano are accepted
Blockchain Records: Payment transactions are stored on blockchain
DeFi Integration: Decentralized finance protocols
NFT Reservation: Reservation system with special NFTs
Smart Contract: Automatic contract execution
Cross-chain: Transfer between different blockchain networks

14. Metaverse and Virtual Reality

Services we offer on Metaverse platforms:

Virtual Hotel Tour: Room viewing with VR/AR
Metaverse Events: Virtual conferences and meetings
Avatar Services: Creating personalized avatars
NFT Collections: Hotel-themed digital collections
Virtual Reality Check-in: Room control with VR
Augmented Reality: Viewing room features with AR

15. Sustainability and Green Data

Our environmentally friendly data processing policies:

Carbon Neutral Servers: 100% renewable energy
Data Optimization: Minimum data storage principle
Green AI: Low energy consuming algorithms
Circular Economy: Data recycling and reuse
Edge Computing: Energy saving with local data processing
Green Blockchain: Environmentally friendly consensus algorithms

16. GDPR 2025 and AI Act Compliance

As of 2025, we meet the following legal requirements:

GDPR 2025 Updates: Advanced data portability and deletion rights
AI Act Compliance: Special protections for high-risk AI systems
Digital Identity: Self-Sovereign Identity (SSI) support
Algorithmic Transparency: Transparency of AI decision-making processes
Human-in-the-Loop: Human intervention in critical decisions
Bias Detection: AI bias detection and correction

17. Quantum Computing and Edge Computing

2025 technology integration:

Quantum-Safe Cryptography: Next-generation encryption standards
Edge Computing: Local data processing and low latency
5G Integration: High-speed data transfer
IoT Security: Smart device security protocols
Fog Computing: Distributed data processing
Quantum Key Distribution: Quantum key distribution

18. Web3 and DAO Structures

Decentralized structures and data management:

DAO Integration: Decentralized decision-making processes
Smart Contract Data Management: Automatic data processing contracts
Tokenized Data Ownership: Users tokenizing their own data
Decentralized Storage: IPFS and similar distributed storage
Governance Tokens: Voting rights in data policies
Interoperability: Compatibility between different blockchain networks

19. Digital Identity and Self-Sovereign Identity

2025 digital identity management:

SSI Support: Managing your own digital identity
Verifiable Credentials: Verifiable identity documents
Zero-Knowledge Proofs: Identity verification privacy
DID (Decentralized Identifiers): Decentralized identity identifiers
Biometric Integration: Identity verification with biometric data
Cross-Platform Identity: Same identity across different platforms

20. Policy Updates

This Privacy Policy may be updated when necessary. Important changes will be announced on our website.

Last update date: January 1, 2025