1) Data Controller
The data controller for personal data processed through this website will be the business/company (Melas Spa & Wellness) where the service is provided. Official title and contact information are shared upon request.
2) What Data Can We Collect?
- Contact and reservation data: name-surname, phone, e-mail, request/message content, preferred service and reservation details (date/time, etc.).
- Technical data: IP address, browser type, operating system, page view logs (for security and performance purposes).
- Payment data: if online payment is received, it may be processed by the payment infrastructure provider; we aim not to store card data directly.
3) Processing Purposes
- To receive, manage and provide reservation requests
- To carry out request/complaint/communication processes
- To fulfill legal obligations and protect rights
- System security, debugging, prevention of abuse
4) Legal Reasons
Your personal data may be processed based on legal reasons within the scope of KVKK Art. 5 (e.g., establishment/performance of contract, legal obligation of data controller, legitimate interest). If required for special category personal data, explicit consent mechanisms should also be applied.
5) Cookies and Similar Technologies
Cookies may be used to a limited extent for mandatory functions on our website (e.g., language preference). Marketing/tracking cookies and third-party tracking technologies are not used by default.
6) Third Parties and Transfer
We may work with third-party service providers for services such as reservation management, hosting, e-mail delivery or payment infrastructure. These providers process data to the extent required by the service.
When the AI-powered recommendation (Spa Guide) feature is used, your responses are processed only to generate recommendations and are not stored permanently. For maximum privacy, choices that may qualify as health/special category data are filtered before being transferred to third-party services.
7) Retention Periods
Data is retained for the period required by the processing purpose and taking into account the statute of limitations/evidence obligations foreseen in the relevant legislation. Deletion, destruction or anonymization is applied after the period expires.
8) Data Security
We aim to ensure data security with appropriate administrative and technical measures (access control, logging, up-to-date software components, authorization, etc.). However, it cannot be guaranteed that data transmission over the internet is 100% secure.
9) Your Rights
Within the scope of KVKK; you have rights such as learning whether your personal data is processed, requesting information if processed, learning whether it is used in accordance with its purpose, requesting correction if incompletely/incorrectly processed, requesting deletion/destruction, knowing third parties to whom transfer is made.
10) Contact
You can use the Contact page for your privacy-related requests.