Skip to main content
bbegintravel.
Sign in

Privacy Policy

Last updated: 22 May 2026

1. Data Controller

The data controller responsible for processing your personal data is:

  • Trade name: begintravel
  • Legal entity: Sindibad Turizm Ticaret Anonim Şirketi
  • Tax office: Şişli
  • Tax number (Vergi No): 7701061307
  • Registered address: Cumhuriyet Mah. Halaskargazi Cad. Selamet Apartmanı No:93/9 Kat:5, Şişli / İstanbul, Türkiye
  • TÜRSAB licence No: 10028
  • Contact e-mail: support@begintravel.com

2. What Personal Data We Collect

We collect the following categories of personal data when you use our website and booking services:

2.1 Contact and Identity Data

  • First name, last name, and e-mail address provided during checkout.
  • Phone number, if provided optionally for booking support.

2.2 Guest Data

  • Names of all guests as entered in the booking form, which are transmitted to the hotel or accommodation supplier for check-in purposes.
  • Nationality and/or passport number only if required by the specific supplier or hotel and requested at checkout.

2.3 Booking and Transaction Data

  • Hotel name, destination, check-in and check-out dates, room type, number of guests, rate selected, and special requests.
  • Booking reference numbers, confirmation status, and voucher details.
  • Payment metadata: transaction ID, amount charged, currency, and payment status as returned by Stripe. We do not store, process, or have access to your card number (PAN), CVV, or expiry date — these are entered directly on Stripe's PCI-DSS-certified payment form and never transmitted to our servers.

2.4 Technical and Usage Data

  • IP address, browser type and version, operating system, referring URL, and pages visited, collected automatically via server logs.
  • Cookie and analytics data as described in our Cookie Policy.

3. Purposes of Processing

We process your personal data for the following purposes:

  • Processing and fulfilling hotel reservations — searching availability, confirming bookings with suppliers, issuing booking vouchers, and communicating reservation updates.
  • Payment processing — initiating and managing card payments via Stripe, handling refunds, and maintaining payment records.
  • Customer support — responding to enquiries, complaints, cancellation requests, and post-stay issues.
  • Legal and regulatory compliance — maintaining booking and financial records as required by Turkish Commercial Law, tax regulations, and TÜRSAB licensing requirements.
  • Service improvement and analytics — understanding how visitors use the website to improve functionality and content (subject to your cookie consent).
  • Fraud prevention and security — detecting and preventing fraudulent bookings and payment abuse.

4. Legal Bases for Processing

We rely on the following legal bases under the Turkish Personal Data Protection Law (KVKK — Law No. 6698) and, where applicable, the EU General Data Protection Regulation (GDPR):

  • Performance of a contract (KVKK Art. 5(2)(c) / GDPR Art. 6(1)(b)) — processing your contact data, guest names, booking details, and payment metadata is necessary to provide the reservation service you have requested.
  • Legal obligation (KVKK Art. 5(2)(ç) / GDPR Art. 6(1)(c)) — retaining booking and financial records to comply with Turkish tax law, commercial law, and TÜRSAB regulations.
  • Legitimate interests (KVKK Art. 5(2)(f) / GDPR Art. 6(1)(f)) — fraud prevention, security monitoring, and improving the reliability of our services, where these interests are not overridden by your rights.
  • Consent (KVKK Art. 5(1) / GDPR Art. 6(1)(a)) — analytics and non-essential cookies, as collected via the cookie consent banner. You may withdraw this consent at any time without affecting the lawfulness of prior processing.

5. Sharing of Personal Data

We share your personal data only where necessary:

  • Hotel and accommodation suppliers — guest names, check-in/out dates, room type, special requests, and booking reference are shared with the hotel or its wholesale supplier to enable the reservation and check-in.
  • Stripe, Inc. — your contact information and booking amount are shared with Stripe to process payment. Stripe acts as an independent data controller for payment data processed on its platform. See Stripe's Privacy Policy.
  • Supabase — our booking database and backend infrastructure is hosted on Supabase, which stores booking and user data on our behalf as a data processor under appropriate contractual safeguards.
  • Legal authorities — we may disclose personal data to competent authorities (courts, tax offices, regulatory bodies) when required by law.

We do not sell, rent, or otherwise commercially share your personal data with third parties for marketing purposes.

6. Data Retention

We retain personal data only for as long as necessary for the purposes described above:

  • Booking and transaction records — 10 years from the booking date, as required by Turkish Commercial and Tax Law.
  • Support correspondence — 3 years from the date of the last communication.
  • Analytics data — up to 26 months, in aggregated and anonymised form.
  • Consent records — retained for 3 years from the date of consent.

7. Your Data-Subject Rights

Under KVKK Art. 11 (and equivalent GDPR rights for EU/EEA residents), you have the right to:

  • Learn whether your personal data is being processed.
  • Request information about the purposes and scope of processing.
  • Learn to whom your data is disclosed domestically or abroad.
  • Request correction of inaccurate or incomplete personal data.
  • Request deletion or destruction of personal data where the grounds for processing no longer exist.
  • Object to processing carried out solely by automated means that produces adverse decisions about you.
  • Claim compensation for damages caused by unlawful processing.

To exercise any of these rights, please submit a written request to support@begintravel.com with the subject line "Data Subject Request". We will respond within 30 days. Requests may require verification of your identity. You may also submit complaints to the Turkish Personal Data ProtectionAuthority (Kişisel Verileri Koruma Kurumu — KVKK) at www.kvkk.gov.tr.

8. International Data Transfers

Some of our service providers (including Stripe and Supabase) may process personal data outside of Türkiye. Where personal data is transferred internationally, we ensure appropriate safeguards are in place in accordance with KVKK Art. 9, such as adequacy decisions or standard contractual clauses. You may request details of the safeguards applied to any specific transfer by contacting us.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. These include TLS encryption for data in transit, access-control restrictions on our database, and regular security reviews. Despite these measures, no internet transmission is completely secure, and we cannot guarantee absolute security.

10. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page will reflect when the most recent changes were made. Where changes are material, we will notify you by e-mail or via a prominent notice on the website before the changes take effect.

11. Contact

For all privacy-related enquiries and data subject requests:
E-mail: support@begintravel.com
Sindibad Turizm Ticaret Anonim Şirketi
Cumhuriyet Mah. Halaskargazi Cad. Selamet Apartmanı No:93/9 Kat:5, Şişli / İstanbul, Türkiye
TÜRSAB No: 10028

These terms are provided as a professionally-drafted template and should be reviewed by qualified legal counsel before being relied upon in a commercial context.