Stored-Card Privacy Notice
How card data stored for the guarantee is processed (Türkiye KVKK / EU-UK GDPR).
Last updated: 24 June 2026
1. Data Controller
The data controller is DYF Turizm Tic. Ltd. Şti.("Bedoka") — Mehmet Akif Ersoy Mah. Hanımeli Sok. No:5/B Üsküdar/İstanbul, Türkiye; email info@bedoka.com.
2. Data Processed
For the pay-at-hotel card guarantee, only the following are processed/stored:
- The bank-issued card token,
- The card's masked number (e.g. 5312 ** ** 3456) and expiry date,
- The cardholder name and validation/transaction references.
The full card number (PAN) and CVV are NOT stored by Bedoka. Card details are sent directly to the bank over 3D Secure.
3. Purpose
Data is processed to guarantee the reservation with a card, validate the card, and charge a no-show fee per the cancellation/no-show policy if you do not show up.
4. Legal Basis
Processing relies on performance of the contract and your explicit consent. The approval you give at the booking step constitutes this consent and can be withdrawn.
5. Retention
The card token is kept only for the guarantee period (until check-in and the end of the no-show charge window), after which it is rendered unusable/deleted. Statutory retention obligations are reserved.
6. Transfers
Card transactions run through the authorised bank/payment institution (Halkbank virtual POS). Data may be shared with relevant institutions for legal obligations and service performance.
7. Your Rights
You have the right to access, rectify, erase, object to processing, and withdraw consent. Send requests to info@bedoka.com. Withdrawing consent ends the card guarantee; it does not affect the application of the existing cancellation/no-show rules.
8. Guests Residing Abroad (GDPR)
For guests residing in the EU/UK, the card token and related data are processed under GDPR on the bases of contract performance and explicit consent, with limited retention and access/erasure rights.
Note: This text is a template and must undergo final legal review before going live.