Legal Information

The data controller responsible for processing your personal data is:

Villa Öz
Owner: Ala Aksu
Address: Karapınar, Gülbahçe, Urla/İzmir, Turkey
Email: info@villaoez.com
Phone: +90 501 142 58 59

For data protection inquiries, contact us at info@villaoez.com with the subject line "Data Protection Request".

We collect the following categories of personal data:

Data you provide directly:
• Contact information (name, email address, phone number) via inquiry and booking forms
• Message content when you contact us via email, WhatsApp, or contact forms

Data collected automatically:
• Technical data: IP address, browser type and version, operating system, device type
• Usage data: pages visited, time spent on pages, referral source, click patterns
• Cookie data: as detailed in our Cookie Policy below

Data from third parties:
• Booking platform data (Airbnb, Booking.com) — only when you choose to make a reservation through these platforms, subject to their respective privacy policies

Under GDPR Article 6 and KVKK Article 5, we process your personal data based on the following legal grounds:

Consent (GDPR Art. 6(1)(a)) — for analytics cookies, third-party cookies, and marketing communications. You may withdraw consent at any time.

Performance of a contract (GDPR Art. 6(1)(b)) — for processing booking inquiries and responding to your requests about our services.

Legitimate interest (GDPR Art. 6(1)(f)) — for website security, fraud prevention, and improving our services. We have balanced our interests against your rights and freedoms.

Legal obligation (GDPR Art. 6(1)(c)) — for compliance with Turkish commercial law, tax regulations, and mandatory data retention requirements.

We process your personal data for the following specific purposes:

• Booking management: Responding to reservation inquiries and facilitating bookings through third-party platforms
• Communication: Answering your questions and providing information about our services via WhatsApp messaging or email
• Website operation: Ensuring the website functions properly (essential cookies, language preferences)
• Analytics: Understanding how visitors use our website to improve the user experience (only with your consent)
• Legal compliance: Fulfilling our obligations under Turkish law and applicable EU regulations
• Security: Protecting against unauthorized access, fraud, and abuse

We do not sell, trade, or rent your personal data. We may share your data with the following categories of recipients:

Service providers:
• Vercel Inc. (website hosting) — USA, with EU Standard Contractual Clauses
• Netlify Inc. (contact form processing via serverless function) — USA, with EU Standard Contractual Clauses. Contact form submissions are forwarded to the site administrator and are not stored in any database.
• Google LLC (Google Analytics, Google Maps) — USA, with EU Standard Contractual Clauses
• WhatsApp LLC (inquiry messaging via WhatsApp Business) — USA (Meta Platforms), encrypted messaging platform, with EU Standard Contractual Clauses
• Telegram FZ-LLC (administrative notification delivery) — UAE/UK. Contact form submissions are forwarded to the site administrator via Telegram Bot API. No data is stored by Telegram beyond message delivery.

Booking platforms (only when you initiate a booking):
• Airbnb Ireland UC — Ireland (EU)
• Booking.com B.V. — Netherlands (EU)

Data Processing Agreements (DPAs) are in place with all processors as required by GDPR Article 28 and KVKK Article 12. Each third party processes your data according to their own privacy policies. We encourage you to review those policies before using their services.

Some of our service providers are based outside the European Economic Area (EEA) and Turkey. When we transfer personal data internationally, we ensure appropriate safeguards are in place:

• EU Standard Contractual Clauses (SCCs) — for transfers to the United States (Google, Vercel)
• Adequacy decisions — for transfers to countries deemed adequate by the European Commission
• Your explicit consent — where no other safeguard applies, we will seek your explicit consent before any transfer

These safeguards comply with GDPR Chapter V, KVKK Article 9, and ISO 27701 requirements for cross-border data transfers.

We retain your personal data only as long as necessary for the purposes described above:

• Contact form submissions: 12 months after your last inquiry
• Booking-related communications: 24 months after the stay, or as required by Turkish tax law (up to 10 years for financial records)
• Analytics data: 14 months (Google Analytics default retention period)
• Cookie consent records: 12 months, after which we will request your consent again
• Website server logs: 90 days

After the retention period, personal data is securely deleted or anonymized.

If you are in the European Economic Area, you have the following rights under GDPR:

• Right of access (Art. 15) — obtain a copy of your personal data we hold
• Right to rectification (Art. 16) — correct inaccurate or incomplete data
• Right to erasure (Art. 17) — request deletion of your data ("right to be forgotten")
• Right to restriction (Art. 18) — limit how we process your data
• Right to data portability (Art. 20) — receive your data in a structured, machine-readable format
• Right to object (Art. 21) — object to processing based on legitimate interest
• Right to withdraw consent (Art. 7(3)) — withdraw consent at any time, without affecting the lawfulness of prior processing
• Right not to be subject to automated decision-making (Art. 22) — we do not use automated decision-making or profiling

To exercise any of these rights, email info@villaoez.com with "GDPR Request" in the subject line. We will respond within 30 days.

Under Turkey's Personal Data Protection Law (KVKK, Law No. 6698, Article 11), you have the right to:

• Learn whether your personal data is being processed
• Request information about data processing activities
• Learn the purpose of processing and whether data is used accordingly
• Know the third parties to whom your data has been transferred, domestically or abroad
• Request correction of incomplete or inaccurate data
• Request deletion or destruction of your personal data under KVKK Article 7
• Request notification of corrections or deletions to third parties
• Object to results produced by automated processing that are against your interests
• Claim compensation for damages arising from unlawful processing

To submit a KVKK request, email info@villaoez.com with "KVKK Basvuru" in the subject line. We will respond within 30 days as required by law.

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the relevant supervisory authority:

For EU residents:
You may contact your local Data Protection Authority (DPA). A full list is available at: edpb.europa.eu/about-edpb/about-edpb/members

For Turkish residents:
Kisisel Verileri Koruma Kurumu (KVKK Board)
Nasuh Akar Mah. Ziyabey Cad. 1407. Sok. No:4, 06520, Balgat-Cankaya/Ankara
Website: kvkk.gov.tr

We implement technical and organizational security measures aligned with ISO 27001 and ISO 27701 principles:

Technical measures:
• HTTPS/TLS encryption for all data in transit
• Static site architecture with serverless functions for form processing — no persistent database storing personal data
• Hosting on Vercel with SOC 2 Type II certified infrastructure
• Self-hosted fonts (no external font loading that transmits visitor IP addresses)
• Regular security updates and dependency audits

Organizational measures:
• Limited access to personal data on a need-to-know basis
• Data Processing Agreements (DPAs) with all third-party processors
• Third-party vendor assessment before engagement
• Regular review of data processing activities
• Privacy by design and by default in website development

In the event of a personal data breach that poses a risk to your rights and freedoms:

• We will notify the relevant supervisory authority (KVKK Board and/or EU DPA) within 72 hours of becoming aware of the breach (GDPR Art. 33)
• If the breach poses a high risk to you, we will notify affected individuals without undue delay (GDPR Art. 34)
• We will document all breaches, including their effects and remedial actions taken (ISO 27701, Clause 6.13)

Our website and services are not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately at info@villaoez.com, and we will take steps to delete such data promptly.

Villa Öz qualifies for exemption from registration with the Data Controllers Registry (VERBİS) pursuant to the KVKK Board Decision No. 2018/32, as the business operates with fewer than 50 employees and an annual balance sheet total below the threshold set by the Board. This exemption does not diminish our obligations under KVKK regarding data protection and data subject rights.

We may update this Privacy Policy to reflect changes in our practices or legal requirements. The "Last updated" date at the top of this page indicates the most recent revision. Material changes will be communicated through a prominent notice on our website. We recommend reviewing this policy periodically.

Villa Öz
Owner: Ala Aksu
Address: Karapınar, Gülbahçe, Urla/İzmir, Turkey
Email: info@villaoez.com
Phone: +90 501 142 58 59

Your personal data is processed for the following purposes:

• Responding to your inquiries submitted via the contact form, email, or WhatsApp Business
• Facilitating villa rental bookings through third-party platforms (Airbnb, Booking.com) or direct agreement
• Providing information about yoga retreat and private event services
• Ensuring the security and proper operation of the website
• Fulfilling legal obligations under Turkish commercial and tax law

Your personal data may be transferred to the following recipients:

• Netlify Inc. (USA) — for contact form processing via serverless function. Data is forwarded, not stored.
• Telegram FZ-LLC (UAE/UK) — for administrative notification delivery via Telegram Bot API. Data is forwarded to the site administrator, not stored by Telegram.
• WhatsApp LLC / Meta Platforms (USA) — when you initiate contact via WhatsApp Business. End-to-end encrypted.
• Google LLC (USA) — for website analytics (only with your consent) and interactive map display.
• Vercel Inc. (USA) — for website hosting and content delivery.
• Airbnb Ireland UC (Ireland) / Booking.com B.V. (Netherlands) — only when you initiate a booking through these platforms.

International transfers are safeguarded by EU Standard Contractual Clauses (KVKK Article 9).

Your personal data is collected through the following methods:

• Contact form on villaoz.com (name, email, phone, message) — processed via serverless function and forwarded to site administrator
• WhatsApp Business messaging — when you initiate contact
• Cookies and analytics — automatically, only with your prior consent
• Booking platforms — when you make a reservation through Airbnb or Booking.com

Legal basis for processing (KVKK Article 5): explicit consent; performance of a contract or steps prior to entering into a contract; compliance with legal obligations; legitimate interests of the data controller, provided that your fundamental rights are not harmed.

Under KVKK Article 11, you have the right to:

• Learn whether your personal data is being processed
• Request information about data processing activities
• Learn the purpose of processing and whether data is used accordingly
• Know the third parties to whom your data has been transferred, domestically or abroad
• Request correction of incomplete or inaccurate data
• Request deletion or destruction of your personal data (KVKK Article 7)
• Request notification of corrections or deletions to third parties
• Object to results produced by automated processing that are against your interests
• Claim compensation for damages arising from unlawful processing

To exercise your rights, email info@villaoez.com with the subject line "KVKK Basvuru". We will respond within 30 days as required by law.

This website is operated by:

Villa Öz
Owner: Ala Aksu
Address: Karapınar, Gülbahçe, Urla/İzmir, Turkey
Email: info@villaoez.com
Phone: +90 501 142 58 59

In accordance with Turkey's Law No. 5651 on the Regulation of Publications on the Internet and Combating Crimes Committed by Means of Such Publications, Villa Öz is the content provider (içerik sağlayıcı) of this website and is responsible for all content published herein (Article 4).

Content provider: Ala Aksu (Villa Öz)
Address: Karapınar, Gülbahçe, Urla/İzmir, Turkey
Contact: info@villaoez.com / +90 501 142 58 59

Hosting provider: Vercel Inc., 340 S Lemon Ave #4133, Walnut, CA 91789, USA

If you believe any content on this website violates your rights or applicable law, please contact us at info@villaoez.com with details of the content in question. We will review and respond in accordance with the procedures set out in Law No. 5651.

This website serves as an informational platform about Villa Öz's villa rental, yoga retreat, and private event hosting services in Urla, Izmir, Turkey. The website does not facilitate direct transactions, payments, or booking processing.

Villa Öz does not process bookings or payments directly through this website. Reservations are made through:

• Third-party platforms: Airbnb and Booking.com, each governed by their respective terms and conditions
• Direct contact: Via WhatsApp (+90 501 142 58 59) or email (info@villaoez.com), subject to a separate booking agreement

By using third-party booking platforms, you are subject to those platforms' terms, cancellation policies, and payment processing rules. Villa Öz is not liable for platform-specific disputes.

All content on this website, including but not limited to text, photographs, illustrations, graphic design, logos, layout, and code, is the intellectual property of Villa Öz and is protected under Turkish Law No. 5846 (Law on Intellectual and Artistic Works) and applicable international copyright agreements. Reproduction, distribution, or modification without written permission is prohibited.

We endeavor to ensure the accuracy of information on this website. However, we make no warranties or representations regarding the completeness, accuracy, or reliability of any content. Prices, availability, amenities, and room configurations are subject to change without prior notice. Current details should always be confirmed at the time of booking.

To the maximum extent permitted by applicable law, Villa Öz shall not be liable for any direct, indirect, incidental, consequential, or punitive damages arising from: (a) your use or inability to use the website; (b) reliance on information provided on the website; (c) unauthorized access to your data; (d) errors, omissions, or service interruptions. This limitation applies regardless of the legal theory under which damages are sought.

This website contains links to external websites operated by third parties (Airbnb, Booking.com, Instagram, WhatsApp, Google Maps). We have no control over the content, privacy practices, or availability of these external sites and accept no responsibility for them. Inclusion of a link does not imply endorsement.

When using this website, you agree not to:

• Attempt to gain unauthorized access to any part of the website or its infrastructure
• Use automated systems (bots, scrapers) to extract content without written permission
• Submit false, misleading, or fraudulent information through contact forms
• Interfere with or disrupt the website's functionality

In accordance with the Turkish Consumer Protection Law (No. 6502), the following applies to consumers residing in Turkey:

• Consumer Arbitration Board: For disputes below the monetary threshold set annually by the Ministry of Commerce, you may apply to the Consumer Arbitration Board (Tüketici Hakem Heyeti) in İzmir before initiating court proceedings
• Right of information: All service descriptions, pricing, and availability information on this website are provided for informational purposes only and do not constitute a binding offer
• Complaint channel: You may direct consumer complaints to info@villaoez.com or via the Ministry of Commerce's consumer complaint platform at tuketici.ticaret.gov.tr

Note: Since Villa Öz does not process direct transactions on this website, consumer rights related to distance selling (such as the 14-day right of withdrawal) are governed by the terms of the booking platform (Airbnb, Booking.com) or the separate booking agreement entered into via direct contact.

In accordance with Turkey's Electronic Commerce Law (No. 6563) and its implementing regulations:

• Villa Öz does not send commercial electronic messages (e-mail, SMS) without obtaining prior explicit consent (onay) from the recipient
• Any future marketing communications will include a clear and free-of-charge unsubscribe mechanism as required by law
• This website displays the identity and contact information of the service provider as required by Article 3 of Law No. 6563

Neither Villa Öz nor its guests shall be liable for failure to perform obligations where such failure results from circumstances beyond reasonable control, including but not limited to:

• Natural disasters, including earthquakes, floods, and extreme weather events
• Pandemics, epidemics, or government-mandated health restrictions
• Government travel bans, curfews, or entry restrictions
• War, terrorism, civil unrest, or military action
• Infrastructure failures (power outages, telecommunications disruption)

In such events, affected obligations shall be suspended for the duration of the force majeure event. Villa Öz will notify guests as soon as reasonably practicable and work in good faith to find alternative arrangements or provide appropriate remedies in accordance with the applicable booking agreement.

These Terms of Service are governed by and construed in accordance with the laws of the Republic of Turkey. Any disputes arising from these terms or your use of the website shall be subject to the exclusive jurisdiction of the courts of Izmir, Turkey. For EU consumers, this does not affect your right to bring proceedings in the courts of your country of residence under applicable consumer protection laws.

For consumers residing in the European Union: The European Commission provides an Online Dispute Resolution (ODR) platform at ec.europa.eu/consumers/odr. This platform allows EU consumers to resolve disputes related to online purchases of goods and services without going to court. While Villa Öz does not process direct online transactions, we provide this reference in accordance with EU Regulation No. 524/2013. Our email for dispute resolution purposes is: info@villaoez.com.

If any provision of these terms is found to be invalid or unenforceable by a court of competent jurisdiction, the remaining provisions shall continue in full force and effect.

We reserve the right to modify these terms at any time. Changes will be effective upon posting to this page. Your continued use of the website after changes constitutes acceptance of the modified terms.

Cookies are small text files placed on your device (computer, tablet, or smartphone) when you visit a website. They serve various functions such as remembering your preferences, understanding how you use the site, and enabling certain features. Cookies may be "session" cookies (deleted when you close your browser) or "persistent" cookies (remain on your device for a set period).

We classify cookies into three categories. No non-essential cookies are placed until you provide consent.

Essential Cookies (Strictly Necessary)
These cookies are required for the website to function and cannot be disabled.

• villaoz-cookie-consent — Stores your cookie preferences (category choices, consent timestamp, version). Provider: Villa Öz. Duration: 12 months. Type: localStorage.
• astro-i18n-locale — Remembers your language preference (EN/TR). Provider: Villa Öz. Duration: Session. Type: localStorage.

Analytics Cookies (Require Consent)
These cookies help us understand visitor behavior. They are only loaded after you give explicit consent.

• _ga — Google Analytics: Distinguishes unique users. Provider: Google LLC. Duration: 2 years. Type: HTTP cookie.
• _ga_* — Google Analytics: Maintains session state. Provider: Google LLC. Duration: 2 years. Type: HTTP cookie.

Third-Party Cookies (Require Consent)
These cookies are set by external services embedded on our pages. They are only loaded after you give explicit consent.

• Google Maps cookies — Enables the interactive map on our location section. Provider: Google LLC. Duration: Varies. Type: HTTP cookie.
• Google Fonts cookies — Delivers font files for typography. Provider: Google LLC. Duration: Varies. Type: HTTP cookie.

In compliance with GDPR Article 7 and the ePrivacy Directive:

• Prior consent: No non-essential cookies are loaded before you make a choice
• Granular control: You can accept or decline each category independently via the "Manage Preferences" panel
• Equal choice: The "Accept All" and "Decline All" buttons have equal visual prominence
• No pre-ticked boxes: All optional categories default to "off" until you actively enable them
• Freely given: Access to the website is not conditional upon accepting non-essential cookies

You can change your cookie preferences at any time — withdrawing consent is as easy as giving it (GDPR Art. 7(3)):

• Click the "Manage Cookies" link in our website footer to reopen the cookie preferences panel
• Adjust the toggles for each cookie category and save your preferences
• Alternatively, clear your browser cookies and revisit the site to see the consent banner again

You can also manage cookies through your browser settings. Note that disabling essential cookies may affect website functionality.

We store your consent record locally on your device, including the version of this Cookie Policy you consented to and the timestamp of your choice. This serves as our proof of consent in compliance with GDPR Article 7(1). We do not store consent records on our servers, as our website uses a static architecture with no server-side database.

When you consent to analytics or third-party cookies, the following data processors may receive data:

• Google LLC (Analytics, Maps, Fonts) — USA. Safeguard: EU Standard Contractual Clauses. Privacy Policy: policies.google.com/privacy
• Vercel Inc. (Hosting, CDN) — USA. Safeguard: EU Standard Contractual Clauses. Privacy Policy: vercel.com/legal/privacy-policy

These processors are contractually obligated to handle your data in accordance with GDPR requirements.

Our website respects the Do Not Track browser signal. If your browser sends a DNT header, we will not load analytics cookies regardless of your consent banner choice.

When we update this Cookie Policy, we increment the consent version number. If the version changes, the consent banner will be shown again so you can review and provide updated consent based on the new policy. The "Last updated" date at the top of this page indicates the most recent revision.