Skip to main content
Visit Cappadocia
Legal

Privacy Policy

How we collect, use, and protect your personal data on visitcappadocia.net

Last Updated: May 2026

1. Data Controller

The data controller responsible for your personal data is Visit Cappadocia, operating the website visitcappadocia.net. Our registered address is Cavusin, Avanos, Nevsehir, Turkey. If you have any questions about this Privacy Policy, please contact us at privacy@visitcappadocia.net.

2. Information We Collect

2.1 Information You Provide

  • Contact form data — name, email address, and message content when you use our contact form.
  • Comments — name, email, and comment content when you leave a comment on our blog or travel guide pages.
  • Language preference — your selected language (en, tr, ru, ko, ja, es) to serve content in your preferred language.

2.2 Information Collected Automatically

  • Usage data — pages visited, time spent on pages, navigation paths, and device information (browser type, operating system, screen resolution).
  • IP address — used in anonymized form for analytics and security purposes.
  • Cookies and similar technologies — as described in Section 3 below.

3. Cookies

We use cookies and similar tracking technologies to operate and improve our website. Cookies are small text files stored on your device.

Cookie TypePurposeDuration
EssentialLanguage preference, session managementSession / 1 year
AnalyticsAnonymized usage statistics and page metrics2 years
SecurityCloudflare Turnstile bot protection tokenSession

You can manage your cookie preferences through your browser settings. Disabling essential cookies may affect the functionality of our website.

4. Third-Party Services

We use the following third-party services that may process your personal data:

4.1 Supabase

We use Supabase (Supabase Inc.) as our backend platform to store and process contact form submissions and comments. Supabase acts as a data processor on our behalf. Data is stored in the European Union. Supabase's privacy policy: supabase.com/privacy

4.2 Cloudflare Turnstile

We use Cloudflare Turnstile to protect our contact form and comment sections from spam and automated abuse. Turnstile may collect device fingerprints and browser data to verify you are a human user. Cloudflare's privacy policy: cloudflare.com/privacypolicies

4.3 CloudFront CDN

We use Amazon CloudFront as our content delivery network to serve images and static assets with improved performance. CloudFront may log IP addresses, request timestamps, and referrer URLs as described in AWS privacy practices. Amazon's privacy notice: aws.amazon.com/privacy

5. How We Use Your Data

We process your personal data for the following lawful purposes:

  • Responding to inquiries — to answer messages sent through our contact form.
  • Managing comments — to publish and moderate user-submitted comments.
  • Improving our website — analyzing anonymized usage patterns to enhance content and user experience.
  • Security — using Cloudflare Turnstile to prevent spam and abuse on our forms.
  • Content delivery — serving images and assets efficiently via CloudFront CDN.
  • Legal compliance — meeting obligations under applicable data protection laws.

6. Data Transfers

Our services operate globally. Personal data may be transferred to and processed in countries outside your jurisdiction, including the European Union (Supabase) and the United States (Cloudflare, AWS). Where required, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission, to protect your data during international transfers.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including encrypted data transmission (HTTPS/TLS), access controls, and secure data storage through Supabase. While no system is completely secure, we continuously work to protect your information against unauthorized access, alteration, disclosure, or destruction.

8. Your Rights

GDPR Rights (EU/EEA Users — Articles 13–21)

Under the General Data Protection Regulation (EU) 2016/679, you have the following rights:

  • Right of Access (Art. 15) — obtain confirmation and a copy of your personal data.
  • Right to Rectification (Art. 16) — request correction of inaccurate or incomplete data.
  • Right to Erasure (Art. 17) — request deletion of your personal data (“right to be forgotten”).
  • Right to Restriction (Art. 18) — request that we limit processing of your data.
  • Right to Data Portability (Art. 20) — receive your data in a structured, machine-readable format.
  • Right to Object (Art. 21) — object to processing based on legitimate interest or for direct marketing.
  • Right to be Informed (Art. 13–14) — clear information about data collection and processing, as provided in this policy.

KVKK Rights (Turkey-Based Users)

Under the Turkish Personal Data Protection Law (KVKK No. 6698), you have the following rights per Article 11:

  • Learn whether your personal data is being processed.
  • Request information if your data has been processed.
  • Learn the purpose of processing and whether data is used appropriately.
  • Know the third parties to whom your data is transferred domestically or abroad.
  • Request correction of incomplete or inaccurate data.
  • Request deletion or destruction of your data under Article 7.
  • Request notification of corrections, deletions, or destruction to third parties.
  • Object to detrimental results arising from analysis of your data exclusively by automated systems.
  • Claim compensation for damages caused by unlawful processing of your data.

9. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes described in this policy, or as required by law. Contact form submissions and comments are retained for up to 2 years, after which they are automatically deleted unless required for ongoing communications. Analytics data is retained in anonymized form and is not considered personal data.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated “Last Updated” date. We encourage you to review this policy periodically. Continued use of our website after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

Email

privacy@visitcappadocia.net

Address

Cavusin, Avanos, Nevsehir, Turkey

Website

visitcappadocia.net

Response Time

Within 30 days (GDPR/KVKK)