Privacy Policy
This Privacy Policy explains how Buraptech, a trademark of BURAP YAZILIM DANIŞMANLIK TEKNOLOJİ ANONİM ŞİRKETİ ("Buraptech", "we", "us", or "our"), processes personal data in connection with the Venurez.com platform and related services (the "Services"). We operate from Izmir, Turkey and support customers in the United Kingdom and Turkey. We handle personal data in line with the United Kingdom General Data Protection Regulation and Data Protection Act 2018 (together the "UK Data Protection Laws"), the Turkish Law on the Protection of Personal Data No. 6698 ("KVKK"), and any other mandatory local requirements. This document does not constitute legal advice.
1. Data Controller and Contact
Buraptech is the primary data controller for the Services. Questions, requests, or concerns relating to privacy should be submitted to [email protected]. Where required by law, we will cooperate with supervisory authorities including the Information Commissioner's Office (ICO) in the UK and the Turkish Personal Data Protection Authority (KVKK Kurumu).
2. Personal Data We Collect
We collect the following categories of personal data, depending on how you use the Services:
- Identity data: name, title, company affiliation, verification tokens, government-issued identifiers where legally required.
- Contact data: email address, telephone number, billing address, emergency contact details for venue bookings.
- Account data: authentication credentials, language preferences, user role, communications preferences, audit logs.
- Booking data: venue details, booking history, payment preferences, availability schedules, guest lists, ancillary requests.
- Financial data: bank account or payout information for hosts, limited card metadata (tokenised through payment processors), tax identifiers when necessary.
- Technical data: IP address, device identifiers, browser type, operating system, referral URLs, log files, and cookie identifiers.
- Usage data: feature interaction, access timestamps, conversion metrics, marketing campaign engagement, and support tickets.
- Special categories: accessibility requirements or dietary preferences disclosed voluntarily. We ask users to limit sensitive disclosures wherever possible.
3. How We Obtain Data
Personal data is collected through direct interactions with the platform, automated technologies (including cookies and similar tools), customer support interactions, partner integrations (such as payment or identity verification providers), and lawful public sources. When you provide personal data relating to another individual you confirm that you are authorised to do so and that you have informed them of this Privacy Policy.
4. Lawful Bases for Processing
We rely on the following lawful grounds, as appropriate:
- Contract performance – to register accounts, manage bookings, facilitate payments, and provide customer support.
- Legal obligations – to comply with tax, accounting, anti-money laundering, health and safety, and consumer protection laws in the UK and Turkey.
- Legitimate interests – to secure the platform, prevent fraud, develop new features, improve customer experience, and promote Services, provided these interests do not override your rights.
- Consent – for marketing communications, optional cookies, and the processing of special-category data when expressly provided.
- Vital interests – to share essential details with emergency responders when there is a material risk to life or safety.
5. How We Use Personal Data
We process personal data to deliver and improve the Services, including account management, customer care, venue discovery, booking administration, payment processing, identity verification, dispute resolution, analytics, platform security, regulatory reporting, and compliance checks. We may anonymise or aggregate data to create insights that no longer identify individuals. We do not engage in automated decision-making that produces legal or similarly significant effects without human review.
6. Sharing and International Transfers
We share personal data with trusted processors and partners that support our operations, including hosting providers, payment processors, communication platforms, analytics services, professional advisers, and legal or regulatory bodies when mandated. Cross-border transfers outside the UK or Turkey rely on lawful safeguards such as adequacy decisions, Standard Contractual Clauses, or explicit consent. We remain responsible for the protection of personal data when engaging third parties.
7. Data Retention
We retain personal data for as long as necessary to deliver the Services, meet our contractual commitments, and satisfy legal, accounting, or regulatory obligations. When determining retention periods we consider the nature and sensitivity of the data, the potential risk of harm, the purposes processed, and whether these purposes can be achieved through other means. Data that is no longer required is securely deleted or irreversibly anonymised.
8. Your Rights
Individuals located in the UK or Turkey may exercise rights to access, rectification, erasure, restriction, objection, portability, and withdrawal of consent. You also have the right to lodge a complaint with the ICO in the UK or the KVKK Authority in Turkey. Requests should be submitted to [email protected]. We may require identity verification before fulfilling a request and may decline requests that are manifestly unfounded or excessive.
9. Security Measures
We apply technical and organisational measures such as encryption, access controls, secure development practices, monitoring, staff training, and incident response procedures to safeguard personal data. Despite our efforts no system is entirely secure; please notify us immediately of any suspected unauthorised access or vulnerability.
10. Cookies and Similar Technologies
We use essential cookies to operate the platform and optional analytics or marketing cookies with your consent. You may adjust cookie preferences through browser settings or in-platform controls. Detailed information is available in our Cookie Notice, which forms part of this Privacy Policy.
11. Payment Processing and Third Parties
Payments are processed through vetted third-party providers who act as independent controllers of cardholder and payout data. We only receive limited metadata required to reconcile transactions. Hosts are responsible for complying with any additional obligations imposed by their payment provider or local law when receiving payouts.
12. Children's Data
The Services are not directed to children under 18. We do not knowingly collect personal data from minors. If you believe a child has provided personal data, please contact us so that we can delete the information, unless retention is required by law.
13. Complaints and Dispute Resolution
We encourage users to contact us first to resolve any privacy concerns. UK residents may escalate complaints to the ICO (ico.org.uk). Turkish residents may escalate to the KVKK Authority (kvkk.gov.tr). Where required, we will cooperate with relevant authorities.
14. Updates to This Policy
We may amend this Privacy Policy to reflect legal, technical, or operational changes. If we make material updates we will provide notice through the Services. Continued use of the Services after an update constitutes acceptance of the revised policy.
Latest update: 6 October 2025