Policy on the Protection and Processing of Personal Data

ISTANBUL FOUNDATION FOR CULTURE AND ARTS POLICY ON THE PROTECTION AND PROCESSING OF PERSONAL DATA

Version 0.2
21/09/2018

Contents

INTRODUCTION

  • INTRODUCTION
    • Purpose and Scope of the Policy
    • Enforcement and Amendment
    • Data Controller
    • Your Personal Data Collected Prior to the Enactment of PDPL
  • DATA SUBJECTS WHOSE PERSONAL DATA ARE PROCESSED BY OUR FOUNDATION, PURPOSES OF PROCESSING PERSONAL DATA, VARIOUS CATEGORIES OF PROCESSED PERSONAL DATA, METHODS/CHANNELS AND LEGAL PURPOSES OF COLLECTING PERSONAL DATA
    • Data Subjects
    • Purposes of Processing Personal Data
    • Categories of Personal Data
    • Methods / Channels and Legal Purposes of Collecting Personal Data
  • TRANSFERRING PERSONAL DATA
  • INFORMING THE DATA SUBJECTS AND THEIR RIGHTS
  • STORING AND DESTROYING PERSONAL DATA
  • PROTECTION OF PERSONAL DATA
  • OTHER WEBSITES / THIRD PARTIES AND THEIR PRIVACY POLICIES
  • SPECIFIC PERSONAL DATA PROCESSING ACTIVITIES CARRIED OUT BY İKSV
    • Users Visiting İKSV Websites
    • Providing Internet Access to İKSV Visitors in İKSV Premises
    • Monitoring of Visitors Entering İKSV Premises
    • Monitoring of İKSV’s Building and Its Surroundings by Security Cameras
    • Maintaining Professional Relationships with İKSV’s Suppliers, Contractors and Business Partners
    • Request / Complaint Management

DEFINITIONS

Explicit Consent Specific, informed and freely given consent.
Anonymization Making it impossible to associate personal data with any identified or identifiable natural person under no circumstances, including matching of the personal data with other data.
Employee Natural person who is an İKSV employee.
Job Candidate Natural person who is not an İKSV employee but a candidate to becoming one through various methods.
Personal Health Data Any type of medical information concerning an identified or identifiable natural person.
Personal Data Any type of information concerning an identified or identifiable natural person.
Data Subject Natural person whose personal data are processed.
Processing of Personal Data Any operation performed on personal data such as collecting, recording, storing, maintaining, altering, reorganizing, disclosing, transferring, taking over, making retrievable, classifying or restricting access to personal data, using entirely or partly automatic methods or other non-automatic methods provided that it is part of a data recording system.
Law Personal Data Protection Law numbered 6698 published in the Official Gazette of Turkey numbered 29677 dated April 7th, 2016.
Special Categories of Personal Data Personal data relating to race, ethnic origin, political opinions, philosophical or religious beliefs, being part of a sect, other beliefs, dressing style, membership of an association, foundation or a trade-union, physical or mental health, sexual life or sexual orientation, criminal conviction and security measures, genetic or biometric data.
Policy Istanbul Foundation for Culture and Arts Policy on the Protection and Processing of Personal Data
Foundation / İKSV Istanbul Foundation for Culture and Arts (İKSV) and İstanbul Kültür ve Sanat Vakfı Turizm Pazarlama Organizasyon ve Tanıtım İktisadi İşletmesi
Business Partners Persons with which İKSV has become partners in a contractual relationship as part of its activities.
Data Subject Natural person whose personal data are processed.
Data Processor Natural or legal person who processes personal data based on the authority granted by and on behalf of the data controller.
Data Controller Person who determines the purposes and means of the processing of personal data, and who is the manager of the place where the data are systematically stored.

1. INTRODUCTION

1.1 Purpose and Scope of the Policy

The Law numbered 6698 (“Law” or “PDPL”) on the Protection of Personal Data has been enacted on April 7th, 2016. This İKSV Policy (“Policy”) on the Protection and Processing of Personal Data aims to establish the principles to be observed, for İstanbul Kültür ve Sanat Vakfı (“İKSV” or “Foundation”), and its affiliated commercial enterprise İstanbul Kültür ve Sanat Vakfı Tur. Paz. Org. İktisadi İşletmesi (“İKSV”), which is not a legal entity in itself, for fulfilling the obligations relating to the protection and processing of personal data, and to inform data subjects whose personal data shall be processed.

This Policy introduces the conditions and the main principles adopted by İKSV for the processing of personal data. In this regard, the Policy covers all the data processing activities of İKSV, all the personal data, and all the data subjects whose data İKSV processes, within the scope of the Law.  

The definitions of the terms used in this Policy are available at the beginning of this document.

1.2. Enforcement and Amendment

İKSV published the first version of the Information Note on the Processing of Personal Data on October 7th, 2016 on its website. This Policy is the second version of the abovementioned text published previously by İKSV and has been published on the website as of 21 September 2018.

İKSV reserves the right to amend this Policy in line with the legal regulations.

1.3. Data Controller

İKSV, including its affiliated commercial enterprise İstanbul Kültür ve Sanat Vakfı Turizm Pazarlama Organizasyon ve Tanıtım İktisadi İşletmesi which is not a legal entity in itself, under PDPL, is the Data Controller regarding the processing of your personal data.

1.4. Your Personal Data Collected Prior to the Enactment of PDPL

Your personal data collected legally through starting a membership, permission to receive commercial electronic communication, attending an event, purchasing tickets, or by other means prior to the enactment of PDPL on April 7th, 2016, shall be processed and stored in line with the terms and conditions of this Policy and can also be transferred abroad - to countries that have sufficient measures regarding the protection of personal data and/or to countries falling short of such measures provided that the conditions specified by the Personal Data Protection Law shall be satisfied- on the condition that they shall be processed in Turkey or processed and stored outside Turkey.

2. DATA SUBJECTS WHOSE PERSONAL DATA ARE PROCESSED BY OUR FOUNDATION, PURPOSES OF PROCESSING PERSONAL DATA, VARIOUS CATEGORIES OF PROCESSED PERSONAL DATA, METHODS/CHANNELS AND LEGAL PURPOSES OF COLLECTING PERSONAL DATA

2.1. Data Subjects

Data subjects covered by this Policy are natural persons, other than İKSV employees, whose personal data are processed by İKSV. Within this framework, various data subject categories are as follows:

DATA SUBJECT CATEGORIES DEFINITION
1 Participant A natural person who attends an event held by İKSV.
2 E-Bulletin Member A natural person interested in İKSV’s events and activities who would like to be informed about such events and activities.
3 Visitor A natural person who visits İKSV’s buildings, facilities, premises and website.
4 Job Candidate A natural person who applies for a position in İKSV by sending a CV or by other means.
5 Third Parties Natural persons who are not İKSV employees and not covered by any of the data subject categories mentioned herein, including those individuals and institution employees with which İKSV has business relations.
6 Artist An artist who attends İKSV`s events, festivals and biennials, giving a speech, performing, exhibiting their products or taking part in committees etc., with whom İKSV may communicate through various means.
7 Tulip Card Owner An owner of a Tulip card which is basically an individual donation program intended to support İKSV’s events and activities.
8 Culture and Arts Card Applicant / Holder A person who enters Culture and Arts Card giveaway and who wins a Culture and Arts Card in this giveaway, which is organized by İKSV to encourage young people to attend culture and arts events.
9 Attendee A person who applies for or wins the prize competitions and scholarship programs supported / organized by İKSV.
10 Archives Researcher A natural person who carries out research in İKSV archives.

The above data subject categories are intended for general informative purposes. As specified by the Law, not falling into any of the abovementioned categories as a data subject does not mean that the said person cannot be qualified as a data subject.

2.2. Purposes of Processing Personal Data

Your personal data and special category personal data can be processed by İKSV for the following purposes in compliance with the conditions of personal data processing specified by the Law and the relevant legislation:

  • Carrying out İKSV’s activities, Planning and Conducting Institutional Relations,
  • Developing and carrying out businesses, works, operations of the Foundation
  • Carrying out reporting activities aimed at control, data management, analysis, social activities, process development etc.
  • Performing operations aimed at starting or renewing a contract relationship, research, analysis and reporting activities
  • Carrying out legally required procedures/records/declarations, performing and following legal businesses; giving legal opinions, lawsuits and legal proceedings, exercising the legal right of defense
  • Planning, developing and performing institutional management and communication activities
  • Planning, organizing and holding meetings, parties and events
  • Organizing and carrying out operations and activities aimed at managing contractual and post-contractual relationships such as sales, sponsorship, service procurement, consultancy; conducting and monitoring operations and activities aimed at fulfilling contractual liabilities
  • Keeping records of Foundation’s business partners; planning and carrying out listing operations
  • Facilitating communication with all the legal persons of İKSV such as business partners, suppliers, service providers, consultants, sponsors, subcontractors who are in a business relationship with İKSV, to maintain the relationship between the Foundation and its institutions,
  • Keeping records of the participants to organizations and events
  • Planning, monitoring and carrying out financial and accounting activities,
  • Managing, developing, planning and carrying out professional relations with suppliers / dealers / business partners
  • Developing relationships with visitors, donators and event participants
  • Starting and maintaining sponsorship relations,
  • Monitoring, planning and carrying out activities aimed at obtaining outsourcing services / consultancy
  • Carrying out activities aimed at keeping data accurate and up-to-date
  • Performing all operations necessary to provide Users opportunities such as memberships, invitations, events; taking action to make such opportunities available to Users
  • Carrying out analysis and supervision activities to make announcements about services to be provided and contents of these services, to increase the quality of such services and to develop new services,
  • Maintaining the relation with Tulip card holders, notifying them about new opportunities,
  • Contacting and inviting artists to concerts, events, festivals and biennials and providing transportation and accommodation for them,
  • Recording İKSV events on CCTV cameras
  • Contacting suppliers and service providers for İKSV events and maintaining the business relations with them
  • Sending out invitations for opening ceremonies and events,
  • Accepting applications for giveaways, competitions and support programs; taking care of relevant legal processes as required; contacting the winners and providing them with their prize or benefit
  • Fulfilling the legislative obligations, especially the foundation legislation
  • Carrying out the required research and operations in the Foundation to be able to address requests and complaints received by İKSV
  • Developing cultural policies and Foundation strategies,
  • Keeping lists of Archives Researchers studying and performing analysis in İKSV archives; processing data such as the level of education, the age group and referring institution of Archive Researchers, for statistical purposes.
  • Maintaining business development, funding and marketing activities,
  • Planning and carrying out operations aimed at advertising, sales and marketing purposes
  • Planning and carrying out actions aimed at promoting the institution, its activities and its brand value
  • Performing surveys and analyses of loyalty, profiling and satisfaction; planning and carrying out market surveys
  • Planning and carrying out actions aimed at customizing promotions and announcements by analyzing the habits and trends
  • Developing and planning İKSV’s events and activities based on the preferences and personal interests of the visitors
  • Establishing the participation requirements for İKSV events, competitions etc. and encouraging participation,
  • Notifying about general or exclusive promotions, advertisements, discounts etc. and sending out celebration or good wishes cards
  • Assessing personal data as part of the statistical survey to enhance services without disclosing the identity of the persons and restructuring and reorganizing the services provided based on the interests of the Users
  • Planning and organizing promotions and advertisements for İKSV’s events, including the Tulip card
  • Planning, managing and performing the contracts and maintaining the relations with the viewers, event participants and visitors
  • Performing strategical planning activities
  • Carrying out activities aimed at keeping data accurate and up-to-date.
  • Ensuring the safety of İKSV premises and digital media
  • Planning and carrying out information technology and data security activities
  • Planning and carrying out activities/improvements and analysis aimed at accessing systems
  • Ensuring safety of the physical and digital environment of the Foundation and its premises
  • Recording on CCTV cameras
  • Planning and carrying out the processes regarding occupational safety and health
  • Providing internet service at İKSV premises, storing access records as per the relevant legislation
  • Keeping record of all the visitors arriving in and leaving the Foundation
  • Creating data backups to prevent data loss
  • Organizing, planning, performing and controlling actions aimed at providing the commercial security of Foundation’s business partners.
  • Planning and Performing Operations and Activities for İKSV’s Job Candidates and Former Employees
  • Carrying out activities aimed at assessing job candidates` qualifications
  • Performing and recording necessary operations for recruiting, and keeping records of new recruitments
  • Contacting job candidates when a suitable position opens up
  • Contacting former employees and planning activities aimed at former employees.

2.3. Categories of Personal Data

Your personal data categorized as follows shall be processed by İKSV in line with the conditions of personal data processing specified by the Law and the relevant legislation:

PERSONAL DATA CATEGORY DEFINITION
Identification All information concerning a data subject’s identity available on documents like drivers’ license, identification card, certificate of residence, passport, marriage certificate
Contact Information Information such as phone number, address and e-mail to communicate with a data subject
Data regarding the Educational, Business and Professional Life All information related to a data subject’s education and business life
Information about Event Participant Information about a data subject that has attended, bought tickets for İKSV’s festivals, biennials, concerts and similar events that show the events participated, ticket purchasing habits and Tulip card membership preferences
Payment Information Payment information and records that are necessary to buy products from İKSV such as tickets, Tulip card, etc.
Information about the Security of Physical Venue Video recordings and finger print records taken at the entry point or inside the physical venues, and personal data related to these documents
Information about Process Security Personal data processed for us to be able to provide technical, administrative, legal and commercial security while carrying out our activities
Financial Information Personal data processed concerning any information, document and records that shows any type of financial result produced depending on the type of legal relationship between the Foundation and the data subject
Job Candidate Information Personal data processed concerning a person that applied for a position in the Foundation, or has been evaluated as a job candidate for the sake of customary practices or good faith, in line with the human resource needs of our Foundation, or a person who has professional relations with our Foundation
Legal Proceedings and Compliance Information Personal data processed concerning the calculation and tracking of our legal rights and receivables, in compliance with our legal obligations and our Foundation’s policies
Audit and Inspection Information Personal data processed in compliance with our legal obligations and Foundation’s policies
Special Category Data Data relating to race, ethnic origin, political opinions, philosophical or religious beliefs, being part of a sect, other beliefs, dressing style, membership of an association, foundation or a trade-union, physical or mental health, sexual life or sexual orientation, criminal conviction and security measures, genetic or biometric data
Marketing Information Personal data processed concerning the marketing of İKSV’s events and concerts by customizing them based on the preferences and personal interests of İKSV’s followers; social media preferences and reports and evaluations brought together as a result of such data processing
Read Status Information Information regarding access to e-mails sent to the data subject; read receipts, IP Address, user name, last e-mail reading location, notifications regarding leaving the membership and spam
Information about Request / Complaint Management Personal data concerning the reception and assessment of any request or complaint addressed to our Foundation
Digital Media Usage Data Cookies Data Any type of data collected by tracking users’ activity on digital media such as navigation time and details and location data.
Data regarding the usage of a website such as pop-up windows

2.4. Methods / Channels and Legal Purposes of Collecting Personal Data

Personal data may be collected orally, in writing or in electronic form on a physical or virtual platform from persons that share their personal data with İKSV either face to face or remotely. The following are the primary methods for collecting such data:

  • İKSV’s websites / applications; Biletix’ websites / applications in case data subjects who buy İKSV tickets from Biletix give their explicit consent or without such consent when any of the conditions for processing personal data is fulfilled,
  • Tulip card or e-bulletin membership,
  • Forms prepared by İKSV,
  • E-mails sent by data subjects and communications established with the data subject at information booths, stands or via telephone,
  • Social media (Facebook, Twitter, Instagram etc.) posts,
  • Consent to receive commercial electronic message, SMS, E-mail,
  • Sharing of personal data by sending in a CV to İKSV to start a business relation or to apply for a position, etc.,
  • CCTV,
  • Visitor logs,
  • Applications to İKSV’s competitions, giveaways, support programs,
  • Through sponsorship and organization companies, travel agents, insurance firms etc. that have business relations with İKSV due to being employed by such companies,
  • Business card exchanges,
  • Cookies and similar tracking technologies.

İKSV can also collect anonymous analysis data over its website, Biletix, Google Analytics and Facebook. Consent of personal data sharing given by the website users to relevant third parties shall establish the base for the usage of such data.

İKSV reserves the right to add new methods and channels in addition to the abovementioned methods for collecting personal data as well as abandoning any of the above methods and channels, and amending to this Policy. Any such amendment will be announced via Policy update. Therefore, we recommend that you regularly visit the website that publishes the Policy to check if there is any policy update.

Legal purposes of personal data collection may vary from case to case. They are referred to in Article 5 of the Law as follows:

  • Explicit consent of the data subject: In the absence of other data processing conditions, İKSV may process the personal data of the data subject upon the freely given consent of the data subject who is sufficiently informed about the personal data processing activity, leaving no room for doubt and limited to the particular activity in question.
  • Explicit permission provided for by the Laws: In case it is explicitly permitted by the Laws, İKSV can process personal data without the explicit consent of the data subject. Accordingly, İKSV shall process personal data within the framework of the related legislation.
  • When the data subject is physically incapable of giving explicit consent and it is necessary to process personal data, İKSV can process the personal data of the data subject who is physically or legally incapable of giving explicit consent providing that it is necessary to protect the life or physical integrity of the data subject or a third person.
  • When processing of personal data is directly related to the conclusion or execution of a contract, personal data shall be processed if it is necessary to process the personal data of the parties of an existing or new contract between the data subject and İKSV.
  • When it is necessary to process personal data to comply with a legal obligation to which the data controller is subject to, İKSV can process personal data in order to perform legal obligations provided for by the current legislation.
  • When the data subject has made his/her personal data public, İKSV may process the personal data that are already made public to the extent of the intention by such publication, without the explicit consent of the data subject,
  • When it is necessary to establish, exercise or protect a right, İKSV can process personal data without the explicit consent of the data subject within the context of such necessity.
  • When it is necessary for the legitimate interests of the data controller and provided that the fundamental rights and freedoms of the data subject shall not be violated, İKSV can process personal data taking into consideration the balance between İKSV`s and the data subject`s interests. Within this framework, İKSV shall primarily establish its legitimate interests that it shall maintain in such data processing. İKSV shall also evaluate the potential impacts of data processing on data subject’s rights and freedoms and accordingly, the personal data shall be processed if İKSV considers that the balance of benefits is maintained.
  • İKSV may process special categories of personal data by ensuring that the additional measures specified by the Personal Data Protection Board are in place provided that the data subject shall give explicit consent, or it is explicitly provided for by the laws.

3. TRANSFERRING PERSONAL DATA

İKSV may share personal data confidentially with natural or legal persons residing in or out of Turkey by taking necessary security measures to fulfill the Purposes of Processing Personal Data stated above in Article 2.2. While doing so, İKSV shall pay special attention to the rules set forth in Articles 8 and 9 of the Law and fulfill the additional requirements introduced by the Personal Data Protection Board.

Within the scope of general principles and data processing conditions specified in Articles 8 and 9 as set forth in the Law, İKSV may transfer personal data to the parties categorized below provided that all necessary technical and administrative measures are taken, including the execution of a nondisclosure and data sharing agreement:

CATEGORIES OF DATA SHARING PARTIES SCOPE PURPOSE OF TRANSFERRING (e.g.)
Business Partner Parties with which İKSV develop a business partnership to carry out its business activities Sharing of personal data limited to fulfilling the purposes for the establishment of the business partnership in question
Supplier / Service Provider / Consultant Software companies, intermediary service providers, insurance companies, tourism agencies, etc., that render their services as instructed by İKSV and in compliance with their contracts with İKSV aimed at maintaining İKSV`s activities Transferring of personal data limited to fulfilling the purpose of receiving services such as sending commercial electronic mails, processing, storing and protecting data, software and consultancy services that are provided from abroad by the supplier
Legally Authorized Public Body Public bodies and institutions legally authorized to receive information and documents from İKSV Sharing of personal data limited to the purpose of meeting the information requests by relevant public bodies and institutions
Legally Authorized Private Body Private bodies legally authorized to receive information and documents from İKSV Sharing of personal data limited to the purpose of meeting the information request sent by private bodies within the scope of their legal authority
Other Persons Other persons to which your personal data may be transferred For instance, sharing personal data with the members of the Jury formed to select the winner in an İKSV competition

4. INFORMING THE DATA SUBJECTS AND THEIR RIGHTS

In compliance with the Article 10 of the Law, data subjects shall be notified about the processing of their personal data prior to or during the course of such processing at the very latest. In accordance with the relevant article, a necessary in-house structure has been put in place by İKSV to be able to notify data subjects in every case data would be processed by the data controller, that is İKSV.

We would like to state that, as data subjects, you have the following rights as per Article 11 of the Law:

  • To learn whether your personal data are processed or not,
  • In case your personal data are processed, to request information,
  • To learn the purpose of processing your data and whether they are used for the intended purposes or not,
  • To learn the third parties at home or abroad to whom your personal data are transferred,
  • If your personal data are processed incompletely or inaccurately, to request correction, and, accordingly, to request that third parties to whom your personal data were transferred be notified of such action,
  • Even if your personal data are processed in compliance with the Law numbered 6698 and other applicable provisions, if the reasons requiring data processing are no longer valid, to request erasure or destruction of your personal data, and, accordingly, to request that the third parties to whom your personal data were transferred be notified of such action,
  • To raise objections against the analyzing of your processed data exclusively by automatic means if it leads to an unfavorable consequence for you, and
  • To request compensation for the damage arising from the unlawful processing of your personal data.

As the data subject, you may deliver your claims regarding the abovementioned rights of yours to the Foundation by filling in the Data Subject Application Form, which you will find here.  Your request will be addressed as soon as possible or, at the latest, within 30 (thirty) days, depending on the nature of the claim; however, in case this transaction brings an extra cost, a compensation will be requested from you as per the rates determined by the Personal Data Protection Board.

İKSV provides replies to data subjects in writing or through electronic messages. In the event that such a claim may be denied, the data subject will be given information regarding the reasons for denying.

5. STORING AND DESTROYING PERSONAL DATA

Personal data will be stored for a period of time as provided for by the relevant legislation. In the event that no period of time is provided, İKSV shall store personal data considering the purpose of data processing for each and every data processing activity.  

Personal data shall be erased, destroyed or anonymized by İKSV ex officio or upon the request of the data subject in accordance with the guidelines published by the Board in the event that the reasons for the processing of such personal data no longer exist regardless of the fact that it has been processed in line with the Article 7 of the Law.

6. PROTECTION OF PERSONAL DATA

İKSV, as one of the leading culture and arts enterprises in Turkey, places high importance on the confidentiality and security of personal data and takes all the necessary technical and administrative measures in accordance with the guidelines published by the Board with respect to data confidentiality and security. Within this framework, İKSV stores personal data with high confidentiality in its database in line with the PDPL Article 12, and does not share such data with third parties against regulations and contractual arrangements, as well as the arrangements of this policy.

İKSV, under the Article 12 of PDPL, takes all the necessary measures such as hashing, encrypting, access management and physical security measures to store personal data, and to protect against any illegal access to its information systems containing personal data and to prevent the processing of personal data. İKSV prevents personal data from being processed by third parties illegally. In the event that personal data are accessed by third parties through illegal methods, İKSV shall give a notification which is due under the Article 12 of PDPL in line with the effective regulations.

7. OTHER WEBSITES / THIRD PARTIES AND THEIR PRIVACY POLICIES

İKSV is not responsible for the confidentiality and personal data policies, practices or the contents of other websites that are accessed from a link provided on its website, or for the confidentiality and personal data policy and practices of third parties. We strongly suggest that you have a look at the confidentiality and personal data policies and practices of such third parties.

8. SPECIFIC PERSONAL DATA PROCESSING ACTIVITIES CARRIED OUT BY İKSV

In addition to the data processing activities mentioned above in the Article 2, İKSV shall process personal data in the following cases where other provisions of this Policy shall also apply as appropriate.

8.1. Users Visiting İKSV Websites

The navigation activities of users visiting İKSV websites are monitored and analyzed anonymously using the facilities provided by third parties like Biletix, Google and Facebook. Consent given by these website users to such third parties for sharing of personal information shall set the basis for the usage of such data.

8.2. Providing Internet Access to İKSV Visitors in İKSV Premises

Collected Personal Data and Processing Purposes:

İKSV provides wireless internet service in its premises where the visitors can access to it. İKSV is considered as an internet mass use provider, under Law numbered 5651, Regulations Governing the Mass Use Providers and the relevant legislation and, hence, is obligated to make certain access records and store them for 2 years.

Within this framework, İKSV requests names and telephone numbers from its visitors in order to perform its legal obligation as an internet mass use provider and to allow its visitors to access to wireless connection. At the same time, İKSV obtains its visitors` IP addresses, MAC addresses, starting and ending times of using internet connection and other information that are provided for by the legislation. These data are stored for a limited time as provided for by the legislation. Your personal data may also be processed in order to provide software, hardware and cyber security for İKSV.

Methods and Legal Reasons for the Collection of Personal Data::

Personal data are collected through the portal that facilitates access to wireless connection, and may be processed when it is explicitly provided for by the laws as per Article 5/2/a; when it is necessary for İKSV to be able to perform its legal obligations as per Article 5/2/ç; in case data processing is mandatory for the establishment, exercise, or protection of any right as per Article 5/2/e; and in case data processing is mandatory for the legitimate interests of the data controller provided that this processing shall not violate the fundamental rights and freedoms of the data subjects as per Article 5/2/f.

Sharing Personal Data:

İKSV shares such personal data with authorized public bodies and institutions upon request.

8.3. Monitoring of Visitors Entering İKSV Premises

Collected Personal Data and Purposes of Data Processing:

İKSV keeps logs of the information such as full name, Republic of Turkey identity numbers of its visitors, whom they are visiting in İKSV, which company they represent and the entry and exit hours of visitors to be able to provide security for the institution and its employees, and to prevent unauthorized access to the premises, to issue entrance cards that can unlock doors for the visitors, and to keep security records. Such personal data will be stored for a period of time to prevent any legal dispute that may potentially arise after the visit.

Methods and Legal Reasons for the Collection of Personal Data:

Personal data are collected by authorized staff at the reception desk at the entry point of the building and, additionally, security cameras monitor the building and its surroundings throughout the day to provide security. Such information may be processed when it is explicitly stated in the laws as per Article 5/2/a;  when it is necessary for İKSV to perform its legal obligations such as protecting and keeping its employees safe as per Article 5/2/ç; for the establishment, exercise, or protection of any right as per Article 5/2/e; and in case data processing is mandatory for the legitimate interests of the data controller provided that this processing shall not violate the fundamental rights and freedoms of the data subjects as per Article 5/2/f.

Sharing Personal Data:

Such information belonging to the visitors is stored in systems accessible only by the specially trained personnel of the private security company rendering services to İKSV, and by İKSV’s security staff. Other than the said security company rendering services to İKSV, these information may also be shared with authorized public bodies and institutions, upon request.

8.4. Monitoring of İKSV’s Building and Its Surroundings by Security Cameras

Collected Personal Data and Purposes of Data Processing:

İKSV’s building and its surroundings are monitored by security cameras in order to provide security for the institution, its employees and its visitors. Security camera recordings are only accessible by specially trained personnel of the private security company rendering services to İKSV, and by İKSV’s security staff. İKSV pays strict attention for such camera recordings to not violate the visitors’ privacy. The positions where the cameras are situated are shown to the visitors with the help of special signboards. Camera recordings are stored for 1 (one) month and are periodically destroyed thereafter.

Methods and Legal Reasons for the Collection of Personal Data:

Personal data are collected through security cameras situated around İKSV premises and may be processed when it is necessary for İKSV to perform its legal obligations such as protecting and keeping its employees safe as per Article 5/2/ç; for the establishment, exercise, or protection of any right as per Article 5/2/e; and in case data processing is mandatory for the legitimate interests of the data controller provided that this processing shall not violate the fundamental rights and freedoms of the data subjects as per Article 5/2/f.

Sharing Personal Data:

Camera recordings shall only be shared with the authorized public bodies and institutions upon request, apart from the private security company rendering services to İKSV.

8.5. Maintaining Professional Relationships with İKSV’s Suppliers, Contractors and Business Partners

Collected Personal Data and Purposes of Data Processing:

İKSV obtains services from numerous corporations and natural persons, maintains business partnerships and collaborations, and enters into a number of contractual relations, including sponsorships in order to be able to conduct its businesses. İKSV processes the personal data of such natural persons and corporate employees to be able to manage these contractual / professional relations.

İKSV acquires contact details such as full name, Republic of Turkey identity numbers, e-mail addresses, phone numbers, residence addresses and, if necessary, payment data such as bank account details from said natural persons and employees. İKSV may also collect from the employees of suppliers, if necessary, personnel information such as full name, Republic of Turkey identity numbers, criminal record, social security payroll and occupational health and safety information as well as other information such as health report, occupational health and safety training certificate.

Such collected data are processed for purposes such as executing, concluding or renewing a contract between İKSV and natural persons that render services or is in collaboration with İKSV, sponsorship or similar contractual relation; planning institutional management and communication activities; planning, managing and carrying out organizations, meetings, parties and events; carrying out data management and analysis activities; keeping records about the parties that maintain business relationships with İKSV and carrying out listing work; keeping records of event participants and sending out invitations and notifications. Personal data shall be stored till the end of the limitation period after the contractual relation with İKSV is terminated.

Methods and Legal Reasons for the Collection of Personal Data:

Personal data shall be collected through communication channels such as e-mail and telephone, the establishments with which İKSV has professional relations, circulars of signatures, powers of attorney (POA) and contracts. All personal data are processed in İKSV’s data registry system. Legal reasons for the collection of personal data are as follows:
When it is explicitly provided for in the laws as per Article 5/2/a and Article 6/3; when it is necessary to conclude, execute and terminate a contract with the data subject or his/her registered company as per Article 5/2/c; for İKSV to perform its legal obligations as per Article 5/2/ç; when personal data has already been made public by the data subject as per 5/2/d; and in case data processing is mandatory for the legitimate interests of the data controller provided that this processing shall not violate the fundamental rights and freedoms of the data subjects as per Article 5/2/f. In the absence of a legal reason specified herein or in the Law, your personal data shall be processed upon your explicit consent as per Articles 5/1 and 6/2.

Sharing Personal Data:

Personal data shall only be shared with authorized legal bodies and institutions, legal courts and third parties which İKSV collaborates with or receive services from, and only for the purposes of performing legal obligations arising from the relevant legislation, particularly the labor law and occupational safety and health or executing a contract, or establishing İKSV’s legal safety and other rights.

8.6. Request / Complaint Management

İKSV’s visitors can communicate their wishes, suggestions, requests, and complaints to İKSV’s contact details verbally or in writing. İKSV may process the personal data of such data subjects such as their names, communication details and the subject matter of the requests/complaints in order to be able to respond to their requests and complaints and to guarantee satisfaction of its visitors. Such information shall be stored from the time the communication is resolved or from the time the communication is received in the case of an unresolved communication, till the end of its limitation period.

Yukarı