DEM MÜZECİLİK VE TURİZM İŞLETMELERİ A.Ş.
CLARIFICATION TEXT ON PROTECTION OF PERSONAL DATA FOR VISITORS
1. DATA CONTROLLER GTI
Within the scope of Law No. 6698 on the Protection of Personal Data (“KVKK”), our enterprise DEM MÜZECİLİK VE TURİZM İŞLETMELERİ AŞ
(“DEM”) acts with the title of data controller. The information of our company is as follows;
Central Registration System No. (Mersis No.): 0274175608500001
Website: www.demmuseums.com
E-mail address: info@demmuseums.com
Address: Etiler Mah. Seheryıldızı Sok. No:12-14 Beşiktaş / İstanbul
2. WHICH PERSONAL DATA DO WE PROCESS?
Data Categorization
Identity: Name, Surname, Date of Birth, National ID, Photo, Gender, Serial Number, Expiry Period, Citizenship Information
CCTV Footage, Visitor Records
3. FOR WHAT PURPOSE PERSONAL DATA WILL BE PROCESSED
In accordance with the basic principles stipulated by the Law and within the personal data processing conditions specified in Articles 5 and 6, we process
your personal data for the purposes listed below:
• Security and our enterprise’s legitimate interest
• Creating visitor records
• Execution of management activities
• Managing requests and complaints
• Providing information to authorized institutions and organizations upon request
• Follow-up and execution of legal affairs
4. TO WHOM AND FOR WHAT PURPOSES THE PROCESSED PERSONAL DATA MAY BE TRANSFERRED
Your personal data we process is within the scope of the above-mentioned purposes and within the framework of the conditions determined by Articles 8
and 9 of the KVKK;
• In line with the demands of authorized and relevant public institutions and organizations and in accordance with legal regulations, legally
authorized and relevant public institutions and organizations, administrative authorities,
• To companies that provide services for visitor registration and building security,
• To companies from which the Company receives technology and archive services
• It is transferred to the company’s business partner audit firms and financial advisors.
5. METHOD AND LEGAL BASIS OF COLLECTION OF PERSONAL DATA
We collect your personal data through automatic and non-automatic means through face-to-face or other communication channels, visitor registration
system, camera systems and verbal, written or electronic channels including but not limited to those listed here.
The legal reasons for processing your personal data are as follows:
• Data processing is mandatory for the establishment, exercise or protection of a right
• Data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms
of the data subject.
• Obligatory for the data controller to fulfill its legal obligation
• It is necessary to process the personal data of the parties to the contract, provided that it is directly related to the establishment or performance of a
contract
6. RIGHTS OF THE PERSONS CONCERNED AS SET OUT IN ARTICLE 11
Persons whose personal data are processed have the following rights in accordance with Article 11 of the KVKK:
• Learning whether personal data is processed or not,
• If personal data has been processed, requesting information about it,
• Learning the purpose of processing personal data and whether they are used in accordance with its purpose,
• Knowing the third parties to whom personal data is transferred at home or abroad,
• Requesting correction of personal data in case of incomplete or incorrect processing and requesting notification of the transaction made within this
scope to the third parties to whom the personal data has been transferred,
• Requesting the deletion or destruction of personal data in the event that the reasons requiring its processing have disappeared, although it has been
processed in accordance with the provisions of the KVKK and other relevant laws, and requesting the notification of the transaction made within this scope
to the third parties to whom the personal data has been transferred,
• Objecting to the emergence of a result against the person himself by analyzing the processed data exclusively through automated systems,
• To request the compensation of the damage in case of loss due to unlawful processing of personal data.
The relevant person may notify his/her requests regarding the rights listed above in writing by submitting an identity card to our Company headquarters with a notice to be sent to our Company’s address above via a notary public, or in writing to the Data Controller via our Application Form, which we have brought to your attention on our official website. In this case, the requests of the person concerned will be evaluated and decided free of charge as soon as possible and ultimately within thirty (30) days at the latest. In case the evaluation and decision-making process requires an additional cost, the fee Schedule determined by the Personal Data Protection Board will be taken as basis.