WEBSITE USER PRIVACY NOTICE REGARDING THE PROCESSING OF PERSONAL DATA
Dear Website User;
As SICPA Turkey, we provide services to our valued users through the https://muze.gov.tr/ website. In this regard, certain personal data is processed by us in order to provide services such as issuing a Müzekart and Museum Pass in your name via the website, completing the necessary registration procedures, issuing an electronic ticket in your name, and sending the Müzekart and Museum Pass to your address.
This privacy notice has been prepared by SICPA TURKEY Ürün Güvenliği Sanayi ve Ticaret Anonim Şirketi, acting as the data controller, in accordance with Article 10 of Law No. 6698 on the Protection of Personal Data (Kişisel Verilerin Korunması Kanunu, "KVKK") and the Communiqué on the Procedures and Principles to be Followed in Fulfilling the Obligation to Inform, to inform and enlighten you about the processing purposes, legal grounds, collection methods, to whom they may be transferred, and your rights under KVKK regarding your personal data.
- Processing purposes,
- Legal grounds,
- Collection methods,
- To whom they may be transferred,
- Your rights under KVKK,
to inform you as a website user.
1. Which of Your Personal Data Do We Process?
| Data Categories | Examples of Data Types Processed in This Category |
|---|---|
| Identity Data | Your name and surname, Your Turkish ID number, date of birth, passport details, and the name and surname of the gift card recipient when purchasing a Gift Mobile Museum Card. |
| Contact Data | Your phone number, mailing address, email address, and the email address of the gift card recipient if purchasing a Gift Mobile Museum Card |
| Legal Transaction Data | Your information in correspondence with judicial authorities, Your information in the case file |
| Customer Transaction Data | Call center records, Invoice, promissory note, check information, Information on cashier receipts, Order information, Request information, etc. |
| Profile Account Data | Login ID, password, other security codes and your profile photos if you upload photos to the profile account you created on the website |
| Marketing Data | Purchase history information, surveys, cookie records, information obtained through campaign activities, etc. |
| Location | Your location information, if you grant permission via the https://muze.gov.tr/ website and your entry and exit information for the museums and historical sites you visited |
2. For What Purposes Do We Process Your Personal Data?
- Execution of Emergency Management Processes
- Execution of Information Security Processes
- Execution of Audit/Ethics Activities
- Execution of Access Authorizations
- Execution of Activities in Compliance with Legislation
- Execution of Finance and Accounting Operations
- Execution of Company/Product/Service Loyalty Processes
- Ensuring Physical Premises Security
- Execution of Assignment Processes
- Monitoring and Execution of Legal Affairs
- Execution of Communication Activities
- Execution/Audit of Business Activities
- Execution of Logistics Activities
- Execution of Goods/Services Procurement Processes
- Execution of Goods/Services After-Sales Support Services
- Execution of Goods/Services Sales Processes
- Execution of Goods/Services Production and Operations Processes
- Execution of Customer Relationship Management Processes
- Execution of Activities Aimed at Customer Satisfaction
- Organization and Event Management
- Execution of Storage and Archiving Activities
- Execution of Contract Processes
- Tracking of Requests/Complaints
- Execution of Fee Policy
- Execution of Product/Service Marketing Processes
- Ensuring the Security of Data Controller Operations
- Providing Information to Authorized Persons, Institutions, and Organizations
- Execution of Management Activities
- Creation and Tracking of Visitor Records
For these purposes, they will be obtained, processed, recorded, stored, retained, and classified.
3. To Whom and For What Purposes Do We Transfer Your Personal Data?
| Recipient Group | Examples of Recipient Groups and Transfer Purposes |
|---|---|
| Natural Persons or Private Law Legal Entities | To law firms we have agreements with for tracking legal processes, to financial advisors for financial transactions and services |
| Authorized Public Institutions and Organizations | To provide information to prosecutors, courts, and relevant public officials upon request and as required by legislation in matters related to public safety and potential legal disputes, and to relevant ministries and public institutions when necessary |
| Republic of Türkiye Ministry of Culture And Tourism | All personal data processed within the scope of the operations and services performed during the MüzeKart process are transferred to the Republic of Türkiye Ministry of Culture And Tourism |
| Affiliates and Subsidiaries | To the extent deemed necessary for the coordinated execution of our business activities, to our subsidiaries and affiliated companies |
| Suppliers | To banks for the performance of goods/services contracts, to cargo companies for sending documents and products, to accounting and CRM programs for conducting/tracking customer and financial transactions, to information technology companies for use in communication, marketing, advertising, promotion, and notification activities and within the scope of backup services, to supplier companies providing online payment services, and to subcontractors within the scope of operations management |
| Shareholders | Funding of company operations, ensuring the continuity of financial processes, and managing activities in compliance with regulations are communicated to our shareholders when deemed necessary. |
4. What Are the Collection Methods and Legal Grounds for Your Personal Data?
The personal data in question are processed with the explicit consent of the data subject or based on the following legal grounds stipulated in Article 5-6 of KVKK:
- It is expressly provided for by the laws.
- It is necessary for compliance with a legal obligation to which the data controller is subject.
- Processing of personal data of the parties of a contract is necessary, provided that it is directly related to the establishment or performance of the contract.
- Data processing is necessary for the establishment, exercise or protection of any right.
- Processing of data is necessary for the legitimate interests pursued by the data controller, provided that this processing shall not violate the fundamental rights and freedoms of the data subject
- Personal data have been made public by the data subject himself/herself.
- Data subject has given his/her explicit consent,
Based on these legal grounds, within the scope of the purposes specified in this Privacy Notice and in accordance with the General Principles listed in Article 4 of the Law:
- Lawfulness and fairness
- Being accurate and kept up to date where necessary.
- Being processed for specified, explicit and legitimate purposes.
- Being relevant, limited and proportionate to the purposes for which they are processed.
- Being stored for the period laid down by relevant legislation or the period required for the purpose for which the personal data are processed.
they will be processed, recorded, stored, retained, classified through automated means, and may be transferred to the parties mentioned above when necessary.
5. What Are Your Rights Regarding the Processing of Personal Data and How Can You Exercise These Rights?
Article 20 of the Constitution (Anayasa) establishes that everyone has the right to be informed about their personal data. Article 11 of KVKK lists the rights of the data subject under the law.
You may submit your requests regarding your rights under KVKK to SICPA TURKEY Ürün Güvenliği Sanayi ve Ticaret Anonim Şirketi in accordance with Article 5 of the Communiqué on Application Procedures and Principles to the Data Controller, either in writing or by using a registered electronic mail (KEP) address, secure electronic signature, mobile signature, or the e-mail address previously notified by the data subject to the data controller and registered in the data controller's system.
Data Controller: SICPA TURKEY Ürün Güvenliği Sanayi ve Ticaret Anonim Şirketi
Address: Burhaniye Mah. Kanuni Sultan Süleyman Sk. Mabeyın Konakları Sitesi D No: 4D İç Kapı No: 1 Üsküdar / İstanbul
E-mail: kvkk@sicpa.com.tr
To view the application form, click here.