CORPORATE GENERAL PRIVACY NOTICE
As SICPA TURKEY Ürün Güvenliği Sanayi ve Ticaret Anonim Şirketi acting as the data controller, we have prepared this Corporate General Privacy Notice to inform our online visitors, website users, customers, and our suppliers' authorized representatives and employees about the processing, storage, and transfer of your personal data within the scope of our activities arising from Law No. 6698 on the Protection of Personal Data (Kişisel Verilerin Korunması Kanunu, "KVKK") and the relevant legislation and regulations.
What Are the Categories of Your Personal Data We Process and For What Purposes Do We Process Them?
Your personal information may be processed by SICPA TURKEY Ürün Güvenliği Sanayi ve Ticaret Anonim Şirketi in accordance with the principles set forth in Article 4.2 of KVKK:
- Lawfulness and fairness
- Being accurate and kept up to date where necessary.
- Being processed for specified, explicit and legitimate purposes.
- Being relevant, limited and proportionate to the purposes for which they are processed.
- Being stored for the period laid down by relevant legislation or the period required for the purpose for which the personal data are processed.
within the scope of our established and ongoing business relationships with our business partners (a person may fall into more than one category), for the purposes specified below.
For Employees;
| Data Categories | Examples of Data Types Processed in This Category |
|---|---|
| Identity Data | Your first name, last name, Turkish ID number, date of birth, place of birth, gender, marital status, copy of your identity card, signature etc. |
| Contact Data | Your phone number, full address, email address, contact information for the person you want us to reach in case of an emergency |
| Location Data | Location records from tracking systems installed in company vehicles |
| Personnel Data | Your resume, military discharge certificate, financial and salary details, bank account information, insurance enrollment/retirement information etc. |
| Legal Transaction Data | Your information in correspondence with judicial authorities, your information in the case file |
| Physical Location Security Data | Your security camera recordings |
| Transaction Security Data | Your IP address information, your website login and logout information, your password and passcode information, etc. |
| Professional Experience Data | Your educational background, diplomas, certificates, training received, skills, courses taken, copy of your driver's license etc. |
| Visual and Audio Recordings | Visual and audio recordings you share with our company |
| Health Data | Your detailed health information |
| Personal Data Belonging to Family Members | Information and documents such as education, death, birth, military service, and marriage certificates belonging to your family members, for the purpose of administering benefits and entitlements for employees working with your explicit consent. |
your personal data may be processed for the following purposes.
- Fulfillment of Employment Contract and Statutory Obligations for Employees
- Implementation of Employee Benefits and Perks Processes
- Implementation of Emergency Management Processes
- Implementation of Communication Activities
- Monitoring and Implementation of Legal Affairs
- Implementation of Audit/Ethics Activities
- Implementation of Training Activities
- Implementation of Activities in Compliance with Legislation
- Implementation of Finance and Accounting Affairs
- Implementation of Assignment Processes
- Planning of Human Resources Processes
- Implementation/Audit of Business Activities
- Implementation of Occupational Health and Safety Activities
- Implementation of Performance Evaluation Processes
- Ensuring the Security of Data Controller Operations
- Implementation of Storage and Archiving Activities
- Providing Information to Authorized Persons, Institutions, and Organizations
- Ensuring customer satisfaction and transaction security
- Being able to carry out the necessary work by our relevant business units and execute the related business processes in order to carry out the commercial activities performed
- Being able to plan and implement commercial and/or business strategies, and carry out finance and accounting tasks
- Ensuring your physical and mental safety (e.g., ensuring occupational health and safety), the safety of our company, and taking the necessary administrative and technical measures in this regard
- Ensuring the legal, technical, and commercial security of individuals associated with companies with which we enter into any kind of business relationship
- Verifying your identity information and documents when necessary; taking necessary actions to prevent fraud, loss, and deception
- To be able to store your information that must be retained in accordance with relevant legislation; to be able to copy and back up your information to prevent information loss; to be able to ensure the consistency of your information; to be able to take the necessary technical and administrative measures for the security of your information
- To fulfill our legal obligations required or mandated by regulatory and supervisory authorities, to conduct legal proceedings and legal processes
Employee candidate;
| Data Categories | Examples of Data Types Processed in This Category |
|---|---|
| Identity Data | Your first name, last name, date of birth, place of birth, gender, marital status etc. |
| Contact Data | Your phone number, your full address, your email address etc. |
| Personnel Data | Your CV's, military status information etc. |
| Professional Experience Data | Information about your work experience, educational background, diplomas, certificates, training received, skills, driver's license information etc. |
| Physical Location Security Data | Your security camera footage if you visit our company buildings |
| Transaction Security Data | Your IP address information, your website login and logout information, your password and passcode information, etc. |
| Visual and Audio Recordings | Visual and audio recordings you share with our company |
| Health Data | Your chronic illness and disability status information |
your personal data may be processed for the following purposes.
- Conducting Employee Candidate / Intern / Student Selection and Placement Processes
- Conducting the Application Process for Job Candidates
- Conducting Communication Activities
- Planning of Human Resources Processes
- Monitoring and Execution of Legal Affairs
- Conducting Activities in Compliance with Legislation
- Ensuring Physical Location Security
- Conducting Storage and Archiving Activities
Visitors;
| Data Categories | Examples of Data Types Processed in This Category |
|---|---|
| Identity Data | Your name and surname |
| Contact Data | Your phone number and email address, if you share them with our company |
| Physical Location Security Data | Your security camera recordings if you visit our company addresses, Your vehicle's license plate information etc. |
your personal data may be processed for the following purposes.
- Management of Emergency Situations
- Conducting Activities in Compliance with Legislation
- Ensuring Physical Premises Security
- Conducting Communication Activities
- Conducting/Monitoring Business Activities
- Conducting Storage and Archiving Activities
- Ensuring the Security of Data Controller Operations
- Providing Information to Authorized Persons, Institutions, and Organizations
- Creating and Tracking Visitor Records
For Online Visitors;
| Data Categories | Examples of Data Types Processed in This Category |
|---|---|
| Identity Data | Your name and surname if you submit a comment via the "Contact Us" button |
| Contact Data | Your e-mail address shared via the "Contact Us" button if you submit a comment |
| Marketing Data | Purchase history information, surveys, cookie records, information obtained through campaign activities, etc. |
your personal data may be processed for the following purposes.
- Management of Emergency Situations
- Conducting Activities in Compliance with Legislation
- Management of Company/Product/Service Loyalty Processes
- Conducting Communication Activities
- Management of Customer Relationship Processes
- Conducting Storage and Archiving Activities
- Tracking Requests/Complaints
- Ensuring the Security of Data Controller Operations
- Providing Information to Authorized Persons, Institutions, and Organizations
- Creating and Tracking Visitor Records
Customers;
The authorized representatives and/or employees of our individual customers or corporate customers;
Müzekart: Türkiye'nin Müzeleri mobile app users;
| Data Categories | Examples of Data Types Processed in This Category |
|---|---|
| Identity Data | Your name and surname, Your Turkish ID number, date of birth, passport details, and the name and surname of the gift card recipient when purchasing a Gift Mobile Museum Card. |
| Contact Data | Your phone number, mailing address, email address, and the email address of the gift card recipient if purchasing a Gift Mobile Museum Card |
| Legal Transaction Data | Your information in correspondence with judicial authorities, Your information in the case file |
| Customer Transaction Data | Call center records, Invoice, promissory note, check information, Information on cashier receipts, Order information, Request information, etc. |
| Visual and Audio Recordings | Visual and audio recordings you share via MüzeKart |
| Profile Account Data | Login ID, password, other security codes and your profile photos if you upload photos to the profile account you created on the mobile app. |
| Marketing Data | Purchase history information, surveys, cookie records, information obtained through campaign activities, etc. |
| Location | Your location information, if you grant permission via the MüzeKart mobile app and your entry and exit information for the museums and historical sites you visited |
https://muze.gov.tr/ web site users;
| Data Categories | Examples of Data Types Processed in This Category |
|---|---|
| Identity Data | Your name and surname, Your Turkish ID number, date of birth, passport details, and the name and surname of the gift card recipient when purchasing a Gift Mobile Museum Card. |
| Contact Data | Your phone number, mailing address, email address, and the email address of the gift card recipient if purchasing a Gift Mobile Museum Card |
| Legal Transaction Data | Your information in correspondence with judicial authorities, Your information in the case file |
| Customer Transaction Data | Call center records, Invoice, promissory note, check information, Information on cashier receipts, Order information, Request information, etc. |
| Profile Account Data | Login ID, password, other security codes and your profile photos if you upload photos to the profile account you created on the website |
| Marketing Data | Purchase history information, surveys, cookie records, information obtained through campaign activities, etc. |
| Location | Your location information, if you grant permission via the https://muze.gov.tr/ website and your entry and exit information for the museums and historical sites you visited |
Museum Ticket Office users;
| Data Categories | Examples of Data Types Processed in This Category |
|---|---|
| Identity Data | Your name and surname, Your Turkish ID number, date of birth, gender, passport information, photocopy of your ID card |
| Contact Data | Your phone number, address, email address |
| Legal Transaction Data | Your information in correspondence with judicial authorities, Your information in the case file |
| Customer Transaction Data | Call center records, Invoice, promissory note, check information, Information on cashier receipts, Order information, Request information, etc. |
| Photograph | Photos on your ID and professional cards, and photos you shared |
| Information, Documents, and Card Data Showing Your Educational Status | In order to issue Müzekart İndirimli or Müzekart Akademi in your name and to benefit from the opportunities offered by these cards, your diplomas and documents obtained from the relevant institutions are required. |
| Professional Experience Data | In order to issue Müzekart İndirimli or Müzekart Akademi in your name and to benefit from the opportunities offered by these cards, documents obtained from the relevant authorities |
| Health Data | In order to issue Müzekart Engelsiz in your name and to benefit from the opportunities offered by these card report containing your invisible disabilities |
| Location | Your location information, entry and exit information for the museums and historical sites you visited |
Agents;
| Data Categories | Examples of Data Types Processed in This Category |
|---|---|
| Identity Data | Agent Name, Surname, Turkish ID Number; User Name, Surname; Accounting Officer Name, Surname; Identity Information Contained in Signature Circulations |
| Contact Data | Agent phone number, email address; User phone number, email address; Accounting Officer phone number, email address |
| Signature Circular | Personal data contained in the signature circulars you have submitted |
| Bank Account Information | Bank details including the IBAN number, account number, branch, and bank name belonging to the individual whose information is being shared |
For Our Supplier Representatives and Supplier Employees;
| Data Categories | Examples of Data Types Processed in This Category |
|---|---|
| Identity Data | Your name, surname, Turkish ID Number |
| Contact Data | Your phone number, full address, e-mail address |
| Physical Location Security Data | Your security camera recordings if you visit our company addresses, Your vehicle's license plate information etc. |
| Legal Transaction Data | Information in correspondence with judicial authorities, information in case files, etc. |
| Professional Experience Data | Information about your work experience, educational status, diplomas, etc. |
| Visual and Audio Recordings | Visual and audio recordings you share with our company |
| Transaction Security Data | Your IP address information, your website login and logout information, your password and passcode information, etc. |
What Are the Collection Methods for Your Personal Data?
Your personal data specified in the categories above;
- Through physical means such as contracts,
- Through information systems and electronic devices (e.g., telecommunications infrastructure, computers, and phones),
- Servers,
- Our website,
- Through other documents declared by the data subject
are collected through automated or non-automated means.
What Is the Legal Basis for the Collection of Your Personal Data?
Your personal data is processed by SICPA TURKEY Ürün Güvenliği Sanayi ve Ticaret Anonim Şirketi based on the legal grounds listed below and stipulated in Article 5-6 of KVKK for the realization of the purposes explained above:
- It is expressly provided for by the laws.
- It is necessary for compliance with a legal obligation to which the data controller is subject.
- Processing of personal data of the parties of a contract is necessary, provided that it is directly related to the establishment or performance of the contract.
- Data processing is necessary for the establishment, exercise or protection of any right.
- Processing of data is necessary for the legitimate interests pursued by the data controller, provided that this processing shall not violate the fundamental rights and freedoms of the data subject
- Personal data have been made public by the data subject himself/herself.
- Data subject has given his/her explicit consent.
Do We Transfer Your Personal Data to Third Parties?
For Employees;
- To natural persons or private law legal entities (to organizations from which we receive legal and financial advisory services),
- To our shareholders,
- To our subsidiaries and affiliates
- To the banks, consulting firms, and insurance companies with which our company has agreements
- To authorized public institutions and organizations
- Republic of Türkiye Ministry of Culture and Tourism
- To law enforcement and judicial authorities within the scope of the purposes specified above and upon request as required by the relevant legislation.
For Employee candidate;
Your personal data may be transferred to judicial authorities or relevant law enforcement agencies in the event of legal disputes or upon request in accordance with applicable legislation.
For Visitors:
Your personal data may be transferred to judicial authorities or relevant law enforcement agencies in the event of legal disputes or upon request in accordance with applicable legislation.
For Online Visitors:
Your personal data may be transferred to judicial authorities or relevant law enforcement agencies in the event of legal disputes or upon request in accordance with applicable legislation.
For Customers:
- To natural persons or private law legal entities (to organizations from which we receive legal and financial advisory services),
- To our shareholders,
- To our subsidiaries and affiliates
- To the banks, consulting firms, and insurance companies with which our company has agreements
- To authorized public institutions and organizations
- Republic of Türkiye Ministry of Culture and Tourism
- To law enforcement and judicial authorities within the scope of the purposes specified above and upon request as required by the relevant legislation.
- To our suppliers
For Our Supplier Representatives and Supplier Employees:
- To natural persons or private law legal entities (to organizations from which we receive legal and financial advisory services),
- To our shareholders,
- To our subsidiaries and affiliates
- To the banks, consulting firms, and insurance companies with which our company has agreements
- To authorized public institutions and organizations
- Republic of Türkiye Ministry of Culture and Tourism
- To law enforcement and judicial authorities within the scope of the purposes specified above and upon request as required by the relevant legislation.
- To our suppliers
Do We Transfer Your Personal Data Abroad?
Our company's backup servers are provided by a service provider located abroad, and certain personal data processed by our company, including identity, communication, personnel, legal transactions, customer transactions, transaction security, professional experience, marketing, and visual and audio recordings, are backed up by this service provider. Although no special category personal data is transferred abroad, the relevant legislation is complied with regarding the personal data transferred, and legal protocols are established with the service provider regarding the transfer and storage of personal data.
How Can You Exercise Your Rights Regarding Your Personal Data?
You may submit your requests within the scope of Article 11 of KVKK, which regulates the rights of the data subject, to us through the "Data Controller Application Form" prepared for your convenience in accordance with the Communiqué on the Procedures and Principles of Application to the Data Controller.
An application form you can use has been published on our website. You can access the relevant form by clicking here.
Data Controller: SICPA TURKEY Ürün Güvenliği Sanayi ve Ticaret Anonim Şirketi
Address: Burhaniye Mah. Kanuni Sultan Süleyman Sk. Mabeyın Konakları Sitesi D No: 4D İç Kapı No: 1 Üsküdar / İstanbul
E-mail: kvkk@sicpa.com.tr
Kep address: sicpaturkey@hs02.kep.tr