Skip to content Skip to footer
Facebook Instagram
Buy A Ticket
Buy A Ticket
Close

KVKK POLICY

Policy, Scope and Purpose

The Board of Directors and management are committed to adhering to the principles and rules established by the Constitution of the Republic of Turkey, the Personal Data Protection Law No. 6698 (KVKK), and other relevant legislation regarding the protection of personal data. They also pledge to safeguard the rights and freedoms of individuals whose data is processed by Artı Fuarcılık. To this end, the Board of Directors has adopted a written personal data protection policy and system to be implemented and continually improved.

Scope

The provisions of this policy cover all information systems, sub-data, contracts, environments, and physical areas involved in the processes of personal data processing within the scope of Artı Fuarcılık’s activities and fields of operation, as well as the systems and arrangements developed for these purposes. This policy applies to all units of Artı Fuarcılık, personnel of support service providers, visitors, third parties, interns, and contracted staff.

Objectives of the Personal Data Protection Policy and System

The purpose of the Personal Data Protection Policy and System is to establish and implement Artı Fuarcılık's own standards for personal data management; to define and support organizational objectives and obligations; to establish control mechanisms aligned with Artı Fuarcılık’s acceptable risk level; to fulfill its obligations under international agreements, the Constitution, laws, contracts, and professional rules related to the protection of personal data; and to ensure the best possible protection of individuals' interests.

Artı Fuarcılık will comply with personal data protection legislation and data protection principles. The data protection principles adopted by Artı Fuarcılık include the following:

  • To process personal data only if it is clearly necessary for legitimate corporate purposes;
  • To process personal data on the minimum scale necessary for these purposes and not to process more data than necessary;
  • To provide clear information to individuals about who their personal data is used by and in what way;
  • To process only relevant and appropriate personal data;
  • To process personal data in accordance with fairness and law;
  • Artı keeping an inventory of the categories of personal data processed by Fuarcılık;
  • To keep the personal data accurate and updated when necessary;
  • To retain personal data only for as long as required by legal regulations, Artı Fuarcılık's legal obligations, or legitimate corporate interests;
  • To respect the rights of individuals regarding their personal data, including the right of access;
  • Keeping all personal data safe;
  • To transfer personal data abroad only if there is sufficient protection;
  • Applying the exceptions allowed under the legislation;
  • To establish and implement the personal data protection system for the implementation of the Policy;
  • To determine the internal and external stakeholders who are parties to the personal data protection system when necessary and to what extent they are involved in the personal data protection system of Artı Fuarcilik;
  • To determine the personnel/s who have special powers and responsibilities related to the personal data protection system.

Notifications

The disciplinary legislation of Artı Fuarcılık will be applied to all units of Artı Fuarcılık, support company personnel, trainees and contract personnel for any actions that violate this policy, and if this violation constitutes a crime or misdemeanor, the situation will be notified to the relevant authorities as soon as possible.

All solution partners with access to or potential access to personal data, as well as all third parties working with Artı Fuarcılık, are invited to read and comply with this policy. No third party may access personal data processed by Artı Fuarcılık without a written confidentiality agreement that includes obligations with data protection standards at least as strong as those of Artı Fuarcılık and grants Artı Fuarcılık the right to audit compliance with these obligations.

Definitions

Explicit Consent: Consent that is informed, specific to a particular subject, and freely expressed. Anonymization: The process of rendering personal data unidentifiable with any specific or identifiable individual, even when matched with other data. Data Subject: The individual whose personal data is processed. Personal Data: Any information relating to an identified or identifiable natural person. Special Categories of Personal Data (Sensitive Data): Data regarding an individual's race, ethnic origin, political opinions, philosophical beliefs, religion, sect or other beliefs, appearance, membership to associations, foundations, or trade unions, health, sexual life, criminal convictions, security measures, as well as biometric and genetic data. Processing of Personal Data: Any operation performed on personal data, whether wholly or partially by automated means or through non-automated means that are part of a data recording system, including but not limited to collection, recording, storage, retention, alteration, reorganization, disclosure, transfer, acquisition, accessibility, classification, or prevention of use. KVKK: The Personal Data Protection Law No. 6698. KVKK Board: The Personal Data Protection Board. KVKK Authority: The Personal Data Protection Authority. Data Processor: A natural or legal person who processes personal data on behalf of the data controller under their authorization. Data Recording System: A recording system where personal data is processed by structuring according to specific criteria. Data Controller: A natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system.

Duties And Responsibilities

Artı Fuarcılık is the data responsible in accordance with the KVKK.

Senior management, as well as those in managerial and supervisory positions, along with all personnel, are responsible for developing and promoting best practices in the processing of personal data within Artı Fuarcılık. They are also accountable for other related obligations specified in their individual job descriptions.

The KVK Committee was established as the unit responsible for managing the personal data protection system and ensuring and documenting compliance with the KVKK and other relevant legislation, and is responsible to the Board of Directors for these issues.

KVK Committee

KVK Committee members should have expertise and experience in personal data protection legislation and practices by the board of directors
he is appointed with consideration and submits a report directly to the Board of Directors.

Duties and Responsibilities of the KVK Committee

  • The Committee should inform the Board of Directors about the legislation on the Protection of Personal Data and developments.
  • The committee is responsible for ensuring that the policies and procedures of Artı Fuarcılık are up-to-date, that data processing audits are conducted in accordance with the planned schedule, and that these processes comply with the relevant regulations.
  • The Committee acts together with all relevant personnel on personal data protection issues.
  • The main duties and responsibilities of the Committee are as follows:
  • To provide information and advice to Artı Fuarcılık, its relevant partners, and support service providers regarding personal data protection legislation and compliance.
  • In addition, to provide information and advice to the exhibition staff about the obligations they have in accordance with the personal data protection legislation.
  • To monitor the compliance of Artı Fuarcılık's data processing activities with personal data protection legislation.
  • To contribute to the development and maintenance of Artı Fuarcılık's personal data protection policy and related procedures and processes.
  • To assign responsibilities within Artı Fuarcılık in the context of compliance with personal data protection legislation.
  • To ensure that the necessary training and awareness is provided for all personnel involved in the personal data processing processes.
  • To observe the compliance with the personal data protection legislation by conducting regular audits and to report to the Board of Directors.
  • To act in cooperation and liaison with the KVK Board.
  • To determine the responsible persons who will function as the contact point and representative of Artı Fuarcılık before the KVK Board.
  • To develop a formal procedure for reporting incidents and investigations of personal data breaches to the Board.
  • To contribute to the business continuity plan process.
  • To provide information and advice on the storage of corporate records.
  • Artı Fuarcılık ensures the scale at which personal data is collected, stored, and utilized within its structure, as well as the conditions under which such data is retained in compliance with the relevant regulations.
  • To carry out inspections and evaluations regarding the suitability, reasonableness, security practices and other controls that may be necessary for the protection of personal data.
  • To determine and implement controls aimed at ensuring the confidentiality, integrity and accessibility of personal data, to propose additional controls that may be necessary.
  • In addition, to submit to the agenda of the Board of Directors the issues that pose a potential risk in terms of personal data and related proposals within Fuarcılık.
  • The Personal Data Protection (KVK) Committee holds the authority to audit all systems related to the collection, processing, and storage of personal data within Artı Fuarcılık. While performing its duties, the KVK Committee may request cooperation from all personnel, including access to systems and records. In cases where such cooperation is not provided, the Committee reports the situation to the Board of Directors.
  • All personnel processing personal data at Artı Fuarcılık are responsible for complying with the Personal Data Protection legislation.
  • The Human Resources unit is responsible for carrying out the necessary notifications and trainings in order for all personnel to know their responsibilities in the field of personal data protection and to have the necessary awareness.
  • Artı Fuarcılık personnel are responsible for ensuring the accuracy and currency of all personal data provided by them or related to them to Artı Fuarcılık.

Data Protection Principles

All personal data processing activities must be conducted in compliance with the following data protection principles. Artı Fuarcılık's policies and procedures are designed to ensure adherence to these principles:

  • Do not comply with the rules of law and honesty.
  • Do not be accurate and up-to-date when necessary.
  • Processing for specific, explicit and legitimate purposes.
  • Being connected, limited and restrained with the purpose for which they are processed.
  • To be kept for the period stipulated in the relevant legislation or necessary for the purpose for which they are processed.
  • Personal data is processed in a transparent manner in accordance with the law and the rule of honesty.

In this regard, Artı Fuarcılık includes privacy notices/disclosure statements in its data collection channels and relevant areas concerning personal data processing activities. The locations where these notices, containing clear and comprehensible information about whose data is processed, what data is processed, and for what purposes, will be displayed and published are determined. These notices include the following points:

The identity and contact information of Artı Fuarcılık as the data controller,

  • Types of personal data processed,
  • Purposes of processing of personal data,
  • The prescribed storage period of personal data,
  • Rights of the data owner,
  • Third parties with whom the data may be shared.
  • Personal data may be processed only for specific, clear and legitimate purposes.

The reasons / purposes for processing personal data are determined in the personal data inventory, and personal data cannot be used outside of the specified purpose without another legal justification or the explicit consent of the data owner.

If circumstances arise requiring the use of personal data for purposes other than those specified in the personal data inventory, the relevant personnel/unit must inform the KVK Committee. The KVK Committee evaluates the appropriateness of the new purpose and ensures that the data subject is informed about the new purpose and the new data processing activity, if necessary.

Personal data must be appropriate and relevant, processed to a limited extent for the purpose.

  • Artı Fuarcılık is responsible for ensuring that personal data not explicitly necessary for the purpose of processing is neither collected nor processed.
  • Artı Fuarcılık periodically reviews the personal data inventory to ensure that the processed data is appropriate and relevant.
  • Artı Fuarcılık conducts or commissions annual internal and/or external audits to ensure that all data processing methods are appropriate and relevant.
  • Artı Fuarcılık is responsible for halting the processing activities of personal data deemed inappropriate, irrelevant, or excessive in relation to the purpose of processing, and for securely disposing of the processed data in accordance with its storage and destruction procedures.

Personal data must be accurate and up-to-date.

  • The accuracy and timeliness of the data stored for a long time should be reviewed.
  • The manager of the Human Resources department is responsible for training all personnel on the correct and up-to-date collection and retention of personal data.
  • The accuracy and timeliness of the data held about the personnel are the responsibility of the personnel concerned.
  • Employees, customers, and other relevant individuals must notify Artı Fuarcılık to update the processed personal data. Upon such notification, it is the responsibility of the relevant department to correct and update the record in question.
  • The KVK Committee may instruct the relevant unit to review the accuracy or timeliness of certain data through the data inventory, the evaluation it will make on the type, storage period and quantity of the processed data, as well as to review the accuracy or timeliness of certain data.

Personal data should be processed only if it is necessary for the purpose of data processing.

Back-up of personal data, etc. in case of storage beyond the required period due to requirements, personal data should be encrypted or anonymized/masked in order to protect the status and freedoms of individuals in cases of data security vulnerability.

For the processing of personal data after the periods determined in accordance with the Storage and Destruction Policy, it depends on the written approval of the KVK Committee.

Rights of Data Owners

  • Data subjects have the following rights regarding the data processing activities and records held by Artı Fuarcılık:
  • To learn whether his/her personal data has been processed or not,
  • If personal data has been processed, requesting information about it,
  • To learn the purpose of processing personal data and whether they are used in accordance with their purpose,
  • To know the third parties to whom personal data are transferred at home or abroad,
  • To request correction of personal data in case of incomplete or incorrect processing of personal data,
  • Requesting the deletion or destruction of personal data for which there is no legal justification or basis for processing in accordance with the KVKK or this policy,
  • To request that the corrections or deletions made upon request be notified to the third parties to whom the personal data are transferred,
  • İşlenen verilerin münhasıran otomatik sistemler vasıtasıyla analiz edilmesi suretiyle kişinin kendisi aleyhine bir sonucun ortaya çıkmasına itiraz etme,
  • To request compensation of the damage in case of damage due to unlawful processing of personal data.
  • Data owners may request to access their personal data and exercise the rights listed above. The process of responding to these requests is completed within 30 days. The processes related to the receipt, transmission and conclusion of requests are carried out in accordance with the Request Management Procedure.
  • Data owners' demands “info@artifuar.com ” they can forward it via the e-mail address registered to the address.
  • Artı Fuarcılık is responsible for ensuring that all personnel, regardless of their job description, guide data subjects accurately on the correct application method for data access requests directed to them. Artı Fuarcılık personnel must be informed and trained on how to handle requests from data subjects.
  •  

Obtaining Explicit Consent

Artı Fuarcılık considers explicit consent as the consent provided by the data subject regarding specific data processing activities, based on being informed and given freely, through a written/oral statement or a clear affirmative action indicating their willingness for their data to be processed. For sensitive data, explicit consent must be obtained in writing. Explicit consent can be withdrawn by the data subject at any time.

Explicit consent can be obtained by having the explicit consent form template signed by the data subject or by including the elements contained in this template in the contract or electronic form to be made with the data subject. Explicit consent is obtained through the relevant contract or forms in terms of routinely processed personal data related to employees, staff candidates and customers.

If the data processing activity based on explicit consent is to be continuous or repeated, a list of persons whose explicit consent has been obtained is kept as a single list by the relevant unit.  The timeliness and accuracy of this list are the responsibility of the relevant department. The explicit consent forms or other relevant means of proof regarding the data processing activity based on explicit consent are stored by the relevant unit.

Data Security

All personnel are obliged to ensure that the personal data processed by Artı Fuarcılık and which are under their responsibility are kept securely.

Access to personal data must be restricted to those who need it. The security of personal data is ensured in accordance with Artı Fuarcılık’s Data Protection Policy and related documents.

Personal data security incidents are reported by Artı Fuarcılık to the Data Protection Authority and the relevant individual as soon as possible.

Data Sharing

  • Personal data can only be shared with third parties in accordance with the law and fairness. Accordingly, it is required to have one of the following conditions in order for personal data to be shared:
  • The explicit consent of the data owner has been obtained.
  • To be clearly stipulated in the laws.
  • The fact that a person who is unable to disclose his consent due to an actual impossibility in the laws or whose consent is not granted legal validity is mandatory for the protection of the life or body integrity of himself or someone else. foresight.
  • Artı, it is necessary to process personal data belonging to the parties to the contract, provided that it is directly related to the establishment or performance of a contract to which it is or will be a party.
  • "It is mandatory for Artı Fuarcılık to fulfill its legal obligations."
  • The fact that the relevant person has been publicly identified by himself.
  • The processing of data is mandatory for the establishment, exercise, or protection of Artı Fuarcılık's rights.
  • "The processing of data is mandatory for Artı Fuarcılık's legitimate interests, provided it does not harm the fundamental rights and freedoms of the data subject."
  • "Personal data may only be transferred abroad if the above conditions are met, adequate protection is ensured in the destination country, and the explicit consent of the data subject is obtained for this transfer."
  • "The list of countries with adequate protection determined by the KVK Board is taken into consideration when transferring personal data abroad."
    "In cases where personal data is to be transferred abroad, the necessary permissions and notifications are ensured in accordance with the KVKK and relevant legislation before the KVK Board."
  • In the absence of a legal basis or legal obligation, if there is a regular data-sharing relationship, a KVKK Commitment is established with the relevant party to define the terms of data sharing. The KVKK Commitment includes, at a minimum, the following:
  • The purpose or purposes of the sharing;
  • Potential third party buyers or the type of buyer and the conditions of the right of access;
  • What are the categories of data to be shared (this should be kept at the minimum level necessary for your purposes);
  • General principles regarding the processing of data;
  • Data security measures;
  • Duration of retention of shared data;
  • Rights of the data owner, access requests, procedures for responding to applications and complaints;
  • Review of the termination of the effective date of the sharing agreement and
  • Liability and sanctions for non-compliance with the contract or individual violation of the staff.
  • The Purposes of Personal Data Processing, Data Subjects, Personal Data Categories, and Categories of Shared Parties Within the Scope of Personal Data Processing Activities Conducted by Artı Fuarcılık

Purposes of Personal Data Processing

  • The purposes of data processing within the scope of personal data processing activities conducted by Artı Fuarcılık under the Data Controllers Registry Information System are as follows:
  • Execution of Emergency Management Processes
  • Execution of Information Security Processes
  • Execution of Application Processes of Employee Candidates
  • Fulfillment of Obligations Arising from Employment Contracts and Legislation for Employees
  • Execution of Employee Satisfaction and Loyalty Processes
  • Fulfillment of Obligations Arising from Employment Contracts and Legislation for Employees
  • Execution of Ancillary Rights and Benefits Processes for Employees
  • Execution of Audit / Ethics Activities
  • Execution of Educational Activities
  • Execution of Access Authorizations
  • Conducting Activities in Accordance with the Legislation
  • Execution of Finance And Accounting Works
  • Ensuring the Security of Physical Space Jul.
  • Execution of Loyalty Processes to Companies / Products / Services
  • Execution of Assignment Processes
  • Monitoring and Execution of Legal Affairs
  • Execution of Communication Activities
  • Planning of Human Resources Processes
  • Execution / Supervision of Business Activities
  • Execution of Occupational Health / Safety Activities
  • Ensuring Business Continuity Conducting Activities
  • Execution of the Purchase Processes of Goods / Services
  • Goods / Services Execution of After-sales Support Services
  • Execution of Goods / Service Sales Processes
  • Execution of Customer Relationship Management Processes
  • Conducting Activities Aimed at Customer Satisfaction
  • Organization and Event Management
  • Execution of Marketing Analysis Studies
  • Execution of Performance Evaluation Processes
  • Execution of Advertising / Campaign / Promotion Processes
  • Execution of Risk Management Processes
  • Execution of Contract Processes
  • Ensuring the Security of Movable Property and Resources Jul.
  • Tracking of Requests / Complaints
  • Execution of Supply Chain Management Processes
  • Execution of the Wage Policy
  • Providing Information to Authorized Persons, Institutions and Organizations
  • Execution of Management Activities
  • Creation and Tracking of Visitor Records

Personal Data Owners

PERSONAL DATA OWNER CATEGORY

explanation

Employee Candidate

Individuals who have applied for a job at Artı Fuarcılık through any means or have made their resumes and related information available for review by Artı Fuarcılık.

Employee

Employees whose personal data is processed within the framework of activities conducted by Artı Fuarcılık, such as events, employee satisfaction, human resources, audits, information technology security and infrastructure, legal compliance, and similar operations.

Supplier Employee

Employees of parties providing contract-based services to Artı Fuarcılık while conducting its commercial activities in accordance with the instructions and directives of Artı Fuarcılık..

Supplier Authority

Authorized representatives of parties providing contract-based services to Artı Fuarcılık while conducting its commercial activities in accordance with the instructions and directives of Artı Fuarcılık.

Customer (The Person Receiving the Product or Service)

Individuals whose personal data is obtained through business relationships within the scope of operations conducted by Artı Fuarcılık’s business units, regardless of whether they have a contractual relationship with Artı Fuarcılık.

Parent, Guardian, Representative

Individuals whose personal data is processed within the scope of Artı Fuarcılık. elde edilen velivasi ya da temsilci sıfatındaki kişiler.

Visitors

Individuals who have entered Artı Fuarcılık's physical premises for various purposes or visited our websites.

The Other( Speaker ) 

Individuals who attend fairs organized by Artı Fuarcılık to deliver speeches.

 

Categories of Personal Data

 

CATEGORIES OF PERSONAL DATA

explanation

Identification Information

These are data containing information about a person's identity, such as name-surname, Turkish ID number, nationality, place of birth, date of birth, gender, workplace information, registration number, tax number, title, biography, and documents like a driver's license, professional ID, identity card, and passport.

Contact Information

Phone number, address, e-mail address, fax number, etc. informations

Transaction Security Information

Personal data processed to ensure our technical, administrative, legal, and commercial security during the conduct of our activities (e.g., log records, IP information, authentication details).

Customer Transaction Information

Call center records, invoice details, promissory note and check information, information on teller receipts, order details, and request information.

Personal Information

Employee payroll information, disciplinary investigation records, employment entry-exit documents, asset declaration details, resume information, and performance evaluation reports.

Employee Candidate Information

Information that may be included in the employee candidate's resume

Location 

Location information of the place where it is located, etc.

Legal Process Information

Personal data processed for the determination and enforcement of our legal claims and rights, the fulfillment of our obligations, and compliance with our legal responsibilities and company policies.

Financial Information

Personal data processed in relation to any information, documents, and records showing all financial outcomes created based on the type of legal relationship established with the personal data owner by Artı Fuarcılık, including data such as bank account numbers, IBAN numbers, income details, and debt/receivable information.

risk management

Information processed for the management of commercial, technical, administrative risks, etc.

Physical Space Security Information

Personal data related to records and documents obtained during entry to physical premises and while staying within the premises, such as camera recordings, vehicle information records, and records collected at security checkpoints, etc.

Professional Experience

Information such as diploma information, courses taken, vocational training information, certificates, transcript information

Visual and Auditory Data

Photographs and camera recordings (excluding those covered under Physical Space Security Information) and audio recordings.

Health Information

Information about the disability status, blood type information, personal health information, device and prosthesis information used, etc.

Criminal Conviction and Security Measures

Information about criminal convictions, information about security measures

Association Membership 

Association Membership

Philosophical Belief, Religion, Sect and Other Beliefs

Information about their other beliefs, Information about their religious affiliation, Information about their philosophical beliefs, Information about their denominational affiliation v.b.

 

Shared Party Categories

 

SHARED PARTY CATEGORY

DEFINITION

THE PURPOSE OF SHARING

Natural persons or legal entities of private law

Private legal persons authorized to receive information and documents from the Company in accordance with the provisions of the relevant legislation

Limited to the purpose requested by the relevant private legal persons within the scope of their legal authority

Open To Everyone

All natural and legal persons

artı limited for the purpose of being publicly shared by Fuarcılık

Business Partners

Parties with whom Artı Fuarcılık establishes partnerships for purposes such as conducting its commercial activities.

Limited to ensuring the fulfillment of the purposes for which the partnership is established.

Suppliers

Parties providing services to Artı Fuarcılık on a contractual basis and in accordance with Artı Fuarcılık's directives and instructions within the scope of conducting its commercial activities.

Limited to ensuring the provision of outsourced services obtained from the supplier that are necessary for the Company to carry out its commercial activities.

Affiliates and Subsidiaries 

Companies in which the Company is a shareholder

Limited to ensuring the conduct of the Company's commercial activities that require the participation of its subsidiaries.

Suppliers 

Parties providing services to Artı Fuarcılık on a contractual basis and in accordance with Artı Fuarcılık's directives and instructions within the scope of conducting its commercial activities.

Limited to ensuring the provision of outsourced services obtained from the supplier that are necessary for the Company to carry out its commercial activities.

Community Companies

artı all the companies that make up Fuarcilik

Limited to the planning of the Company's strategies related to its commercial activities and the continuation of its activities, as well as for purposes such as auditing

Authorized Public Institutions and Organizations

Public institutions and organizations authorized to receive information and documents of the Company in accordance with the provisions of the relevant legislation

Limited to the purposes requested by the relevant public institutions and organizations within the scope of their legal authority

 

Management of Records

Personal data may not be stored for longer than the period necessary for the purposes of processing. The classification of the records containing personal data and the storage periods related to them are determined in accordance with the Storage and Destruction Policy.

Personal data that has expired for the purposes of processing or upon the justified request of the data owner, are anonymized or deleted or destroyed in such a way that the real person holding the data cannot be identified and in accordance with the Storage and Destruction Policy.

Document Ownership and Approval

The owner of this document is the KVK Committee and is responsible for regularly reviewing this policy in accordance with the above-mentioned review requirements.

The current version of this document has been made accessible to all Artı Fuarcılık personnel through shared platforms and published on the company’s website.