Product/Service Users Information Notice

Product/Service Users Information Notice

1. PURPOSE

In accordance with Article 10 of the Law on the Protection of Personal Data No. 6698 (“KVKK”), BİLETİNİAL TICKET PRINTING AND DISTRIBUTION INC. (“Data Controller”, “Company”) has the obligation to inform data subjects about the processing of their personal data, transfer to third parties, collection methods, legal reasons, and the rights listed in Article 11 of the KVKK.

2. SCOPE

This Product/Service Users Information Notice (“Information Notice”) covers the information provided to individuals regarding the processing of their personal data.

3. DEFINITIONS AND GENERAL INFORMATION

KVKK refers to the Law on the Protection of Personal Data No. 6698.

Personal data refers to any information relating to an identified or identifiable natural person. This includes all information that identifies a person, such as name, surname, phone number, and email address.

The processing of personal data refers to any operation performed on personal data, whether by automated means or not, including collection, recording, storage, preservation, modification, restructuring, disclosure, transfer, acquisition, access, classification, or blocking of use. For example, processing your information during ticket purchase, return, cancellation, modification, canteen purchases, etc., is considered data processing.

The Data Controller refers to the real or legal person who determines the purposes and means of processing personal data and is responsible for establishing and managing the data recording system. Our Company is registered in the Data Controllers’ Registry Information System under the name “BİLETİNİAL TICKET PRINTING AND DISTRIBUTION INC.”

The Data Subject refers to the natural person whose personal data is processed.

Processing personal data without the explicit consent of the Data Subject is prohibited (“Art. 5/1”). However, explicit consent of the Data Subject is not required in the following cases: where it is explicitly provided for by law (“Art. 5/2-a”), when the Data Subject is unable to give consent due to physical impossibility or when consent is not legally recognized, and processing is necessary to protect the life or physical integrity of the Data Subject or another person (“Art. 5/2-b”), when it is directly related to the establishment or performance of a contract and necessary for the processing of personal data of the contract parties (“Art. 5/2-c”), when necessary for the Data Controller to fulfill its legal obligations (“Art. 5/2-ç”), when it is necessary for the establishment, exercise, or protection of a right (“Art. 5/2-e”), or when processing is necessary for the legitimate interests of the Data Controller, provided that it does not harm the Data Subject’s fundamental rights and freedoms (“Art. 5/2-f”).

Processing special categories of personal data without the explicit consent of the Data Subject is also prohibited (“Art. 6/2”). However, personal data other than health and sexual life can be processed without explicit consent in cases provided by law. Personal data related to health and sexual life can only be processed without the explicit consent of the Data Subject by persons or institutions bound by confidentiality obligations, or authorized institutions, for the purpose of protecting public health, preventive medicine, medical diagnosis, treatment and care services, and planning and management of health services and financing (“Art. 6/3”).

Therefore, in the presence of legal grounds for data processing (e.g., Art. 5/2 and Art. 6/3), processing of personal data is not subject to the explicit consent of the Data Subject.

4. INFORMATION NOTICE

4.1. Notification: The Information Notice will inform you about: a) the purposes of processing your data, b) to whom and for what purposes your data may be transferred, c) the method of collection and legal basis. Additionally, your rights under KVKK and our Company’s contact information will be provided.

4.2. What Personal Data is Processed by Our Company?

4.3. How Are Personal Data Processed by Process?

4.3.1. Ticket Transactions

In ticket (purchase, refund, cancellation, modification) transactions, the name, surname, email address, phone number, event information, payment, and masked credit card information of the service user are recorded under KVKK Article 5/2-c, ç, and e for purposes such as organization and event management, ensuring compliance with regulations, financial and accounting operations, communication activities, business operations/monitoring, ensuring business continuity, conducting sales processes, production and operation processes, customer relationship management, storage and archiving, contract management, implementation of fee policies, and informing authorized persons, institutions, or organizations. This information is obtained digitally or verbally from the ticket purchaser through box offices, our application, our website, or third-party services. In the case of discounted ticket transactions, in addition to the aforementioned information, the document providing the discount must be presented in a visual format under KVKK Article 5/2-e.

The communication details (phone number or email address) provided by the service user are recorded under KVKK Article 5/2-ç and f for purposes such as communication activities, information security, storage and archiving, and informing authorized persons, institutions, or organizations. Ticket information related to the event is sent to the provided communication channels upon ticket purchase. In this context, event and communication details are automatically sent via SMS or email to a third-party communication center upon ticket purchase for communication and event management purposes. Additionally, when communication details are provided, a verification code is sent to ensure information security, and this code is requested from the relevant person.

In the case of online ticket transactions (electronic or website), transaction security information (verification or security code, IP, device, username, password, and transaction movements) is processed under KVKK Article 5/2-ç and f for purposes such as ensuring information security.

Personal data such as name, surname, email address, phone number, and event details (seat number, PNR, event details) obtained during ticket transactions are shared with the organizer for event and organization management purposes.

4.3.2. Financial Transactions

As a result of ticket transactions, personal data such as the name, surname, event details, payment, masked credit card information, receipt/deposit/invoice details, and tax ID/T.C. ID number are retained under KVKK Article 5/2-a, ç, and e for purposes such as ensuring compliance with regulations, financial and accounting operations, informing authorized persons, institutions, or organizations, and storage and archiving.

Due to our tax obligations, basic identity, payment, receipt/deposit/invoice details, and tax ID/T.C. ID number are transferred to authorized public institutions or organizations (tax offices) for financial and accounting operations and information purposes.

In the case of online payments, basic identity, payment (credit card/account card, etc.) details are transferred to banks as private legal entities for financial and accounting operations and information purposes.

In the case of cancellations/refunds, basic identity, payment, receipt/deposit/invoice details, and tax ID/T.C. ID number are transferred to banks and authorized public institutions or organizations (tax offices) for financial and accounting operations and information purposes.

Basic identity, payment, receipt/deposit/invoice details, and tax ID/T.C. ID number are also shared with third parties who support financial and accounting operations.

4.3.3. Membership Transactions

In membership transactions, the name, surname, email address, phone number, verification code, city of residence, and password of the prospective member are processed under KVKK Article 5/1 (explicit consent) for purposes related to the management of membership processes for the company/product/service.

Additionally, email addresses and phone numbers provided during the membership process are processed under KVKK Article 5/2-ç and f for purposes such as information security and communication activities (sending verification codes). These details are also transferred to communication centers and email servers for communication activities.

Membership is entirely voluntary, and not becoming a member does not prevent access to all services provided by our company. However, being a member may provide advantages such as priority access to certain events.

4.3.4. Commercial Electronic Communication Transactions

In commercial electronic communication transactions, personal data such as name, surname, email address, phone number, commercial electronic communication preferences, and verification code are processed under KVKK Article 5/1 (explicit consent) for purposes such as managing advertisements, campaigns, promotions, or promotional processes.

Since obtaining communication information also requires its verification, a verification code or link will be sent to the provided email address or phone number to confirm and ensure the security of commercial electronic communications. If the provided email address's server is located abroad, personal data may be transferred internationally. If you do not consent to international data transfers, please ensure your email server is located in Turkey.

After providing your contact information, you can give your consent for commercial communications and electronic communications using the verification code received or by informing our staff. By consenting, you agree to receive marketing, campaign, promotional, and promotional SMS or emails. You can withdraw your consent at any time and without giving any reason, which will stop data processing subject to your consent.

Processed personal data are transferred to communication centers and email servers for business continuity. Preference information is recorded in the Communication Management System (IYS), and also transferred to IYS. Information may also be transferred to authorized public institutions or organizations (e.g., the Ministry of Trade, judiciary authorities, Personal Data Protection Authority) and legal representatives (lawyers, mediators) for legal obligations and dispute resolution.

4.3.5. Camera Recording Transactions

Security cameras are used to make video recordings in and around service areas. These recordings are processed under KVKK Article 5/2-ç, e, and f for purposes such as emergency management, physical security, legal proceedings, risk management, and ensuring the security of data controller operations. Recordings may be shared with third parties (law enforcement, judiciary authorities, legal representatives) upon request or in legal situations.

Additionally, camera recordings at our Torun Center location are shared with the property owner.

4.3.6. Communication / Request / Complaint Activities

Communication activities may serve multiple purposes, and personal data may vary based on the content of the communication. Generally, personal data such as name, surname, ID number, phone number, email address, address, document number, and content are processed under KVKK Article 5/2-a, ç, e, and f for purposes such as communication activities, information security, tracking requests/complaints, legal proceedings, risk management, informing authorized persons or institutions, business operations, and storage and archiving. In some cases, identity verification may be required (information security purposes).

Processed information may be obtained from the individual, institution resources, and external sources (guardian/representative, other private or public institutions, organizers) physically, digitally, or verbally. Depending on the type and reason for communication, processed information may be shared with third parties or relevant authorities for communication purposes, request/complaint resolution, legal compliance, and risk management.

Additionally, for business continuity and communication activities, data may be transferred to email servers.

4.3.7. Call Center Transactions

Calls made through our call center are digitally recorded for purposes such as monitoring legal proceedings, business operations, risk management, and customer relationship management under KVKK Article 5/2-e and f. If your call includes personal data such as name, surname, customer transaction information, or marketing information, such data will also be processed.

Recorded data may be transferred to authorized public institutions or organizations and legal representatives for legal proceedings and information purposes. In the event of a request or complaint, related information may be shared with relevant third parties as needed.

4.3.8. Data Processing Related to Cookies Through the Website

Information about cookies used on our website is detailed in the cookie clarification text available on the website.

4.3.9. Legal Proceedings

Personal data at our company may be processed under KVKK Article 5/2-a, ç, e, and f in situations such as legal disputes, third-party claims against the company or related parties, or defense and claims related to legal proceedings. This includes ensuring compliance with legal requirements, information transfer to authorized persons or institutions, and maintaining business continuity with legal professionals or software used in legal matters.

It should be noted that processing personal data by public institutions for national defense, national security, public safety, public order, or economic security under the law is fully exempt under KVKK Article 28/1. Additionally, processing personal data for preventing crimes or legal investigations, compliance with public institutions’ duties, or protecting state economic and financial interests is partially exempt under KVKK Article 28/2.

4.4. What Are the Rights of the Relevant Person? How Can These Rights Be Exercised?

The rights of the relevant person are listed in Article 11 of Law No. 6698. You can exercise these rights by applying to us in accordance with the Communiqué on the Principles and Procedures for Application to the Data Controller. Information about the application form is available in the “KVKK” section of our website.

4.5. Where Can I Get More Detailed Information About the Processing of Personal Data?

For more detailed information about the processing of personal data, the method outlined in section 4.4 should be followed. However, if the relevant person prefers verbal information, they can request verbal information from our company’s staff at the counter/box office.

4.6. Data Controller's Identity / Contact Information

Name: BİLETİNİAL BİLET BASIM VE DAĞITIM ANONİM ŞİRKETİ

Address: Üçevler Neighborhood, Ünseven Street, No: 4, Inner Door No: 5, Nilüfer / Bursa, Turkey