top of page
Event Photos logo

Personal Data Processing Policy

1. Purpose


Talya Software and Information Technology Joint Stock Company (Event Photos - https://www.theeventphotos.app/) is an artificial intelligence-powered initiative that allows participants to find and download their own photos from among all the photos taken by the event owner at mass events.


In this context, Event Photos does not enter into a direct contractual relationship with users; rather, it enters into a contractual relationship with the event owners and serves as a data processor.


Event Photos's mission is to provide a service that adheres to national and international standards and maintains full confidentiality. To achieve this mission, Event Photos has developed a "Personal Data Processing Policy" to ensure the security of all information assets produced and consumed in scientific and commercial studies, and to implement it within the framework of these principles.


To this end, all personal data processed and to be processed by Event Photos will be processed in accordance with the rules set forth in this policy, thus ensuring that Event Photos continues its operations in compliance with the Personal Data Protection Law (KVKK) and minimizing any potential risks. The purpose of this policy is to regulate the methods and principles to be followed to ensure the processing and protection of personal data in compliance with KVKK legislation.

2. Scope


Event Photos is aware of its responsibilities regarding the protection and legal safeguarding of personal data, which is a constitutional right, and attaches importance to the secure processing of all personal data processed by Event Photos.


The Personal Data Processing Policy will be applied to all processes in which Event Photos is involved as a data controller and/or data processor. Event Photos employees and officials, as well as trainers, consultants, service providers and their employees, contractual relationships, suppliers, and subcontractors with whom Event Photos shares common information, will be considered in the same context.


This policy, along with the relevant detailed policies and procedures and accompanying documents, is implemented by Event Photos in all activities related to the processing and protection of personal data.

 

3. Definitions


Explicit Consent: Consent for the processing of personal data, based on information, freely given, and given by the relevant person.


Customer: A natural or legal person who has a contractual relationship with Event Photos and uses the Event Photos software at their events.


User: A natural person who participates in an event and has their photos displayed using the Event Photos software.


Personal Data: Any information relating to an identified or identifiable natural person.
Anonymization, Deletion, and Destruction of Personal Data


Anonymization: The process of rendering personal data inaccessible and reusable to the relevant user in any way, even by matching it with other data.


Deletion: The process of rendering personal data inaccessible, irretrievable, and reusable by anyone.


Destruction: The process of rendering personal data inaccessible, irretrievable, and reusable by anyone in any way.
 

Processing of Personal Data: The collection of personal data, in whole or in part, by automatic means, or, provided that it is part of a data recording system, by non-automatic means. Any operation performed on data, such as recording, storing, preserving, changing, reorganizing, disclosing, transferring, transferring, making available, classifying, or preventing its use.

KVK Board: Personal Data Protection Board


KVK Institution: Personal Data Protection Institution


KVKK: Personal Data Protection Law No. 6698, published in the Official Gazette dated April 7, 2016 and numbered 29677.


Special Personal Data: Data related to an individual's race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, appearance and dress, membership in associations, foundations or unions, health, sexual life, criminal convictions and security measures, as well as biometric and genetic data.

Event Photos: The company acting as data controller and/or data processor, as specified above.


Data Processor: Natural and/or legal entities that process personal data belonging to individuals, outside the data controller's organization, in accordance with the authority and instructions received from the data controller.


Data Owner/Relevant Person: All natural persons whose personal data is processed by Event Photos.


Data Controller: The aforementioned data controllers who determine the purposes and means of processing personal data and are responsible for establishing and managing the data recording system.


Periodic Destruction: The process of deleting, destroying, or anonymizing personal data, which will be carried out ex officio at recurring intervals if all the processing conditions specified in the law cease to be met.

4. Application of the Policy


Event Photos has various policies, procedures, disciplinary regulations, and other texts primarily addressing information security and data protection related to specific functions and business activities.


This policy does not override the data protection provisions in Event Photos' various policies, procedures, and texts, which are in addition to the terms contained therein or at least provide for the protection of personal data to the same standards as this policy.
This policy overrides the relevant data protection provisions in Event Photos' various policies if they contain additional terms or demand higher standards for the protection of personal data.


Event Photos' other texts related to data processing and data security are as follows. The definitions and abbreviations in this Policy also apply to these documents and texts to the extent applicable.


Other Linked Documents
1. Personal Data Processing Policy
2. User Agreement and Disclosure Statement
3. Cookie Policy


Relevant legislation in force regarding the processing and protection of personal data shall prevail. In the event of a conflict between the provisions of the legislation and the policy, Event Photos agrees that the current legislation shall prevail.
The Policy is designed to regulate Event Photos's applications in accordance with the rules set forth by relevant legislation.


As the data controller and data processor, Event Photos is obligated to:

  • Prevent the unlawful processing of personal data,

  • Prevent the unlawful transfer of personal data,

  • Prevent unlawful access to personal data,

  • Ensure the security of personal data.

The main source of Event Photos' obligations regarding data protection is the KVKK legislation.


5. Personal Data Protection Issues


5.1. Personal Data Processed by Event Photos and Inventory
A Personal Data Processing Inventory has been prepared by Event Photos to identify the personal data processed by Event Photos.
Processing data other than those specified in the inventory is fundamentally prohibited within Event Photos. However, if processing a new data group is mandatory and/or necessary for Event Photos' activities, the new data group may be processed by making the necessary additions to the inventory in advance.


The data processed by Event Photos in the inventory is categorized by activity. Within this scope, the activities performed by Event Photos include providing services to the user, selling packages to and providing services to Event Photos Customers, support activities, communication activities, and marketing activities.


5.1.1 Provision of Service to the User
Users who wish to view their own photos taken within the organization upload their own photos to the website. These photos are scanned by artificial intelligence-enabled software against other photos uploaded by the Event Photos Customer, allowing them to access and download them.

Users are prohibited from uploading photos other than spontaneous selfies. Therefore, the ability to upload a pre-existing photo to the system has been disabled. Before uploading photos, users are provided with both legal and technical information.


Furthermore, users can request an email notification regarding photos they have not yet uploaded to Event Photos by the Customer, but will be uploaded after their initial login. In this case, a confirmation code is first sent to the email address to ensure security. Furthermore, the user directed to Event Photos via the link in the email sent by Event Photos must take another snapshot to access their photos. This ensures data security and prevents any third party from accessing the data.


Event Photos performs this processing as the data controller.

5.1.2. Provision of Services to the Customer
A Customer who requests users to access photos from their event through the Event Photos system and who has signed a contract with Event Photos and purchased the relevant package from Event Photos will upload the photos taken at the event to Event Photos in bulk and make them available to users.


The Customer cannot access the user photo data processed in accordance with Article 5.1.1 and uploaded to the Event Photos system. Event Photos performs this processing as a data processor. The Customer, as the data controller, is responsible for providing the necessary information within the organization. The Event Photos Customer, acting as the data controller, is obligated to take other legal and technical measures related to data security.


5.1.3. Support and Communication Activities
The personal data of individuals who request support or information through the contact section of the website or by accessing Event Photos in any other way will be processed for this purpose only.


5.2. Data Processing Based on Information
Event Photos informs data subjects regarding the processing and transfer of their personal data in accordance with applicable laws.

In this context, Event Photos has prepared information texts for all groups of individuals whose data is processed. These information texts have been prepared in accordance with the Personal Data Protection Law (KVKK) regulations.


This Information Text has been appropriately posted in places where all data subjects can see it.


Since Event Photos is not the data controller for the data processed under Article 5.1.2, the Customer must provide information regarding this data. Event Photos informs its Customers in this regard and provides the necessary materials to the Customer to provide the necessary information.


In the event that a new group of individuals is formed, before commencing data processing, a disclosure text must first be prepared for the new group of individuals, and these individuals must be informed in accordance with the legislation.


5.3. Data Minimization
Event Photos processes data that is mandatory, necessary, and/or important for its operations, and does not process any other data and immediately destroys it.


5.4. Data Security Measures
Event Photos has conducted an analysis to determine what personal data constitutes and the potential risks associated with its protection. It takes the necessary technical and administrative measures to ensure an appropriate level of security to prevent unlawful processing of personal data, prevent unlawful access to personal data, and ensure the safekeeping of personal data.


5.5. Principles to be Followed Regarding the Processing of Personal Data

Event Photos processes personal data in accordance with the law and rules of honesty regarding the processing of personal data as per the KVKK, in an accurate and up-to-date manner when necessary, for specific, clear and legitimate purposes, and in a purpose-related, limited and proportionate manner.

6. Transfer of Personal Data


6.1. Transfer of Personal Data Domestic
Event Photos is responsible for acting in accordance with the provisions of the Personal Data Protection Law (KVKK) and the decisions and relevant regulations made by the Personal Data Protection Board regarding the transfer of personal data.


Event Photos cannot transfer personal data and special categories of data belonging to the data subject to other natural persons or legal entities without the explicit consent of the data subject. However, in cases mandated by the KVKK and other laws, data may be transferred to authorized administrative or judicial institutions or organizations without the explicit consent of the data subject, in the manner and within the limits stipulated in the legislation.

Furthermore, transfer without the consent of the data subject is also possible in cases stipulated in Articles 5 and 6 of the Law. Event Photos transfers personal data in accordance with the conditions stipulated in the Law and other relevant legislation and signs confidentiality commitments with Data Processors, ensuring that they take administrative and technical measures regarding data security.


6.2. Transfer of Personal Data Abroad
Event Photos cannot transfer personal data and sensitive data belonging to the data subjects to other natural persons or legal entities without the explicit consent of the data subject. In this context, only users' photo data is transferred abroad with explicit consent for the purpose of enabling AI-assisted processing.


7. Data Subjects' Rights


Personal data subjects may submit their requests regarding the rights listed below to Event Photos free of charge, with information and documents that identify them, using the methods specified below or other methods determined by the Personal Data Protection Board, with the exceptions specified in the legislation.


Relevant data subjects are informed about this matter through informational documents. If an application is received within this scope, the application must be responded to within 30 days after consultation with the relevant consultants and lawyers.

8. Personal Data Breach and Notification to the Personal Data Protection Board


If personal data processed by Event Photos is obtained by others through unlawful means, Event Photos will immediately notify the consultants and lawyers. Event Photos must notify the relevant party and the Personal Data Protection Board of the breach within 3 days.

9. Destruction of Personal Data


Personal data processed by Event Photos as a data controller or data processor will be automatically destroyed by software after the following periods:

  • Data processed under Article 5.1.1 will be destroyed within the destruction periods specified in Article 5.1.2.

  • Data processed under Article 5.1.2 will be destroyed immediately after the event registration is deleted by the Customer and within 2 years after the event ends.

  • Data processed under Article 5.1.3 will be destroyed within 10 years after the reason for contact and support ceases to exist.

10. Enforcement


This Policy, prepared by Event Photos, along with its annexes, has entered into force pursuant to the decision taken by the company director. This Policy will be communicated to all employees and shareholders and will be binding upon all business units, consultants, external service providers, and anyone processing personal data upon its entry into force.

Annexes to the Policy:

User Agreement and Disclosure Text

bottom of page