PRIVACY AGREEMENT
1. INTRODUCTION AND SCOPE
This Privacy Policy describes the terms and conditions regarding the processing of personal data shared by users, members, and visitors of the www.theeventphotos.app website ("Site") and the Event Photos mobile application ("Application") operated by Talya Yazılım ve Bilişim Anonim Şirketi (“Company”, “We”, “Data Controller”), or obtained by the Company during your use of the Site/Application.
2. WHAT DATA DO WE PROCESS?
The following categories of personal data are processed in accordance with the Law No. 6698 on the Protection of Personal Data (“KVKK”, “Law”) and the European General Data Protection Regulation (“GDPR”). Unless explicitly stated otherwise, the term “personal data” includes this information:
-
Identity and Contact Information: Name, surname, telephone number, date of birth, gender, address, workplace information, e-mail address.
-
User Information, User Transaction Information, and Financial Information: Membership information and membership ID; date/time you used the services; search terms and filtering preferences; preferences and ratings/reviews; pages visited; error logs generated during use; billing and payment information (receipt samples, invoice number/amount/issuance date, etc.), balance information.
-
Location Information: Approximate or exact location obtained while using the services (e.g., GPS data).
-
Transaction Security Information: Session/open session information, password information (masked/cryptographic).
-
Marketing Information: Habit and preference reports, notification/segmentation/targeting information, **cookie** records, etc.
-
Complaint Management Information: Complaints and requests you create through the Site/Application.
-
Risk Management Information: IP address, device/cookie identifiers.
-
Facial Scanning Information (May be Biometric): Hair information, facial expression, gender, age, beard/mustache status, makeup, facial expressions, emotional reflections, accessories, eye-mouth-nose alignment, identifying marks/spots.
-
User-Generated Content: Events and event information (name, location, date), shared photos.
Anonymous Data: Data anonymized under Articles 3 and 7 of the KVKK (Personal Data Protection Law) are not considered personal data; processing of this data may be carried out without being bound by this Policy.
3. OUR PROCESSING PURPOSES
Your personal data may be processed for the following purposes:
-
Service Provision: Creation/updating of membership registration, operation of the Site/Application and related features; access to and downloading of event photos; purchase and billing processes.
-
Service Improvement and Communication: Improving your experience, communication management, satisfaction measurement, fault/error detection and resolution.
-
Commercial Activities and Strategy: Execution of business processes, reporting/analysis, introduction and information about new services.
-
Security and Fraud Prevention: Account security, detection of fraudulent/unauthorized use, operational evaluation.
-
Marketing/Profiling: Direct/digital marketing, remarketing, targeting, and analytics, subject to permission.
-
Legal Obligations: Requests from authorized authorities, dispute management, and compliance with legislation.
The processes of making photos taken during the event visible, matching them with other users, or sharing them publicly require your explicit consent in accordance with Article 6/1 of the Law. This explicit consent is used only for the purpose of the aforementioned public disclosure process.
4. LEGAL BASIS (KVKK Articles 5-6 | GDPR Articles 6, 9)
Processing may be carried out without your explicit consent in the following cases:
-
When explicitly provided for in the laws,
-
To protect life/bodily integrity in case of factual impossibility,
-
When it is necessary for the establishment/performance of a contract,
-
The legal obligation of the Data Controller,
-
The Data Subject's public disclosure,
-
Establishment/exercise/protection of rights,
-
Legitimate interest (provided that it does not harm your fundamental rights and freedoms).
Biometric data (Facial Recognition Information) may be special categories of personal data. Such data will not be processed without your explicit consent and/or unless the relevant exceptions exist. In activity-based workflows, the explicit consent statement is obtained separately.
5. SHARING/TRANSFER WITH THIRD PARTIES
Data may be shared with the following parties, limited to the purpose, necessary, and with security measures in place:
-
Technology Infrastructure Providers: Cloud services for secure storage/processing of photos and facial data (e.g., AWS S3, AWS Rekognition).
-
Payment Institutions: Licensed service provider İyzico for purchase transactions. (FindPhoto does not store card data.)
-
SMS/Messaging Services: For verification and information SMS messages (e.g., Netgsm).
-
Analytics and Advertising Technologies: Measurement and analytics services (e.g., Google Analytics) and permission-based marketing tools.
-
Business Partners/Suppliers/Customers: For service provision, support, and integration purposes.
-
Authorized Public Institutions and Organizations: In accordance with court orders and legal requests.
-
These parties may store your data on servers located within or outside of Turkey. For transfers abroad, transfer mechanisms in accordance with Article 9 of the KVKK (Personal Data Protection Law) and GDPR provisions (explicit consent, undertaking/standard contract provisions, qualification decisions, etc.) are applied.
6. USE OF COOKIES
We use cookies to improve user experience, ensure the operation and security of the Site/Application, and to perform performance and analytics. You can block/delete cookies from your browser settings; however, in this case, some functions may be limited.
6.1. Types of Cookies
-
Session Cookies: Work during the visit and are deleted when the browser is closed.
-
Persistent Cookies: Stored on the device for a certain period to remember your preferences and provide better service.
-
Technical Cookies: Ensure the operation of the site and detect errors.
-
Authentication Cookies: Prevent you from having to log in again on each page.
-
Personalization Cookies: Remember your language preferences, etc.
-
Analytical Cookies: Generate statistics such as the number of visits, pages viewed, and scrolling movements.
-
Advertising/Targeting Cookies: May display behavioral and targeted advertising (if permitted).
6.2. Google Analytics
Google Analytics may be used on our site; data may be stored on Google's servers abroad. You can review Google's official pages for Google's data processing and privacy policies. You can disable measurement with browser opt-out extensions if you wish.
6.3. Cookie Preferences
You can manage cookies from your browser settings; you can block third-party cookies or delete all cookies.
7. STORAGE PERIODS
-
Facial Data: Irreversibly deleted 30 days after the end of the relevant activity. Log records regarding explicit consent are automatically kept by the system as required by the data controller's burden of proof under the KVKK (Personal Data Protection Law) and are limited to the date and time of consent, user ID, IP information, and transaction record. These logs are stored for at least 1 year and are securely deleted at the end of this period.
-
Account Information (Photographer/Participant): Stored as long as the account is active; deleted when the account is closed, subject to legal obligations.
-
Log and Traffic Data: 1 year as required by law.
-
Accounting/Financial Data: Generally 10 years as required by relevant legislation.
8. SECURITY MEASURES
Appropriate technical and administrative measures are implemented to prevent the unlawful processing and access of your personal data and to ensure the preservation of data; regular audits are conducted. The Company does not share your data with third parties for purposes other than those intended, in violation of the Policy, KVKK and GDPR.
You can access third-party applications/links from the Site; the Company is not responsible for the privacy policies of these external sites. We recommend that you review the relevant texts before visiting.
9. SPECIAL PROVISIONS REGARDING FACE SCANNING INFORMATION
Face scanning/similar data may be considered special. Explicit consent is obtained during the collection phase. After collection, this data is not shared with third parties; However, statistical/anonymous outputs may be transferred anonymously and in aggregate form to business partners for the provision of the service.
Face scanning and face analysis data are processed only for the purpose of matching event photos, finding user photos, and providing the relevant service, and are not used for any other purpose.
10. YOUR RIGHTS (KVKK Article 11 | GDPR Articles 12-22)
You have the following rights:
-
Requesting and accessing information,
-
Correction and updating,
-
Deletion/Forgetting and restriction of processing,
-
Objection (to processing and profiling based on legitimate interest),
-
Data portability (for those within the scope of GDPR),
-
Withdrawal of explicit consent (withdrawal does not affect the lawfulness of processing).
11. APPLICATION PROCEDURE
To exercise your rights, you can send an email to info@theeventphotos.app or submit a written application. Your applications will be processed within a maximum of 30 days. Responses are free of charge; however, for processes requiring costs, a fee may be charged according to the tariff determined by the KVKK Board. If you are not satisfied with the response, you can file a complaint with the KVKK Board.
12. DATA ACCURACY AND UPDATING OBLIGATION
As the Data Subject, you declare that the information you provide is complete, accurate, and up-to-date; and that you will update any changes immediately. The Company is not responsible for outdated information. Requests that prevent the processing of your personal data may prevent you from fully benefiting from the Site/Application functions.
13. CHANGES TO THE POLICY
This Policy may be updated from time to time to adapt to changing circumstances and legislation. Updates take effect from the date they are published on the Site.
COOKIE POLICY (DETAILS)
A. What are Cookies?
They are small text files placed on your device by the sites you visit. They are used for the operation, security, performance, remembering preferences, and measurement of the Site.
B. Why Do We Use Them?
-
Functionality and performance,
-
Security and fraud prevention,
-
Analytics and improvement,
-
Personalization and (permitted) advertising.
C. Main Cookie Categories Used on Our Site
-
Session/persistent cookies
-
Technical and authentication cookies
-
Personalization cookies (e.g., language preference)
-
Analytical cookies (visit/page/interaction statistics)
-
Advertising/targeting cookies (if permitted)
D. Google Analytics
Google Analytics helps collect statistical data, and the data may be stored on Google's servers abroad. You can disable it with the browser opt-out extension if you wish. Please review Google's relevant pages for details.
E. How Can You Manage Cookies?
You can block third-party cookies, delete existing cookies, or set notification preferences from your browser settings. Disabling cookies may cause some Site/Application features to work in a limited way.
CONTACT
Data Controller: Talya Yazılım ve Bilişim Anonim Şirketi - Event Photos
Address: Fulya Mah. Büyükdere Cad. No: 74 D/10 Torun Center Şişli/Istanbul
Phone: +90 850 441 44 90
Email: info@theeventphotos.app

