All in Turkiye
  • Courses
  • Log In
  • Register

PRIVACY POLICY

In this Privacy Policy we, us, our and “data controller” means TGA and/or Republic of Türkiye Ministry of Culture and Tourism, Türkiye Tourism Promotion and Development Agency (TGA). This Privacy Policy applies to all online visitors and users of TGA websites* and social media pages. We undertake our statutory duties to promote Turkish culture and tourism under the brand GoTurkiye.



1. DEFINITIONS

GDPR:EU General Data Protection Regulation

Data Processor:The natural person or legal entity that process data on behalf of the data controller with the authority given by the data controller,

Data Controller:The person who defines the purpose and the means of processing personal data and responsible of the data recording system management,

Data Subject:A natural person, includes but not limited to an employee, customer, business partners, stakeholders, authorities, leads, candidate for recruitment, intern, visitors, suppliers, employee of business partners, third parties of the TGA and its affiliates with whom they have a commercial relationship, whose data is processed,

Explicit Consent:Consent that is related to a specific issue based on information and expressed with free will,

Personal Data:Any information related to a natural person whose identity is known or identifiable,

Sensitive Personal Data:Biometric and genetic information related with race, ethnicity, political or philosophical opinions, religion, sect or other believes, appearance, union memberships, health, sex life, convictions, and security measures etc.

Processing of Personal Data:Any kind of operation performed on data such as obtaining, recording, storing, preservation, modification, reorganization, disclosure, transfer, takeover, making available, classification or preventing the use of personal data in fully or partially automated or non-automated ways, provided that it is part of any data recording system,

Anonymization of Personal Data:Rendering the data in such a way that it can no longer be associated with an identified or identifiable person even when the personal data is matched with other data,

Deletion of Personal Data:Deleting or rendering the personal data in such a way that it is no longer accessible or reusable for the users,

Destruction of Personal Data:Rendering the personal data to make it inaccessible, unrecoverable and not useable by anyone,

Data Protection Authority:Concerned Data Protection Authority established in the one of the European Union Member State

2. SCOPE AND PURPOSE OF THE PRIVACY POLICY

This Policy has been prepared in line with the regulations in force and international standards. The TGA will primarily apply this Policy in all its data processing activities such as data processing, transfer, and amendment.

The TGA also has different policies that address the protection of personal data and ensuring information security in relation to certain business activities and processes. This policy does not override the data protection terms in different policies of the TGA unless it contains additional terms or requires a higher standard for the protection of personal data. This Policy is implemented along with such other policies and procedures as appropriate.
If there is a conflict between the provisions of the relevant legislation in force on the protection and processing of personal data and the provisions of this Policy, the provisions of the legislation in force will apply primarily.

3. METHODS OF COLLECTING PERSONAL DATA AND LEGAL GROUNDS

We process personal data in line with following legal grounds:


Based on that legal reasons TGA collects personal data over TGA’s websites, mobile websites, social media accounts and cookies.

TGA does not rely on the legal reason of the explicit consent in the presence of another legal reason.

4. DATA SUBJECT CATEGORIZATION

TGA categorizes the data subject groups whose personal data are processed in personal data processing processes and activities related to these processes as follows:

5. THE PERSONAL DATA THAT TGA COLLECTS AND PROCESSES

Online visitors: TGA collect and process IP address, port info, starting, and ending time of the service given, type of the service, the amount of data transferred and if available subscriber ID information in accordance with the Law numbered 5651 (“Internet Law”).

Users: Account information (name, last name, e-mail address, location (country), direct marketing opt-in/opt-out choice, alternative login option with Facebook or Google (e-mail address).

Party of Training Agreement: TGA collect and process name, last name, tittle, e-mail address, location of organization and details of needs regarding training through an entry form in the scope of agreement between parties.

6. PERSONAL DATA PROCESSING PROCESSES AND PURPOSES

TGA process online visitor’s personal data based on the Internet Law. It is compulsory for website owners to collect and keep abovementioned information in order to combat illegal online content. If you register TGA’s website as a user and plan a trip to Türkiye, we may use your name and e-mail address to send you necessary information about your visit. If you (visitor or user) click opt-in/agree button on the webpage or mobile webpage for direct marketing, TGA could send you marketing e- mails.

The type of personal information that TGA collects may include your name, contact details, your views and opinions about TGA services. If you use this website, information is recorded about your visit for web personalization, research and statistical and reporting purposes as well as to allow us to improve the website, product and services.

Information provided by you

Whenever you interact with us, you may be asked to provide us with necessary information. For example:

Some of our products or services may require you to create an account or register certain information (your name, address, email address, date of birth, location, contact details, applicable device ID(s) relating to the devices you are using to access and receive particular applications and services, interests and account and marketing preferences) in order to use a particular product or service.

If you contact us via written communications or via our website(s), email, or our social media channels), we may keep information about the particular communication, including your name, the service(s) you request, the reason why you contacted us, and the advice we gave you so we can track the resolution of any user request and enhance.

When you visit us at a public event, such as a trade show or exhibition or participate in one of our surveys, competitions or prize draws, we may ask for information, such as your business card, name, contact details, interests and marketing preferences.

When you use our services or other platforms, we may receive content that you choose to upload, such as product reviews, comments, photos or details of your preferences that you choose to tell us about.Information we collect from social networks

If you use any of our social network pages or applications or you use one services that allow interaction with social networks, we may receive information relating to your social network accounts:

If you log-in to one of our websites, s or services using your social network account, we may receive basic details from your social network profile, such as name, last name, e-mail etc., which may depend on your social network accounts privacy settings. We may also receive additional information from your profile if you give us permission to access it.

We may receive information about interactions with the content posted to your profile or feed. To get more information and details about how you can control access to your social network profile, please view the privacy policy and other guidance available on your social networks website.Information we collect when you use websites, products, services from usIn order to improve and provide a better user experience, some of our websites and services provide us with information about your use of them, including:

Details of your usage patterns, the content that you view and interact with including information on the services and applications you are using in-device to personalize services to your specific needs. Service, product or server logs, which hold technical information about your use of our service, product or websites, such as your IP address (to determine your location/country of origin), device ID(s) etc.

Interests and preferences that you specify during set up or registration of any product or service.

We may use information for the following purposes:Create and manage customer database(s) of its users including basic account information, applicable device ID(s), related product or service usage information and customer preference information you provide us. We may consolidate several databases into one or otherwise link separate databases to manage your accounts more effectively.

Ask for your opinions about our products and services and conduct surveys. Facilitate and process your searches and requests for information when you contact us about our websites and services.

Hold competitions and other promotional offers across all platforms, contact winners and to fulfil prizes to winners.

We may use your information to provide you with product and service updates, newsletters and other communications about existing and/or new products and services by post, email, telephone, in-device messaging and/or text message (SMS), if you have provided your consent or we are permitted to do so under applicable law.

We may use the information we collect, or you share with us to personalize our services, content, recommendations and adverts.

We may use your information to create user group profiles or segment data and to otherwise create anonymous, aggregated statistics about the use of our websites, products and services which we may share with third parties and/or make available to the public.

We may use your information to improve our products, services and applications and develop recommendations, advertisements and other communications and learn more about customers' shopping preferences in general.

Where you have uploaded product reviews, comments or content to our websites or services and made them publicly visible, we may link to or publish these materials elsewhere including in our own advertisements.

We may link or combine the information that we collect from the different sources to allow us to provide more seamless customer support whenever you contact us and to provide you with better, personalized services, content, marketing and adverts.

7. TECHNICAL AND ADMINISTRATIVE MEASURES TAKEN TO ENSURE THE SECURITY OF PERSONAL DATA

As the data controller, the TGA is obliged to prevent and protect personal data from being illegally processed or accessed when processing personal data. For this reason, the TGA has taken all technical and administrative measures regarding data security, including the additional measures required to protect sensitive personal data. In this context, the measures taken by TGA are listed below.

Technical Measures

We use generally accepted standard technologies and operational security methods, including the standard technology called Secure Socket Layer (SSL), to protect the personal information collected. However, due to the nature of the Internet, information can be accessed by unauthorized persons over networks without the necessary security measures. We take technical and administrative measures to protect your data from risks such as destruction, loss, tampering, unauthorized disclosure or unauthorized access, depending on the current state of technology, the cost of technological implementation, and the nature of the data to be protected. Within this scope, we conclude data security agreements with the service providers we work with.

If personal data is in electronic form, access between network components can be restricted or separated to prevent personal data security breach. For example, if personal data is being processed in this area by limiting it to a specific portion of the network in use, which is reserved for this purpose, the available resources can be reserved for the security of this limited area, not the entire network.

Measures at the same level are also taken for paper media, electronic media and devices containing personal data of the TGA located outside the TGA campus. As a matter of fact, although personal data security violations frequently occur due to theft and loss of devices containing personal data (laptop, mobile phone, flash disk, etc.), personal data to be transmitted by e-mail or mail is also sent carefully and with adequate precautions. Sufficient security measures are also taken in case employees provide access to the information system network with their personal electronic devices.  

The use of access control authorization and / or encryption methods is applied in case of loss or theft of devices containing personal data. In this context, the password key is stored only in the environment accessible to authorized persons and unauthorized access is prevented.

Paper documents containing personal data are also stored in a locked and accessible environment only, and unauthorized access to these documents is prevented.  

If any personal data is obtained by others by unlawful means, the TGA shall inform the Personal Data Protection Committee and the data subjects of this fact as soon as possible pursuant to article 12 of the Personal Data Protection Law. if they see necessary, the Personal Data Protection Committee may announce this situation at the website or in by any other means.

Administrative Measures
  • All activities carried out by TGA have been analyzed in detail in all business units and as a result of this analysis, a process-based personal data processing inventory has been prepared. Risky areas in this inventory are identified and necessary legal and technical measures are taken continuously. (For example, the documents to be prepared within the scope of KVKK have been prepared considering the risks in this inventory)
Personal data transferring

In general, we do not share or disclose information about you to third parties without your consent unless TGA is required to or authorized by laws.

We may use other third-party service providers including data analytics providers who process information on our behalf, consultants, marketing agencies, Professional advisers, Ministries or business partners with whom TGA has a formal relationship with.

Our service providers are required to only process data in line with this Policy.

If you request or agree to receive information or newsletters from one of our business partners, we may provide that third party with your details so that they can contact you and/or respond to your request.

We may use and/or disclose information about you to:Anonymous statistics

We prepare anonymous data for a number of purposes. The information may be shared with our partners, advertisers, media and public as you cannot be identified from this information.

3. Direct Marketing communications

When you provide us with contact details, you may be given the opportunity to opt-in to receiving various newsletters and other communications from us.  

You can change your marketing communication preferences at any time.

If you use more than one e-mail address to contact us on, you will need to unsubscribe separately for each email address.

Please note that we may send you important information about our products and services that you are using or have used including essential software updates, changes to applicable terms and conditions and/or other communications or notifications as may be required to fulfil our legal obligations arising from the Law on the regulation.

4. Cookies and Cookie Management

TGA has a detailed Cookie Policy and provide you very effective cookie management regarding cookies we use. For more details see please our Cookie Policy

5. Links to third party sites

Some of our websites may contain links to other third-party websites that are not operated by us. We are not responsible for the content, security or privacy practices of those third-party websites. Please view the privacy and cookie policies displayed on those third-party websites.

8. PERSONAL DATA RETENTION PERIODS

TGA has a Personal Data Retention Policy, which has been prepared in accordance with the DPL. We keep personal data following periods:

9. PROFILING

We may use your information to create user group profiles or segment data and to otherwise create anonymous, aggregated statistics about the use of our websites, products and services which we may share with third parties and/or make available to the public. In order to create user group profile, instead of sharing personal data directly with our providers, we use pseudonymization. We do not make microtargeting.

10. DATA SUBJECTS’ RIGHTS

You are entitled (in the circumstances and under the conditions, and subject to the exceptions, set out in applicable law) to:

a. Exercises of Rights of the Data Subject

Applications and requests regarding personal data can be sent via the Data Subject Application Form,

to the Republic of Türkiye Ministry of Culture and Tourism, Türkiye Tourism Promotion and Development Agency.

In order to operate this process in the most effective way, it should be clearly and understandably indicated in their request which right is wished to be used and the details of the requested transaction.

The subject of the request should be about the data subject itself. If the application is made on behalf of someone else, the person making the request should rely on a specially documented authorization for the requested transaction (power of attorney). Unauthorized applications will be ignored.

b. Evaluation of the Application

Applications are evaluated as soon as possible, and at the latest within 30 days from the date of receipt of the application.

During the evaluation process, additional information and documents can be requested if required, and a fee may be charged for fulfilling the request in cases that comply with the relevant legislation.

TGA takes all necessary administrative and technical measures in order to conclude the applications made by the data subject effectively and in accordance with the law and the principle of honesty.