Privacy Policy

 

1. Introduction

1.1 Purpose

The protection of personal data is a fundamental right. DIRIMART KÜLTÜR SANAT YAYINCILIK A.Ş. (“DIRIMART” or the “Company”) prioritizes the lawful processing and safeguarding of personal data.

This Privacy Policy outlines:

  • The principles adopted in personal data processing activities
  • The Company’s compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and Turkish Law No. 6698 (KVKK)
  • The measures taken to ensure transparency and accountability

1.2 Scope

This Policy applies to all natural persons whose personal data is processed by DIRIMART, including:

  • Website visitors
  • Clients and collectors
  • Artists and collaborators
  • Employees and candidates
  • Business partners and suppliers

1.3 Legal Framework

Personal data is processed in accordance with:

  • GDPR (EU) 2016/679
  • Turkish Personal Data Protection Law No. 6698 (KVKK)

In case of conflict, applicable law takes precedence.

1.4 Entry into Force

This Policy entered into force on 01 March 2024 and is published on the Company’s website.

2. Principles of Personal Data Processing

DIRIMART processes personal data in accordance with the following principles:

2.1 Lawfulness, Fairness, and Transparency

Data is processed lawfully, fairly, and in a transparent manner.

2.2 Accuracy

Personal data is kept accurate and up to date.

2.3 Purpose Limitation

Data is collected for specified, explicit, and legitimate purposes.

2.4 Data Minimization

Only data necessary for the intended purpose is processed.

2.5 Storage Limitation

Data is retained only as long as necessary for legal or operational purposes.

2.6 Integrity and Confidentiality

Appropriate security measures are implemented to protect data.

3. Legal Bases for Processing Personal Data

Personal data is processed under the following legal bases (GDPR Article 6):

  • Explicit consent of the data subject
  • Performance of a contract
  • Compliance with legal obligations
  • Protection of vital interests
  • Legitimate interests of the Company (provided fundamental rights are not overridden)
  • Data made publicly available by the data subject

4. Processing of Special Categories of Data

Special categories of personal data (GDPR Article 9), such as:

  • Health data
  • Biometric data
  • Religious or philosophical beliefs

are processed only when:

  • Explicit consent is obtained, or
  • Processing is required by law or for public interest

Additional technical and organizational safeguards are applied.

5. Purposes of Data Processing

DIRIMART processes personal data for the following purposes:

  • Managing client and artist relationships
  • Organizing exhibitions, events, and communications
  • Contract execution and financial operations
  • Marketing and newsletter distribution
  • Website analytics and performance monitoring
  • Legal compliance and regulatory obligations
  • Security and operational management

6. Data Transfers

6.1 Domestic and International Transfers

Personal data may be transferred to:

  • Business partners and suppliers
  • Group companies
  • Legal authorities and regulators
  • Service providers (IT, logistics, marketing)

6.2 International Transfers

Where data is transferred outside the EU or Türkiye:

  • Adequacy decisions are relied upon where available
  • Standard Contractual Clauses (SCCs) or equivalent safeguards are implemented

7. Data Retention and Deletion

Personal data is retained:

  • As long as required by applicable laws, or
  • As necessary for the purpose of processing

After this period, data is:

  • Deleted
  • Anonymized
  • Or securely destroyed

8. Data Subject Rights

Under GDPR, you have the following rights:

  • Right to access your data
  • Right to rectification
  • Right to erasure (“right to be forgotten”)
  • Right to restriction of processing
  • Right to data portability
  • Right to object to processing
  • Right to withdraw consent at any time
  • Right to lodge a complaint with a supervisory authority

8.1 How to Exercise Your Rights

You may submit your request via:

  • Email: info@dirimart.com
  • Address: Hacıahmet Mah. Irmak Cad. DLP Plaza No:1-9/1, Beyoğlu, Istanbul, Türkiye

Requests will be processed within 30 days.

9. Data Security Measures

DIRIMART implements appropriate technical and organizational measures, including:

9.1 Organizational Measures

  • Internal policies and procedures
  • Employee training and confidentiality agreements
  • Risk assessments and audits

9.2 Technical Measures

  • Encryption and secure protocols (HTTPS)
  • Access control systems
  • Firewall and intrusion detection systems
  • Regular security testing and monitoring
  • Logging and backup systems

10. Specific Processing Activities

10.1 CCTV Surveillance

CCTV systems are used for security purposes:

  • Monitoring is limited to necessary areas
  • No surveillance in private spaces
  • Access to recordings is restricted

10.2 Visitor Tracking

Visitor information may be collected for:

  • Security purposes
  • Facility access control

11. Cookies and Website Data

DIRIMART uses cookies to:

  • Improve user experience
  • Analyze website traffic
  • Provide personalized content

Users can manage cookie preferences through browser settings.

12. Contact Information (Data Controller)

DIRIMART KÜLTÜR SANAT YAYINCILIK A.Ş.
Hacıahmet Mah. Irmak Cad. DLP Plaza No:1-9/1
Beyoğlu, Istanbul, Türkiye

Phone: +90 212 232 66 66
Email: info@dirimart.com
Website: www.dirimart.com