1.INTRODUCTION

This clarification text has been prepared in accordance with Article 10 of the Law on the Protection of Personal Data No. 6698 (“Law”) for the purpose of informing the relevant persons regarding the processing of personal data collected in the legal entity of the T.R. Ministry of Culture and Tourism (“DATA CONTROLLER”), the relevant directorates and units and service centres.

The DATA CONTROLLER shows maximum sensitivity and diligence regarding the processing, protection and security of personal data.

Personal data may be collected by the DATA CONTROLLER via all kinds of audio, written, visual or electronic methods.

In this context and in accordance with the Law, the personal data of the relevant persons may be processed by the DATA CONTROLLER in the capacity of Data Controller for work and transactions that must be performed in accordance with the general principles set out in the Law.

2.PURPOSE OF THE PROCESSING OF PERSONAL DATA

Personal data are processed within the framework of the personal data processing conditions specified in Articles 5 and 6 of the Law and the purposes specified in the Law and for the purposes specified below, without limitation. Accordingly, personal data is processed for the following purposes.

1. To be able to conduct the works and operations for which the DATA CONTROLLER is responsible within the framework of the relevant legislation and to perform the public service within the framework of its duties and responsibilities,
2. To carry out the necessary works to ensure the maximum benefit from the services offered by the DATA CONTROLLER,
3. To ensure the legal obligations of the DATA CONTROLLER and stakeholders and the security of the service,
4. To maintain the services and strategies of the DATA CONTROLLER,
5. To perform its responsibilities in accordance with the laws and related legislations that impose rights, duties, work and transactions on the DATA CONTROLLER,
6. To manage the human resources and employment policies of the DATA CONTROLLER,
7. To carry out the protection of Cultural Property operations,
8. To conduct librarianship activities,
9. To execute transactions such as support, grants, incentives, etc.,
10. To realize operations related to museums,
11. To manage European and foreign relations,
12. To carry out press and publication activities,
13. To perform studies on art events, activities, etc.
14. To increase the quality of service and management and to carry out studies in this context

The DATA CONTROLLER strives to process the necessary legal, technical and administrative measures at the highest level in line with the principles specified in the Law in order to prevent unlawful processing and access to personal data and to keep personal data safe.

3.SHARING AND TRANSFERRING PERSONAL DATA

Personal data collected from employees, employee candidates, interns, persons subject to news, potential and current product or service buyers, supplier employees, supplier officials, parents/guardians/representatives, visitors and other citizens within the framework of the conditions specified in Articles 8 and 9 of the Law with the suppliers, service providers, data processors and legally authorized institutions and organizations of the DATA CONTROLLER, within the framework of the relevant legislation, may be shared in accordance with the conditions and purposes of processing personal data.

The DATA CONTROLLER takes care to take the necessary administrative and technical measures and all security measures in case of sharing personal data. In addition, the DATA CONTROLLER carries out studies on the ISO 27001 Information Security Management System and other information and data security. The DATA CONTROLLER complies with the obligation of attention and care regarding the transfer and sharing of your data, and values your data and its security.

4.THE METHOD OF COLLECTING PERSONAL DATA AND ITS LEGAL REASON

The DATA CONTROLLER collects personal data in all kinds of auditory, written, visual and electronic media and within the framework of the purposes specified in this clarification text, based on legal reasons such as the provision of the services provided by the DATA CONTROLLER in accordance with the laws and the relevant legislation, and the DATA CONTROLLER can fulfil its obligations arising from the contract and laws completely, and the execution of business activities, and processes them in accordance with the conditions specified in the Law. The legal reasons are as follows:

• The presence of the explicit consent of the person concerned,
• Being clearly stipulated in the laws,
• Being mandatory for the protection of the life or bodily integrity of the person who is unable to explain their consent due to actual impossibility or whose consent is not recognized as legally valid,
• Being necessary to process the personal data of the parties to the contract, provided that it is directly related to the establishment or performance of a contract,
• Being mandatory for the DATA CONTROLLER to be able to fulfil its legal obligation,
• Being made public by the person concerned,
• Data processing being mandatory for the establishment, use or protection of a right,
• Data processing being mandatory for the legitimate interests of the DATA CONTROLLER, provided that it does not harm the fundamental rights and freedoms of the data subject,

5.RIGHTS OF PERSONAL DATA OWNERS AND PROTECTION OF RIGHTS

In accordance with the Article 11 of the Law on personal data owners have the rights below:

• To request information regarding the processing of the personal data, if processed,
• To learn whether their personal data has been processed or not
• To learn the purpose of processing personal data and whether they are used in accordance with the purpose,
• To know the third parties to which personal data is transferred at home or abroad,
• To request correction of personal data in case of incomplete or incorrect processing,
• To request the deletion or destruction of personal data within the framework of the conditions stipulated in Article 7 of the Law,
• To request that the transactions carried out in accordance with Articles 5 and 6 be notified to third parties to which personal data are transferred,
• To object to the occurrence of a result against the person themself by analysing the processed data exclusively by means of automated systems,
• To request compensation for damage in case of damage caused due to the unlawful processing of personal data,

In the event that the personal data owners apply to the DATA CONTROLLER in writing or by other methods to be determined by the Personal Data Protection Board for the exercise of these rights, the applications shall be concluded as soon as possible according to the nature of the request, but in any case within 30 days at the latest. The address and contact information for the application to the DATA CONTROLLER are stated below.

6.COMMUNICATION

Detailed information on the issues within the scope of this clarification text can be found in the Personal Data Protection and Processing Policy of the Ministry of Culture and Tourism of the Republic of Türkiye.

In order to exercise your rights arising from the Law, you can send your identity information, the right you want to use and a detailed explanation of the subject of your request to İSMET İNÖNÜ BULVARI NO:32 06100 EMEK ANKARA/TÜRKİYE in a signed form by filling out the application form that you can obtain from https://www.ktb.gov.tr address by using one of the ways specified in the application form. You can obtain detailed information via the application form and the +90 (312) 470 8000 contact line.