POLICY ON THE PROTECTION AND PROCESSING OF PERSONAL DATA
Anonymization
Making it impossible to associate personal data with any identified or identifiable natural person under no circumstances, including matching of the personal data with other data.
Business Partners
Persons with which Marvel Tour has become partners in a contractual relationship as part of its activities.
Candidate
Natural person who is not a Marvel Tour employee but a candidate who may become one through various methods.
Data Subject
Natural person whose personal data are processed.
Data Processor
Natural or legal person who processes personal data based on the authority granted by and on behalf of the data controller.
Data Controller
Person who determines the purposes and means of the processing of personal data, and who is the manager of the place where the data are systematically stored.
Data Subject
Natural person whose personal data are processed.
Data Breaches
Events where there is legitimate doubt about illegal capture, collection, change, copying, distribution or use of personal data.
Explicit Consent
Specific, informed and freely given consent.
Employee
Natural person who is a Marvel Tour employee.
Law/KVKK
Personal Data Protection Law numbered 6698 published in the Official Gazette of Turkey numbered 29677 dated April 7th, 2016
Marvel Tour
Marvel Tour Tourism, Inc.
Policy
Marvel Tour’s Policy on the Protection and Processing of Personal Data
Personal Health Data
Any type of medical information concerning an identified or identifiable natural person.
Persona Data Processing
All processes effectuated on data, such as acquisition, recording, storage, conservation, change, re-arrangement, disclosure, transmission,
takeover, making available, classification and prohibition from use of personal data, whether or not these are automatically or partly automatically processed or non-automatically processed on the condition that they are part of a data recording system.
Sensitive Data
Personal data relating to race, ethnic background, political opinion, philosophical
belief, religion, and sect or other beliefs, attire and outfit, society, foundation or syndicate membership, health sexual life, conviction history and security measures as well as biometric and genetic data.

1 AIM OF THE PROTECTION AND PROCESSING OF PERSONAL DATA POLICY

On basis of its legal and social responsibility arising from KVKK, MARVEL TOUR accepts and

undertakes to act in accordance with the legal regulations and international standards. For MARVEL TOUR (hereinafter also referred to as “Company”) ensuring data protection constitutes the basis of a confidential business relation and Company reputation.

2 THE SCOPE AND AMENDMENT OF THE PROTECTION AND PROCESSING OF PERSONAL DATA POLICY

The Policy includes the processing of all personal data. Anonymized data in the form of statistical assessment or research is not subject to the Policy. The Policy has been drawn in accordance with the KVKK. Policy concerns the personal data of our customers, potential customers, candidate employees, employees, employees, shareholders and authorities of partner institutions and of third persons, whether these are automatically processed or non-automatically processed on the condition that they are part of a data recording system.

Company published the first version of the Policy on October 7th, 2016 This is the secondn version of the Policy which has been published on the website as of 24 December 2020

Company reserves the right to amend the Policy in accordance with the legal regulations.

In case the whole or certain articles of the Policy are amended, the effective date and the version of the Policy will be updated. The Policy shall be published on the official internet site of the Company and upon request from personal data owners, be presented to the access of those related data Owners.

Company is the Data Controller in relation to processing of personal data pursuant to KVKK.

3 BASIC RULES REGARDING THE PROCESSING OF PERSONAL DATA

a. Compliance to the Law and to the rules of correctness

In case of processing personal data, the rights of the persons in question shall be protected. Personal data shall be collected and processed equitably and in compliance to KVKK.

b. Personal data collected prior to the enactment of KVKK
Personal data collected upon commencement of a membership, permission to receive commercial electronic communication, attending an event, purchasing tickets, or by other means prior to the enactment of KVKK on April 7th, 2016, shall be processed and stored in accordance with the terms and conditions of the Policy and can also be transferred abroad -to countries that have sufficient measures regarding the protection of personal data and/or to countries falling short of such measures provided that the conditions specified by the Personal Data Protection Law shall be satisfied- on the condition that they shall be processed in Turkey or processed and stored outside Turkey.

c. Adhoc limitations

Personal data shall only be processed for purposes defined prior to its collection thereof. Additions and alterations of purpose shall only be possible with justification and on a limited scale.

c. Transparency and clarification

The related data ownern shall be informed regarding the use of his/her own data. Personal data is generally collected directly from the person. When data is collected, the related data owner shall be aware of or informed about the issues below:

(i) The identification of the data collector or if present, his representative,

(ii) The aim of processing the personal data,

(iii) To whom and for what purpose the processed personal data is transmitted,

(iv) Sensitive data categories,

(v) The method and legal justification of collecting personal data,

(vi) The rights of the person whose personal data is processed in accordance with Article 11 of KVKK.

d. Data reduction and data economy

Before processing the personal data, it shall be determined whether such process is necessary in order to reach the aim or to what extent such process is necessary. In cases where the aim is

acceptable and balanced, statistical data may be used.

e. Purging the personal data

Data which is no longer necessary, including record keeping obligations and recording procedures necessary for substantiation, may be deleted, purged or anonymized, after the deadline with respect to legal or business process is lapsed.

f. Correctness and actualness of the data

Personal data on the file shall be held actual in case it is correct, complete and known. Appropriate measures to delete, correct, complete or actualize incomplete or missing data are taken by the Company.

g. Confidentiality and data security

Personal data is subject to confidentiality. In order to prevent unauthorized access, illegal operations, sharing, accidental disappearance, change or damage, it shall be protected by appropriate organizational and technical measures and be held confidential on a personal basis.

4 CATEGORIES OF PERSONAL DATA

Personal data is categorized as follows. Personal data shall be processed by the Company pursuant to the provisions envisaged under KVKK in relation to personal data processing.

PERSONAL DATA CATEGORY
DEFINITION
Identification
All information concerning a data subject’s identity available on documents like drivers’ license, identification card, certificate of residence, passport, marriage certificate.
Contact Information
Information such as phone number, address and e- mail to communicate with the data owner.
Data regarding the Educational, Business and Professional Life
All information related to a data owner’s education and business life.
Information about Event Participant
Information about a data owner that has attended, bought tickets of Company’s tours and similar events that demonstrate the flow of participation, habits of ticket purchasing and other preferences.
Payment Information
Payment information and records that are necessary to obtain services from the Company such as tour tickets, etc.
Information about the Security of Physical Venue
Video recordings, fingerprint records and any other personal data taken at the entry point or inside the physical venues in relation to the events.
Information about Security Process
Video recordings, fingerprint records and any other personal data taken at the Personal data processed for being able to provide technical, administrative, legal and commercial security while carrying out professional services.
Financial Information
Personal data processed concerning any information, document or record that shows any type of financial result produced depending on the type of legal relationship between the Company and the data owner.
Job Candidate Information
Personal data processed concerning a person who has applied for a position in the Company or who has been evaluated as a job candidate for the sake of customary practices or good faith, in line with the human resource needs of the Company, or a person who has professional relations with the Company.
Legal Proceedings and Compliance Information

Personal data processed concerning the calculation and tracking of Company’s legal rights and receivables, in compliance with Company’s legal obligations and

 policies.
Audit and Inspection Information
Personal data processed in compliance with Company’s statutory liabilities, legal obligations and policies.
Sensitive Data
Data relating to race, ethnic origin, political opinions, philosophical or religious beliefs, being part of a sect, other beliefs, dressing style, membership of an association, foundation or a trade-union, physical or mental health, sexual life or sexual orientation, criminal conviction and security measures, genetic or biometric data.
Marketing Information
Personal data processed concerning the marketing of Company’s events by customizing them based on the preferences and personal interests of Company’s followers; social media preferences and reports and evaluations brought together as a result of such data processing.
Read Status Information
Information regarding access to e-mails sent to the data owner, read receipts, IP Address, username, last e-mail reading location, notifications regarding leaving the membership and spam.
Information about Request / Complaint Management
Personal data concerning the reception and assessment of any request or complaint addressed to the Company.
Digital Media Usage Data Cookies Data
Any type of data collected by tracking users’ activity on digital media such as navigation time and details and location Data regarding the usage of a website such as pop-up windows.

5 AIMS OF DATA PROCESSING

The Policy shall be effectuated within the aims herein below.

a. Data processing for contractual relations

Personal data belonging to a customer (customer and potential customers) or a business partner (in case business partner is a legal entity, to its representative or to its officers) may be processed in order to draw up, to administer or to terminate a contract. Prior to the execution of a contract or during the commencement phase of the contract, personal data may be processed for the purposes of securing customer security, ensuring customer satisfaction, performing contractual rights and liabilities in accordance with KVKK and for performing contractual requirements. During the phase of contract drafting, communication may be established with data owners based on the information of which they have provided.

b. Data processing with the aim of advertisement and information

If the data owner requests information from the Company, his personal data may be processed in order to meet this request. Personal data may be processed for advertisements or for market and opinion research only in case the aim of collecting this data is in compliant with the aims of data processing envisaged under this Article. The data owner shall be informed regarding the use of his data for advertisement purposes. In case information is only collected for advertisement purposes, data owners may not give this information. The data owner shall be informed regarding his freedom to give information for this purpose. Personal consent is received in order to process the information of the data owner for advertisement purposes. The data owner may select from appropriate communication channels such as mail, electronic mail or telephone. In case data owner does not permit his information to be used for business purposes, the data shall no longer be used for such purpose and its use for such purposes shall be prevented.

c. Data processing made for performance of Company’s legal liability or due to observance of clearly stipulated legislative provisions

Personal data may be processed without receiving personal explicit consent, in case such processing is clearly stipulated by the relavant legislation or for purposes of performing a legal liability envisaged by the relevant legislation. The type and extent of the data processes shall be necessary for the legally permitted data processing activity and in accordance with the relevant legal provisions.

c. Data processing made for performance of Company’s legal liability or due to observance of clearly stipulated legislative provisions

Personal data may be processed without receiving personal explicit consent, in case such processing is clearly stipulated by the relavant legislation or for purposes of performing a legal liability envisaged by the relevant legislation. The type and extent of the data processes shall be necessary for the legally permitted data processing activity and in accordance with the relevant legal provisions.

d. Data processing for the legitimate interest of the Company

Personal data may be processed without receiving personal explicit consent in case it is necessary for protecting a legitimate interest of the Company. Such legitimate interest is either a legal (e.g. implementing, enforcing or defending legal rights, collection of outstanding receivables) or an economic (e.g. evaluation of the Company, abiding by the contractual terms to refrain from indemnifying the counter-party) interest.

e. Processing sensitive dataSensitive data shall be processed with the condition of taking sufficient precautionary measures determined by the Board for the Protection of Personal Data (hereinafter referred to as “Board”) in cases indicated here in below:

(I) In cases where required by laws,

(II) Sensitive personal data except the health and sexual life of the related person.

Sensitive personal data regarding the health and sexual life of the related person may only be processed for purposes of protecting public health, protective medicine, medical diagnosis, performing treatment and care services, planning and management of the health services and their finance, by the persons abiding by confidentiality obligation or by authorized institutions or organizations.

In case the aforementioned data processing conditions are not present; the Company shall receive explicit consent of the related data owner for processing such data.

e. Processing sensitive dataSensitive data shall be processed with the condition of taking sufficient precautionary measures determined by the Board for the Protection of Personal Data (hereinafter referred to as “Board”) in cases indicated here in below:

(I) In cases where required by laws,

(II) Sensitive personal data except the health and sexual life of the related person.

Sensitive personal data regarding the health and sexual life of the related person may only be processed for purposes of protecting public health, protective medicine, medical diagnosis, performing treatment and care services, planning and management of the health services and their finance, by the persons abiding by confidentiality obligation or by authorized institutions or organizations.

In case the aforementioned data processing conditions are not present; the Company shall receive explicit consent of the related data owner for processing such data.

f. Data processed through exclusively automatic systems

Procession of personal data through exclusively automatic systems in order to specify certain factors may not be by itself a basis for decisions comprised of negative legal conclusions for the related data owner. The related data owner has the right to object to the emergence of a result to his detriment as a result of the analysis of processed data through exclusively automatic systems. For purposes of preventing erroneous decisions, test and reliability control are being conducted by the employee.

g. User data and the Internet

In case of collection, process and use of personal data on web sites and applications, the related data owners shall be informed about the privacy statement and if necessary, cookies. Privacy statement and cookie information shall be integrated in an easily identifiable, directly accessible and continuously available way for the related data owner.

In case of the formation of user profiles for the evaluation of website and web applications’ use, the related data owner shall be appropriately informed thereof with respect to the privacy statement.

If websites and applications are able to access personal data in an area limited to registered users, the identification of the related data owner and the verification of his/her identity shall provide sufficient protection during access.

6 EMPLOYEE DATA

a. Data processing for employment relationsFor employment relations, personal data are processed without receiving explicit consent in the event they are necessary to draw up, execute and terminate an employment contract. If the candidate is declined, data belonging to the candidate are stored during the appropriate data storage duration. Such data are deleted, destroyed or anonymized at the end of this duration.

b. Data processing made for performance of Company’s legal liabilities or due to observance of clearly stipulated legislative provisions

Personal data belonging to the employee may be processed without receiving explicit consent in case the process is clearly stipulated by the legislative provisions or in order to perform a legal liability envisaged by the relevant legislation.

c. Data processing in accordance with the legitimate interestsPersonal data belonging to the employee may be processed without receiving explicit consent if necessary for protecting a legitimate interest of the Company. Such legitimate interest is either a legal (e.g. implementing, enforcing or defending legal rights) or an economic (e.g. evaluation of the Company or abiding by the contractual terms to refrain from indemnifying the counter-party) interest.

In personal cases where it is necessary to protect the interests of the employees, personal data may not be processed for legitimate interests. Prior to data processing it shall be determined whether interests requiring protection are present.

In case data belonging to the employees are processed in accordance with the legitimate interest of the Company, it shall be examined whether the process is balanced. It shall be controlled whether or not the legitimate interest of the Company requiring him to take such measure is breaching an employee right akin to protection and processing shall be carried out only when the interests of both parties are balanced.

d. Processing sensitive data
Sensitive personal data may only be processed under certain conditions.
Sensitive personal data may be processed in case the explicit consent of the employee has been obtained. Upon obtaining explicit consent, the personal data may be processed depending on its nature based on the principles stated in the Policy and by taking the necessary administrative and technical measures.
In case explicit consent of the employee has not been obtained, sensitive personal data may be processed in the cases mentioned herein below on the condition that sufficient precautionary measures determined by the Board are taken.

(III) In cases where required by laws

(IV) Sensitive personal data except the health and sexual life of the related person.

Sensitive personal data regarding the health and sexual life of the related data owner may only be processed for purposes of protecting public health, protective medicine, medical diagnosis, performing treatment and care services, planning and management of the health services and their finance, by the persons abiding by confidentiality obligation or by authorized institutions or organizations.

e. Data processed by exclusively automatic systems

In case personal data is processed through exclusively automatic systems as a part of the employment relation (ex. as a part of the personnel selection or in order to evaluate talent profiles) the employee has the right to object to the emergence of a result to his detriment.

f. Telecommunication and Internet

Telephone hardware, e-mail addresses, intranet and Internet together with internal lines, are provided by the Company primarily for duties related to work. These are work tools and Company resources. These tools shall be used in accordance with relevant statutory regulations and adhoc regulations of the Company.

A general supervision regarding telephone and e-mail communication or intranet and internet use does not take place. In order to prevent attacks against the IT infrastructure or individual users, protective measures blocking technically harmful contents or analyzing the modelling of the attacks are implemented during the transition of those harmful contents and attacks to the Company web. The use of telephone hardware, e-mail addresses, intranet/internet and/or internal social webs are stored for a limited duration for security purposes. The evaluation of these data regarding the data owner are only made in case a concrete doubt concerning the breach of legal regulations is present. These controls are implemented by the related departments only for keeping the principle of balance.

7 TRANSMISSION OF PERSONAL DATA
Transmission of personal data to a third person outside the Company shall be carried out within the scope of the aims envisaged by the Policy and specific aims mentioned herein below.
The Company may transmit personal data to the persons and institutions mentioned herein below for carrying out specific aims:
(a) To the suppliers of the Company in a limited way, in order to ensure that necessary services outsourced by the Company are offered to the Company by the supplier, for the Company to execute its commercial activities,
(b) To the partnerships of the Company in a limited way, in order to ensure the execution of commercial activities necessitating the participation of the Company’s partnerships,
(c) To legally capable public institutions and organizations, only limited to the aim requested at the sole discretion of the related public institutions and organizations,
8 RIGHTS OF THE RELATED DATA OWNER
All data owners possess the below mentioned rights. In case the data owner enjoys his/her rights and files a request to the Company, the Company shall submit the necessary information and the Company shall hereby in the realm of this data confidentiality regulation inform the related data owner as to how the right in question may be used and the cases related to the information request are evaluated.
(a) Learning whether personal data has been processed or not,
(b) In case personal data has been processed, requesting relevant data,
(c) Learning the aim of personal data processing and whether such data are used in accordancen with this aim,
(d) Being informed as to the third persons to which personal data has been transmitted, locally or internationally,
(e) In case personal data was processed deficiently or erroneously, requesting these to be corrected and the action taken to this extent to be announced to third parties to whom personal data was transmitted,
(f) Requesting personal data to be deleted or destroyed and the action taken to this extent to be announced to third parties to whom personal data was transmitted,
(g) In case requirements of personal data processing disappear, being informed if data was processed in accordance with KVKK or with provisions of other laws,
(h) Opposing to the emergence of a result to the detriment of the person, by analysing the processed data through exclusively automatic systems,
(i) Requesting the indemnification of the damage, in case the data owner incurs a damage because of the illegal processing of the personal data.
For the cases kept outside the scope of KVKK and mentioned below, the related data owners may not claim their aforementioned rights and the Company is not under obligation to execute the requests made in this scope:
(a) Personal data processing for purposes of researching, planning and statistics by anonymizing
them through official statistics,
(b) Personal data processing for artistic, historical, literary or scientific purposes or within the scope of the freedom of expression, on the condition that such processing does not breach national defence, national security, public safety, public order, economic security, the right of privacy or personal rights,
(c) Personal data processing in relation to preventive, protective and intelligence activities carried out by public institutions and organizations authorized by the law, for purposes of ensuring national defense, national security, public safety, public order or economic security,
(d) Personal data processing by judicial authorities or law enforcement authorities for purposes of investigation, prosecution, trial and execution activities.
In accordance with KVKK, the related data owners may not, with the exception of the right to request an indemnification of damages, claim their other rights in the below stated cases:
(a) In case the personal data processing is necessary to prevent the commitment of an offense or for a criminal investigation,
(b) In case the personal data has already been made public by the owner of the personal data,
(c) In case the personal data processing is necessary for the execution of supervision and regulation duties and for disciplinary investigations and prosecution by public institutions and organizations authorized by the law and by professional organizations in the status of public institution,
(d) In case the personal data processing is necessary for the protection of the economic and financial interests of the State regarding budgetary, taxation and financial matters.
For a person to address a request on behalf of the personal data owner, such person shall hold a specific proxy statement regarding the subject matter drafted by the personal data owner for the addressing person.
The requests addressed in due form to the company shall be completed within thirty days at the latest. In case the completion of the requests in question requires an additional cost, the Company may charge the petitioner a fee at the rate determined by the Board.
The Company may request additional information from the related person in order to determine whether the petitioner is the owner of the personal data and address the personal data owner questions regarding his request in order to clarify issues stated on the request.
9 CONFIDENTIALITY OF THE PROCEDURES
Personal data are subject to confidentiality. Collection, processing and unpermitted use of data by the employees are prohibited. Unauthorized use is defined as the unauthorized data processing of which employees have executed outside their scope of legitimate duties. All principle is valid: Employees may access personal data only if it is in accordance with the scope and nature of their duties in question.
Employees are prohibited from using personal data for personal or commercial purposes, to distribute them to unauthorized persons or to make it accessible in another way. The managers shall inform employees regarding their obligations concerning data protection, upon commencement of the employment relation. This obligation survives after the employment relation is terminated.
10 PROCESS SECURITY
The company takes the necessary measures and controls, makes or lets someone make the necessary supervisions within this context, in order to prevent the processed personal data being illegally reprocessed, to prevent data being illegally accessed and to ensure the appropriate security level in order to store data. This case is valid independently from whether the data processing is made electronically or in writing. Particularly during migration to new IT systems, before starting new methods of data processing, technical and organizational measures aimed at the protection of personal data are identified and practiced. These measures lean on the latest developments and to the need of protecting data, determined by the procedure relating to process risks and the information classification. Technical and organizational measures concerning the protection of personal data are a part of the Company’s information security management and they are being constantly adapted to technical developments and organizational changes.
11 DATA PROTECTION CONTROL
The conformity with the Policy and KVKK is ensured through regular data protection supervisions and other controls. The Company is making or hiring an eligible person to make the necessary supervisions.
12 DATA BREACH MANAGEMENT
The Company may, in case the personal data processed in accordance with the Policy herein and to KVKK are illegally obtained by others, operates the system ensuring that this situation is announced within the shortest period of time to the related data owner and to the Board. In cases deemed necessary by the Board, this case may be announced on the website of the Board or via other means.
13 CONFIDENTIALITY AND APPROVAL
Personal information of the data owner will only be used in accordance with the service exigencies, to access information specific to the data owner or to get in touch with the data owner. This information will not be shared with third persons and will not be published anywhere. Automatically saved information (non-personal data), when you enter the Website, the general non-personal information (browser used, visitor amount, average time spent on the site, pages viewed) are saved automatically (separate from the member registration). This information is used in order to improve the general quality of the Company’s website. Your information will not be subject to any further processes and will not be transmitted to third persons.
Within this context, Company would like to state that upon data owner’s approval in question, the said owner will declare that her/she accepts that his/her sensitive personal data (telephone, e-mail, address and other communication information included) may be processed in accordance with the provisions of KVKK, used and shared limited to its processing aims within the related process, stored for the necessary duration by Marvel Tour, its group companies, related partnerships and subsidiaries; that being subject to the activities within the scope of electronical trade legislation of which he/she may be contacted through SMS, e-mail and telephone and that the necessary clarification was made to him/her regarding the subject matter, that he/she declares that he/she has read and understood this text.
14 OTHER WEBSITES / THIRD PARTIES AND THEIR PRIVACY POLICIES
Marvel Tour is not responsible for the confidentiality and personal data policies, practices or the contents of other websites that are accessed from link provided on its website, or for the confidentiality and personal data policy and practices of third parties. Marvel Tour strongly suggests that data owner has a look at the confidentiality and personal data policies and practices of such third parties.
15 REQUEST/COMPLAINT MANAGEMENT
Marvel Tour’s web visitors can communicate their wishes, suggestions, requests and complaints to Marvel Tour’s contact details verbally or in writing. Marvel Tour may process the personal data of such data owners such as their names, communication details and the subject matter of the requests/complaints in order to be able to respond to their requests and complaints and to guarantee satisfaction of its visitors. Such information shall be stored from the time the communication is resolved or from the time the communication is received in the case of an unresolved communication, till the end of its limitation period.
16 MAINTAINING PROFESSIONAL RELATIONSHIPS WITH MARVEL TOUR’S SUPPLIERS, CONTRACTORS AND BUSINESS PARTNERS
16.1 Collected Personal Data and Purposes of Data Processing:
Marvel Tour obtains services from numerous corporations and natural persons, maintains business partnerships and collaborations, and enters into a number of contractual relations, including sponsorships in order to be able to conduct its businesses. Marvel Tour processes the personal data of such natural persons and corporate employees to be able to manage these contractual/professional relations.
Marvel Tour acquires contact details such as full name, (i.e. Republic of Turkey) identity numbers, e- mail addresses, phone numbers, residence addresses and, if necessary, payment data such as bank account details from said natural persons and their employees. Marvel Tour may also collect from the employees of suppliers, if necessary, personnel information such as full name, (i.e. Republic of Turkey) identity numbers, criminal record, social security payroll and occupational health and safety information as well as other information such as health report, occupational health and safety
training certificate.
Such collected data are processed for purposes such as executing, concluding or renewing a contract between Marvel Tour and natural persons that render services or is in collaboration with Marvel Tour, sponsorship or similar contractual relation; planning institutional management and communication activities; planning, managing and carrying out organizations, meetings, parties and events; carrying out data management and analysis activities; keeping records about the parties that maintain business relationships with Marvel Tour and carrying out listing work; keeping records of event participants and sending out invitations and notifications. Personal data shall be stored till the end of the limitation period after the contractual relation with Marvel Tour is terminated.
16.2 Methods and Legal Reasons for the Collection of Personal Data:
Personal data shall be collected through communication channels such as e-mail and telephone, the establishments with which Marvel Tour has professional relations, circulars of signatures, powers of attorney (POA) and contracts. All personal data are processed in Marvel Tour’s data registry system.
Legal reasons for the collection of personal data are as follows:
When it is explicitly provided for in the laws as per Article 5/2/a and Article 6/3 of KVKK; when it is necessary to conclude, execute and terminate a contract with the data owner or his/her registered company as per Article 5/2/c of KVKK; for Marvel Tour to perform its legal obligations as per Article 5/2/ç of KVKK; when personal data has already been made public by the data subject as per 5/2/d of KVKK; and in case data processing is mandatory for the legitimate interests of the data controller provided that this processing shall not violate the fundamental rights and freedoms of the data subjects as per Article 5/2/f of KVKK. In the absence of a legal reason specified herein or in KVKK, personal data shall be processed upon data owner’s explicit consent as per Articles 5/1 and 6/2 of KVKK.
marveltour © 2023