Galataport Logo
  • EVENTS
  • BLOG
  • APP
VIKING MARS 928
1
TR / EN

Close

  • About Us
  • Arts & Culture
  • Heritage
  • Cruise Port
  • The Penınsula Istanbul
  • Offices
  • RESTAURANTS
  • STORES
  • Getting Here
  • Services - ㅤㅤㅤㅤㅤㅤ
  • Press
  • Events
  • Blog
  • App
  • Sustainability

Visit Apple App Store or Google Play Store for free download

App Store
Google Play

Our social media accounts

Homepage Personal Data Protection Law

Personal Data Protection Law

Personal Data Protection Policy

Personal Data Protection Law 

Personal Data Protection Policy 


This Personal Data Protection Policy (“Policy”) describes the policy regarding the personal data of natural persons whose personal data is processed by Galataport İstanbul Liman İşletmeciliği ve Yatırımları A.Ş. (“Galataport” and/or the “Company”) in its capacity as the Data Controller, including but not limited to suppliers, supplier employees/representatives, visitors, office visitors, customers/potential customers, and users of the www.galataport.com website (online visitors). 



1- Definitions 


In this Policy; 


“Explicit Consent”: Refers to consent that is related to a specific matter, based on information and expressed with free will; “Anonymization”: Refers to rendering personal data impossible to be associated with an identified or identifiable natural person, even by matching it with other data; 

“Data Subject”: Refers to the natural person whose personal data is processed; 

“Personal Data”: Refers to any information relating to an identified or identifiable natural person; 

“Processing of Personal Data”: Refers to any operation performed on data, such as obtaining, recording, storage, preservation, alteration, reorganization, disclosure, transfer, takeover, making available, classification, or prevention of the use of personal data, which are fully or partially automated or provided that they are part of any data recording system, by non-automated means; 

“Board”: Refers to the Personal Data Protection Board; 

“Authority”: Refers to the Personal Data Protection Authority; 

“Data Controller”: Refers to Galataport İstanbul Liman İşletmeciliği ve Yatırımları A.Ş., which determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system. 



2- Scope and Purpose of the Policy 


This Policy explains: 


i. The methods and legal grounds for collecting Personal Data, 

ii. Which groups of persons’ Personal Data are processed (Categorization of Data Subject Groups), 

iii. Which categories of Personal Data are processed in relation to these groups (Data Categories) and exemplary data types, 

iv. In which business processes and for which Purposes these Personal Data are utilized, 

v. The technical and administrative measures taken to ensure the security of Personal Data, 

vi. To whom and for what purpose Personal Data may be transferred, 

vii. The retention periods of Personal Data, 

viii. Matters regarding the erasure, destruction, or anonymization of Personal Data, 

ix. The rights of the Data Subject over the Personal Data processed by Galataport and how these rights can be exercised, and x. The amendments that may be made to the Policy. 



3- Methods and Legal Grounds for Collecting Personal Data 


Galataport processes Personal Data in audio, electronic, or written forms through the Data Subject themselves, the website, the guiding robot (Chatbot) within the website, the mobile application, social media accounts, cookies, notifications from administrative and judicial authorities, and other communication channels, in accordance with the personal data processing conditions specified in Articles 5 and 6 of the Personal Data Protection Law No. 6698 (“Law”). 



4- Categorization of Data Subject Groups 


In addition to retailers, suppliers, supplier employees/representatives, visitors, office visitors, customers/potential customers, and online visitors (website users), Galataport may also process the Personal Data of other groups of persons (consultants, trainers) in line with the legal grounds specified in this Policy. 



5- Data Categories and Exemplary Types 


i. Online Visitor Data (Website Users) 

Communication Data: E-mail address 

Transaction Security Information: IP address 

Legal Action and Compliance Information: Start and end time of the service provided, type of service utilized, amount of data transferred. 


ii. Office Visitor Data 

Identity Information: Name and surname, T.R. identity number, passport number 

Visual Information: Camera records 

Physical Space Security Information: Visitor log records 


iii. Visitor Data 

Visual Information: Camera records 


iv. Supplier, Supplier Employee, or Supplier Representative Data 

Identity Information: Name and surname, T.R. identity number, passport number 

Communication Information: E-mail address, phone number, Turkish registered electronic mail (KEP) address, address, mobile phone number 

Personnel Data: Social Security Institution (SSI) payroll, Occupational Health and Safety (OHS) documents 

Professional Experience Data: Educational background, certificates, CV 

Financial Information: Account number, tax office, tax identification number, tax certificate, IBAN, invoice details 

Legal Action Information: Signature circular, power of attorney 

Visual Information: Photograph, camera records 


v. Customer Data / Potential Customer Data 

Identity Information: Name and surname, date of birth 

Communication Data: E-mail address, phone number, mobile phone number 

Customer Transaction Data: Vehicle license plate, call center records, request, suggestion, and complaint data 

Marketing Data: Survey, cookie records, data obtained through campaign activities 

Visual Information: Camera records 



6- Purposes for the Use of Personal Data 


Galataport processes the Personal Data subject to this Policy for the following purposes (“Purposes”): 


i. Ensuring compliance with legal processes and legislation, 

ii. Responding to information requests from administrative and judicial authorities, 

iii. Ensuring information and transaction security, 

iv. Making necessary arrangements to ensure that the processed data is up-to-date and accurate, 

v. Carrying out accounting and purchasing processes, 

vi. Ensuring physical space security, 

vii. Executing customer relationship management processes, 

viii. Conducting activities aimed at customer satisfaction, 

ix. Carrying out marketing activities, 

x. Managing request, complaint, and suggestion processes, 

xi. Executing contract processes, 

xii. Ensuring the procurement of services, 

xiii. Preparing internal and external company reports, 

xiv. Ensuring the legal and commercial security of the Company and persons in a business relationship with the Company, xv. Determining management strategies, 

xvi. Ensuring risk management, 

xvii. Processing online visitor data within the scope of Law No. 5651 on the Regulation of Publications on the Internet and Combating Crimes Committed Through Such Publications. 


In this context, Galataport processes the said data in accordance with the law and the rule of honesty; as accurate and up-to-date; for specific, explicit, and legitimate purposes; and in a manner that is relevant, limited, and proportionate to the purposes for which they are processed, provided that they are preserved for the period stipulated in the relevant legislation or required for the Purpose for which they are processed. 



7- Technical and Administrative Measures Taken to Ensure the Security of Personal Data 


 Personal Data shall be stored confidentially in the database held by Galataport in accordance with Article 12 of the Law and shall not be shared with third parties for commercial purposes. In order to ensure the security of the Personal Data it processes, prevent unlawful access, and hinder unlawful data processing, Galataport takes hashing, encryption, logging, access management, and physical security measures to protect information systems containing Personal Data against unauthorized access and unlawful data processing. Notwithstanding the fact that Galataport takes the necessary information security measures, in the event that Personal Data is damaged or falls into the hands of third parties as a result of attacks on the website and the system, Galataport shall immediately notify the Data Subject whose Personal Data is affected and the Board. 



8- To Whom and for What Purpose the Processed Personal Data May Be Transferred 


Your Personal Data may be transferred, to the extent relevant, in line with the Purposes detailed under the heading “Purposes for the Use of Personal Data,” to: 


i. Galataport’s business partners, shareholders, affiliates, the customer communication center from which services are received for the purpose of ensuring business-specific communication management, suppliers, consultancy firms from which support is received, and financial institutions; 

ii. Third parties (Microsoft Azure) from which Galataport receives support in areas such as storage, archiving, hosting (server, hosting, program, cloud computing) for the purpose of executing information security processes, by means of concluding Standard Contractual Clauses pursuant to Article 9 of Law No. 6698, and whose servers are located in Germany and the Netherlands; and 

iii. Authorized public institutions and organizations as well as private law legal entities, in order to fulfill legislative obligations or requests. 



9- Retention Period of Personal Data 


Galataport shall retain the Personal Data it processes in compliance with Law No. 6698 for the periods stipulated in the relevant legislation or as required by the purpose of processing. In the event that the reasons requiring the processing of your Personal Data cease to exist, such data shall be erased, destroyed, or anonymized by Galataport ex officio and/or upon your request. 



10- Erasure, Destruction, or Anonymization of Personal Data 


Your Personal Data, which has been processed for the Purposes specified in this Policy, is stored for the periods stipulated within the scope of the relevant legislation pursuant to Articles 7 and 17 of the Law and Article 138 of the Turkish Penal Code No. 5237. Upon the expiration of these periods, your Personal Data shall be erased, destroyed, or anonymized in accordance with the Regulation on the Erasure, Destruction, or Anonymization of Personal Data. 



11- Rights of the Data Subject Enumerated in Article 11 of the Personal Data Protection Law No. 6698 


The rights you possess pursuant to Article 11 of the Law regarding the Personal Data you have shared with us within the scope of the Purposes and methods of processing specified in this Policy are as follows: 


i. To learn whether Personal Data is being processed, 

ii. To request information if Personal Data has been processed, 

iii. To learn the purpose of the processing of Personal Data and whether they are used in accordance with their purpose, 

iv. To know the third parties to whom Personal Data are transferred domestically or abroad, 

v. To request the rectification of Personal Data if it is incomplete or incorrectly processed, 

vi. To request the erasure or destruction of personal data in the event that the reasons requiring processing cease to exist, even if it has been processed in accordance with the Law and other relevant legal provisions, and to request that the operation performed in this context be notified to third parties to whom the personal data has been transferred, 

vii. To object to the occurrence of a result against the person themselves by analyzing the processed data exclusively through automated systems, 

viii. To demand compensation for damages in the event of loss due to the unlawful processing of Personal Data. 


To exercise these rights; you may submit your requests regarding your Personal Data pursuant to Article 11 of the Law, together with information/documents verifying your identity, as follows: 


i. You may apply to the Company by completely filling out the information and documents in the Application Form, using the methods specified in the said form, in accordance with the Communiqué on the Procedures and Principles of Application to the Data Controller. 

ii. You may send an e-mail from your Turkish Registered Electronic Mail (KEP) address to the Company’s KEP address at “galataportistanbul@hs03.kep.tr”. 

iii. You may send an e-mail to “KVKK@galataportistanbul.com” using a secure electronic signature or via the e-mail address previously notified to the Company and registered in our system. 



12- Amendments to the Policy 


Galataport may make amendments to this Policy at any time. These amendments shall become effective immediately upon the posting of the amended new Personal Data Protection Policy on the website www.galataport.com.Necessary notifications will be provided to you via the website to ensure that you are informed of any amendments to this Policy.

  • ABOUT US +4
  • Project
  • History
  • Corporate
    • +1
  • Sustainability
  • CRUISE PORT +2
  • About
  • Cruise Operations
  • FOOD & BEVERAGE +4
  • Cafes
  • Local Tastes
  • Paket Postanesi Stores
    • +1
  • Restaurants
  • EVENTS +1
  • Events
  • PRESS +3
  • Press Releases
  • Logos
  • Images
  • ARTS & CULTURE +2
  • Istanbul Modern
  • MSGSU Istanbul Museum of Painting and Sculpture
  • PENINSULA İSTANBUL +1
  • The Penınsula Istanbul
  • STORES +13
  • Accessories & Glasses
  • Apparels
  • Arts & Culture and Entertainment
    • +10
  • Books, Hobby and Gifts
  • Children's
  • Cosmetics
  • Home & Decoration
  • Jewellery & Watches
  • Paket Postanesi Stores
  • Service Stores
  • Shoes & Bags
  • Sports
  • Technology and Experience
  • BLOG +15
  • The Ritual of Turkish Coffee
  • Bags Made from Natural Materials: The Unique World of Bago
  • A Vibrant Journey into Jazz…
    • +12
  • Summer's Herald: Terrace Gatherings
  • Yoga on the Pier at Galataport Istanbul: Listen to Your Mind and Body
  • Coming Soon to Galataport Istanbul: Art, Entertainment, and More
  • A New Shopping Innovation from Galataport Istanbul: Bags-Free
  • A Unique Experience at Paket Postanesi Terrace: Komün
  • From Salt Lake to the Historic Peninsula: The Magic of Contrasts
  • Tenniscore at Galataport Istanbul: The Trend of Sporty Elegance
  • Tophane Kasrı: The Hidden Gem Amidst the Greenery
  • Flying Tiger Copenhagen: Special New Year Gifts for Your Loved Ones
  • Storytellers of Their Own: What is Streetwear?
  • The Secrets of Choosing a Perfume
  • Watching Istanbul from the Bosphorus: Bosphorus Tours Set Sail from Galataport
  • GETTING HERE +4
  • Tram
  • Karakoy and Kabatas Pier
  • Bus
    • +1
  • Galataport Sea Shuttle
  • HERITAGE +8
  • Tophane Clock Tower
  • Post Office
  • Merkez Han
    • +5
  • Karaköy Passenger Hall
  • Çinili Han
  • Tophane Pavilion
  • Tophane Fountain
  • Nusretiye Mosque
  • OFFICES +1
  • Offices
  • SERVICES +15
  • Valet Parking
  • Parking
  • Wi-Fi
    • +12
  • Bicycle park
  • WC
  • ATM
  • Exchange Office
  • Tax Free
  • Cargo Shipment
  • Charging Station
  • Sea Shuttle
  • Left Luggage
  • Car Wash Service
  • Port LVM Bosphorus Tour
  • Baby Care Rooms
  • MOBILE APPLICATION +1
  • App
  • PDPL +1
  • Personal Data Protection Law
  • COOKIE POLICY
  • FAQ
  • GALATAPORT DOSSIER
  • SUSTAINABILITY POLICIES

    Sign up for our e-newsletter

    Send

    Kılıçali Paşa Mahallesi, Meclis-i Mebusan Caddesi, No: 8, İç Kapı No:102, 34433, Beyoğlu, İstanbul

    T:444 52 66 info@galataportistanbul.com

    For More: Galataport Istanbul Mobile App

    2026 All Rights Reserved. Galataport Istanbul

    Download Galataport İstanbul App from:

    App Store Google Play

    2026 All Rights Reserved. Galataport Istanbul