Data Controller: Istanbul Metropolitan Municipality
Istanbul Metropolitan Municipality Department Kemalpaşa Mh. 15 Temmuz Şehitleri Cd. No:5 34134 Fatih / İstanbul / Turkey
As Istanbul Metropolitan Municipality (“IMM”), in line with the Law on Personal Data Protection numbered 6698 (“LPDP”) and relevant legislation and legal regulations; in order to enable you to benefit from the services we provide, this notification text has been prepared regarding the processing, storage and transfer of personal data of our citizens.
Which of your Personal Data is Processed and What are the Purposes, Legal Reasons, and Collection Methods of Your Personal Data?
Within the scope of our activities and the business processes we carry out; identity information of our citizens (Name, Surname, TR Identity Number, gender, date of birth, parents' name-surname for users under the age of 18), contact information (Mobile Phone Number, Email Address, Address), education information (Graduation Status), transaction security information -through online electronic forms- (IP Address Information, Website Entry and Exit Information, Password Information, Log Record, Device MAC Address, Electronic Communication Records (such as Use Lists) will be collected and processed through information systems and electronic devices.
Your personal data is processed for the purpose of conducting information security processes, carrying out activities in accordance with the legislation, conducting business processes related to the service, conducting service production, and operation processes, executing service-related support processes, and carrying out communication activities.
Personal data which falls under the category of identity and communication, will be processed based on the legal grounds that i) “it is necessary to process the personal data of the parties to the agreement provided that such data is directly related to the establishment or performance of an agreement pursuant to subparagraph (c) of paragraph 2 of article 5 of the LPDP, and ii) pursuant to subparagraph (f), “data processing is required for the legitimate interests of the data controller provided that it does not harm the fundamental rights and freedoms of the data subject.”
Your process-specific transaction security data will be processed on the basis of the legal grounds of subparagraph (a) of paragraph 2 of Article 5 of the LPDP "It is clearly stipulated in the laws" and subparagraph (f) "It is mandatory to process data for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject.”
To whom and for what purposes can personal data be transferred?
In accordance with legal regulations and the legislation we are subject to, your personal data may be transferred to:
- Authorized Public Institutions and Organizations in order to - upon the request of a court decision or authorized administrative authorities - carry out the activities in accordance with the legislation and to inform authorized persons, institutions, and organizations,
- IMM affiliates and subsidiaries in order to conduct service production and operation processes, and support processes related to the service.
What Are Your Rights as a Data Subject?
Regarding your personal data within the scope of GDPR and relevant legislation; you have the right to:
- find out whether your personal data has been processed,
- request information if your personal data has been processed,
- find out the purpose of processing the personal data and whether it has been used in line with its purpose,
- be informed about third parties to whom your personal data has been transferred domestically or abroad,
- make a request for a correction in the event that your personal data has been processed insufficiently or inaccurately,/li>
- request deletion or destruction of your personal data under the conditions stipulated in the GDPR legislation,
- when you request the deletion or destruction of your personal data or the correction of incomplete or inaccurate data; you may request that this situation is notified to third parties to whom we have transferred your personal data,
- you may object to an outcome resulting against the person themselves by analysing the processed data exclusively through automatic systems, and
- request indemnification if you suffered damages due to processing of the personal data in violation of the applicable law.