Meet us
TTG Rimini14–16 October 2026

Privacy Notice

Last updated: July 9, 2026

This English text is a courtesy translation provided for convenience. In case of any discrepancy, the Turkish version prevails.

Privacy notice for website users, under the Turkish Personal Data Protection Law No. 6698 (KVKK).

This website belongs to SAN BİLGİSAYAR TİCARET TURİZM İTHALAT VE İHRACAT AŞ, the data controller (hereinafter referred to as SAN BİLGİSAYAR in this and other KVKK texts). Details of the statements in this privacy notice — prepared pursuant to the KVKK Policy adopted and implemented by the data controller and the Personal Data Protection Law No. 6698 — can be found in the Data Controller's KVKK Policy and the documents annexed to it. Accordingly:

Personal Data Processed

  • Identity and family information: name and surname, Turkish ID number, passport number, place and date of birth, marital status, gender, children's names, number, ages and dates of birth, signature, voucher (travel card) and registration card (accommodation card) details, room type and number, flight number, hotel stayed at, accommodation dates and amount
  • Contact information: address, phone number, e-mail address
  • Customer transaction information: vehicle plate, survey forms, records relating to the provision of products and services, requests, instructions, photographs, weddings, births, special occasions and anniversaries, invoice details, order details, request details
  • Physical premises security information: entry and exit records of customers and visitors, camera recordings
  • Transaction security information: IP address, hotspot records, passwords and credentials, website login and logout records, logs and digital traffic records
  • Financial information: credit card number, CVC code, expiry date
  • Visual and audio records and information
  • Health information: information on disability status, chronic conditions, past illnesses, asthma, diabetes, heart and blood pressure conditions, personal health information

Collection Method and Legal Grounds

Under this privacy notice, your personal data is obtained verbally, in writing or electronically — through automated means, or through non-automated means provided they form part of a data recording system — via solution partners with whom we cooperate under a contractual relationship, via third parties we work with and provide services to as a requirement of our activities, or via information, documents and similar means submitted by you.

This data may be processed on the basis of your explicit consent under Article 5 of Law No. 6698, and, where explicit consent is not required, directly where one of the following conditions exists:

  • It is expressly provided for by law,
  • It is necessary for the protection of the life or physical integrity of a person who is unable to give consent due to actual impossibility, or whose consent is not legally valid, or of another person,
  • It is necessary to process the personal data of the parties to a contract, provided that it is directly related to the conclusion or performance of that contract,
  • It is necessary for the data controller to fulfil its legal obligations,
  • The data has been made public by the data subject themselves,
  • Processing is necessary for the establishment, exercise or protection of a right,
  • Processing is necessary for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject.

Under Article 6 of Law No. 6698, your special categories of personal data other than health and sexual life may be processed on the basis of your explicit consent or, in accordance with that article, in the cases provided for by law. In the absence of your explicit consent, personal data relating to health and sexual life may only be processed by persons under an obligation of confidentiality or by authorised institutions and organisations, for the purposes of protecting public health, preventive medicine, medical diagnosis, treatment and care services, and the planning and management of health services and their financing.

Purposes of Processing

Your personal data is processed in accordance with Articles 4, 5 and 6 of Law No. 6698 — observing the principles of lawfulness and fairness, accuracy and being up to date where necessary, processing for specific, explicit and legitimate purposes, being relevant, limited and proportionate to the purposes for which it is processed, and being retained for the period stipulated in the relevant legislation or required for the purpose — for the following purposes:

  • Conduct of emergency management processes
  • Conduct of information security processes
  • Conduct of activities in compliance with legislation
  • Conduct of finance and accounting affairs
  • Conduct of loyalty processes relating to the company, products and services
  • Ensuring the security of physical premises
  • Follow-up and conduct of legal affairs
  • Conduct of communication activities
  • Conduct of goods / services sales processes
  • Conduct of goods / services production and operations processes
  • Conduct of customer relationship management processes
  • Conduct of activities aimed at customer and guest satisfaction and service quality
  • Organisation and event management
  • Conduct of advertising / campaign / promotion processes
  • Conduct of storage and archive activities
  • Conduct of contract processes
  • Follow-up of requests / complaints
  • Ensuring the security of data controller operations
  • Conduct of investment processes
  • Provision of information to authorised persons, institutions and organisations
  • Conduct of management activities
  • Creation and follow-up of visitor records

Your personal data is not processed for purposes other than those set out above. All technical and administrative measures are taken by the company to prevent the unlawful processing of, or unlawful access to, personal data.

Transfer of Personal Data

Your personal data may be transferred within Türkiye or abroad in accordance with Articles 8 and 9 of Law No. 6698, where the following conditions exist.

Personal data collected on the basis of the conditions set out in Article 5 of Law No. 6698 or with your explicit consent may be transferred — for the purposes stated above and in order to carry out the activities stated above, in accordance with Articles 8 and 9 of the Law — to persons, institutions and companies with whom we cooperate; to persons and institutions with whom we interact, such as shareholders and suppliers; and to third parties from whom services are received or to whom services are provided.

Provided that adequate measures are taken, your personal data relating to health may be transferred without your explicit consent only by persons under an obligation of confidentiality or by authorised institutions and organisations, for the purposes of protecting public health, preventive medicine, medical diagnosis, treatment and care services, and the planning and management of health services and their financing.

Your personal data may be transferred abroad without your explicit consent where one of the following applies: it is expressly provided for by law; it is necessary for the protection of the life or physical integrity of a person unable to give consent due to actual impossibility or whose consent is not legally valid, or of another person; it is necessary to process the personal data of the parties to a contract, provided it is directly related to the conclusion or performance of that contract; it is necessary for the data controller to fulfil its legal obligations; the data has been made public; processing is necessary for the establishment, exercise or protection of a right; or processing is necessary for the legitimate interests of the data controller, provided it does not harm your fundamental rights and freedoms — and additionally, for health data, where carried out by persons under an obligation of confidentiality or authorised institutions for the purposes of protecting public health, preventive medicine, medical diagnosis, treatment and care services, and the planning and management of health services and their financing. Transfer abroad further requires that adequate protection exists in the destination country or, where it does not, that the data controllers in Türkiye and the relevant foreign country undertake adequate protection in writing and the Personal Data Protection Board (KVK Board) grants permission.

The KVK Board decides whether adequate protection exists in the foreign country and whether the transfer abroad will be permitted, by assessing the international conventions to which Türkiye is a party, the state of reciprocity regarding data transfer between the requesting country and Türkiye, the nature of the personal data and the purpose and duration of processing for each specific transfer, the relevant legislation and practice of the destination country, and the measures undertaken by the data controller in the destination country — obtaining the opinion of the relevant institutions and organisations where needed. Your personal data may be transferred abroad, without prejudice to the provisions of international conventions, in cases where the interests of Türkiye or the data subject would be seriously harmed, only with the opinion of the relevant public institution or organisation and the permission of the Board.

Within this framework, your personal data may be transferred, for the conduct of the purposes stated above, to:

  • Authorised public institutions and organisations,
  • Company shareholders and officers,
  • Business and solution partners,
  • Suppliers (persons and companies),
  • Natural or legal persons with whom the company interacts.

Your Rights as a Data Subject

Under the Law, the data subject has the right to:

  • Learn whether their personal data is being processed,
  • Request information if their personal data has been processed,
  • Learn the purpose of the processing and whether the data is used in accordance with that purpose,
  • Know the third parties to whom their personal data is transferred, within Türkiye or abroad,
  • Request the correction of personal data that is incomplete or inaccurately processed,
  • Request the erasure or destruction of personal data under the conditions set out in Article 7 of the KVKK,
  • Request that the correction of inaccurately processed data and the destruction of data be notified to the third parties to whom the data has been transferred,
  • Object to a result arising against the data subject through the analysis of processed data exclusively by automated systems,
  • Request compensation for damage suffered as a result of the unlawful processing of their personal data.

To exercise your rights as a data subject, you must first apply to the data controller using the contact channels below. The complaint route to the KVK Board may not be used before this route has been exhausted.

Your request is answered by our company, as data controller, as soon as possible depending on its nature and within 30 days at the latest.

If your application is rejected, the response is found insufficient, or no response is given in time, you may exercise your right to lodge a complaint with the KVK Board or apply directly to the courts.

Application Address and Contact Details

  • SAN BİLGİSAYAR TİCARET TURİZM İTHALAT VE İHRACAT AŞ
  • Pınarbaşı Mh. Hürriyet Cad. Antalya Teknokent ARGE 5 3F/2 Konyaaltı – Antalya, Türkiye
  • Phone: +90 850 777 00 00
  • E-mail: info@santsg.com

Retention Period of Personal Data

Your personal data processed by the methods and for the purposes stated above is retained for the period specified in the data inventory, taking into account the statutes of limitation and preclusive periods set out in the law. When the reasons requiring the processing of your data cease to exist, or when the periods mandated by legislation for processing your data expire, your data is deleted, destroyed or anonymised by our company using one of the destruction methods — ex officio within six-month periods at the latest, or within thirty days at the latest upon your request.

Deletion of your personal data is the process of rendering it inaccessible and unusable in any way for the relevant users.

Destruction of your personal data is the process of rendering it inaccessible, irretrievable and unusable by anyone in any way.

Anonymisation of your personal data is the process of rendering it impossible to associate with an identified or identifiable natural person, even through the use of appropriate techniques.

The operations carried out in relation to the deletion, destruction and anonymisation of your personal data are recorded in minutes. In view of public requirements, these records are kept for 5 years.

Respectfully submitted for your information.

Identity of the Data Controller

  • Name / Title: SAN BİLGİSAYAR TİCARET TURİZM İTHALAT VE İHRACAT AŞ
  • Address: Pınarbaşı Mh. Hürriyet Cad. Antalya Teknokent ARGE 5 3F/2 Konyaaltı – Antalya, Türkiye
  • MERSİS No: 0742042956600027
  • Tax Office / No: Antalya Kurumlar VD. 7420429566