Privacy Notice

EQ BİLET – Privacy Notice (KVKK & GDPR)

Last Updated: 02/01/2026

1) Data Controller

ÖZGÜR PRODÜKSİYON DAĞITIM TURİZM ORGANİZASYON DANIŞMANLIK TİC. LTD. ŞTİ.
(Beşiktaş Tax Office, Tax ID/VKN: 6930467678)
(“EQ BİLET”, “Company”, “we/us”)

This Privacy Notice explains how EQ BİLET processes personal data in connection with our websites, applications, and ticketing services (the “Service”) in accordance with Turkish Law No. 6698 (KVKK) and—where applicable—the EU General Data Protection Regulation (GDPR).

2) Who This Notice Applies To

This Notice applies to:

Website visitors (including online visitors)
Registered users / members
Ticket reservation and purchase customers
Business partners, suppliers, agencies, and their authorized persons/employees
Individuals contacting customer support

3) Categories of Personal Data We Process

Depending on your interaction with the Service, we may process:

A) Technical & Usage Data (Transaction / Security)

IP address, log records, connection time, pages visited
Cookie identifiers, pixel tags, similar tracking technologies
Device identifiers (e.g., MAC address), port information
Search inputs used while browsing events/tickets
Account credentials (username; password in protected/hashed form)

B) Identity Data (primarily for ticketing/contract performance where required)

Name, surname
Date of birth
National ID number (if required by applicable rules/event requirements)
Gender (if provided/required)
City information

C) Contact Data

Email address, phone number
Address (for invoicing/required communications)
Social media contact details (if you contact us via those channels)

D) Payment & Financial Data

Payment instrument data needed to process transactions (typically handled by payment providers)
Bank/IBAN (where needed for refunds/settlement)
Invoice information, receipts, transaction confirmations

Important: Full card data and sensitive payment credentials are generally processed by licensed payment service providers and their secure systems. EQ BİLET processes only what is necessary to complete transactions and manage customer support/refunds.

E) Special Category Data (Sensitive Data) – only where necessary and lawful

Health-related information (e.g., disability/accessibility needs) only if required for service delivery, safety, or legal obligations, and processed with additional safeguards.

4) Purposes of Processing

We process personal data for the following purposes:

Service Delivery / Contract

Creating and managing user accounts and memberships
Ticket reservation, purchase, delivery/issuance, and customer service
Managing cancellations, refunds, chargebacks, and transaction records
Providing event information and service communications

Security, Fraud Prevention & Compliance

Ensuring network and information security, preventing misuse and fraud
Maintaining logs as required by applicable legislation (e.g., security and record-keeping obligations)
Responding to lawful requests from public authorities and courts
Audits, internal controls, legal claims management

Operations & Improvement

Operating and improving the Service, performance monitoring
Analytics to understand usage and enhance user experience

Marketing & Communications (where permitted)

Providing newsletters, campaigns, promotions, and personalized offers
Measuring campaign effectiveness and marketing analytics
Managing commercial electronic communications based on your preferences/consents where required

5) Legal Bases (GDPR “Lawful Bases” + KVKK Grounds)

Where GDPR applies, EQ BİLET processes personal data based on one or more of the following lawful bases:

Contract (GDPR Art. 6(1)(b)): to provide ticketing services and fulfill the distance sales contract.
Legal Obligation (GDPR Art. 6(1)(c)): to comply with record-keeping, accounting, consumer law, and other mandatory obligations.
Legitimate Interests (GDPR Art. 6(1)(f)): to ensure Service security, prevent fraud, improve our services, and manage business operations—balanced against your rights.
Consent (GDPR Art. 6(1)(a)): for certain marketing activities and, where applicable, for processing special category data (GDPR Art. 9(2)(a)) or for non-essential cookies/tracking (depending on your settings).

Under KVKK, processing is carried out based on the corresponding legal grounds (e.g., explicit legal provision, necessity for contract performance, legal obligation, legitimate interest, and explicit consent where required).

6) How We Collect Personal Data

We collect personal data:

Directly from you (forms, account creation, purchases, support requests)
Automatically through your use of the Service (logs, cookies, pixels, similar tech)
From business partners (e.g., event organizers, payment providers) only as needed for providing the Service

7) Sharing / Disclosure of Personal Data (Recipients)

We may share your personal data with:

A) Event Organizers / Venues (as necessary)

For ticket validation, entry management, event operations, and compliance requirements.

B) Payment & Financial Service Providers

Banks, payment processors, virtual POS providers, e-money/payment institutions (for payment processing, fraud checks, refunds).

C) Service Providers (Processors)

Hosting, storage, IT/security providers, analytics tools, customer support systems, communication providers (acting as processors under contract).

D) Professional Advisors

Lawyers, auditors, tax/financial advisors (where necessary for compliance or claims).

E) Public Authorities

Courts, regulators, law enforcement, and other competent authorities when legally required.

We do not sell your personal data.

8) International Transfers

If personal data is transferred outside Türkiye or the EEA/UK (where GDPR applies), we will ensure appropriate safeguards (as applicable), such as:

Transfers to countries recognized as providing adequate protection, and/or
Contractual and technical safeguards (e.g., encryption, access controls), and/or
Other lawful transfer mechanisms required by applicable law.

9) Data Retention

We retain personal data only for as long as necessary for the purposes described in this Notice, including:

Legal retention periods (e.g., accounting, transaction records, mandatory logs)
Contract performance and after-sales support
Establishment, exercise, or defense of legal claims

When retention is no longer necessary, data is deleted, anonymized, or securely destroyed in line with our retention and disposal practices.

10) Your Rights (KVKK & GDPR)

Depending on your jurisdiction and applicable law, you may have the right to:

Request access to your personal data and information about processing
Request correction/rectification of inaccurate or incomplete data
Request deletion/erasure or anonymization (where conditions are met)
Object to certain processing (including profiling/automated decision-making where applicable)
Request restriction of processing (GDPR)
Request data portability (GDPR, where applicable)
Withdraw consent at any time (where processing is based on consent)
Lodge a complaint with the competent supervisory authority (GDPR) and/or the Turkish Data Protection Authority (KVKK), as applicable

11) How to Exercise Your Rights / Contact

To make a request, please contact us at: info@eqbilet.com

Your request should include sufficient information to verify your identity and to clarify what you are requesting. We will respond within the time limits required by applicable law (typically up to 30 days under KVKK, subject to legal exceptions).

12) Children

The Service is not intended for children under 13. If you believe a child has provided personal data without parental consent, please contact info@eqbilet.com
and we will take appropriate steps.

13) Cookies & Similar Technologies

We use cookies, pixels, and similar technologies for essential functionality, security, analytics, and (where permitted) marketing. Please review our Cookie Policy for details and preference controls.

14) Updates to This Notice

We may update this Notice from time to time. The current version will be published on our website with the updated “Last Updated” date.