HomeOur Story
    Workshops
    Traditional Turkish Calligraphy Workshop
    Chocolate Making Workshop
    Ebru Tote Bag Art Workshop
    Leather Crafting Workshop
    Perfume Making Workshop
    Traditional Stained Glass Painting Workshop
    Turkish Coffee Making & Fortune Telling Workshop
    Turkish Illumination Art Workshop
    View All Workshops →
    Events
    Anatolian Tasting Journey
    Whirling Dervishes Ceremony at a Real Mevlevihane
    See All Events →
    GuestbookCertificate
    Get in Touch →

    Legal Information

    Personal Data Protection & Privacy

    Documents

    • Privacy Notice (GDPR)
    • Cookie Policy

    Privacy Notice (GDPR)

    Last updated:
    13 Aug 2025
    Version:
    01.2025
    Language:
    English

    This Privacy Notice is published by İstanbul Workshops Eğitim ve Danışmanlık Limited Şirketi ("Data Controller", "Company", "Istanbul Workshops") as the data controller, to inform visitors of our website how their personal data is processed in line with Turkey's Personal Data Protection Law No. 6698 ("KVKK"), the EU General Data Protection Regulation ("GDPR") where applicable, and the relevant international agreements.

    All personal data shared with us is processed lawfully, in connection with our services, and proportionally to the stated purposes.

    01Data Controller

    The data controller is Istanbul Workshops Eğitim ve Danışmanlık Limited Şirketi. For any questions about how your personal data is processed and for any request to exercise your data subject rights, please use the contact details at the end of this notice.

    Legal name
    İstanbul Workshops Eğitim ve Danışmanlık Limited Şirketi
    Registered address
    Aziz Mahmut Hüdayi Mah., Gülfem Sk., No:15/A, Floor 2, Üsküdar / Istanbul, Turkey
    Registered e-mail (KEP)
    istanbulworkshops@hs01.kep.tr
    E-mail
    info@istanbulworkshops.com

    02Personal Data We Process

    During your visit to our website, your use of our services and your communications with us, the following categories of personal data may be processed.

    CategoryData type
    IdentityFull name, national ID, date of birth
    ContactEmail address, phone number, social media handle, contact-form message content
    Transaction & securityIP address, target IP / domain logs, device IMEI/MAC, connection time and duration
    FinancialBank/payment details, IBAN, invoice information
    MarketingPreferences, behavioural data, cookie records, campaign interaction data
    OtherWebsite access/exit logs, session records

    2.1 · Channels of collection

    When you buy a ticket or product

    To complete the purchase we collect your full name, national ID, email, phone, delivery and billing address, and payment information (processed via PCI-DSS secure rails). Date of birth (for age verification) and gender (for personalisation) are optional.

    When you browse the site or use our apps

    IP address, location, browser and device type, navigation paths, click and interaction events are processed automatically. Session and preference cookies are always used; analytics and marketing cookies are loaded only with your consent.

    When you contact us

    Conversation records (for quality assurance), email correspondence, complaint and request details, and resolution-process records are kept.

    When you interact via social media

    When you use social-media features, your profile information (subject to your sharing permissions), your shares, likes and comments are processed.

    03Processing Purposes & Legal Bases

    Your personal data is processed in line with Articles 5 and 6 of KVKK (and the corresponding lawful bases of GDPR Article 6 where applicable) for the purposes below.

    3.1 · Performance of a contract (KVKK Art. 5/2-c · GDPR Art. 6(1)(b))

    Preparing and shipping your order, taking payment and issuing invoices, delivery and workshop coordination, providing customer support, allocating tickets, managing reservations and sending event reminders.

    3.2 · Your explicit consent (KVKK Art. 5/1 · GDPR Art. 6(1)(a))

    Sending email newsletters and SMS campaigns, personalised product recommendations, recommendations based on past purchases, targeted social-media advertising, site performance analysis and A/B testing.

    3.3 · Compliance with a legal obligation (KVKK Art. 5/2-ç · GDPR Art. 6(1)(c))

    Keeping invoice and accounting records, tax-return processes, social-security filings, audit processes, court and prosecution requests, and responding to lawful requests from competent public authorities.

    3.4 · Our legitimate interests (KVKK Art. 5/2-f · GDPR Art. 6(1)(f))

    Fraudulent-account detection, suspicious-transaction analysis, risk scoring, automated security controls, prevention of cyber attacks, security logging and vulnerability detection — provided that your fundamental rights and freedoms are not unduly affected.

    04Transfers of Personal Data

    Personal data may be transferred in line with KVKK Articles 8 and 9 (and the GDPR Chapter V mechanisms for international transfers) to the recipient groups below, limited to the relevant processing purpose.

    4.1 · Event and workshop partners

    When you buy a ticket or experience, the relevant data is shared with the workshop instructors, event organisers and venue operators who actually deliver the experience, so that they can grant access, run security checks, communicate changes and (only with your explicit consent) carry out marketing.

    4.2 · Service providers

    We share data with the following categories of service providers to fulfil our contractual and operational obligations:

    Provider typeServiceLocationTransfer basis
    Cloud infrastructure & CDNHosting, content delivery, storageTurkey / EUKVKK Art. 9/1
    Web analyticsAnonymous traffic and behaviour measurementUnited StatesExplicit consent (Art. 9/1)
    Marketing pixelsAdvertising effectiveness and targetingUnited StatesExplicit consent (Art. 9/1)
    Email serviceTransactional and marketing emailEUContract (Art. 8/2-a)
    Payment processorPayment intermediation, PCI-DSSTurkeyContract (Art. 8/2-a)
    Live-chat platformCustomer chat and supportTurkeyContract (Art. 8/2-a)

    4.3 · Competent public authorities

    Within the scope of our legal obligations, transfers are made to authorities such as the Tax Office (invoice data), courts and prosecutors (legal proceedings) and the Personal Data Protection Authority (audit processes) — only on the basis of a written request, a valid legal ground and the data-minimisation principle.

    05Retention Periods

    Your personal data is retained for the period required by the processing purpose and the statutory limitation periods set out in the applicable legislation. When those periods end, the data is securely deleted, destroyed or anonymised.

    Data typePeriodLegal basisDisposal method
    Invoice records10 yearsTax Procedure Law Art. 253Secure deletion
    Order detailsPurchase + 10 yearsCommercial Code Art. 82Archiving
    Marketing consentsUntil consent is withdrawnKVKK Art. 7Immediate deletion
    Security logs1 yearCybersecurity good practiceRolling delete
    Customer support recordsLast contact + 3 yearsConsumer Protection LawAutomatic deletion
    Cookie data30 days – 2 yearsPer cookie typeBrowser / server deletion

    06Your Rights as a Data Subject

    Under KVKK Article 11 (and the equivalent GDPR Chapter III rights), you have the following rights with respect to your personal data:

    1. Right to information: to know whether your personal data is being processed and to request information about it.
    2. Right to purpose: to know the purpose of processing and whether the data is used in line with that purpose.
    3. Right to rectification: to have inaccurate or incomplete personal data corrected.
    4. Right to erasure: to request deletion or destruction of your personal data in line with KVKK Art. 7.
    5. Right to data portability: to receive your processed data in a structured, commonly used, machine-readable format.
    6. Right to know recipients: to learn who your data has been transferred to.
    7. Right to object: to object to a decision that adversely affects you and is taken solely through automated processing.
    8. Right to compensation: to claim damages for unlawful processing.

    To exercise these rights, please send your request to our KEP address or our contact email. We will respond at the latest within 30 days, free of charge. If the request requires additional cost, the tariff set by the KVKK Board applies.

    07Managing Your Preferences

    You can change your preferences at any time through the channels below:

    7.1 · Marketing communications

    • "Unsubscribe" link in every email.
    • Reply "STOP" to SMS messages.
    • Contact our customer service team to opt out of phone communications.

    7.2 · Cookie management

    You can manage your cookie preferences anytime via the "Cookie Settings" link in the site footer or on the Cookie Policy page. You may also delete or block cookies via your browser's privacy settings.

    7.3 · Personalisation

    • Toggle content recommendations from your account settings.
    • Choose newsletter content type from your email preferences.

    08Security Measures

    We take all necessary technical and administrative measures to prevent unlawful access to your personal data, to prevent unlawful processing, and to ensure its safe retention at an appropriate security level.

    8.1 · Technical measures

    • End-to-end SSL/TLS encryption and AES-256 encryption at the database layer.
    • Role-based access control, session timeouts and API key management.
    • 24/7 security monitoring, automated threat detection and periodic penetration testing.

    8.2 · Administrative measures

    • Mandatory KVKK and GDPR awareness training for all staff, plus confidentiality undertakings.
    • Least-privilege principle and regular access reviews.
    • Data-protection policies, incident-response procedures and third-party security assessments.

    09Data Breach Response

    When a possible data breach is detected, our incident-response team performs a risk and impact analysis. Personal data breaches are reported to the Personal Data Protection Authority as soon as possible and in any event within 72 hours.

    If the breach is likely to result in a high risk to data subjects, we will notify you without undue delay through appropriate channels. Following the incident, vulnerabilities are remediated, systems are hardened and process improvements are implemented.

    10Changes to This Notice

    This Privacy Notice may be updated in line with regulatory changes, updates to processing purposes, changes in third-party sharing or developments in the exercise of data subject rights.

    For material changes we will notify you via a homepage banner (at least 30 days in advance), email for registered users and SMS for critical changes. The current version is always published on this page.

    11Contact

    For any question about this Privacy Notice and for requests under KVKK Art. 11 (or the equivalent GDPR rights), please reach out to us via the channels below.

    Legal name
    İstanbul Workshops Eğitim ve Danışmanlık Limited Şirketi
    Address
    Aziz Mahmut Hüdayi Mah., Gülfem Sk., No:15/A, Floor 2, Üsküdar / Istanbul, Turkey
    Phone
    +90 533 167 62 71
    Email
    info@istanbulworkshops.com
    Registered e-mail (KEP)
    istanbulworkshops@hs01.kep.tr

    This document is a legal commitment. By using our services you confirm that you have been informed of the data processing activities described in this Privacy Notice.

    Call us at

    +90 533 167 62 71

    Say hello via

    info@istanbulworkshops.com

    See us at

    Aziz Mahmut Hüdayi, Gülfem Sk. No:15, 34672
    Üsküdar/İstanbul

    Highlights in Istanbul Workshops

    TURKISH COFFEE MAKING & FORTUNE TELLING WORKSHOPTURKISH MOSAIC LAMP WORKSHOPFORTUNE TELLING WORKSHOPTURKISH TILE PAINTING ART WORKSHOPISTANBUL WORKSHOP REVIEWSSTAINED GLASS PAINTING WORKSHOPHOW TO MAKE TURKISH COFFEEISTANBUL EXPERIENCEHIGHLIGHTS IN ISTANBUL WORKSHOPISTANBUL PERFUME MAKING WORKSHOPISTANBUL WORKSHOPTURKISH TILE WORKSHOP
    Privacy Notice© 2025 — All rights reserved