Last updated: 15 May 2026

Privacy Policy

This policy describes how Fotografest Marketing LLC ("Türkiye FotoShoot", "we", "us", "our") collects and processes personal data when you use turkiyefotoshoot.com or commission photography and videography services from us. We process data in compliance with the Turkish Personal Data Protection Law (KVKK, Law No. 6698) and, where applicable, the EU General Data Protection Regulation (GDPR).

Data controller: Fotografest Marketing LLC, Esentepe, Büyükdere Cd. No:199/6, 34394 Şişli, Istanbul, Türkiye. KVKK enquiries: [email protected].

1. What we collect

From the contact form: name, company, email, phone number (stored in E.164 format), preferred contact date, event duration, service category, expected attendee count, and the brief you submit. Phone numbers default to a Türkiye country code but you may enter any country code.

From the website itself: Cloudflare Analytics records aggregated, anonymous statistics: page views, country-level geography, referrer, device class, browser. No IP addresses are stored; no fingerprinting cookies are used. Cloudflare Turnstile may briefly inspect your browser session to verify the contact form submission is human; it does not track you across the web.

From engagement files: if you commission a shoot, we receive the project information you provide: venue addresses, internal contact names, payment and PO details, and any other information required to deliver the work. This data is processed under the contractual-necessity legal basis (KVKK Article 5/2-c, GDPR Article 6(1)(b)).

2. Why we collect it

  • To reply to your enquiry with a written quote.
  • To staff, run and deliver the engagement once contracted.
  • To issue invoices and meet our Turkish tax-record obligations (10-year retention, per Turkish Commercial Code).
  • To improve the website at an aggregate, anonymised level via Cloudflare Analytics.

We do not sell personal data. We do not share it with advertising networks. No third-party advertising tracker is loaded on this site.

3. Who we share it with

  • Brevo (Sendinblue SAS, France): used by the contact-form Cloudflare Pages Function to deliver your brief to our inbox. Brevo processes the data under GDPR.
  • Cloudflare (Cloudflare Inc., US/EU regions): hosts the website, the contact-form function, and Cloudflare Analytics. Cloudflare is the data processor under our data-processing agreement.
  • Google Maps: the embedded map on the contact page is served by Google. Refer to Google’s own privacy policy for how the map iframe processes IPs.
  • Where required by Turkish or EU law, or to defend a legal claim against the studio, we may disclose personal data to the relevant authority.

We do not transfer personal data to the United States or any other third country for marketing or advertising purposes.

4. Cookies

The site uses one functional cookie (or localStorage entry) to record your cookie-consent choice (tfs:cookies:v1). Cloudflare Analytics runs without cookies. Cloudflare Turnstile uses short-lived session storage to challenge the contact form. No third-party advertising or social-tracking cookies are loaded.

5. Retention

Contact-form briefs are retained for 24 months in our inbox unless converted into a commercial engagement, in which case they are retained for the duration of the engagement plus the 10-year statutory tax record. Aggregated Cloudflare Analytics data is retained for 12 months.

6. Your rights (KVKK Art. 11 / GDPR Art. 15–22)

  • Access: request a copy of the personal data we hold on you.
  • Rectification: ask us to correct inaccurate or out-of-date data.
  • Erasure: request deletion, subject to our statutory retention obligations.
  • Restriction and objection: ask us to limit or stop a particular processing activity.
  • Portability: receive a machine-readable copy of the data you provided to us.
  • Complaint: to KVKK’s data-protection authority (KVKK Kurulu, Ankara) or, for GDPR-bound visitors, to your local supervisory authority.

Email [email protected] to exercise any of the above. We respond within 30 days.

7. Security

Personal data is held inside Cloudflare and Brevo’s EU regions, with TLS in transit and at-rest encryption per their respective data-processing agreements. Delivery galleries are protected by access controls appropriate to the engagement. No system is perfectly secure, but we treat every brief that lands in our inbox with the discretion appropriate to professional corporate work.

8. Changes to this policy

We may update this policy from time to time. The "Last updated" date at the top of this page shows the current version. Material changes are flagged on the site for 30 days from the effective date.

9. Contact

Privacy-specific queries: [email protected]. General enquiries: /contact or +90 501 010 8199, 9am–8pm TRT, Monday to Saturday.