2. Who are we?
Multi Yirmibeş Emlak Geliştirme Yatırım İnşaat ve Ticaret A.Ş is a retail asset management, property management and (re)development company. We are located at River Plaza Bahar Sokak No:13 Kat:16 34394 Şişli / İstanbul / Türkiye . For more information, please read paragraph “More information?”.
3. To which personal data does this Privacy Statement apply?
All personal data that is collected, stored, shared, transmitted, and/or otherwise used in relation to Multi’s website, applications, shopping centers, products and services falls within scope of this Privacy Statement. This includes, inter alia, personal data of our investors, candidates, business partners, tenants, clients to whom Multi provides products and services, suppliers, visitors and other individuals (in any form).
4. What is personal data?
Personal data is any information that relates to an identified or identifiable living individual. Different pieces of information, which collected together can lead to the identification of a particular person, also constitute personal data. You share such data with us if you are a client, we provide products or services to you, if you are a visitor of our shopping centers or have contact with us in another capacity.
5. Which personal data do we collect from you?
We might collect several of the following categories of personal data when you are seeking contact or are in contact with Multi:
• Demographic data (name, gender, date of birth, age, nationality, marital status & dependents)
• Contact details (name, function, address, place of residence, email address, telephone number)
• Financial data (bank account details, loan reference number, credit card number)
• Company details (address, trade register number, tax identification number)
• Account details (username and password)
• Marketing preferences (whether you have opted in or out for direct marketing)
• Interaction details (contact with our client service or digital and/or written correspondence)
• (Online) identifiers, surfing data and visitor movement data (IP address, cookies, MAC address, browsing behavior on our websites and applications, shopping behavior and location)
• Participation details (whether you participate in promotions, loyalty programs, surveys, competitions, or social and marketing events)
• Data needed for security and fraud prevention (official identification, camera recordings)
• Image data (photos, video images)
• Data needed to comply with anti-bribery and corruption laws and other regulatory requirements (such as suspected and actual criminal behavior, criminal records or proceedings regarding criminal or unlawful behavior)
6. How do we collect, receive or generate your personal data?
We might process the categories of personal data mentioned above either directly from you, from external parties or through profiling and automated decision-making techniques in so far as permitted by law.
Personal data directly provided by and about you
The following data is collected directly from you:
• personal data which you provide when creating an account, using our applications, concluding a contract, participating in promotions, loyalty programs or social and marketing events and/or other information which you enter or provide; • your surfing behaviour on our website/apps and your buying behavior when participating in our loyalty programs; • personal data you provide as a visitor of our shopping centers (this could also be movement information generated by Wifi-tracking); • personal data you, or the organization through whom you are known, provides to us in the performance of our products or services; and • personal data you provide as part of correspondence, recruitment, feedback, help (Q&A) and dispute settlement.
Profiling techniques / automated decision-making
We might want to approach you in a relevant and personal way. To make that possible we might analyse personal data to determine the most relevant target groups, segments, content, advertisements, information, moments and channels. We only make use of such profiling or automated decision techniques based on your explicit consent, whereby we will inform you about the logic involved and the consequences of such techniques. At the same time, we take the necessary measures to safeguard your rights and to make sure that the techniques do not legally or significantly affect you,
If you object to use of a profile to provide you with personalized marketing, please contact us by using the contact details set out in paragraph “More information?”.
7. For which purposes do we process your personal data?
We collect and process your personal data for the following purposes:
1. execution of an agreement: to enter into and fulfill agreements with you and other clients, tenants, suppliers or (business) partners;
2. communication, (direct) marketing and personalization purposes: to maintain contact, promote and provide information about Multi’s products and services or the businesses of others (marketing);
3. quality and management purposes: to monitor and improve our products and services;
4. security and safety: for security reasons, accidents, insurance claims, etc.; and
5. legislation and regulation: to comply with legislation (e.g. verification requirements) or court orders to which Multi is subject.
In more detail, we process your personal data for the following purposes.
Execution of an agreement
We process your personal data to prepare, effect, perform and (possibly) terminate several kinds of agreements, e.g. membership agreements, activity agreements, loyalty program subscriptions etc. To that end, we could require demographic data, contact details, company details and financial details.
Communication, (direct) marketing and personalization purposes
• Client relationship management – Your relationship with Multi is important to us and as such, we take the utmost care to ensure that your personal data is accurate and up-to-date. Client relationship management includes the contact creation and registration of your account as a Multi’s client. It also includes facilitating the sharing of your contact information with Multi to draft marketing proposals and send invoices to the right client. To that end, we collect your demographic data, contact details and company details.
• Client service and support – We want to be able to assist you as quickly as possible whenever you contact us for support or want to file a(n) additional request or complaint. Therefore, we need to process your personal data in the form of taking notes and registering reports and telephone conversations that you have with our employees. We use this information not only to facilitate the resolution of your query, but also to analyze and improve the quality of our services. To that end, we collect your demographic data, contact details, company details, financial details and your request or complaint.
• Marketing and promotional offerings – If you are already a client of Multi or have indicated that you want to receive information about Multi’s products and services or the businesses of others, we can include you in a mailing list through which newsletters, brochures and other information are sent. In order to send these (personalized) offerings, we process your demographic data, contact details and company details.
• Loyalty program participation – We may also process your personal data if you indicated that as a visitor of our shopping centers, you want to participate in loyalty programs to receive personalized offerings and provide feedback through customer satisfaction and/or interest surveys. To that end, Multi collects your demographic data, contact details, financial data, account details and participation details.
Quality and management purposes
We process your personal data to monitor and improve the quality of our products and services, processes and systems, to inform the management and to perform internal audits. For example, Multi might use WIFI tracking to monitor visitor movement and flow and to assess the performance of certain shopping centers. To that end, Multi collects interaction details, surfing behaviour data and visitor movement data.
Security and safety
We process your personal data to ensure the safety of our visitors and for the prevention and detection of crime. For this purpose, Closed Circuit Television (“CCTV”) might be in operation during your visit to any of Multi’s premises all in accordance with the relevant image capture laws. CCTV is well designed and selectively used and the necessary precautionary measures and restrictions have been taken (into account) by Multi to minimize the impact on your privacy rights. If you are subject to CCTV, you are informed through signs.
Legislation and regulation
We process your personal data to verify whether or not Multi can accept someone as a client or (business) partner, to counter fraud, to perform audits, to comply with legislation (e.g. civil, criminal, administrative, tax law) and regulation and to take the necessary legal action to enforce our rights.
8. On which legal grounds do we process your personal data?
To be lawful, personal data which is processed for certain purposes (as identified above) has to be based on a legal ground . Multi processes personal data on the following legal grounds:
(1) The performance of a (service) agreement with you
We process your personal data, which is necessary for our performance under an agreement with you. Without these data, we would not be able to fulfil our side of the agreement.
(2) Compliance with a legal obligation or permitted by the laws We are legally obliged to process your personal data in order to comply with our legal obligations. In certain cases, we process your personal data if and when such processing is permitted by the laws.
(3) Legitimate interests pursued by us
We use your personal data for our legitimate interests, provided that your fundamental rights and freedoms are not harmed, such as:
• to improve the quality and effectiveness of our services;
• to protect our visitors and stakeholders interests;
• to detect fraud and security incident (e.g. on our website/app and in our shopping centers);
• to defend ourselves in legal proceedings;
• to comply with the law;
• To establish exercise or protect a right.
(4) Your consent
If the previous three legal grounds do not apply, we can only process your personal data with your prior unambiguous explicit consent. Note that you can always withdraw your given consent. Please keep in mind that you can only withdrawal in case you have given your consent first and such withdrawal has no retrospective effect.
Multi processes personal data it has collected for the purposes as identified above on the following legal grounds:
Purpose Legal basis
Execution of an agreement: to enter into and fulfill agreements with you and other clients, suppliers or (business) partners.
(1) The performance under a (service) agreement;
(2) Compliance with a legal obligation or permitted by the laws.
Communication, (direct) marketing and personalization purposes: to maintain contact, promote and provide information about Multi’s products and services or the businesses of others (marketing).
(1) The performance under a (service) agreement;
(3) Legitimate interests pursued by us;
(4) Your consent;
Quality and management purposes: to monitor and improve our products and services;
(3) Legitimate interests pursued by us;
(4) Your consent.
Security and safety: security reasons, accidents, insurance claims, etc.
(3) Legitimate interests pursued by us;
Legislation and regulation: to comply with legislation (e.g. verification requirements) or court orders to which Multi is subject.
(2) Compliance with a legal obligation or permitted by the laws;
(3) Legitimate interests pursued by us.
9. To whom do we provide your personal data?
We can provide your personal data to third parties in accordance with this Privacy Statement and in so far as permitted by law. Your personal data can be received by the following categories of recipients.
We may provide your personal data to supervisory authorities such as Tax and Customs Administration, the police and other statutory bodies. We provide your personal data:
• to comply with a statutory obligation, court order or law; or
• if this is necessary to prevent, trace or prosecute criminal offence; or
• if this is necessary to enforce our policies, or to protect the rights and freedoms of others.
Business service companies (data processors)
We make use of business service companies to support us execute our business. These organizations act only on our instructions and are contractually bound by us not to use your data for their own purposes. This may include Group companies of Multi, who may process your data for the purpose of providing you with information and/or services (such as registration and client support), the development of new websites, applications, services, promotions and communication, and to prevent, trace and examine possible illegal activities, infringements of our policies, fraud and/or breaches of our data security.
Each external party to which we – with your given consent – provide your personal data (for example within the context of a collaboration, mandate or (service) agreement), and/ or to which other company now or in the future forms part of us as a result of a restructuring, merger or acquisition.
10. Are your personal data being transferred abroad?
Your personal data might be transferred abroad. We have taken all necessary measures to ensure that the transfers are safe and take place within the limits set by law.
To ensure a proper level of protection we make sure your data is only transferred if subject to one of the following safeguards:
We are allowed to transfer your personal data abroad based on a so-called ‘adequacy decision’. An adequacy decision is a decision of the European Commission or Turkish Data Protection Authority, depending on the sort of personal data, that decides that the country in question ensures an adequate level of protection with regard to personal data.
EU-US Privacy Shield and Undertaking Introduced by the Turkish Data Protection Authority Your personal data is only transferred abroad if the recipient or data processor guarantees an adequate level of data protection in line with the US Privacy Shield framework and the undertaking framework introduced by the Turkish Data Protection Authority.
Standard Contract Clauses and Governance
The (lawful) transfer of personal data abroad is made possible as a result of appropriate safeguards provided by us and recipients or data processors. We have implemented such safeguards through Multi’s governance rules and our standard data protection clauses to which we agree upon with all parties that process data on our behalf
11. How long do we store your personal data?
Your personal information is kept as long as necessary for the purpose for which the data are processed or allowed by law. Hereinafter your personal data will be removed or made anonymous.
12. How can you exercise your privacy rights?
You have the right to request the following from us regarding your personal data:
• information about whether your personal data has been processed,
• if your personal data has been processed, information about such data and processing and access to an overview of your personal data,
• Information about the purpose for the data processing and whether your personal data was used for this purpose;
• rectification and/or erasure or removal of your personal data,
• information about the identities of natural or legal persons whom the data is transferred to,
• if data is transferred, request us to advise the recipient about correction, erasure and removal of such personal data,
• restriction of processing concerning your personal data,
• the right to object to processing and
To invoke your rights stated above, please contact us by using the contact details set out above and in paragraph “More information?” in the way stated under paragraph “Can you lodge a complaint?”.
Please keep in mind that we may ask for additional information to verify your identity.
If you no longer want to receive direct marketing communication, please contact us by using the contact details set out in paragraph “More information?”.
For information on how to object to profiling, please see the information on profiling techniques below.
13. Can you lodge a complaint?
You can lodge a complaint concerning the usage of your rights mentioned above:
• to our registered e-mail address (=KEP) with using secure e-signature or mobile signature, or
• to our e-mail address via your e-mail address registered within our systems, or
• to our contact details set out in paragraph “More information?” by personally submitting your complaint with we-ink-signed request.
Furthermore, you can lodge a complaint with the relevant data protection supervisory authority. For example, if you believe that we do not use your personal data carefully, or because you have sent us a request to access or rectification of your personal data and you are not satisfied with our reply, or we did not reply in a timely manner.
14. More information?
If you have any questions about the way we process your personal data that are not answered by this privacy statement, you want to exercise your privacy right or want to file a complaint, please contact us:
Multi Yirmibeş Emlak Geliştirme Yatırım İnşaat ve Ticaret A.Ş
Bahar Sokak No:13 Kat:16
34394 Şişli / İstanbul / Türkiye
T. +90 212 349 10 00
15. When was the last modification made to this Privacy Statement?
This Privacy Statement applies since 01.10.2022. The last modifications to this Privacy Statement were made on 01.10.2022.