Privacy Policy
Learn how CAVEA FILM collects, uses, and protects your personal data in compliance with GDPR and Turkish data protection laws. Your privacy is our priority.
Information We Collect
We collect information that you provide directly and information that is automatically collected when you use our services
Personal Information
Basic information you provide when contacting us
- Name and surname
- Email address
- Phone number
- Company name and position
- Mailing address
Project Information
Details about your production requirements and preferences
- Project descriptions and briefs
- Budget and timeline requirements
- Location preferences
- Production type and scope
- Previous work samples
Communication Data
Records of our interactions and correspondence
- Email conversations
- Phone call records and notes
- Meeting notes and minutes
- Quote requests and responses
- Support inquiries
Technical Information
Information collected automatically when you visit our website
- IP address and location data
- Browser type and version
- Device information
- Website usage patterns
- Cookies and tracking data
How We Use Your Information
We use your personal data for specific purposes based on legal grounds under GDPR
Service Provision
To provide and improve our film production services
Activities:
- • Responding to inquiries and quote requests
- • Planning and executing production projects
- • Coordinating with crew and vendors
- • Managing project timelines and deliverables
- • Providing technical support and assistance
Legal Basis: Contract performance and legitimate interests
Communication
To maintain professional communication and relationships
Activities:
- • Sending project updates and notifications
- • Sharing industry news and insights
- • Inviting to events and screenings
- • Providing customer support
- • Following up on completed projects
Legal Basis: Consent and legitimate interests
Business Operations
To operate our business efficiently and legally
Activities:
- • Maintaining client records and databases
- • Financial and accounting processes
- • Legal compliance and regulatory requirements
- • Risk management and security
- • Performance analysis and improvement
Legal Basis: Legal obligation and legitimate interests
Marketing
To share relevant content and opportunities (with consent)
Activities:
- • Sending newsletters and updates
- • Promoting new services and capabilities
- • Sharing case studies and success stories
- • Industry event notifications
- • Social media engagement
Legal Basis: Consent (opt-in only)
Your Privacy Rights
Under GDPR and Turkish data protection law, you have several rights regarding your personal data
Access Right
Request a copy of the personal data we hold about you
How to Exercise:
Submit a written request via email or contact form
Response Time: 30 days
Rectification Right
Request correction of inaccurate or incomplete personal data
How to Exercise:
Contact us with the correct information
Response Time: 30 days
Erasure Right
Request deletion of your personal data in certain circumstances
How to Exercise:
Submit a deletion request explaining your reasons
Response Time: 30 days
Portability Right
Request your data in a structured, machine-readable format
How to Exercise:
Request data export via our contact channels
Response Time: 30 days
Objection Right
Object to processing based on legitimate interests or for marketing
How to Exercise:
Opt-out via email or contact our data protection officer
Response Time: Immediate for marketing, 30 days for other objections
Restriction Right
Request limitation of processing in certain circumstances
How to Exercise:
Submit a restriction request explaining your reasons
Response Time: 30 days
Data Security Measures
We implement comprehensive security measures to protect your personal data
Technical Safeguards
- SSL encryption for all data transmission
- Secure cloud storage with end-to-end encryption
- Regular security updates and patches
- Firewall and intrusion detection systems
- Multi-factor authentication for access
- Regular data backups and recovery procedures
Organizational Safeguards
- Data protection training for all staff
- Access controls and role-based permissions
- Confidentiality agreements with employees
- Regular security audits and assessments
- Incident response and breach notification procedures
- Data retention and disposal policies
Physical Safeguards
- Secure office premises with access controls
- Locked storage for physical documents
- Secure disposal of paper records
- Restricted access to server rooms
- CCTV monitoring of facilities
- Visitor access logs and badges
Data Retention Periods
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected
| Data Type | Retention Period | Reason |
|---|---|---|
| Client Contact Information | 7 years after last contact | Business relationship maintenance and legal requirements |
| Project Documentation | 10 years after project completion | Contract fulfillment, warranty, and legal compliance |
| Financial Records | 10 years | Tax and accounting legal requirements |
| Marketing Communications | Until consent is withdrawn | Ongoing marketing activities with consent |
| Website Analytics | 26 months | Website performance analysis and improvement |
| Employee Records | 10 years after employment ends | Employment law and tax requirements |
Contact Us About Privacy
If you have questions about this privacy policy or want to exercise your rights, please contact us
Data Protection Officer
Supervisory Authority
You have the right to lodge a complaint with:
Turkish Data Protection Authority (KVKK)
www.kvkk.gov.tr
Policy Updates
We may update this privacy policy from time to time. We will notify you of any material changes by email or through our website. Please review this policy periodically for updates.