Privacy Policy

📋MIRASIUM PRIVACY POLICY

1. About Mirasium

Mirasium is a non-profit personal culture project run by Fatih ARS. Our purpose is to share the public domain cultural heritage of Anatolia digitally free of charge. Data Controller: Fatih ARS Contact: merhaba@mirasium.org

2. Collected Data

A) Technical Data (Automatic):

  • IP address (anonymized)
  • Browser type and version
  • Operating system
  • Pages visited and duration
  • Referrer site (where you came from)

B) Analytical Tools: As Mirasium, we use Google Analytics 4 to understand site traffic and improve content quality. However, respecting your privacy, we have taken the following measures:

  • IP Masking: Your IP addresses are processed by Google in an anonymized manner.
  • No Advertising Data: Sharing of advertising and marketing data with Google is disabled.
  • No User Identity: It does not recognize you by name, only adds you to stats as “a visitor”.

This data is used solely to identify the most read articles and to improve site performance. Additionally, anonymous technical logs are stored on the server side for 1 month (for security and performance).

C) Cookies:

  • Essential Cookies: For site functionality
  • Statistics Cookies: Anonymous counter cookies used by Google Analytics
  • Third-Party Cookies: YouTube/Vimeo videos, OpenStreetMap maps, and Google Fonts may use their own cookies

D) Contact Form: If you fill out the contact form, your email address and message are stored.

3. Why Do We Use Your Data?

  • To improve the site and fix errors
  • Content optimization
  • To provide security
  • To respond to your contact requests

IMPORTANT: At Mirasium:

  • We do not display ads
  • We do not sell data
  • We do not do commercial marketing
  • No social media login
  • No user account/membership system

4. AUTHOR CONTRIBUTIONS AND DATA PROCESSING

Data belonging to individuals who contribute to Mirasium as volunteer authors is processed for the following purposes and on the relevant legal bases:

4.1 Processed Data

  • Identity Data: First Name, Last Name, title (optional).
  • Contact Data: Email address, (if any) address and phone information.

4.2 Purposes and Legal Basis of Processing

  • Author Attribution (Publication): To protect the author’s moral right under the Law on Intellectual and Artistic Works (FSEK). (Legal Basis: Explicit Consent and Explicitly Stipulated by Law)
  • Contract Performance: To fulfill the terms of the author’s voluntary contribution (copyright transfer).
  • Communication: To manage administrative or legal notifications, editorial updates, and objection processes. (Legal Basis: Legitimate Interest and Contract Performance)

4.3 Publication and Confidentiality of Data

  • Published Data: The author’s First Name and Last Name are publicly published under the relevant article or content. By submitting the content, the author is deemed to have explicitly permitted and consented to this public publication.
  • Confidential Data: The author’s email address and other contact information are not shared with any third parties except for the purposes explicitly stated in this text and are kept confidential within the site.
  • Retention Period: The author’s data is stored for as long as the relevant content remains published on the Mirasium site or until legal requirements cease.

5. Data Sharing

We only share your data in the following cases:

  • Legal Obligation: Court order or legal requirement
  • Service Providers: Hostinger (hosting provider), Google (analytics infrastructure)

6. Data Retention Periods

  • Technical logs: 1 month
  • Contact form data: 1 year
  • Google Analytics data: 2 months (Default period)

7. Legal Grounds for Data Processing

As Mirasium, our data processing activities are based on the following GDPR legal grounds:

A) Legitimate Interest (GDPR Article 6(1)(f)):

  • Ensuring site security
  • Detecting and correcting technical errors
  • Improving site performance. These operations are carried out in a manner that does not override the fundamental rights and freedoms of users.

B) Legal Obligation (GDPR Article 6(1)(c)):

  • Responding to legal requests
  • Fulfilling official authority requests

C) Explicit Consent (GDPR Article 6(1)(a)):

  • Cookie use (for third-party cookies and statistics)
  • Filling out the contact form

All our data processing activities are carried out within the framework of the data minimization principle.

8. Your Rights (GDPR)

If you are a European Union citizen:

  • Right to access your data
  • Right to rectification
  • Right to erasure (right to be forgotten)
  • Right to object
  • Right to data portability. For these rights: merhaba@mirasium.org

9. Your Rights (KVKK – Turkey)

If you are a citizen of the Republic of Turkey, your rights under Law No. 6698 (KVKK):

  • Learning whether your personal data is processed
  • If processed, requesting information regarding this
  • Learning whether it is used in accordance with its purposes
  • Knowing the third parties to whom it is transferred domestically/abroad
  • Requesting correction if processed incompletely/inaccurately
  • Requesting its deletion/destruction within the framework of the conditions stipulated in Article 7 of the KVKK
  • Requesting that the above correction/deletion request be notified to the third parties to whom it was transferred
  • Objecting to the emergence of a result against you by analyzing the processed data exclusively through automated systems

To exercise these rights: merhaba@mirasium.org

10. Relation to KVKK Information Text

This privacy policy also fulfills the “Obligation to Inform” under Article 10 of the Law on the Protection of Personal Data No. 6698 (KVKK).

11. Third-Party Services and International Data Transfer

We use the following third-party services for the technical infrastructure and functionality of our site:

Services Used and Data Processing Details:

1. Hostinger

  • Purpose: Hosting provider
  • Data Processing: Servers are located in Germany. All site data is hosted here.
  • Important Note: Hosting in Germany requires us to be subject to EU GDPR regulations.

2. Google Fonts

  • Purpose: To provide our site’s fonts
  • Data Processing: Font files are loaded from Google’s servers in the USA.
  • GDPR Note: There is no local hosting alternative; Google’s data processing is involved.

3. YouTube / Vimeo

  • Purpose: Presentation of embedded public domain videos
  • Data Processing: These services use their own cookies. Video viewing data is processed on the respective platform.
  • Note: Only public domain videos are embedded.

4. OpenStreetMap

  • Purpose: To provide map service
  • Data Processing: Geographic data requests are made during map display.
  • License: Free use under Open Database License (ODbL).

5. Google reCAPTCHA

  • Purpose: Site security and bot protection
  • Data Processing: Processed on Google servers (USA)
  • Note: We use it in privacy-friendly mode.

6. Google Analytics 4

  • Purpose: Site traffic analysis
  • Data Processing: Google servers (USA). IP anonymization is active. Advertising data is not shared.

7. Other Embedded Content

  • Scope: Other external content that may be added in the future (SoundCloud, Sketchfab, Archive.org, etc.)
  • Data Processing: Each service is subject to its own privacy policy and data processing procedures.

International Data Transfer Your data may be transferred to the following countries:

  • Germany: Hosting servers (Hostinger)
  • USA: Google services (Analytics, Fonts, reCAPTCHA), YouTube, Vimeo

These transfers take place under adequate safeguards in accordance with GDPR Article 46 and within the scope of overseas data transfer rules pursuant to KVKK Article 9.

Important Notices

  • Service Policies: All services listed above have their own privacy policies and data processing procedures.
  • Public Domain Focus: We use these services solely for the purpose of presenting public domain cultural content.
  • Data Minimization Principle: We minimize data processing whenever possible.
  • Future Additions: When new third-party services are added, this policy will be updated.

12. Data Breach Notification

In the event of a data security breach: Timeframes:

  • GDPR: To the relevant data protection authority within 72 hours after breach detection
  • KVKK: To the KVK Board within 72 hours after breach detection

Notification Criteria:

  • Unauthorized access to personal data
  • Loss, alteration, or disclosure of data
  • Posing a risk to the rights and freedoms of individuals

Notification Content:

  • Nature of the breach
  • Number of affected individuals and data categories
  • Possible consequences
  • Measures taken/to be taken

Contact: If you detect a data breach, please immediately report it to merhaba@mirasium.org.

13. Data Protection Officer

Regarding GDPR: Since Mirasium is an individual project run by Fatih ARS, it is exempt from the obligation to appoint a Data Protection Officer (DPO) under GDPR Article 37. However, I remain responsible for data protection matters via the contact details below: Data Controller: Fatih ARS Email: merhaba@mirasium.org Subject Line: “Privacy Policy – Data Protection”

Regarding KVKK: The obligation to register with VERBİS (Data Controllers Registry) in Turkey depends on the annual transaction volume and number of employees. Due to Mirasium’s status as an individual project, there is currently no obligation to register with VERBİS.

14. Automated Decision-Making and Profiling

At Mirasium:

  • NO automated decision-making system
  • NO profiling
  • NO artificial intelligence decision-making

15. Cross-Device Tracking and Location Data

Cross-Device Tracking: Cross-device tracking is NOT PERFORMED at Mirasium. Your visits from different devices are not correlated with each other.

Location Data:

  • IP Address: Only for anonymous statistics and security
  • Geographic Location: When viewing OpenStreetMap maps, the map service may request general location information
  • GPS/Phone Location: NEVER collected or requested

Device Information: The device information collected is only:

  • to ensure browser compatibility
  • to optimize mobile/desktop view
  • for detecting technical issues. Device identifiers (IMEI, MAC address, etc.) are NEVER collected.

16. Children’s Privacy

Our site is not directed to children under 13 years of age. We do not knowingly collect data from children under 13.

17. Security

We take technical measures to protect your data (SSL encryption, security updates).

18. Special Categories of Personal Data

According to Article 6 of Law No. 6698 KVKK, special categories of personal data:

  • Race, ethnic origin
  • Political opinion, philosophical belief
  • Religion, sect, or other beliefs
  • Attire, association/foundation membership
  • Health, sexual life
  • Biometric and genetic data
  • Criminal conviction and security measures

At Mirasium, special categories of personal data are NOT COLLECTED and NOT PROCESSED. Since the site content is historical/cultural, such information may exist in public domain works, but this is not data collected from users.

19. Copyright Notice and Work Verification Obligation

CRITICAL WARNING: COPYRIGHT VERIFICATION We DO NOT GUARANTEE the copyright status of all works presented at Mirasium (photographs, paintings, miniatures, engravings, videos, documents, etc.).

USER RESPONSIBILITY:

  • Check the original source (library, museum, archive) before using the work
  • Verify the institution’s public domain policy
  • Calculate the copyright term (author’s death + 70 years)
  • Consult a lawyer for commercial use

MIRASIUM’S ROLE:

  • We share works we believe to be in the public domain
  • We are NOT copyright law experts
  • We do not provide legal advice
  • We are NOT responsible for misclassifications

REMEMBER: The logic of “I saw it on Mirasium = it’s free” is RISKY. The USER is fully responsible for copyright infringement.

20. Policy Changes

We may update this policy. Changes are published on this page.

21. Contact

For questions about the privacy policy: Email: merhaba@mirasium.org

22. General Provisions and Limitations of Liability

A) Project Status Mirasium is a non-profit cultural project personally run by Fatih ARS. It has no commercial activity, corporate structure, legal entity, or revenue model.

B) Reasonable Effort Standard Within the scope of an individual project, we make reasonable efforts to fulfill all legal obligations. However, we do not have the resources, expert staff, or budget of a corporate company.

C) Good Faith Principle All our activities are carried out in good faith, for the public benefit, and with the aim of preserving the cultural heritage of Anatolia. We undertake to correct any errors or omissions immediately upon detection.

D) Content Accuracy We present public domain works “as is.” We do not guarantee historical, archaeological, or academic accuracy. Users are responsible for checking the original sources.

E) Third-Party Independence Services such as YouTube, Vimeo, Google, Hostinger are independent businesses. We are not responsible for the policies, service interruptions, data breaches, or errors of these services.

F) Limitation of Liability Due to our individual project status:

  • We can only be held liable for direct damages
  • We cannot be held liable for indirect, special, punitive, consequential damages
  • Maximum liability: Site revenue for the last 6 months (0 TRY)
  • Mandatory minimum liability under Turkish law applies

G) Applicable Law and Jurisdiction

  • Turkey: Trabzon Courts and Enforcement Offices have jurisdiction
  • Before any dispute, be sure to contact merhaba@mirasium.org
  • We accept online alternative dispute resolution mechanisms

H) Severability If any provision of this policy is deemed invalid, the remaining provisions shall remain in effect.

I) Entire Agreement This privacy policy supersedes all prior agreements and correspondence regarding privacy.

Important Note: Mirasium is a non-profit cultural project operating entirely for the public benefit. We have no commercial activity and never sell user data.

Last Update: [05.12.2025]