Our Notice Under the Personal Data Protection Law

Yaris Note Poster and Paper Trade Limited Company. (“YARIS NOTE” or “Data Controller”), as the data controller, in order to comply with the Personal Data Protection Law No. 6698 (“KVKK”) and the European Union General Data Protection Regulation (“GDPR”) No. 2016/679. It adopts the principles stipulated by the legislation and fulfills its obligations regarding the processing, deletion, destruction, anonymization, transfer of personal data, informing the relevant person and ensuring data security. In this context, this Privacy and Personal Data Protection Policy ("Policy") has been prepared and is made available to natural persons whose personal data is processed ("relevant person").
 

1. PURPOSE AND SCOPE OF THE POLICY

This Privacy and Personal Data Protection Policy regulates the following issues and aims to enlighten the relevant persons.
Principles regarding the processing of personal data
Personal data processing conditions
Situations in which special personal data may be processed
Enlightening and informing the group of people
Categorizing personal data
Purposes of processing personal data
Transfer of personal data to domestic and international third parties
Method and legal reason for processing personal data
Storage periods of personal data
Security of personal data
Use of cookies
Contact information regarding legal rights and usage methods of individual groups
Validity and updateability
 

2. PRINCIPLES ON THE PROCESSING OF PERSONAL DATA

2.1. Processing in Compliance with Law, Honesty and Transparency
In the processing of personal data, we comply with the principles introduced by legal regulations, the general rule of trust and honesty and the principle of transparency.

2.2. Ensuring Personal Data is Accurate and Up to Date When Necessary
Periodic checks and updates are made to ensure that the processed personal data of individual groups are accurate and up-to-date, and all reasonable measures are taken in this regard. In this context, systems for checking the accuracy of personal data and making the necessary corrections are created within YARIS NOTE. Members are allowed to make these changes and updates from the My Account Page on the yarisnote.com website.

2.3. Processing for Specific, Clear and Legitimate Purposes
Personal data is processed based on clear, specific and legitimate data processing purposes. The purposes for which the data will be processed are detailed in this Policy.

2.4. Being Related to the Purpose for Processing, Limited and Proportionate
Personal data is processed in a measured, purpose-related and limited manner in order to achieve the envisaged purpose(s), and the processing of personal data that is not relevant or needed to achieve the purpose is avoided.

2.5. Preservation for the Period Envisaged in the Relevant Legislation or Necessary for the Purpose for which they are Processed
YARIS NOTE retains personal data only for the period stipulated in the relevant legislation or necessary for the purpose for which they are processed. In this context, first of all, it is determined whether the relevant legislation stipulates a period for storing personal data, and if a period is determined, this period is complied with. If a period is not determined, personal data are stored for the period necessary for the purpose for which they are processed. In case of expiration of the period or if the reasons requiring processing are eliminated, personal data are deleted, destroyed or anonymized in accordance with YARIS NOTE's Personal Data Storage and Destruction Policy, unless there is a legal reason that allows them to be processed for a longer period of time. Retention periods are detailed in this Policy.

2.6. Processing in Compliance with the Integrity and Confidentiality of Data
Personal data is processed in a way that ensures the security of personal data by using appropriate technical or administrative measures, including protection against unauthorized or unlawful processing or accidental loss, destruction or destruction.
 

3. CONDITIONS FOR PROCESSING PERSONAL DATA

The basis for personal data processing may be only one of the legal compliance reasons listed below, or more than one of these conditions may be the basis for the same personal data processing activity. If the personal data processed is personal data of special nature; The conditions under the heading "Situations Where Special Personal Data May Be Processed" below apply.
Explicit consent of the relevant person groups is only one of the legal reasons that enable the lawful processing of personal data. Apart from explicit consent, personal data may also be processed if one of the other legal reasons listed below exists.
Personal data of relevant person groups are processed within the processing conditions explained below.

3.1. Clearly Provided in Laws
In cases where the processing of personal data is clearly stipulated by law, YARIS NOTE processes the personal data of the individual groups whose data will be processed without obtaining their explicit consent. For example, in accordance with the Law on the Regulation of Electronic Commerce, the processing of personal data in processes such as membership to YARIS NOTE, granting commercial electronic permission, order, payment, delivery, cancellation or return of the product is a processing activity that occurs if it is clearly stipulated by the law.

3.2. Explicit Consent of the Relevant Person Cannot Be Obtained Due to Actual Impossibility or Personal Data is Necessary for the Protection of the Vital Interests of the Relevant Person or Another Person
If it is necessary to process the personal data of a group of individuals who are unable to express their consent due to actual impossibility or whose consent cannot be recognized as valid, in order to protect their own life or physical integrity or that of another person, their data may be processed without obtaining their explicit consent. In addition, if personal data is necessary to protect the vital interests of the relevant person or another person, it may be processed without the explicit consent of the relevant person.

3.3. Directly Related to the Establishment or Performance of the Contract
Data may be processed if it is necessary to process personal data of the parties to the contract, provided that it is directly related to the establishment or performance of a contract.


3.4. YARIS NOTE Fulfills Its Legal Obligations
As the data controller, personal data of a group of individuals may be processed without explicit consent if processing is necessary to fulfill legal obligations. For example, in case of product return as a result of exercising the right of withdrawal in the order, activities such as payment of the product price to the seller are the processing activities required for YARIS NOTE to fulfill its legal obligation.

3.5. Publicizing Personal Data of Groups of People
If the personal data of the individual group has been made public, the data can be processed without the need for explicit consent. For example, personal data shared publicly by the Member on the internet and social media accounts can be processed if the person is connected to YARIS NOTE social media channels, if this sharing is in accordance with and to the extent of his/her will.

3.6. Data Processing Is Necessary for the Establishment or Protection of a Right
If data processing is mandatory for the establishment, exercise or protection of a right, data may be processed without the explicit consent of the individual group. For example, based on a complaint made by the Member to the consumer arbitration committee, sending the shopping information to this complaint file is a processing activity necessary for the establishment or protection of the right.

3.7. Processing of Data Based on Legitimate Interest
If data processing is necessary for the legitimate interests of YARIS NOTE, provided that the fundamental rights and freedoms of the person group are not harmed, personal data may be processed without obtaining the express consent of the person group.

3.8. Processing of Individual Group's Personal Data Based on Explicit Consent
In cases where the personal data of the individual group cannot be processed based on any of the above-mentioned conditions, it will be processed based on explicit consent. In this case, the processing activity is carried out by obtaining explicit consent in accordance with the criteria determined by KVKK and GDPR. For example, processing of contact information of relevant persons for sending commercial electronic messages occurs with explicit consent.
 

4. CASES WHERE SPECIAL PERSONAL DATA MAY BE PROCESSED
Some of the personal data are regulated separately as "personal data of special nature" and are subject to special protection. At YARIS NOTE, special categories of personal data are subject to separate processing conditions and protection.
4.1. Processing of Special Personal Data Based on Explicit Consent
Special categories of personal data can be processed by taking the principles set out in this Policy and the necessary administrative and technical measures, if the individual group has the explicit consent.

4.2. Situations Where Special Personal Data May Be Processed Without Explicit Consent
Special personal data, in cases where there is no explicit consent of the person group, provided that adequate measures are taken to be determined by the Personal Data Protection Board, for data other than health and sexual life, in cases stipulated by law; Personal data regarding health and sexual life can only be processed by persons or authorized institutions and organizations who are under the obligation of confidentiality, for the purpose of protecting public health, preventive medicine, medical diagnosis, execution of treatment and care services, planning and management of health services and their financing. For example, health data may be processed by the YARIS NOTE workplace physician for occupational health and safety activities.
5. ENLIGHTENING AND INFORMING THE PERSON GROUP

During the collection of personal data in YARIS NOTE, relevant person groups are informed and clarified by YARIS NOTE. In addition, lighting is provided on the yarisnote.com website, with policy, lighting texts and QR codes in common areas, stores and office areas within the company. Within the scope of clarification, the identity of YARIS NOTE's data controller, the types of personal data processed, the purpose for which personal data will be processed, to whom and for what purpose the processed personal data can be transferred, the method and legal reason for collecting personal data, and the rights of individual groups are notified.
Groups of people; You can always request information from YARIS NOTE via bilgi@yarisnote.com . In this case, the necessary information will be provided as soon as possible.
 

6. CATEGORIZING PERSONAL DATA

Personal data of individual groups in the categories specified and exemplified below are processed by YARIS NOTE. In addition, apart from these categories, there are personnel and similar categories processed by person groups such as employees, interns, and subcontractors in internal processes. These categories and person groups are regulated in the YARIS NOTE Employee Personal Data Processing Policy.
 

Identity
Name, surname, date of birth, gender, TR ID number
 Customer-Member Customer, Guest Customer
Supplier Representative
Supplier Employee
Employee Candidate
Communication
Mobile phone, e-mail address, address, postal code, landline phone		 Customer - Member Customer, Guest Customer
Supplier Representative
Supplier Employee
Employee Candidate
Location Customer - Member Customer, Guest Customer
Supplier Employee
Legal action
Contract, legal information		 Customer - Member Customer, Guest Customer
Supplier Representative
Supplier Employee
Employee Candidate
Customer Transaction
Product/s purchased, size and color preferences, purchase amount, date, etc. information, call center call records, campaigns/competitions used, coupons used, order-related information		 Customer - Member Customer, Guest Customer
Transaction Security
Password, password, IP information		 Customer - Member Customer, Guest Customer
Online Visitor
Supplier Representative
Supplier Employee
finance
Invoice information, bank account information, financial information, payment debit and credit information		 Customer - Member Customer, Guest Customer
Supplier Representative
Supplier Employee
Professional experience Supplier Employee
Employee Candidate
Marketing Customer - Member Customer, Guest Customer
Online Visitor



 

7. PURPOSES OF PROCESSING PERSONAL DATA

7.1. Processing Conditions
Personal data is processed limited to the following conditions.

  • The relevant activity regarding the processing of your personal data is clearly foreseen by law,
  • The processing of your personal data by YARIS NOTE is directly related to and necessary for the establishment or performance of a contract,
  • Processing of personal data is mandatory for YARIS NOTE to fulfill its legal obligation,
  • Provided that personal data has been made public by the individual group; Processing by YARIS NOTE on a limited basis for publicization purposes,
  • Processing of personal data by YARIS NOTE is mandatory for the establishment, use or protection of the rights of YARIS NOTE or groups of individuals or third parties,
  • It is mandatory to process personal data for the legitimate interests of YARIS NOTE, provided that it does not harm the fundamental rights and freedoms of individual groups,
  • It is mandatory for YARIS NOTE to process personal data to protect the life or physical integrity of the relevant person or someone else, and in this case, the relevant person is unable to express his/her consent due to actual impossibility or legal invalidity, or the personal data is to protect the vital interests of the relevant person or another person. It is necessary for .

If the conditions mentioned above are not present; YARIS NOTE requires the explicit consent of personal data owners to engage in personal data processing activities.

7.2. Processing Purposes
YARIS NOTE, personal data; It operates for the following purposes:

For Customer Group:

Member Customer Personal Data;

  • Carrying out membership transactions.
  • Benefiting from the services offered by YARIS NOTE, improving the services, developing new services and providing information.
  • Execution of the Membership Agreement and Distance Sales Agreement.
  • Promotion, providing opportunities and benefits, and carrying out marketing activities in case of explicit consent.
  • Resolving Member Customer problems and complaints.
  • Improving both desktop, tablet and mobile platform and mobile application experiences.
  • Accounting and tracking of purchasing transactions.
  • Legal processes and compliance with legislation.
  • Answering information requests from administrative and judicial authorities.
  • Ensuring information and transaction security and preventing malicious use.
  • Making necessary arrangements to ensure that the processed data is accurate and up-to-date.
  • Establishing and implementing processes to ensure information security and internal process improvements.

Guest Customer (users who shop without being a member) Personal Data;

  • Benefiting from the services offered by YARIS NOTE, improving the services, developing new services and providing information.
  • Promotion, providing opportunities and benefits, and carrying out marketing activities in case of explicit consent.
  • Improving both desktop, tablet and mobile platform and mobile application experiences.
  • Accounting and tracking of purchasing transactions.
  • Legal processes and compliance with legislation.
  • Answering information requests from administrative and judicial authorities.
  • Ensuring information and transaction security and preventing malicious use.
  • Making necessary arrangements to ensure that the processed data is accurate and up-to-date.
  • Establishing and implementing processes to ensure information security and internal process improvements.

For Supplier Group (Supplier, Supplier Representative, Supplier Employee):

  • Managing the business process with suppliers.
  • Fulfilling legal processes and legal requirements, such as a contract regarding the required service.
  • Establishing contracts with selected suppliers and carrying out the necessary transactions.
  • Carrying out purchasing, production, supply and similar operations.
  • Execution of purchased product/after-service services and return/cancellation/removal requirements and processes.
  • In accordance with the Occupational Health law and the contract.
  • Controlling the payment of premium payments to the employee and the state in accordance with the SSI legislation.
  • Checking whether employees have qualification documents (certificate, authorization certificate, etc. depending on the job they do).
  • Ensuring the economical use of company resources and customer-oriented improvement of company operations.
  • Obtaining commitments from the natural or legal person supplier that processes personal data to comply with the obligations that Yaris Note must comply with in terms of data security in accordance with the KVKK.
  • Following up accounting and purchasing transactions, controlling and approving payments.
  • Compliance with legal processes and legislation, fulfillment of legal obligations.
  • Answering information requests from administrative and judicial authorities.
  • Ensuring information and transaction security and preventing malicious use.
  • Making necessary arrangements to ensure that the processed data is up-to-date and accurate.
  • Controlling whether commitments are fulfilled and planning audits.

For the Candidate Employee Group:

  • Ensuring the completion and execution of human resources policies and processes.
  • Planning the application selection and evaluation processes of employee candidates.
  • Carrying out activities that need to be carried out within the framework of occupational health and safety.
  • Communication activities required for placement of employee candidates.
  • Intern recruitment, placement and planning of operation processes.

For Online Visitor:

  • Taking log records of system movements of online visitors and users.
  • Legal processes and compliance with legislation.
  • Answering information requests from administrative and judicial authorities.
  • Ensuring information and transaction security and preventing malicious use.
  • Fulfillment of legal obligations.

8. TRANSFER OF PERSONAL DATA TO DOMESTIC AND INTERNATIONAL THIRD PARTIES
8.1. Transfer of Personal Data
Personal data and special categories of personal data can be transferred to third parties (third party companies, third natural persons) by taking the necessary security measures in line with the processing purposes, if the conditions stipulated in Article 8 and Article 9 of the KVKK are met.
Personal data may be transferred abroad due to the software and server infrastructure used and the product software and server infrastructure from which services are received.
The Personal Data Protection Authority has not yet announced the list of safe countries, and in this context, in accordance with Article 9 of the KVKK, personal data can be transferred abroad in line with the explicit consent of the relevant persons.

8.2. Third Parties to whom Personal Data is Transferred
Your personal data may be transferred to the data subject groups listed below:

  • To YARIS NOTE business partners,
  • To YARIS NOTE suppliers,
  • YARIS NOTE subsidiaries,
  • To YARIS NOTE shareholders,
  • To legally authorized public institutions and organizations,
  • To legally authorized private legal persons.
9. METHOD AND LEGAL REASON FOR COLLECTING PERSONAL DATA

Your personal data transmitted to the Company electronically or physically, for the purposes stated in this Policy, in accordance with Article 5 of the KVKK and the relevant articles of the GDPR; It is processed by fully or partially automatic or non-automatic means, provided that it is part of any data recording system, within the framework of the following legal reasons according to person groups.

For Customer (Member/Guest) Group;

  • Protection of the customer's rights and interests.
  • Providing rights and benefits to Customers for the purpose of establishing a business relationship.
  • Maintaining and developing internal company activities.
  • Fulfillment of obligations arising from legislation.
  • It is necessary to process personal data of the parties to the contract, provided that it is directly related to the establishment or performance of a contract.
  • It is mandatory to process data for the legitimate interests of the data controller, such as entering customer orders into relevant storage and analysis software in order to ensure business continuity, provided that it does not harm the fundamental rights and freedoms of the customer.
  • Explicit consent of the customer

For Supplier/Partner Group (Supplier/Partner, Supplier/Partner Executive, Supplier/Partner Employee):

  • It is necessary to fulfill the legal obligation of the data controller.
  • It is necessary to process personal data of the parties to the contract, provided that it is directly related to the establishment or performance of a contract.
  • It is mandatory to process data for the legitimate interests of the data controller, such as storing the contact information of the relevant parties in order to ensure business continuity and fast and effective communication, provided that it does not harm the fundamental rights and freedoms of the Supplier/Business Partner.
  • Explicit consent of the Supplier/Business Partner

For the Candidate Employee Group:

  • It is necessary to process personal data of the parties to the contract, provided that it is directly related to the establishment or performance of a contract.
  • It is mandatory to process data for the legitimate interests of the data controller, such as storage and evaluation for future personnel needs, provided that it does not harm the fundamental rights and freedoms of Candidate Employees.
  • Candidate Employee has express consent

For the Online Visitor Group:

  • It is necessary to process personal data of the parties to the contract, provided that it is directly related to the establishment or performance of a contract.
  • It is necessary to process data for the legitimate interests of the data controller, such as analyzing which pages are visited more for business development purposes, provided that it does not harm the fundamental rights and freedoms of Online Visitors.
  • Explicit consent of the Online Visitor

10. STORAGE PERIOD OF PERSONAL DATA
The storage periods and legal basis of personal data processed by YARIS NOTE are listed in the table below:
 

Identity 15 years from the termination of the legal relationship Law No. 6563 on the Regulation of Electronic Commerce, Turkish Commercial Code No. 6102, Turkish Code of Obligations No. 6098, Tax Procedure Law No. 213, Consumer Protection Law No. 6502, Labor Law No. 4857, Occupational Health and Safety Law No. 6331
Communication 10 years from the termination of the legal relationship Law No. 6563 on the Regulation of Electronic Commerce, Turkish Commercial Code No. 6102, Turkish Code of Obligations No. 6098, Tax Procedure Law No. 213, Consumer Protection Law No. 6502, Labor Law No. 4857, Occupational Health and Safety Law No. 6331
Location 10 years from the termination of the legal relationship Law No. 6563 on the Regulation of Electronic Commerce, Turkish Commercial Code No. 6102, Turkish Code of Obligations No. 6098
Legal action 10 years from the finalization of the trial Code of Civil Procedure No. 6100, Code of Criminal Procedure No. 5271
Customer Transaction 10 years from the termination of the legal relationship Law No. 6563 on the Regulation of Electronic Commerce, Turkish Commercial Code No. 6102, Turkish Code of Obligations No. 6098, Tax Procedure Law No. 213, Consumer Protection Law No. 6502, Law No. 5651 on the Regulation of Publications Made on the Internet and Combating Crimes Committed Through These Publications
Transaction Security 2 years Law No. 5651 on Regulating Publications Made on the Internet and Combating Crimes Committed Through These Publications
finance 10 years from the termination of the legal relationship Law No. 6563 on the Regulation of Electronic Commerce, Turkish Commercial Code No. 6102, Turkish Code of Obligations No. 6098, Tax Procedure Law No. 213, Consumer Protection Law No. 6502
Marketing During the Legal Relationship

 

11. SECURITY OF PERSONAL DATA

In order to ensure the security of personal data, YARIS NOTE takes reasonable precautions to prevent unauthorized access risks, accidental data loss, intentional deletion of data or damage to data.
All necessary technical and physical measures are taken to prevent access to personal data by anyone other than authorized persons. In this context, the authorization system is designed in such a way that it is not possible for anyone to access more personal data than necessary. While ensuring the security of special personal data, such as health data, stricter measures are taken than other personal data.
Authorized persons are subjected to the necessary security and internal controls. Additionally, these people are trained about their duties and responsibilities.
Access records to personal data are kept as much as technical possibilities allow, and these records are reviewed at regular intervals. In case of unauthorized access, immediate investigation and legal proceedings are initiated.
YARIS NOTE takes the following security measures to ensure the security of the processed data:

  • Network security and application security are ensured.
  • A closed system network is used for personal data transfer via the network.
  • Key management is implemented.
  • Security measures are taken within the scope of supply, development and maintenance of information technology systems.
  • The security of personal data stored in the cloud is ensured.
  • There are disciplinary regulations for employees that include data security provisions.
  • Training and awareness activities are carried out for employees at regular intervals regarding data security.
  • An authority matrix has been created for employees.
  • Access logs are kept regularly.
  • Corporate policies on access, information security, use, storage and destruction have been prepared and implemented.
  • Confidentiality commitments are made.
  • The authorities of employees who change their duties or leave their jobs in this area are removed.
  • Up-to-date anti-virus systems are used.
  • Firewalls are used.
  • The signed contracts contain data security provisions.
  • Extra security measures are taken for personal data transferred via paper and the relevant documents are sent in confidential document format.
  • Personal data security policies and procedures have been determined.
  • Personal data security issues are reported quickly.
  • Personal data security is monitored.
  • Necessary security measures are taken regarding entry and exit to physical environments containing personal data.
  • The security of physical environments containing personal data against external risks (fire, flood, etc.) is ensured.
  • The security of environments containing personal data is ensured.
  • Personal data is reduced as much as possible.
  • Personal data is backed up and the security of the backed up personal data is ensured.
  • Periodic and/or random audits are carried out within the institution.
  • Log records are kept without user intervention.
  • Current risks and threats have been identified.
  • Protocols and procedures for the security of special personal data have been determined and implemented.
  • If special personal data is to be sent via e-mail, it must be sent encrypted and using a KEP or corporate mail account.
  • Intrusion detection and prevention systems are used.
  • Penetration testing is applied.
  • Specially qualified persons' data transferred on portable memory, CD, DVD media is encrypted.
  • Data processing service providers are periodically audited regarding data security.
  • Data processing service providers are made aware of data security.
12. USE OF COOKIES

YARIS NOTE uses cookies, pixels, GIFs, etc. to make the most efficient use of its website and applications and to improve user experience. uses certain technologies (“cookies”). The use of these technologies is carried out in accordance with the applicable legislation, especially KVKK. If the relevant persons do not prefer the use of cookies, cookies can be deleted or blocked from the browser settings. You can access detailed information about the cookies used by YARIS NOTE from the Cookie Policy and tell us your preferences.
 

13. AUTOMATED PROCESSING ACTIVITIES

YARIS NOTE uses cookies, etc. in order to offer special products and services to its customers and potential customers. It automatically processes behavioral data obtained through technologies. In this context, with the information obtained, the products that the person may choose to purchase can be analyzed. For example, the products sold in general can be statistically matched and other related products can be offered automatically with special offers to the user who is interested in a particular product.
 

14. LEGAL RIGHTS OF PERSON GROUPS AND METHODS OF USE

14.1. Rights Regarding Personal Data Within the Scope of KVKK
The rights that individual groups can exercise regarding their personal data are included in Article 11 of the KVKK and are as follows:

  • Learning whether personal data is processed or not,
  • Requesting information if personal data has been processed,
  • Learning the purpose of processing personal data and whether they are used for their intended purpose,
  • Knowing the third parties to whom personal data is transferred at home or abroad,
  • Requesting correction of personal data if they are incomplete or incorrectly processed,
  • Requesting the deletion or destruction of personal data within the framework of the conditions stipulated in Article 7 of the KVKK and requesting that the transactions carried out in accordance with these provisions be notified to third parties to whom personal data has been transferred,
  • Objecting to the emergence of a result that is unfavorable to the individual by analyzing the processed data exclusively through automatic systems,
  • Request compensation for damages in case of damage due to unlawful processing of personal data.

14.2. Rights Regarding Personal Data Under GDPR
The rights available to groups of individuals regarding their personal data are included in Part 3 of the GDPR (Articles 12-23) and are listed below:

  • If your personal data is processed based on your explicit consent, you can withdraw that consent;
  • Request restriction of the processing of your personal data in the following cases;
    • If the accuracy of your personal data is objected to by you, for a period of time during which we can check the accuracy in question,
    • If the data processing is unlawful but you prefer to limit the use of your data rather than deleting it,
    • In case of your request because the processing of your personal data is no longer necessary for the relevant data processing purpose, but is necessary for the establishment, implementation or presentation of your legal claims and claims, or
    • While examining whether the objection is invalid due to our interests after you have exercised your right to object in accordance with Article 21 of the GDPR;
  • Object to the processing of your personal data if your personal data is processed on grounds of public interest or based on the authority granted by law to the data controller or the legitimate interests of the data controller or a third party, including profiling practices;
  • Accessing the following information;
    • Verification that personal data about you is being processed and, in this case, your relevant personal data and the relevant data processing purposes and categories,
    • The data recipients or their categories with whom your personal data is or will be shared, if possible, the period for which your personal data will be stored, if this is not possible, the criteria used to determine the period in question,
    • The existence of the right to limit the processing, deletion or destruction of personal data, to object to the processing of personal data and to apply to the supervisory authority; and
    • Information that personal data was obtained from the relevant person or a third party, and
    • Access information about the existence of automated decision-making mechanisms we use, including profiling, and the logic behind them and the implications and significance of this for you;
  • If your personal data is processed based on your explicit consent or a contractual provision and the data processing is carried out through automatic mechanisms, have a version of your data in a regular, usable and machine-readable format transferred to you or, if technically reasonable, to another data controller;
  • You have the right to be informed about the existence of automated decision-making mechanisms we use, including profiling, the logic behind them and the possible consequences and significance of this for the person concerned.

14.3. Principles Regarding the Exercise of Rights Regarding Personal Data
Relevant persons, in order to exercise their rights regarding personal data; By using the KVK Application Form on yarisnote.com and the link below;
You can apply to our KEP address yarisnote@hs01.kep.tr,
You can apply to our e-mail address bilgi@yarisnote.com via a mobile signed, e-signed or registered and approved e-mail address in our systems,
Applications regarding their requests can be made in person, with a wet signature, to the address Esentepe Mahallesi Talat Paşa Caddesi No 5/2 Şişli İstanbul, or through a notary public.
Applications that comply with these procedures and the application procedures in the KVKK regulations will be responded to within 30 days at the latest. In case your application is rejected, you find the answer given insufficient, or we cannot respond to your application in time; You can file a complaint with the KVK Board within thirty days from the date you learn our answer and probably within sixty days from the application date.

We have appointed a Data Protection Officer (DPO) in accordance with the GDPR to ensure that your personal data is constantly processed openly, accurately and lawfully. You can reach our Data Protection Officer via the contact information below:
Email: bilgi@yarisnote.com

15. ENFORCEMENT AND UPDATEABILITY

This Policy entered into force on the date of its publication. The policy is updated to comply with changing conditions and legislation. The Policy, updated in the light of current Board decisions and requirements, is followed by the YARIS NOTE Data Protection Committee, approved by the YARIS NOTE Board of Directors and published on www.yarisnote.com.


You can reach Yaris Note from the contact information below:
Yaris Note Poster and Paper Trade Limited Company
Address: Esentepe District Talat Paşa Caddesi No 5/2 Şişli Istanbul
Email:  bilgi@yarisnote.com

Yaris Note Poster Limited Company
Address: 284 Chase Road A Block 2nd Floor Unit 123 Southgate London England N14 6HF
Email: bilgi@yarisnote.com