Our Notice Under the Personal Data Protection Law

Yaris Note (“YARIS NOTE” or “Data Controller”), as the data controller, adopts the principles set forth in the relevant legislation in order to comply with the Personal Data Protection Law No. 6698 (“KVKK”) and the European Union General Data Protection Regulation No. 2016/679 (“GDPR”), and fulfills its obligations regarding the processing, deletion, destruction, anonymization, transfer of personal data, informing the relevant person and ensuring data security. In this context, this Privacy and Personal Data Protection Policy (“Policy”) has been prepared and is made accessible to the real persons (“relevant person”) whose personal data is processed.
 

1. PURPOSE AND SCOPE OF THE POLICY

This Privacy and Personal Data Protection Policy regulates the issues listed below and aims to enlighten the relevant persons.
Principles regarding the processing of personal data
Conditions for processing personal data
Cases in which special personal data can be processed
Enlightening and informing the group of people
Categorization of personal data
Purposes of processing personal data
Transfer of personal data to domestic and international third parties
Method and legal basis for processing personal data
Storage periods of personal data
Security of personal data
Use of cookies
Contact information regarding the legal rights and usage methods of groups of individuals
Enforceability and updateability
 

2. PRINCIPLES ON PROCESSING PERSONAL DATA

2.1. Processing in Accordance with Law, Honesty and Transparency
In the processing of personal data, the principles introduced by legal regulations, the general rule of trust and honesty, and the principle of transparency are complied with.

2.2. Ensuring that Personal Data is Accurate and Up-to-date when Necessary
Periodic checks and updates are made to ensure that the processed personal data of the individual groups are accurate and up-to-date, and all necessary reasonable measures are taken in this regard. In this context, systems for checking the accuracy of personal data and making necessary corrections are established within YARİS NOTE. Members are provided with the opportunity to make these changes and updates from the My Account Page on the yarisnote.com website.

2.3 Processing for Specific, Clear and Legitimate Purposes
Personal data is processed based on clear, specific and legitimate data processing purposes. The purposes for which the data will be processed are detailed in this Policy.

2.4. Being Relevant, Limited and Proportionate to the Purpose for Which They Are Processed
Personal data is processed in a measured, purpose-related and limited manner in order to achieve the intended purpose(s), and the processing of personal data that is not relevant or needed to achieve the purpose is avoided.

2.5. Storage for the Period Stipulated in the Relevant Legislation or Necessary for the Purpose for which they are Processed
YARIS NOTE stores personal data only for the period stipulated in the relevant legislation or necessary for the purpose for which they are processed. In this context, it is first determined whether a period is stipulated in the relevant legislation for the storage of personal data, if a period is specified, this period is complied with, if no period is specified, personal data is stored for the period necessary for the purpose for which they are processed. In the event that the period expires or the reasons requiring processing are eliminated, and if there is no legal reason allowing them to be processed for a longer period, personal data is deleted, destroyed or anonymized in accordance with YARIS NOTE's Personal Data Storage and Destruction Policy. This Policy provides detailed information on storage periods.

2.6. Processing in Accordance with the Integrity and Confidentiality of Data
Personal data is processed in a manner that ensures the security of personal data by using appropriate technical or administrative measures, including protection against unauthorized or unlawful processing or accidental loss, destruction or damage.
 

3. CONDITIONS FOR PROCESSING PERSONAL DATA

The basis for personal data processing activity may be only one of the legal reasons specified below, or more than one of these conditions may be the basis for the same personal data processing activity. If the processed personal data is of a special nature, the conditions set out below under the heading "Instances in Which Special Nature Personal Data May Be Processed" shall apply.
The explicit consent of the relevant person groups is only one of the legal reasons that enable personal data to be processed in accordance with the law. In addition to explicit consent, personal data may also be processed if one of the other legal reasons listed below exists.
The personal data of the relevant person groups are processed within the scope of the processing conditions explained below.

3.1. Explicitly Provided by Laws
In cases where the processing of personal data is explicitly foreseen in the laws, YARIS NOTE processes personal data without obtaining the explicit consent of the groups of individuals whose data will be processed. For example, in accordance with the Law on the Regulation of Electronic Commerce, the processing of personal data in processes such as membership to YARIS NOTE, granting of commercial electronic permission, order, payment, delivery, product-related cancellation or return is a processing activity that takes place when explicitly foreseen in the law.

3.2. Inability to Obtain the Explicit Consent of the Person Concerned Due to Actual Impossibility or Where Personal Data is Necessary to Protect the Vital Interests of the Person Concerned or Another Person
If the processing of personal data is necessary to protect the life or physical integrity of a person or another person who is unable to give consent due to a de facto impossibility or whose consent cannot be validated, the data may be processed without the explicit consent of the person. In addition, if personal data is necessary to protect the vital interests of the person or another person, the data may be processed without the explicit consent of the person in question.

3.3. Directly Related to the Establishment or Performance of the Contract
Data may be processed if it is necessary to process personal data of the parties to the contract, provided that it is directly related to the establishment or performance of a contract.


3.4. Fulfillment of Legal Obligations of YARIS NOTE
As the data controller, personal data of the person group may be processed without obtaining explicit consent if processing is mandatory to fulfill legal obligations. For example, in the event of a product return as a result of exercising the right of withdrawal in the order, activities such as payment of the product price to the seller are necessary processing activities for YARIS NOTE to fulfill its legal obligations.

3.5. Making Personal Data Public by Groups of Individuals
If the personal data of the person group is made public by him/her, the data may be processed without the need for explicit consent. For example, if the Member is a person connected to YARIS NOTE social media channels, the personal data that he/she has shared publicly on the internet or on social media accounts may be processed if this sharing is in accordance with and to the extent of his/her will.

3.6. Data Processing is Necessary for the Establishment or Protection of a Right
If data processing is necessary for the establishment, exercise or protection of a right, the data of the person group may be processed without obtaining the explicit consent of the person group. For example, in response to a complaint made by the Member to the consumer arbitration board, sending the shopping information to this complaint file is a processing activity necessary for the establishment or protection of the right.

3.7. Processing of Data Based on Legitimate Interest
Personal data may be processed without the explicit consent of the person group if data processing is mandatory for the legitimate interests of YARIS NOTE, provided that it does not harm the fundamental rights and freedoms of the person group.

3.8. Processing of Personal Data of a Group of Individuals Based on Explicit Consent
In cases where the personal data of the person group cannot be processed based on any of the conditions specified above, it will be processed based on explicit consent, in which case the processing activity is carried out by obtaining explicit consent in accordance with the criteria determined by the KVKK and GDPR. For example, the processing of contact information of the relevant persons for sending commercial electronic messages is carried out in the form of explicit consent.
 

4. CASES WHERE SPECIAL NATURED PERSONAL DATA MAY BE PROCESSED
Some of the personal data is regulated separately as “special personal data” and is subject to special protection. In YARIS NOTE, special personal data is subject to separate processing conditions and protection.
4.1. Processing of Special Personal Data Based on Explicit Consent
Special personal data may be processed with the explicit consent of the person group, by taking the principles set out in this Policy and the necessary administrative and technical measures.

4.2. Cases in which Special Personal Data Can Be Processed Without Explicit Consent
Special personal data, in cases where there is no explicit consent of the person group, provided that sufficient measures are taken by the Personal Data Protection Board, for data other than health and sexual life, in cases stipulated by law; personal data related to health and sexual life can only be processed by persons or authorized institutions and organizations under a confidentiality obligation for the purposes of protecting public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and their financing. For example, health data for occupational health and safety activities can be processed by the YARİS NOTE workplace physician.
5. ENLIGHTENING AND INFORMING THE GROUP OF PEOPLE

During the collection of personal data in YARIS NOTE, the relevant person groups are informed by YARIS NOTE and clarification is carried out. In addition, clarification is carried out with the policy, clarification texts and QR codes located in the common areas, stores and offices of the company on the yarisnote.com website. Within the scope of clarification, the identity of YARIS NOTE's data controller, the types of personal data processed, the purpose for which personal data will be processed, to whom and for what purpose the processed personal data can be transferred, the method and legal reason for collecting personal data and the rights of the person groups are notified.
Groups of people can always request information from YARİS NOTE via bilgi@yarisnote.com . In this case, the necessary information will be provided as soon as possible.
 

6. CATEGORIZATION OF PERSONAL DATA

YARIS NOTE processes personal data of person groups in the categories specified and exemplified below. In addition to these categories, there are personal data and similar categories processed for person groups such as employees, interns, subcontractor employees in in-company processes. These categories and person groups are regulated in the YARIS NOTE Employee Personal Data Processing Policy.
 

Identity
Name, surname, date of birth, gender, Turkish identity number
 Customer-Member Customer, Guest Customer
Supplier Representative
Supplier Employee
Employee Candidate
Communication
Mobile phone, email address, address, postal code, landline phone		 Customer- Member Customer, Guest Customer
Supplier Representative
Supplier Employee
Employee Candidate
Location Customer- Member Customer, Guest Customer
Supplier Employee
Legal Action
Contract, legal information		 Customer- Member Customer, Guest Customer
Supplier Representative
Supplier Employee
Employee Candidate
Customer Transaction
Purchased product/s, size and color preferences, purchase amount, date, etc. information, call center call records, campaigns/competitions used, coupons used, order-related information.		 Customer- Member Customer, Guest Customer
Transaction Security
Password, passcode, IP information		 Customer- Member Customer, Guest Customer
Online Visitor
Supplier Representative
Supplier Employee
Finance
Billing information, bank account information, financial information, payment debit and credit information		 Customer- Member Customer, Guest Customer
Supplier Representative
Supplier Employee
Professional Experience Supplier Employee
Employee Candidate
Marketing Customer- Member Customer, Guest Customer
Online Visitor



 

7. PURPOSES OF PROCESSING PERSONAL DATA

7.1. Conditions of Processing
Personal data is processed limited to the following conditions.

  • The relevant activity regarding the processing of your personal data is clearly prescribed by law,
  • The processing of your personal data by YARİS NOTE is directly related to and necessary for the establishment or performance of a contract,
  • Processing of personal data is mandatory for YARIS NOTE to fulfill its legal obligations,
  • Provided that personal data is made public by the person group; processing by YARİS NOTE for the purpose of making it public is limited,
  • The processing of personal data by YARIS NOTE is necessary for the establishment, exercise or protection of the rights of YARIS NOTE or groups of individuals or third parties,
  • It is mandatory to process personal data for the legitimate interests of YARIS NOTE, provided that it does not harm the fundamental rights and freedoms of groups of individuals.
  • If the processing of personal data by YARİS NOTE is necessary to protect the life or physical integrity of the relevant person or another person, and in this case the relevant person is unable to give his/her consent due to actual impossibility or legal invalidity, or if the personal data is necessary to protect the vital interests of the relevant person or another person.

If the above-mentioned conditions are not met, YARİS NOTE seeks the explicit consent of personal data owners in order to process personal data.

7.2. Purposes of Processing
YARİS NOTE processes personal data for the following purposes:

For Customer Group:

Member Customer Personal Data;

  • Carrying out membership transactions.
  • To benefit from the services offered by YARİS NOTE, to improve the services, to develop new services and to provide information.
  • Execution of the Membership Agreement and Distance Sales Agreement.
  • Providing promotion, opportunities and benefits, and carrying out marketing activities in case of explicit consent.
  • Resolving member customer problems and complaints.
  • Improving desktop, tablet, mobile platform and mobile application experiences.
  • Monitoring of accounting and purchasing transactions.
  • Compliance with legal processes and legislation.
  • Responding to requests for information from administrative and judicial authorities.
  • Ensuring information and transaction security and preventing malicious use.
  • Making the necessary arrangements to ensure that the processed data is accurate and up-to-date.
  • Establishing and implementing processes to ensure information security and internal process improvements.

Personal Data of Guest Customers (users who shop without being a member):

  • To benefit from the services offered by YARİS NOTE, to improve the services, to develop new services and to provide information.
  • Providing promotion, opportunities and benefits, and carrying out marketing activities in case of explicit consent.
  • Improving desktop, tablet, mobile platform and mobile application experiences.
  • Monitoring of accounting and purchasing transactions.
  • Compliance with legal processes and legislation.
  • Responding to requests for information from administrative and judicial authorities.
  • Ensuring information and transaction security and preventing malicious use.
  • Making the necessary arrangements to ensure that the processed data is accurate and up-to-date.
  • Establishing and implementing processes to ensure information security and internal process improvements.

For Supplier Group (Supplier, Supplier Official, Supplier Employee):

  • Managing the business process with suppliers.
  • Fulfillment of legal processes and legal requirements such as contracts regarding the required service.
  • Establishing contracts with selected suppliers and carrying out necessary procedures.
  • Carrying out purchasing, production, supply and similar operations.
  • Carrying out after-sales services and return/cancellation/repair requirements and processes.
  • In accordance with the Occupational Health Law and contract.
  • Control of the payment of premiums to be made to the employee and the state in accordance with the SSI legislation.
  • Checking whether employees have qualification documents (certificate, authorization document, etc. depending on the job they do)
  • Ensuring the economical use of company resources and improving company operations in a customer-focused manner.
  • Obtaining commitments from the natural or legal person supplier who processes personal data that they will comply with the obligations that Yaris Note must comply with in terms of data security in accordance with the KVKK.
  • Monitoring accounting and purchasing transactions, controlling payments and giving approval.
  • Compliance with legal processes and legislation, fulfillment of legal obligations.
  • Responding to information requests from administrative and judicial authorities.
  • Ensuring information and transaction security and preventing malicious use.
  • Making the necessary arrangements to ensure that the processed data is up-to-date and accurate.
  • Planning and controlling the fulfillment of commitments.

For the Prospective Employee Group:

  • Ensuring the completion and execution of human resources policies and processes.
  • Planning the application selection and evaluation processes of employee candidates.
  • Carrying out the activities that need to be carried out within the framework of occupational health and safety.
  • Communication activities required for placement of employee candidates.
  • Planning of intern recruitment, placement and operation processes.

For Online Visitor:

  • Keeping log records of online visitors and users' system movements.
  • Compliance with legal processes and legislation.
  • Responding to requests for information from administrative and judicial authorities.
  • Ensuring information and transaction security and preventing malicious use.
  • Fulfillment of legal obligations.

8. TRANSFER OF PERSONAL DATA TO DOMESTIC AND INTERNATIONAL THIRD PARTIES
8.1. Transfer of Personal Data
Personal data and special personal data may be transferred to third parties (third party companies, third real persons) provided that the conditions stipulated in Article 8 and Article 9 of the KVKK are met, and the necessary security measures are taken in line with the processing purposes.
Personal data may be transferred abroad due to the software and server infrastructure used, the product software and server infrastructure from which the service is received.
The Personal Data Protection Authority has not yet announced the list of safe countries, and in this context, personal data can be transferred abroad in accordance with the explicit consent of the persons concerned, in accordance with Article 9 of the KVKK.

8.2. Third Parties to Which Personal Data Are Transferred
Your personal data may be transferred to the following data subject groups:

  • To YARIS NOTE business partners,
  • To YARIS NOTE suppliers,
  • To YARIS NOTE affiliates,
  • To YARIS NOTE shareholders,
  • To legally authorized public institutions and organizations,
  • To legally authorized private law persons.
9. METHOD AND LEGAL REASON FOR COLLECTING PERSONAL DATA

Your personal data transmitted to the Company electronically or physically is processed in accordance with the purposes set out in this Policy, in accordance with Article 5 of the KVKK and the relevant articles of the GDPR; within the framework of the following legal reasons according to the person groups, by fully or partially automatic means or non-automatic means provided that it is part of any data recording system.

For the Customer (Member/Guest) Group;

  • Protection of the customer's rights and interests.
  • Providing rights and benefits to Customers in order to establish a business relationship.
  • Continuing and developing internal company activities.
  • Fulfillment of obligations arising from legislation.
  • The processing of personal data of the parties to a contract is necessary, provided that it is directly related to the establishment or performance of a contract.
  • Data processing is mandatory for the legitimate interests of the data controller, such as entering customer orders into relevant storage and analysis software to ensure business continuity, provided that it does not harm the customer's fundamental rights and freedoms.
  • Explicit consent of the customer

For Supplier/Partner Group (Supplier/Partner, Supplier/Partner Official, Supplier/Partner Employee):

  • It is necessary for the data controller to fulfill its legal obligations.
  • The processing of personal data of the parties to a contract is necessary, provided that it is directly related to the establishment or performance of a contract.
  • Data processing is mandatory for the legitimate interests of the data controller, such as storing the contact information of the relevant persons to ensure business continuity and fast and effective communication, provided that it does not harm the fundamental rights and freedoms of the Supplier/Business Partner.
  • Explicit consent of the Supplier/Business Partner is required.

For the Prospective Employee Group:

  • The processing of personal data of the parties to a contract is necessary, provided that it is directly related to the establishment or performance of a contract.
  • Data processing is mandatory for the legitimate interests of the data controller, such as storage and evaluation for future personnel needs, provided that it does not harm the fundamental rights and freedoms of the candidate employee.
  • The candidate employee must have explicit consent.

For the Online Visitor Group:

  • The processing of personal data of the parties to a contract is necessary, provided that it is directly related to the establishment or performance of a contract.
  • Data processing is mandatory for the legitimate interests of the data controller, such as analyzing which pages are visited most for business development purposes, provided that it does not harm the fundamental rights and freedoms of the Online Visitor.
  • Explicit consent of the Online Visitor

10. STORAGE PERIOD OF PERSONAL DATA
The retention periods and legal bases of personal data processed by YARİS NOTE are given in the table below:
 

Identity 15 years from the termination of the legal relationship Law No. 6563 on the Regulation of Electronic Commerce, Turkish Commercial Code No. 6102, Turkish Code of Obligations No. 6098, Tax Procedure Law No. 213, Consumer Protection Law No. 6502, Labor Law No. 4857, Occupational Health and Safety Law No. 6331
Communication 10 years from the termination of the legal relationship Law No. 6563 on the Regulation of Electronic Commerce, Turkish Commercial Code No. 6102, Turkish Code of Obligations No. 6098, Tax Procedure Law No. 213, Consumer Protection Law No. 6502, Labor Law No. 4857, Occupational Health and Safety Law No. 6331
Location 10 years from the termination of the legal relationship Law No. 6563 on the Regulation of Electronic Commerce, Turkish Commercial Code No. 6102, Turkish Code of Obligations No. 6098
Legal Action 10 years from the date of finalization of the trial Code of Civil Procedure No. 6100, Code of Criminal Procedure No. 5271
Customer Transaction 10 years from the termination of the legal relationship Law No. 6563 on the Regulation of Electronic Commerce, Turkish Commercial Code No. 6102, Turkish Code of Obligations No. 6098, Tax Procedure Law No. 213, Consumer Protection Law No. 6502, Law No. 5651 on the Regulation of Publications Made on the Internet and Combating Crimes Committed Through These Publications
Transaction Security 2 years Law No. 5651 on the Regulation of Publications Made on the Internet and Combating Crimes Committed Through These Publications
Finance 10 years from the termination of the legal relationship Law No. 6563 on the Regulation of Electronic Commerce, Turkish Commercial Code No. 6102, Turkish Code of Obligations No. 6098, Tax Procedure Law No. 213, Consumer Protection Law No. 6502
Marketing During Legal Relationship

 

11. SECURITY OF PERSONAL DATA

In order to ensure the security of personal data at YARİS NOTE, reasonable measures are taken to prevent the risks of unauthorized access, accidental data loss, deliberate deletion of data or damage to data.
All necessary technical and physical measures are taken to prevent access to personal data by anyone other than those authorized to access it. In this context, the authorization system is designed in such a way that no one can access more personal data than necessary. Stricter measures are taken when ensuring the security of special personal data such as health data compared to other personal data.
Authorized individuals are subjected to the necessary security and internal controls. In addition, these individuals are trained on their duties and responsibilities.
Access records to personal data are kept to the extent technically possible and these records are reviewed at regular intervals. In the event of unauthorized access, an investigation and legal action are initiated immediately.
YARİS NOTE takes the following security measures to ensure the security of the processed data:

  • Network security and application security are provided.
  • A closed system network is used for personal data transfer via network.
  • Key management is implemented.
  • Security measures are taken within the scope of information technology systems procurement, development and maintenance.
  • The security of personal data stored in the cloud is ensured.
  • There are disciplinary regulations in place for employees that include data security provisions.
  • Training and awareness activities are carried out for employees on data security at regular intervals.
  • An authority matrix has been created for employees.
  • Access logs are kept regularly.
  • Institutional policies on access, information security, use, storage and destruction have been prepared and implemented.
  • Confidentiality commitments are made.
  • The authority of employees who change their duties or leave their jobs is revoked in this area.
  • Up-to-date anti-virus systems are used.
  • Firewalls are used.
  • The signed contracts contain data security provisions.
  • Extra security measures are taken for personal data transferred via paper, and the relevant documents are sent in a confidential document format.
  • Personal data security policies and procedures have been determined.
  • Personal data security issues are reported quickly.
  • Personal data security is monitored.
  • Necessary security measures are taken regarding entry and exit to physical environments containing personal data.
  • The security of physical environments containing personal data is ensured against external risks (fire, flood, etc.).
  • The security of environments containing personal data is ensured.
  • Personal data is reduced as much as possible.
  • Personal data is backed up and the security of the backed up personal data is also ensured.
  • Periodic and/or random audits are carried out within the institution.
  • Log records are kept without user intervention.
  • Current risks and threats have been identified.
  • Protocols and procedures for the security of special personal data have been determined and implemented.
  • If special personal data is to be sent via e-mail, it must be encrypted and sent using a KEP or corporate mail account.
  • Intrusion detection and prevention systems are used.
  • Penetration testing is performed.
  • Personal data transferred via portable memory, CD or DVD is encrypted.
  • Data processing service providers are audited at regular intervals regarding data security.
  • Awareness of data processing service providers regarding data security is ensured.
12. USE OF COOKIES

YARİS NOTE uses a number of technologies such as cookies, pixels, GIFs, etc. (“cookies”) to ensure the most efficient use of its website and applications and to improve user experience. The use of these technologies is carried out in accordance with the applicable legislation, primarily KVKK. If the relevant persons do not prefer the use of cookies, cookies can be deleted or blocked from the browser settings. You can access detailed information about the cookies used by YARİS NOTE from the Cookie Policy and inform us of your preferences.
 

13. AUTOMATIC PROCESSING ACTIVITIES

YARIS NOTE automatically processes behavioral data obtained through technologies such as cookies, etc. in order to offer special products and services to its customers and potential customers. In this context, the products that a person may prefer to purchase can be analyzed with the information obtained. For example, by statistically matching the products sold in general, other related products can be automatically offered to the user who is interested in a certain product with special offers.
 

14. LEGAL RIGHTS OF GROUPS OF PERSONS AND METHODS OF USE

14.1. Rights Regarding Personal Data Within the Scope of KVKK
The rights that groups of individuals can exercise regarding their personal data are set out in Article 11 of the KVKK and are as follows:

  • Learning whether personal data is being processed,
  • To request information regarding the processing of personal data,
  • To learn the purpose of processing personal data and whether they are used in accordance with their purpose,
  • To know the third parties to whom personal data is transferred, either domestically or abroad,
  • To request correction of personal data if it is processed incompletely or incorrectly,
  • To request the deletion or destruction of personal data within the framework of the conditions set forth in Article 7 of the KVKK and to request that the actions taken in accordance with these provisions be notified to third parties to whom personal data has been transferred,
  • To object to a result that is to the detriment of the person himself/herself, as a result of the analysis of the processed data exclusively through automatic systems,
  • To request compensation in case of damages due to unlawful processing of personal data.

14.2. Rights Regarding Personal Data Under GDPR
The rights that groups of individuals can exercise regarding their personal data are set out in GDPR Section 3 (Articles 12-23) and are listed below:

  • If your personal data is processed based on your explicit consent, you may withdraw that consent;
  • Request restriction of the processing of your personal data in the following cases;
    • If you object to the accuracy of your personal data, for a period of time during which we can check the accuracy in question,
    • If data processing is unlawful but you prefer to limit the use of your data rather than have it deleted,
    • If the processing of your personal data is no longer necessary for the relevant data processing purpose, but is necessary for the establishment, exercise or presentation of your legal claims and arguments, or upon your request,
    • Following your right to object in accordance with Article 21 of the GDPR, during the examination of whether the objection is invalid due to our interests;
  • To object to the processing of your personal data, including profiling practices, if your personal data is being processed on grounds of public interest or based on the authority granted by law to the data controller or on the legitimate interests of the data controller or a third party;
  • Access the following information;
    • Confirmation that personal data concerning you is being processed and, in this case, your relevant personal data and the relevant data processing purposes and categories,
    • The data recipients or categories of data with whom your personal data has been or will be shared, if possible, the period for which your personal data will be stored, if this is not possible, the criteria used to determine such period,
    • The existence of the right to restrict, delete or destroy the processing of personal data, to object to the processing of personal data and to appeal to the supervisory authority; and
    • Information that personal data has been obtained from the relevant person or a third party, and
    • Access to information about the existence of automated decision-making mechanisms we use, including profiling, the logic behind them, and the potential consequences and significance of this for you;
  • If your personal data is processed based on your explicit consent or a contractual provision and the data processing is carried out through automated mechanisms, to have a version of your data in an organized, usable and machine-readable format transferred to you or, if technically feasible, to another data controller;
  • You have the right to obtain information about the existence of automated decision-making mechanisms, including profiling, that we use and the logic behind them, as well as the possible consequences and significance of this for the person concerned.

14.3. Principles Regarding the Exercise of Rights Regarding Personal Data
In order to exercise their rights regarding personal data, the relevant persons can use the Personal Data Protection Law Application Form on the yarisnote.com page and in the link below;
Applications can be made to our e-mail address bilgi@yarisnote.com with mobile signature, e-signature or via an e-mail address registered and approved in our systems.
Applications that comply with these procedures and the application procedures included in the KVKK regulations will be answered within 30 days at the latest. If your application is rejected, you find the response given insufficient or we cannot respond to your application on time; you can file a complaint with the KVK Board within thirty days from the date you learn of our response and in any case within sixty days from the date of application.

To ensure that your personal data is processed in an open, accurate and lawful manner at all times, we have appointed a Data Protection Officer (DPO) in accordance with the GDPR. You can reach our Data Protection Officer via the contact details below:
Email: bilgi@yarisnote.com

15. ENFORCEMENT AND UPDATEABILITY

This Policy entered into force on the date of publication. The Policy is updated in order to comply with changing conditions and legislation. The updated Policy, in light of current Board decisions and requirements, is monitored by the YARIS NOTE Data Protection Committee, approved by the YARIS NOTE Board of Directors, and published on www.yarisnote.com.


You can reach Yaris Note through the contact information below:

Yaris Note Poster Limited Company
Address: 284 Chase Road A Block 2nd Floor Unit 123 Southgate London England N14 6HF
Email: bilgi@yarisnote.com