(PDPL - General Data Protection Regulation) Clarification Text Regarding the Law No. 6698 on the Protection of Personal Data and the Rights Within This Law
This Clarification Text on the Processing and Protection of Personal Data ("Clarification Text") has been prepared by YEŞİM DİZAYN UYGULAMA YAYINCILIK İÇ VE DIŞ TİC. LTD. ŞTİ. (YESH JEWELLERY) to fulfill our obligation to inform you, the data subjects, as stipulated under the Law No. 6698 on the Protection of Personal Data (“GDPR”).
This Clarification Text outlines the procedures that our company must adhere to during the processing of your personal data, as well as your rights and freedoms.
1. What is the Legal Basis for Processing Personal Data and for What Purpose is it Processed?
In accordance with Articles 4, 5, and 6 of the Law No. 6698 on the Protection of Personal Data (GDPR), your personal data is processed based on the instructions and applications we receive from you within the scope of the services we will provide, within the framework of the obligations and limits arising from legal regulations, to ensure that you can benefit from the services provided without any issues, to deliver the services covered by the contract, to make the necessary notifications regarding the service you are purchasing during the contract period, to inform you about relevant campaigns, and to comply with information storage, reporting, and information obligations.
Personal data and special categories of personal data, such as identity information, contact information, legal transaction and compliance information, request and complaint management information, visual and auditory data, customer data, and customer transaction data, can be obtained, recorded, stored, updated, classified, shared with third parties permitted by the legislation, or transferred to them within the framework of GDPR and under the conditions of personal data processing, as activities considered "Data Processing."
Therefore, your personal data may be processed for purposes such as:
Organizing all necessary records and documents to complete your transactions in verbal or electronic environments,
Planning, auditing, and implementing corporate sustainability, corporate management, strategic planning, and information security processes,
Fulfilling our administrative and legal obligations.
Therefore, within the limitations prescribed by law, your personal data may be processed in relation to capital market activities for the purposes of providing our company's products and services, establishing communication regarding the products and services you have received or will receive, and if you have given permission, for use in marketing activities, product/service offers, modeling, reporting, scoring, risk monitoring, intelligence, existing or new product development by our company and its subsidiaries, and identifying potential customers. The collected personal data may be processed in accordance with the personal data processing conditions and purposes specified in Articles 5 and 6 of the GDPR for the following purposes:
Ensuring that the necessary work is carried out by our business units to benefit you from the products and services offered by our company and its subsidiaries;
Customizing and recommending the products and services offered by our company and its subsidiaries according to your likes, usage habits, and needs;
Ensuring the legal and commercial security of our company, its subsidiaries, and those who have a business relationship with our company (administrative operations related to communication carried out by our company, ensuring and auditing the physical security of locations belonging to the company, customer evaluation/complaint management processes of the subsidiaries, reputation research processes, event management, legal compliance process, audit, financial affairs, etc.);
Determining and implementing the commercial and business strategies of our company;
Ensuring the execution of our company's human resources policies.
2. To Whom and For What Purpose Processed Personal Data Can Be Transferred
Your collected personal data may be shared with our company's business units to perform the necessary work to allow you to benefit from the products and services offered by our company and its subsidiaries. It may also be shared with our company’s direct or indirect shareholders, subsidiaries, main partners, and group companies, both domestically and abroad; with program partners with whom we have signed contracts; with third parties with whom we collaborate for co-branding; with individuals and organizations, public legal entities, and other persons and institutions permitted by legislation with whom sharing may be necessary for the provision of services; and with other third parties from whom we receive services, both domestically and abroad, within the framework of the principles stipulated by the personal data protection legislation.
3. What Are the Rights of the Personal Data Owner Listed in Article 11 of the GDPR?
In accordance with the GDPR, if your personal data has been processed, you have the right to request information about it, to learn the purpose of processing your personal data and whether they are used in accordance with this purpose, to know the third parties to whom your personal data is transferred, whether domestically or abroad, to request the correction of your personal data if they are incomplete or incorrectly processed, to request the deletion or destruction of your personal data, to request notification of the correction, deletion, or destruction to third parties to whom your personal data has been transferred, to object to the occurrence of any adverse results through the analysis of your processed personal data exclusively by automated systems, and to demand compensation for damages in case of illegal processing of your personal data.
To exercise your rights as a personal data owner as mentioned above, your application should include clear and understandable explanations about the right you wish to exercise, should be related to yourself, or if you are acting on behalf of someone else, you must be specially authorized in this regard and your authority must be documented. The application must include identity and address information and must be accompanied by documents proving your identity. As personal data owners, you can send your requests regarding your rights to our Company by filling out the application form available on our website and delivering a signed copy of the form along with identity documents to the address İnönü Cad. Bingün Apt. No: 37/13 Sahrayıcedit, Kadıköy, 34734 Istanbul (Turkey) in person, by notary, or by other methods specified in the GDPR, or by sending the relevant form with a secure electronic signature to info@yeshjewellery.com. Upon receipt, the Company will conclude the request as soon as possible and within no later than thirty (30) days depending on the nature of the request. However, if the transaction incurs an additional cost, a fee may be charged based on the tariff determined by the Personal Data Protection Board.
4. For What Duration Will the Data Be Retained?
Your personal data will be processed and retained for the legal retention periods stipulated in the relevant legislation, provided that it is not used for purposes other than those notified to you in this Clarification Text. At the end of these periods, the data will be deleted, destroyed, or anonymized in accordance with Article 7 of the GDPR, either officially or upon your request.
Commercial Registration No: 877360-0
Mersis No: 0950-0472-2477-8779
Company Name: YEŞİM DİZAYN UYGULAMA YAYINCILIK İÇ VE DIŞ TİC. LTD. ŞTİ. Address: İnönü Cad. Bingün Apt. No: 37/13 Sahrayıcedit, Kadıköy, 34734 İstanbul (Türkiye)
Website: www.yeshjewellery.com
Phone: +90 531 746 63 83