Personal Data Processing Notice
Personal Data Processing Notice
Personal Data Processing Notice
Personal Data Processing Notice
Can Yılmaz (“Sole Proprietorship”) is the Data Controller with regard to the processing of your personal data; your
personal data is processed by the Company within the framework described below and always in compliance with
the Personal Data Protection Law No. 6698 (“Law No. 6698”). Detailed information regarding the purposes for which
your personal data is processed by us can be found in the Privacy Policy.
Purposes of Processing Your Personal Data: Your personal data processed by the Company is categorised as
follows in accordance with the Personal Data Protection Law (Law) and the European General Data Protection
Regulation (GDPR). Unless otherwise expressly stated, the term "personal data" as used in this Privacy Policy
shall include the information listed below.
• Identity and Contact Information: name, surname, telephone number, date of birth, gender, address,
workplace information, email address
• User Information, User Transaction Information and Financial Information: membership information,
membership ID number, data relating to the date and time you used the Company's services, terms you
used when searching on the Site and your filtering preferences, your preferences, ratings and comments,
pages you visited, errors that occurred during use, billing and payment information, balance information
(examples of receipts for invoices sent to the user and payments received from users, invoice number,
invoice amount, invoice date, etc.)
• Location Information: Specific or approximate location information, such as GPS data, that we obtain
while you are using the Company's services
• Transaction Security Information: login credentials, password information
• Marketing Information: reports and assessments showing your habits and preferences, notifications,
targeting information, cookie records, etc.
• Complaint Management Information: Complaints you have made via the website
• Risk Management Information: IP address
• Face Scanning Information: hair information, facial posture, gender, age, beard/moustache status, makeup,
facial expressions, emotional reflection, accessories, eye-mouth-nose alignment, identifying marks/blemishes.
This data is processed solely for the purpose of providing the relevant service, photo matching, and providing
access to user-owned images; it is not used for any other purpose.
• User-Generated Information: Created events, event information (name, location, date), shared
photographs Data anonymised within the framework of Articles 3 and 7 of the Law shall not be considered
personal data in accordance with the provisions of the aforementioned law, and processing activities
related to this data shall be carried out independently of the provisions of this Privacy Policy.
You may request information regarding whether your data is being processed. The personal data you
share with the Company is used to enable you to benefit from the services provided on the Site and
through the Site or the Mobile Application ("Site"), to register your membership on the Site, to make
updates related to your membership registration ,improving the services offered by the Company and provided through the Site, introducing new services, and conducting commercial activities in this regard, including providing you with the necessary information,determining and implementing commercial and business strategies, and the Company and the Company's business The processing of personal data is necessary to ensure the legal and commercial security of individuals
involved in the relationship, to provide you with the necessary information within this scope, and to fulfil the
obligations arising from the nature of these activities. The personal information in question may be used to
contact you or to improve your experience on the Website or Mobile Application (e.g., managing the
communication management process, conducting satisfaction surveys, etc.), as well as for internal reporting
and business development
activities, as well as for various statistical evaluations, database creation, and market research without
disclosing your identity.
Your explicit consent is obtained in accordance with Article 6/1 of the Law for any actions that may constitute
sharing, displaying, or publicly disclosing photographs taken at events, and this consent is used solely for the
purpose of carrying out the aforementioned disclosure. The Company may process, store, and disclose such
information to third parties for the purposes of direct marketing, digital marketing, remarketing, targeting,
profiling, and analysis. The Company may also contact you to provide notifications regarding the promotion,
maintenance, and support of various applications, products, and services based on such information.
may also process and share personal data with third parties without obtaining your additional consent as the
Data Subject, in accordance with Articles 5 and 8 of the Law and/or where exceptions exist in the relevant
legislation. The main circumstances are listed below:• Where explicitly provided for by law,
• Where the individual is unable to express consent due to actual impossibility or where consent is not
legally valid, it is necessary to protect the life or physical integrity of the individual or another person,
• The processing of personal data is necessary for the establishment or performance of a contract between
the Data Subject and the Company,
• It is necessary for the Company to fulfil its legal obligations,
• Where the Data Subject has made the data public,
• Processing is necessary for the establishment, exercise, or defence of legal claims,
• It is necessary for the legitimate interests of the Company, provided that it does not harm the fundamental
rights and freedoms of the Data Subject. As stated above, the Company may use cookies and, in this
context, process data and may only transmit it to third parties to the extent required for the purposes of
processing within the scope of analysis services provided by third parties.
The aforementioned technical communication files are small text files sent by the Site to the Data Owner's
browser to be stored in the main memory. A technical communication file facilitates the use of the Site by
storing status and preference settings about a website. A technical communication file is designed to obtain
statistical information about how many people use websites over time, the purpose for which a person visits
any website, how many times they visit it, and how long they stay, and to help generate advertisements and
content dynamically from user pages specially designed for users.
for what purpose, how many times they visit it, and how long they stay, and to help dynamically generate
advertisements and content from user pages specially designed for users. Technical communication files
are not designed to retrieve any other personal data from the main memory. Most browsers are initially
designed to accept cookies, but users can always change their browser settings to prevent cookies from
being received or to be warned when cookies are sent.
Your personal data is obtained and processed through the FindPhoto platform (findphoto.ai), either fully or
partially by automated means, or by non-automated/physical means as part of a data recording system,
provided you have given your consent to share it.
Your personal data is processed with your explicit consent in accordance with Article 5/1 of Law No. 6698.
Additionally, if the conditions are met, your personal data may be processed in accordance with Article 5/2/c of
the Law for the establishment, performance, and termination of the contract to be concluded with you; in
accordance with Article 5/2/ç for the Company to fulfil its legal obligations; in accordance with Article 5/2/e for
the establishment, exercise, or protection of a right; and in accordance with Article 5/2/f
provided that it does not harm the fundamental rights and freedoms of the relevant persons.
Records of processing operations carried out with your explicit consent are automatically logged on the system
for the purpose of proving consent; the log records kept in this context are limited to the date and time of
consent, user ID information, transaction record, and IP information. These records are stored for at least one
(1) year in accordance with the data controller's obligation to provide evidence under the KVKK and are
securely deleted upon expiry of this period.
Photographic data (image data) processed within the scope of the event and biometric data processed for
facial scanning and matching purposes are stored for a maximum of 1 (one) year from the date of the event,
limited to the period required for the processing purpose; upon expiry of this period, they are irretrievably
deleted or anonymised.
Parties to Whom Your Personal Data May Be Transferred and the Purposes of Transfer Your personal data
may be transferred to the following parties in accordance with the purposes stated above and in compliance
with Articles 8 and 9 of Law No. 6698: shared with business partners, intermediary service providers, natural or
legal persons from whom services are obtained, suppliers, and consultants for purposes such as ensuring the
fulfilment of the processing Purposes explained above, sending commercial electronic communications,
processing, storing, and protecting data, provided that confidentiality agreements are in place to ensure
security.
in accordance with legal limits and to the extent necessary for the relevant process and purpose. Personal
data may be transferred to natural or legal persons established in Turkey, processed in Turkey, or transferred
abroad for processing and storage (to countries with adequate protection for personal data and/or to countries
without adequate protection, provided that the conditions specified in the KVKK are met). Furthermore,
personal data may be shared with public institutions or organisations authorised to request and receive such
data due to a legal requirement.Rights of the Data Subject as Listed in Article 11 of Law No. 6698 As data subjects, you have the following
rights:
• You have the right to learn whether your personal data has been processed,
• To request information regarding the processing of your personal data if it has been processed,
• To learn the purpose of the processing of your personal data and whether they are being used in accordance
with that purpose,
• To know the third parties to whom your personal data has been transferred within or outside the country,
• To request the correction of your personal data if it has been processed incompletely or incorrectly,
• Requesting the deletion or destruction of your personal data,
• To request that the processing of your personal data, its deletion or destruction be communicated
to third parties to whom your personal data has been transferred,
• Object to the analysis of your processed data exclusively by automated systems resulting in a decision
against you,
• You have the right to request compensation for any damage suffered as a result of the unlawful
processing of your personal data.
As personal data owners, you may contact the Company with your requests regarding your rights, and your request
will be resolved as soon as possible and within 30 (thirty) days at the latest, depending on the nature of the request.
If the process involves additional costs, you may be charged a fee according to the tariff determined by the Personal
Data Protection Board.
CAN YILMAZ - FINDPHOTO INDIVIDUAL COMPANY
DECLARATION OF TRANSFER OF PERSONAL DATA ABROAD UNDER THE PERSONAL DATA PROTECTION
LAW NO. 6698
In this Undertaking, Can Yılmaz – FindPhoto (Sole Proprietorship) as the data transferor and Amazon Web
Services EMEA SARL, established abroad as the data recipient, undertake to fulfil the obligations specified below in
accordance with Article 9(2)(b) of Law No. 6698.
1. Can Yılmaz – FindPhoto (Sole Proprietorship), as the data controller transferring the data,
undertakes to fulfil the obligations specified below:
a) Can Yılmaz – FindPhoto (Sole Proprietorship) undertakes that personal data has been processed and transferred
in accordance with Law No. 6698 and other relevant legislation.
b) Can Yılmaz – FindPhoto (Sole Proprietorship) has taken all necessary technical and administrative measures to
ensure an appropriate level of security commensurate with the nature of the personal data in order to prevent the
unlawful processing of personal data, prevent unlawful access to personal data, and ensure the protection of
personal data. It is also satisfied that the data recipient, Amazon Web Services EMEA SARL, has taken these
measures.
c) Can Yılmaz – FindPhoto (Sole Proprietorship) has informed the data recipient, Amazon Web Services EMEA
SARL, that the transferred personal data will be processed in accordance with Law No. 6698 and the provisions
of this agreement.
d) Can Yılmaz – FindPhoto (Sole Proprietorship) has informed the data recipient, Amazon Web Services EMEA SARL,
about Law No. 6698 and other relevant data protection regulations to which it is subject.
e) Can Yılmaz – FindPhoto (Sole Proprietorship) has informed the data recipient, Amazon Web Services EMEA SARL,
that it is obliged to notify them as soon as possible in the event that the transferred personal data is obtained by others
through unlawful means. Can Yılmaz – FindPhoto (Sole Proprietorship) will report this data breach to the relevant
parties and the Personal Data Protection Board as soon as possible.
f) Can Yılmaz – FindPhoto (Sole Proprietorship) will forward any notifications received from the data recipient,
Amazon Web Services EMEA SARL, to the Board in accordance with the relevant legislation.g) Can Yılmaz – FindPhoto (Sole Proprietorship) will immediately inform the Board of any issues arising from the data
recipient Amazon Web Services EMEA SARL's compliance with the provisions of this agreement as soon as possible.
h) Can Yılmaz – FindPhoto (Sole Proprietorship), the data recipient Amazon Web Services EMEA SARL, having
agreed to respond to queries from data subjects and the Board, shall, in the event that it is unable to do so, respond to
the data subject or the Board within a reasonable period of time based on all information and documents in its
possession.
i) Can Yılmaz – FindPhoto (Sole Proprietorship) may suspend data transfers or terminate the contract until the breach
is remedied if the data recipient, Amazon Web Services EMEA SARL, breaches its obligations under this contract.
j) Can Yılmaz – FindPhoto (Sole Proprietorship) shall notify the Board as soon as possible in the event of the
suspension of data transfer or termination of the contract.
k) Can Yılmaz – FindPhoto (Sole Proprietorship); the data recipient.....has the administrative and technical capability to
fulfil the obligations arising from these provisions
.
2. Can Yılmaz – FindPhoto (Sole Proprietorship); data recipient data controller undertakes that it has fulfilled and will
fulfil the following obligations:
a) Can Yılmaz – FindPhoto (Sole Proprietorship); has taken all necessary technical and administrative measures to
ensure an appropriate level of security commensurate with the nature of the personal data, in order to prevent the
unlawful processing of personal data, prevent unlawful access to personal data, and ensure the protection of
personal data.
b) Amazon Web Services EMEA SARL shall be jointly responsible with these persons for taking the measures specified
in clause (a) when personal data is processed on its behalf by another natural or legal person.
, it shall be jointly responsible with such persons for taking the measures specified in clause (a). Persons acting under
the authority of Can Yılmaz – FindPhoto (Sole Proprietorship), including data processors, shall process personal data
only and exclusively in accordance with the instructions received from the data recipient.
c) Can Yılmaz – FindPhoto (Sole Proprietorship) shall process personal data in accordance with Law No. 6698 and the
agreement between Amazon Web Services EMEA SARL. If compliance with the Law and the agreement cannot be
ensured for any reason, Can Yılmaz – FindPhoto (Sole Proprietorship) shall be immediately informed of the matter. In
this case, Can Yılmaz – FindPhoto (Sole Proprietorship) may suspend the data transfer and terminate the agreement.
d) Amazon Web Services EMEA SARL acknowledges, declares and undertakes that there is no national regulation
contrary to the agreement regarding the personal data to be transferred under the agreement. In the event of a
legislative change during the term of the contract that is likely to affect the data recipient's fulfilment of its obligations
under the contract, the situation shall be immediately reported to the authorised representatives of Can Yılmaz –
FindPhoto (Sole Proprietorship), and in this case, Can Yılmaz – FindPhoto (Sole Proprietorship) shall have the right
to suspend data transfer and terminate the contract.
e)Amazon Web Services EMEA SARL shall immediately notify Can Yılmaz – FindPhoto (Sole Proprietorship) of any
requests received from a judicial authority regarding transferred personal data. In such a case, Can Yılmaz –
FindPhoto (Sole Proprietorship) shall have the right to suspend or terminate the contract depending on the nature of
the request.
f) Amazon Web Services EMEA SARL shall respond to any queries received from Can Yılmaz – FindPhoto (Sole
Proprietorship) under the contract as soon as possible and in accordance with the procedure, and shall comply with
the decisions and opinions of the Board regarding the processing of personal data subject to transfer.g) Can Yılmaz – FindPhoto (Sole Proprietorship) shall have the authority to conduct and commission audits regarding
the fulfilment of commitments and obligations, and Amazon Web Services EMEA SARL shall provide the necessary
assistance in this regard.
h) In the event of termination of this agreement or expiry of its term, Amazon Web Services EMEA SARL shall, at the
discretion of Can Yılmaz – FindPhoto (Sole Proprietorship), return the personal data subject to transfer, together with
its backups, to the data exporter or completely destroy the personal data. If there are provisions in the legislation that
prevent the data recipient from fulfilling this obligation, Amazon Web Services EMEA SARL agrees to take the
necessary administrative and technical measures to ensure the confidentiality of the personal data subject to transfer
and to cease data processing activities.
i) Amazon Web Services EMEA SARL acknowledges that it possesses the administrative and technical capability
to fulfil its obligations arising from these provisions.
j) When performing the contracted service, Amazon Web Services EMEA SARL shall, in cases where it is required to
transfer the personal data subject to the contract to a subcontractor, inform Can Yılmaz – FindPhoto (Sole
Proprietorship) in a verifiable manner and obtain its consent. The contract to be concluded between Amazon Web
Services EMEA SARL and the subcontractor shall,
shall, at a minimum, include the terms of the contract between Can Yılmaz – FindPhoto (Sole Proprietorship) and
Amazon Web Services EMEA SARL and the provisions of this undertaking.
The data transferor, Can Yılmaz – FindPhoto (Sole Proprietorship), and the data recipient, Amazon Web Services
EMEA SARL,
undertake not to disclose the personal data they process to any third party in violation of the provisions of Law No.
6698 and not to use it for any purpose other than the processing purpose.
Data provider name:
First Name Last Name: Can Yılmaz
–FindPhoto (Sole Proprietorship)
Address: Barbaros mahallesi Şebboy sokak no4/1 inner door: 2 Ataşehir İstanbul Contact
Number: 05334086206
Email:hello@findphoto.ai
(Any other information required to make the
contract binding, if applicable.)
Signature/Stamp
On behalf of the data recipient:
Name Surname: Amazon Web Services EMEA SARL
Physical Address: Amazon Web Services EMEA SARL EMEA SARL
38 Avenue John F. Kennedy
L-1855 LuxembourgLuxembourg
Contact Number:
Email: privacy@amazon.com
(Any other information that must be specified
for the contract to be binding.)
Signature/Stamp
COMMITMENT ANNEX 1
Data subject group(s)
The personal data transferred relates to the following group(s) of persons (e.g. employee data, customer data):
…………………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………………
………………………………………………………………………………………………………………………
Data categories
data):
The personal data transferred relates to the data categories specified below (personal data or special category personal
…………………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………………
………………………………………………………………………………………………………………………
Purposes of data transfer
Data transfer is carried out for the purposes specified below:
…………………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………… Legal
basis for data transfer
……………………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………………
…………………..
Recipients and recipient groups
The personal data transferred may only be shared with the recipients specified below.
…………………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………………
………………………………………………………………………………………………………………………
Technical and administrative measures to be taken by the data recipient……………………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………………
………………………………………………………………………………
Additional measures taken for special category personal data
…………………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………………
…………………………………………………………………………………
Additional useful information
(Storage periods and related information)
…………………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………………
Contact person's contact details
……………………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………
Personal Data Processing Notice
Can Yılmaz (“Sole Proprietorship”) is the Data Controller with regard to the processing of your personal data; your
personal data is processed by the Company within the framework described below and always in compliance with
the Personal Data Protection Law No. 6698 (“Law No. 6698”). Detailed information regarding the purposes for which
your personal data is processed by us can be found in the Privacy Policy.
Purposes of Processing Your Personal Data: Your personal data processed by the Company is categorised as
follows in accordance with the Personal Data Protection Law (Law) and the European General Data Protection
Regulation (GDPR). Unless otherwise expressly stated, the term "personal data" as used in this Privacy Policy
shall include the information listed below.
• Identity and Contact Information: name, surname, telephone number, date of birth, gender, address,
workplace information, email address
• User Information, User Transaction Information and Financial Information: membership information,
membership ID number, data relating to the date and time you used the Company's services, terms you
used when searching on the Site and your filtering preferences, your preferences, ratings and comments,
pages you visited, errors that occurred during use, billing and payment information, balance information
(examples of receipts for invoices sent to the user and payments received from users, invoice number,
invoice amount, invoice date, etc.)
• Location Information: Specific or approximate location information, such as GPS data, that we obtain
while you are using the Company's services
• Transaction Security Information: login credentials, password information
• Marketing Information: reports and assessments showing your habits and preferences, notifications,
targeting information, cookie records, etc.
• Complaint Management Information: Complaints you have made via the website
• Risk Management Information: IP address
• Face Scanning Information: hair information, facial posture, gender, age, beard/moustache status, makeup,
facial expressions, emotional reflection, accessories, eye-mouth-nose alignment, identifying marks/blemishes.
This data is processed solely for the purpose of providing the relevant service, photo matching, and providing
access to user-owned images; it is not used for any other purpose.
• User-Generated Information: Created events, event information (name, location, date), shared
photographs Data anonymised within the framework of Articles 3 and 7 of the Law shall not be considered
personal data in accordance with the provisions of the aforementioned law, and processing activities
related to this data shall be carried out independently of the provisions of this Privacy Policy.
You may request information regarding whether your data is being processed. The personal data you
share with the Company is used to enable you to benefit from the services provided on the Site and
through the Site or the Mobile Application ("Site"), to register your membership on the Site, to make
updates related to your membership registration ,improving the services offered by the Company and provided through the Site, introducing new services, and conducting commercial activities in this regard, including providing you with the necessary information,determining and implementing commercial and business strategies, and the Company and the Company's business The processing of personal data is necessary to ensure the legal and commercial security of individuals
involved in the relationship, to provide you with the necessary information within this scope, and to fulfil the
obligations arising from the nature of these activities. The personal information in question may be used to
contact you or to improve your experience on the Website or Mobile Application (e.g., managing the
communication management process, conducting satisfaction surveys, etc.), as well as for internal reporting
and business development
activities, as well as for various statistical evaluations, database creation, and market research without
disclosing your identity.
Your explicit consent is obtained in accordance with Article 6/1 of the Law for any actions that may constitute
sharing, displaying, or publicly disclosing photographs taken at events, and this consent is used solely for the
purpose of carrying out the aforementioned disclosure. The Company may process, store, and disclose such
information to third parties for the purposes of direct marketing, digital marketing, remarketing, targeting,
profiling, and analysis. The Company may also contact you to provide notifications regarding the promotion,
maintenance, and support of various applications, products, and services based on such information.
may also process and share personal data with third parties without obtaining your additional consent as the
Data Subject, in accordance with Articles 5 and 8 of the Law and/or where exceptions exist in the relevant
legislation. The main circumstances are listed below:• Where explicitly provided for by law,
• Where the individual is unable to express consent due to actual impossibility or where consent is not
legally valid, it is necessary to protect the life or physical integrity of the individual or another person,
• The processing of personal data is necessary for the establishment or performance of a contract between
the Data Subject and the Company,
• It is necessary for the Company to fulfil its legal obligations,
• Where the Data Subject has made the data public,
• Processing is necessary for the establishment, exercise, or defence of legal claims,
• It is necessary for the legitimate interests of the Company, provided that it does not harm the fundamental
rights and freedoms of the Data Subject. As stated above, the Company may use cookies and, in this
context, process data and may only transmit it to third parties to the extent required for the purposes of
processing within the scope of analysis services provided by third parties.
The aforementioned technical communication files are small text files sent by the Site to the Data Owner's
browser to be stored in the main memory. A technical communication file facilitates the use of the Site by
storing status and preference settings about a website. A technical communication file is designed to obtain
statistical information about how many people use websites over time, the purpose for which a person visits
any website, how many times they visit it, and how long they stay, and to help generate advertisements and
content dynamically from user pages specially designed for users.
for what purpose, how many times they visit it, and how long they stay, and to help dynamically generate
advertisements and content from user pages specially designed for users. Technical communication files
are not designed to retrieve any other personal data from the main memory. Most browsers are initially
designed to accept cookies, but users can always change their browser settings to prevent cookies from
being received or to be warned when cookies are sent.
Your personal data is obtained and processed through the FindPhoto platform (findphoto.ai), either fully or
partially by automated means, or by non-automated/physical means as part of a data recording system,
provided you have given your consent to share it.
Your personal data is processed with your explicit consent in accordance with Article 5/1 of Law No. 6698.
Additionally, if the conditions are met, your personal data may be processed in accordance with Article 5/2/c of
the Law for the establishment, performance, and termination of the contract to be concluded with you; in
accordance with Article 5/2/ç for the Company to fulfil its legal obligations; in accordance with Article 5/2/e for
the establishment, exercise, or protection of a right; and in accordance with Article 5/2/f
provided that it does not harm the fundamental rights and freedoms of the relevant persons.
Records of processing operations carried out with your explicit consent are automatically logged on the system
for the purpose of proving consent; the log records kept in this context are limited to the date and time of
consent, user ID information, transaction record, and IP information. These records are stored for at least one
(1) year in accordance with the data controller's obligation to provide evidence under the KVKK and are
securely deleted upon expiry of this period.
Photographic data (image data) processed within the scope of the event and biometric data processed for
facial scanning and matching purposes are stored for a maximum of 1 (one) year from the date of the event,
limited to the period required for the processing purpose; upon expiry of this period, they are irretrievably
deleted or anonymised.
Parties to Whom Your Personal Data May Be Transferred and the Purposes of Transfer Your personal data
may be transferred to the following parties in accordance with the purposes stated above and in compliance
with Articles 8 and 9 of Law No. 6698: shared with business partners, intermediary service providers, natural or
legal persons from whom services are obtained, suppliers, and consultants for purposes such as ensuring the
fulfilment of the processing Purposes explained above, sending commercial electronic communications,
processing, storing, and protecting data, provided that confidentiality agreements are in place to ensure
security.
in accordance with legal limits and to the extent necessary for the relevant process and purpose. Personal
data may be transferred to natural or legal persons established in Turkey, processed in Turkey, or transferred
abroad for processing and storage (to countries with adequate protection for personal data and/or to countries
without adequate protection, provided that the conditions specified in the KVKK are met). Furthermore,
personal data may be shared with public institutions or organisations authorised to request and receive such
data due to a legal requirement.Rights of the Data Subject as Listed in Article 11 of Law No. 6698 As data subjects, you have the following
rights:
• You have the right to learn whether your personal data has been processed,
• To request information regarding the processing of your personal data if it has been processed,
• To learn the purpose of the processing of your personal data and whether they are being used in accordance
with that purpose,
• To know the third parties to whom your personal data has been transferred within or outside the country,
• To request the correction of your personal data if it has been processed incompletely or incorrectly,
• Requesting the deletion or destruction of your personal data,
• To request that the processing of your personal data, its deletion or destruction be communicated
to third parties to whom your personal data has been transferred,
• Object to the analysis of your processed data exclusively by automated systems resulting in a decision
against you,
• You have the right to request compensation for any damage suffered as a result of the unlawful
processing of your personal data.
As personal data owners, you may contact the Company with your requests regarding your rights, and your request
will be resolved as soon as possible and within 30 (thirty) days at the latest, depending on the nature of the request.
If the process involves additional costs, you may be charged a fee according to the tariff determined by the Personal
Data Protection Board.
CAN YILMAZ - FINDPHOTO INDIVIDUAL COMPANY
DECLARATION OF TRANSFER OF PERSONAL DATA ABROAD UNDER THE PERSONAL DATA PROTECTION
LAW NO. 6698
In this Undertaking, Can Yılmaz – FindPhoto (Sole Proprietorship) as the data transferor and Amazon Web
Services EMEA SARL, established abroad as the data recipient, undertake to fulfil the obligations specified below in
accordance with Article 9(2)(b) of Law No. 6698.
1. Can Yılmaz – FindPhoto (Sole Proprietorship), as the data controller transferring the data,
undertakes to fulfil the obligations specified below:
a) Can Yılmaz – FindPhoto (Sole Proprietorship) undertakes that personal data has been processed and transferred
in accordance with Law No. 6698 and other relevant legislation.
b) Can Yılmaz – FindPhoto (Sole Proprietorship) has taken all necessary technical and administrative measures to
ensure an appropriate level of security commensurate with the nature of the personal data in order to prevent the
unlawful processing of personal data, prevent unlawful access to personal data, and ensure the protection of
personal data. It is also satisfied that the data recipient, Amazon Web Services EMEA SARL, has taken these
measures.
c) Can Yılmaz – FindPhoto (Sole Proprietorship) has informed the data recipient, Amazon Web Services EMEA
SARL, that the transferred personal data will be processed in accordance with Law No. 6698 and the provisions
of this agreement.
d) Can Yılmaz – FindPhoto (Sole Proprietorship) has informed the data recipient, Amazon Web Services EMEA SARL,
about Law No. 6698 and other relevant data protection regulations to which it is subject.
e) Can Yılmaz – FindPhoto (Sole Proprietorship) has informed the data recipient, Amazon Web Services EMEA SARL,
that it is obliged to notify them as soon as possible in the event that the transferred personal data is obtained by others
through unlawful means. Can Yılmaz – FindPhoto (Sole Proprietorship) will report this data breach to the relevant
parties and the Personal Data Protection Board as soon as possible.
f) Can Yılmaz – FindPhoto (Sole Proprietorship) will forward any notifications received from the data recipient,
Amazon Web Services EMEA SARL, to the Board in accordance with the relevant legislation.g) Can Yılmaz – FindPhoto (Sole Proprietorship) will immediately inform the Board of any issues arising from the data
recipient Amazon Web Services EMEA SARL's compliance with the provisions of this agreement as soon as possible.
h) Can Yılmaz – FindPhoto (Sole Proprietorship), the data recipient Amazon Web Services EMEA SARL, having
agreed to respond to queries from data subjects and the Board, shall, in the event that it is unable to do so, respond to
the data subject or the Board within a reasonable period of time based on all information and documents in its
possession.
i) Can Yılmaz – FindPhoto (Sole Proprietorship) may suspend data transfers or terminate the contract until the breach
is remedied if the data recipient, Amazon Web Services EMEA SARL, breaches its obligations under this contract.
j) Can Yılmaz – FindPhoto (Sole Proprietorship) shall notify the Board as soon as possible in the event of the
suspension of data transfer or termination of the contract.
k) Can Yılmaz – FindPhoto (Sole Proprietorship); the data recipient.....has the administrative and technical capability to
fulfil the obligations arising from these provisions
.
2. Can Yılmaz – FindPhoto (Sole Proprietorship); data recipient data controller undertakes that it has fulfilled and will
fulfil the following obligations:
a) Can Yılmaz – FindPhoto (Sole Proprietorship); has taken all necessary technical and administrative measures to
ensure an appropriate level of security commensurate with the nature of the personal data, in order to prevent the
unlawful processing of personal data, prevent unlawful access to personal data, and ensure the protection of
personal data.
b) Amazon Web Services EMEA SARL shall be jointly responsible with these persons for taking the measures specified
in clause (a) when personal data is processed on its behalf by another natural or legal person.
, it shall be jointly responsible with such persons for taking the measures specified in clause (a). Persons acting under
the authority of Can Yılmaz – FindPhoto (Sole Proprietorship), including data processors, shall process personal data
only and exclusively in accordance with the instructions received from the data recipient.
c) Can Yılmaz – FindPhoto (Sole Proprietorship) shall process personal data in accordance with Law No. 6698 and the
agreement between Amazon Web Services EMEA SARL. If compliance with the Law and the agreement cannot be
ensured for any reason, Can Yılmaz – FindPhoto (Sole Proprietorship) shall be immediately informed of the matter. In
this case, Can Yılmaz – FindPhoto (Sole Proprietorship) may suspend the data transfer and terminate the agreement.
d) Amazon Web Services EMEA SARL acknowledges, declares and undertakes that there is no national regulation
contrary to the agreement regarding the personal data to be transferred under the agreement. In the event of a
legislative change during the term of the contract that is likely to affect the data recipient's fulfilment of its obligations
under the contract, the situation shall be immediately reported to the authorised representatives of Can Yılmaz –
FindPhoto (Sole Proprietorship), and in this case, Can Yılmaz – FindPhoto (Sole Proprietorship) shall have the right
to suspend data transfer and terminate the contract.
e)Amazon Web Services EMEA SARL shall immediately notify Can Yılmaz – FindPhoto (Sole Proprietorship) of any
requests received from a judicial authority regarding transferred personal data. In such a case, Can Yılmaz –
FindPhoto (Sole Proprietorship) shall have the right to suspend or terminate the contract depending on the nature of
the request.
f) Amazon Web Services EMEA SARL shall respond to any queries received from Can Yılmaz – FindPhoto (Sole
Proprietorship) under the contract as soon as possible and in accordance with the procedure, and shall comply with
the decisions and opinions of the Board regarding the processing of personal data subject to transfer.g) Can Yılmaz – FindPhoto (Sole Proprietorship) shall have the authority to conduct and commission audits regarding
the fulfilment of commitments and obligations, and Amazon Web Services EMEA SARL shall provide the necessary
assistance in this regard.
h) In the event of termination of this agreement or expiry of its term, Amazon Web Services EMEA SARL shall, at the
discretion of Can Yılmaz – FindPhoto (Sole Proprietorship), return the personal data subject to transfer, together with
its backups, to the data exporter or completely destroy the personal data. If there are provisions in the legislation that
prevent the data recipient from fulfilling this obligation, Amazon Web Services EMEA SARL agrees to take the
necessary administrative and technical measures to ensure the confidentiality of the personal data subject to transfer
and to cease data processing activities.
i) Amazon Web Services EMEA SARL acknowledges that it possesses the administrative and technical capability
to fulfil its obligations arising from these provisions.
j) When performing the contracted service, Amazon Web Services EMEA SARL shall, in cases where it is required to
transfer the personal data subject to the contract to a subcontractor, inform Can Yılmaz – FindPhoto (Sole
Proprietorship) in a verifiable manner and obtain its consent. The contract to be concluded between Amazon Web
Services EMEA SARL and the subcontractor shall,
shall, at a minimum, include the terms of the contract between Can Yılmaz – FindPhoto (Sole Proprietorship) and
Amazon Web Services EMEA SARL and the provisions of this undertaking.
The data transferor, Can Yılmaz – FindPhoto (Sole Proprietorship), and the data recipient, Amazon Web Services
EMEA SARL,
undertake not to disclose the personal data they process to any third party in violation of the provisions of Law No.
6698 and not to use it for any purpose other than the processing purpose.
Data provider name:
First Name Last Name: Can Yılmaz
–FindPhoto (Sole Proprietorship)
Address: Barbaros mahallesi Şebboy sokak no4/1 inner door: 2 Ataşehir İstanbul Contact
Number: 05334086206
Email:hello@findphoto.ai
(Any other information required to make the
contract binding, if applicable.)
Signature/Stamp
On behalf of the data recipient:
Name Surname: Amazon Web Services EMEA SARL
Physical Address: Amazon Web Services EMEA SARL EMEA SARL
38 Avenue John F. Kennedy
L-1855 LuxembourgLuxembourg
Contact Number:
Email: privacy@amazon.com
(Any other information that must be specified
for the contract to be binding.)
Signature/Stamp
COMMITMENT ANNEX 1
Data subject group(s)
The personal data transferred relates to the following group(s) of persons (e.g. employee data, customer data):
…………………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………………
………………………………………………………………………………………………………………………
Data categories
data):
The personal data transferred relates to the data categories specified below (personal data or special category personal
…………………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………………
………………………………………………………………………………………………………………………
Purposes of data transfer
Data transfer is carried out for the purposes specified below:
…………………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………… Legal
basis for data transfer
……………………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………………
…………………..
Recipients and recipient groups
The personal data transferred may only be shared with the recipients specified below.
…………………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………………
………………………………………………………………………………………………………………………
Technical and administrative measures to be taken by the data recipient……………………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………………
………………………………………………………………………………
Additional measures taken for special category personal data
…………………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………………
…………………………………………………………………………………
Additional useful information
(Storage periods and related information)
…………………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………………
Contact person's contact details
……………………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………