Privacy Policy
Privacy Policy
Privacy Policy
PRIVACY AGREEMENT
1. INTRODUCTION AND SCOPE
This Privacy Policy applies to the www.findphoto.ai website (“Site”) and the FindPhoto mobile application (“Application”) operated by Can Yılmaz Sole Proprietorship (“Company”, “We”, “Data Controller”) and explains the terms and conditions regarding the processing of personal data shared by Site/Application users, members, and visitors (“Data Subject”) or obtained by the Company during your use of the Site/Application.
2. WHAT DATA DO WE PROCESS?
The following categories of personal data are processed in accordance with the Personal Data Protection Law No. 6698 ("KVKK", "Law") and the European General Data Protection Regulation ("GDPR"). Unless otherwise specified, the term "personal data" covers this information:
Identity and Contact Information: Name, surname, phone number, date of birth, gender, address, workplace information, email address.
User Information, User Transaction Information, and Financial Information: Membership information and membership ID; date/time you used the services; search terms and filtering preferences; preferences and ratings/reviews; pages visited; error logs generated during use; billing and payment information (e.g., receipt samples, invoice number/amount/cut-off date, etc.), balance information.
Location Information: Approximate or precise location obtained while using the services (e.g., GPS data).
Transaction Security Information: Session/open session information, password information (masked/cryptographic).
Marketing Information: Habit and preference reports, notification/segmentation/targeting information, **cookie** records, etc.
Complaint Management Information: Complaints and requests you create via the Site/Application.
Risk Management Information: IP address, device/cookie identifiers.
Face Scanning Information (May Contain Biometric Attributes): Hair information, face/facial posture, gender, age, beard/mustache status, makeup, facial expressions, emotional reflections, accessories, eye-mouth-nose alignment, identifying marks/spots.
User-Generated Content: Events and event information (name, location, date), shared photos.
Anonymous Data: Data rendered anonymous under Articles 3 and 7 of the KVKK is not considered personal data; the processing of such data may be carried out independently of this Policy.
3. OUR PROCESSING PURPOSES
Your personal data may be processed for the following purposes:
Service Provision: Creating/updating membership records, operating the Site/Application and related features; accessing and downloading event photos; purchasing and billing processes.
Service Improvement and Communication: Improving your experience, communication management, satisfaction measurement, fault/error detection and correction.
Commercial Activities and Strategy: Execution of business processes, reporting/analysis, introduction and notification of new services.
Security and Fraud Prevention: Account security, detection of fraudulent/unauthorized use, operational assessment.
Marketing/Profiling: Direct/digital marketing, remarketing, targeting, and analytics, subject to permission.
Legal Obligations: Requests from competent authorities, dispute management, and regulatory compliance.
Processing activities related to making photos taken during the event visible, matching them with other users, or sharing them publicly require your explicit consent in accordance with Article 6/1 of the Law. The explicit consent obtained in this context is used only for the specific purpose of such disclosure.
4. LEGAL BASIS (KVKK m.5-6 | GDPR m.6, m.9)
Processing may be carried out without your explicit consent in the following cases:
When explicitly provided for by law,
To protect life/physical integrity in cases of actual impossibility,
When it is necessary for the establishment/performance of a contract,
The Data Controller's legal obligation,
Disclosure by the Data Subject,
Establishment/exercise/protection of rights,
Legitimate interest (provided that it does not harm your fundamental rights and freedoms).
Biometric data (Face Scan Information) may be special category personal data. Such data will not be processed without your explicit consent and/or unless relevant exceptions apply. In activity-based flows, explicit consent is obtained separately.
5. SHARING/TRANSFER WITH THIRD PARTIES
Data may be shared with the following parties, limited to the purpose, limited to what is necessary, and with security measures in place:
Technology Infrastructure Providers: Cloud services (e.g., AWS S3, AWS Rekognition) for the secure storage/processing of photos and facial data.
Payment Institutions: Licensed service provider İyzico for purchase transactions. (FindPhoto does not store card data.)
SMS/Messaging Services: For verification and informational SMS messages (e.g., Netgsm).
Analytics and Advertising Technologies: Measurement and analytics services (e.g., Google Analytics) and permission-based marketing tools.
Business Partners/Suppliers/Customers: For service provision, support, and integration purposes.
Authorized Public Institutions and Organizations: In accordance with court decisions and legal requests.
These parties may store your data on servers located inside or outside Turkey. For transfers abroad, transfer mechanisms compliant with KVKK Article 9 and GDPR provisions (explicit consent, commitment letter/standard contract provisions, adequacy decisions, etc.) are applied.
6. USE OF COOKIES
We use cookies to improve the user experience, ensure the functioning and security of the Site/Application, and perform performance and analytics. You can block/delete cookies from your browser settings; however, in this case, some features may be limited.
6.1. Types of Cookies
Session Cookies: Active during your visit and deleted when the browser is closed.
Persistent Cookies: Stored on your device for a specific period to remember your preferences and provide better service.
Technical Cookies: Ensure the site functions properly and detect errors.
Authentication Cookies: Prevent you from having to log in again on every page.
Personalization Cookies: Remember your preferences, such as language.
Analytical Cookies: Generate statistics such as the number of visits, pages viewed, and scrolling movements.
Advertising/Targeting Cookies: May display behavioral and targeted ads (if permitted).
6.2. Google Analytics
Google Analytics may be used on our site; data may be stored on Google's servers outside the country. You can review Google's official pages for Google's data processing and privacy principles. If you wish, you can disable measurement with browser opt-out add-ons.
6.3. Cookie Preferences
You can manage cookies through your browser settings; you can block third-party cookies or delete all cookies.
7. RETENTION PERIODS
Face Data: Face data is permanently deleted 30 days after the relevant event ends. Log records related to explicit consent are automatically kept by the system as required by the data controller's obligation to provide proof under the KVKK, and are limited to the date and time of consent, user ID, IP information, and transaction record. These logs are stored for at least 1 year and are securely deleted at the end of that period.
Account Information (Photographer/Participant): Stored for as long as the account is active; deleted when the account is closed, subject to legal obligations.
Log and Traffic Data: 1 year, as required by law.
Accounting/Financial Data: Generally 10 years, as required by relevant legislation.
8. SECURITY MEASURES
Appropriate technical and administrative measures are implemented to prevent the unlawful processing and access of your personal data and to ensure the preservation of data; regular audits are conducted. The Company does not share your data with third parties for purposes other than those specified in the Policy, KVKK, and GDPR.
You may be directed to third-party applications/links from the Site; the Company is not responsible for the privacy policies of these external sites. We recommend that you review the relevant texts before visiting them.
9. SPECIAL PROVISIONS REGARDING FACE SCANNING INFORMATION
Face scanning/similar data may be considered special category data. Explicit consent is obtained during the collection phase. After collection, this data is not shared with third parties; however, statistical/anonymous outputs may be transferred to business partners in an anonymous and aggregated manner for the provision of the service.
Facial scanning and facial analysis data are processed solely for the purposes of matching event photos, locating photos belonging to the user, and providing the relevant service, and are not used for any other purpose.
10. YOUR RIGHTS (KVKK Art. 11 | GDPR Art. 12-22)
You have the following rights:
Requesting information and accessing data,
Rectification and updating,
Deletion/Right to be forgotten and restriction of processing,
Objection (to processing based on legitimate interests and profiling),
Data portability (for those covered by the GDPR),
Withdrawal of explicit consent (does not affect the lawfulness of processing prior to withdrawal).
11. APPLICATION PROCEDURE
To exercise your rights, you can send an email tohello@findphoto.ai or submit a written request. Your requests will be processed within a maximum of 30 days. Responses are free of charge; however, in cases where processing incurs costs, a fee may be charged in accordance with the rates set by the Personal Data Protection Board. If you are not satisfied with the response, you may file a complaint with the Personal Data Protection Authority.
12. DATA ACCURACY AND UPDATE OBLIGATION
As the Data Subject, you declare that the information you provide is complete, accurate, and up-to-date, and that you will update any changes immediately. The Company is not responsible for outdated information. Your requests to prevent the processing of your personal data may prevent you from fully benefiting from the Site/Application features.
13. CHANGES TO THE POLICY
This Policy may be updated from time to time to comply with changing conditions and legislation. Updates shall take effect on the date they are published on the Site.
COOKIE POLICY (DETAILS)
A. What is a Cookie?
Cookies are small text files placed on your device by the websites you visit. They are used for the operation, security, performance, and measurement of the website, as well as to remember your preferences.
B. Why Do We Use Them?
Functionality and performance,
Security and fraud prevention,
Analytics and improvement,
Personalization and (permission-based) advertising.
C. Main Cookie Categories Used on Our Site
Session/persistent cookies
Technical and authentication cookies
Personalization cookies (e.g., language preference)
Analytical cookies (visit/page/interaction statistics)
Advertising/targeting cookies (if permitted)
D. Google Analytics
Google Analytics helps collect statistical data, and the data may be stored on Google's servers outside the country. If you wish, you can disable it using the browser opt-out add-on. For details, please review Google's relevant pages.
E. How Can You Manage Cookies?
You can block third-party cookies, delete existing cookies, or set notification preferences in your browser settings. Disabling cookies may cause some Site/Application features to function with limitations.
CONTACT
Data Controller: Can Yılmaz Sole Proprietorship (findphoto.ai)
Address: BARBAROS MAH. ŞEBBOY SK. NO: 4/1, İÇ KAPI NO: 2, ATAŞEHİR / İSTANBUL
Phone: +90 (850) 346 54 38
Email: hello@findphoto.ai
Tax Office/No: Kozyatağı – 9680871303
Commercial Registry No: 1064578
MERSIS: 2842741684600001
Contact
Let us know how we can assist you
PRIVACY AGREEMENT
1. INTRODUCTION AND SCOPE
This Privacy Policy applies to the www.findphoto.ai website (“Site”) and the FindPhoto mobile application (“Application”) operated by Can Yılmaz Sole Proprietorship (“Company”, “We”, “Data Controller”) and explains the terms and conditions regarding the processing of personal data shared by Site/Application users, members, and visitors (“Data Subject”) or obtained by the Company during your use of the Site/Application.
2. WHAT DATA DO WE PROCESS?
The following categories of personal data are processed in accordance with the Personal Data Protection Law No. 6698 ("KVKK", "Law") and the European General Data Protection Regulation ("GDPR"). Unless otherwise specified, the term "personal data" covers this information:
Identity and Contact Information: Name, surname, phone number, date of birth, gender, address, workplace information, email address.
User Information, User Transaction Information, and Financial Information: Membership information and membership ID; date/time you used the services; search terms and filtering preferences; preferences and ratings/reviews; pages visited; error logs generated during use; billing and payment information (e.g., receipt samples, invoice number/amount/cut-off date, etc.), balance information.
Location Information: Approximate or precise location obtained while using the services (e.g., GPS data).
Transaction Security Information: Session/open session information, password information (masked/cryptographic).
Marketing Information: Habit and preference reports, notification/segmentation/targeting information, **cookie** records, etc.
Complaint Management Information: Complaints and requests you create via the Site/Application.
Risk Management Information: IP address, device/cookie identifiers.
Face Scanning Information (May Contain Biometric Attributes): Hair information, face/facial posture, gender, age, beard/mustache status, makeup, facial expressions, emotional reflections, accessories, eye-mouth-nose alignment, identifying marks/spots.
User-Generated Content: Events and event information (name, location, date), shared photos.
Anonymous Data: Data rendered anonymous under Articles 3 and 7 of the KVKK is not considered personal data; the processing of such data may be carried out independently of this Policy.
3. OUR PROCESSING PURPOSES
Your personal data may be processed for the following purposes:
Service Provision: Creating/updating membership records, operating the Site/Application and related features; accessing and downloading event photos; purchasing and billing processes.
Service Improvement and Communication: Improving your experience, communication management, satisfaction measurement, fault/error detection and correction.
Commercial Activities and Strategy: Execution of business processes, reporting/analysis, introduction and notification of new services.
Security and Fraud Prevention: Account security, detection of fraudulent/unauthorized use, operational assessment.
Marketing/Profiling: Direct/digital marketing, remarketing, targeting, and analytics, subject to permission.
Legal Obligations: Requests from competent authorities, dispute management, and regulatory compliance.
Processing activities related to making photos taken during the event visible, matching them with other users, or sharing them publicly require your explicit consent in accordance with Article 6/1 of the Law. The explicit consent obtained in this context is used only for the specific purpose of such disclosure.
4. LEGAL BASIS (KVKK m.5-6 | GDPR m.6, m.9)
Processing may be carried out without your explicit consent in the following cases:
When explicitly provided for by law,
To protect life/physical integrity in cases of actual impossibility,
When it is necessary for the establishment/performance of a contract,
The Data Controller's legal obligation,
Disclosure by the Data Subject,
Establishment/exercise/protection of rights,
Legitimate interest (provided that it does not harm your fundamental rights and freedoms).
Biometric data (Face Scan Information) may be special category personal data. Such data will not be processed without your explicit consent and/or unless relevant exceptions apply. In activity-based flows, explicit consent is obtained separately.
5. SHARING/TRANSFER WITH THIRD PARTIES
Data may be shared with the following parties, limited to the purpose, limited to what is necessary, and with security measures in place:
Technology Infrastructure Providers: Cloud services (e.g., AWS S3, AWS Rekognition) for the secure storage/processing of photos and facial data.
Payment Institutions: Licensed service provider İyzico for purchase transactions. (FindPhoto does not store card data.)
SMS/Messaging Services: For verification and informational SMS messages (e.g., Netgsm).
Analytics and Advertising Technologies: Measurement and analytics services (e.g., Google Analytics) and permission-based marketing tools.
Business Partners/Suppliers/Customers: For service provision, support, and integration purposes.
Authorized Public Institutions and Organizations: In accordance with court decisions and legal requests.
These parties may store your data on servers located inside or outside Turkey. For transfers abroad, transfer mechanisms compliant with KVKK Article 9 and GDPR provisions (explicit consent, commitment letter/standard contract provisions, adequacy decisions, etc.) are applied.
6. USE OF COOKIES
We use cookies to improve the user experience, ensure the functioning and security of the Site/Application, and perform performance and analytics. You can block/delete cookies from your browser settings; however, in this case, some features may be limited.
6.1. Types of Cookies
Session Cookies: Active during your visit and deleted when the browser is closed.
Persistent Cookies: Stored on your device for a specific period to remember your preferences and provide better service.
Technical Cookies: Ensure the site functions properly and detect errors.
Authentication Cookies: Prevent you from having to log in again on every page.
Personalization Cookies: Remember your preferences, such as language.
Analytical Cookies: Generate statistics such as the number of visits, pages viewed, and scrolling movements.
Advertising/Targeting Cookies: May display behavioral and targeted ads (if permitted).
6.2. Google Analytics
Google Analytics may be used on our site; data may be stored on Google's servers outside the country. You can review Google's official pages for Google's data processing and privacy principles. If you wish, you can disable measurement with browser opt-out add-ons.
6.3. Cookie Preferences
You can manage cookies through your browser settings; you can block third-party cookies or delete all cookies.
7. RETENTION PERIODS
Face Data: Face data is permanently deleted 30 days after the relevant event ends. Log records related to explicit consent are automatically kept by the system as required by the data controller's obligation to provide proof under the KVKK, and are limited to the date and time of consent, user ID, IP information, and transaction record. These logs are stored for at least 1 year and are securely deleted at the end of that period.
Account Information (Photographer/Participant): Stored for as long as the account is active; deleted when the account is closed, subject to legal obligations.
Log and Traffic Data: 1 year, as required by law.
Accounting/Financial Data: Generally 10 years, as required by relevant legislation.
8. SECURITY MEASURES
Appropriate technical and administrative measures are implemented to prevent the unlawful processing and access of your personal data and to ensure the preservation of data; regular audits are conducted. The Company does not share your data with third parties for purposes other than those specified in the Policy, KVKK, and GDPR.
You may be directed to third-party applications/links from the Site; the Company is not responsible for the privacy policies of these external sites. We recommend that you review the relevant texts before visiting them.
9. SPECIAL PROVISIONS REGARDING FACE SCANNING INFORMATION
Face scanning/similar data may be considered special category data. Explicit consent is obtained during the collection phase. After collection, this data is not shared with third parties; however, statistical/anonymous outputs may be transferred to business partners in an anonymous and aggregated manner for the provision of the service.
Facial scanning and facial analysis data are processed solely for the purposes of matching event photos, locating photos belonging to the user, and providing the relevant service, and are not used for any other purpose.
10. YOUR RIGHTS (KVKK Art. 11 | GDPR Art. 12-22)
You have the following rights:
Requesting information and accessing data,
Rectification and updating,
Deletion/Right to be forgotten and restriction of processing,
Objection (to processing based on legitimate interests and profiling),
Data portability (for those covered by the GDPR),
Withdrawal of explicit consent (does not affect the lawfulness of processing prior to withdrawal).
11. APPLICATION PROCEDURE
To exercise your rights, you can send an email tohello@findphoto.ai or submit a written request. Your requests will be processed within a maximum of 30 days. Responses are free of charge; however, in cases where processing incurs costs, a fee may be charged in accordance with the rates set by the Personal Data Protection Board. If you are not satisfied with the response, you may file a complaint with the Personal Data Protection Authority.
12. DATA ACCURACY AND UPDATE OBLIGATION
As the Data Subject, you declare that the information you provide is complete, accurate, and up-to-date, and that you will update any changes immediately. The Company is not responsible for outdated information. Your requests to prevent the processing of your personal data may prevent you from fully benefiting from the Site/Application features.
13. CHANGES TO THE POLICY
This Policy may be updated from time to time to comply with changing conditions and legislation. Updates shall take effect on the date they are published on the Site.
COOKIE POLICY (DETAILS)
A. What is a Cookie?
Cookies are small text files placed on your device by the websites you visit. They are used for the operation, security, performance, and measurement of the website, as well as to remember your preferences.
B. Why Do We Use Them?
Functionality and performance,
Security and fraud prevention,
Analytics and improvement,
Personalization and (permission-based) advertising.
C. Main Cookie Categories Used on Our Site
Session/persistent cookies
Technical and authentication cookies
Personalization cookies (e.g., language preference)
Analytical cookies (visit/page/interaction statistics)
Advertising/targeting cookies (if permitted)
D. Google Analytics
Google Analytics helps collect statistical data, and the data may be stored on Google's servers outside the country. If you wish, you can disable it using the browser opt-out add-on. For details, please review Google's relevant pages.
E. How Can You Manage Cookies?
You can block third-party cookies, delete existing cookies, or set notification preferences in your browser settings. Disabling cookies may cause some Site/Application features to function with limitations.
CONTACT
Data Controller: Can Yılmaz Sole Proprietorship (findphoto.ai)
Address: BARBAROS MAH. ŞEBBOY SK. NO: 4/1, İÇ KAPI NO: 2, ATAŞEHİR / İSTANBUL
Phone: +90 (850) 346 54 38
Email: hello@findphoto.ai
Tax Office/No: Kozyatağı – 9680871303
Commercial Registry No: 1064578
MERSIS: 2842741684600001
Contact