As the Turkish Green Crescent Society, we are committed to safeguarding all personal data collected, processed, stored, and archived from both internal stakeholders (such as the Board of Directors, Disciplinary Board, Supervisory Board, Scientific Committee, prospective employees, employees, their family members, prospective interns, interns, members, volunteers, donors, contracted staff, visitors to our facilities, and employees of subsidiaries) and external parties we engage with (such as government employees, clients, academics, potential and current suppliers, campaign participants, and other third parties). This commitment is in accordance with Law No. 6698 on the Protection of Personal Data (“KVKK”), and is based on the following eight principles:

Personal Data:

• Collected, processed, stored, and archived in compliance with the law and principles of good faith.
• Processed for specific, legitimate, and transparent purposes.
• Processed in a manner that is relevant, limited, and proportionate proportional to the intended purpose. 
• Ensured to be accurate and kept up to date; steps are taken to collect correct data and maintain its accuracy.
• Retained for the period prescribed by law or as long as necessary for the purposes for which they are processed
• Processed with consideration of the rights and requests of data subjects, in line with Article 11 of the law. Data subjects have the right to:
  • Request the deletion of data, inquire whether data is being processed, find out which third parties have received the data, and exercise the other rights outlined in Article 11.

Data subjects may submit requests concerning the enforcement of KVKK through the following methods:

• In person by visiting Sepetçiler Kasrı, Hocapaşa Mah. Kennedy Cad. No:3 Fatih/Istanbul, with a valid ID for identity verification.
• Via registered electronic mail to genelmudurlugu@hs01.kep.tr
• By notary submission to Sepetçiler Kasrı, Hocapaşa Mah. Kennedy Cad. No:3 Fatih/Istanbul.
• By completing the form accessible here or sending an email to info@yesilay.org.tr (For email submissions, a security question may be asked for identity verification).

Processing of Requests:

• Identity verification of the requester is conducted.
• The request is reviewed.
• It is determined whether the request falls into standard categories such as information requests, data modification, or data deletion.
• If it is a standard request, the relevant department is consulted to identify the group to which the data subject belongs (e.g., client, member, volunteer, donor, employee, or third party).

If a data subject requests the deletion or destruction of their personal data under Article 11 of KVKK, and if the conditions for data processing no longer exist, the data shall be deleted, anonymized, or destroyed.

Rights of Data Subject Under Article 11 of KVKK:

• To inquire whether their personal data is being processed.
• To request information about the processing of their personal data.
• To learn the purpose of data processing and verify whether their data is being used in accordance with that purpose.
• To request information on third parties, within or outside the country, to whom their personal data has been transferred.
• To request correction of incomplete or inaccurate data.
• To request the deletion or destruction of unlawfully processed data in accordance with KVKK or this policy.
• To request notification to third parties with whom their data has been shared regarding any corrections or deletions.
• To object to decisions made solely based on automated data processing that result in unfavorable
• To seek compensation for damages incurred due to the unlawful processing of personal data.

• Data Security: Appropriate technical and administrative measures are implemented to ensure the security of personal data during processing (including physical, environmental, and system-based safeguards).
• Data Sharing: Data is shared in compliance with legal exceptions or with explicit consent. The personal data of both internal and external parties is collected, processed, stored, and archived by our organization in accordance with these eight principles.
• Account Deletion: Requests for account deletion submitted electronically will be processed following the above procedures. If a request is canceled before completion, the process will be terminated accordingly.

Business Card Privacy Notice

At the Turkish Green Crescent Society (Yeşilay), we prioritize the protection of your personal data in accordance with our obligations as a data controller under the Personal Data Protection Law No. 6698. We are committed to ensuring the security of your personal information and aim to keep you informed about how your data is processed.

Purpose and Legal Grounds for Processing Your Personal Data

Your personal data, including your name, surname, phone number, email address, title, and company name, are processed in compliance with Law No. 6698 and relevant regulations. This data is collected and processed for the purpose of maintaining communication with you in your professional capacity and facilitating the delivery of gifts and flowers. The legal grounds for this processing include public disclosure (Article 5/2-d) and legitimate interest (Article 5/2-f) of the law.

Transfer of Personal Data

The Turkish Green Crescent Society may share your personal data, such as for the delivery of gifts or promotional items, with suppliers and third parties, in accordance with Articles 8 and 9 of the law.

Methods of Collecting Personal Data

We collect your personal data when you provide us with a business card directly or share your contact details with us through other means. Additionally, any personal data you share when contacting the Turkish Green Crescent Society through various channels will also be collected.

Your Rights Regarding Personal Data

As a data subject, you have the right to contact the Turkish Green Crescent Society in accordance with the Communiqué on Application Procedures and Principles to the Data Controller to request information about your personal data. We will respond to such requests within 30 days, free of charge, unless additional costs are incurred, in which case a fee may be charged in accordance with the official fee schedule set by the Personal Data Protection Board.

Mobile Application Privacy Notice

As the Turkish Green Crescent Society (Hereinafter referred to as "Yeşilay"), we are committed to safeguarding the security of your personal data, as defined under the Personal Data Protection Law No. 6698. This notice aims to inform you about how your personal information is processed.

Purpose and Legal Grounds for Processing Your Personal Data

In accordance with the Personal Data Protection Law No. 6698 and relevant regulations, your personal data is processed for specific purposes based on lawful grounds:

When you fill out the necessary fields in the "login" section of the "Bırakabilirsin" mobile app, your personal data, including name, surname, gender, phone number, mobile number, email address, date of birth, city of residence, and any photo you may upload, as well as your social media account details (e.g., Facebook, Instagram, Google), and smoking-related data (how long you've smoked, daily consumption, willingness to quit, previous attempts to quit, first cigarette of the day, motivation to avoid smoking in restricted zones, quitting goals, emotional triggers related to smoking, and spending habits associated with your quitting motivation), will be processed for the purpose of preventing tobacco addiction.

This data is collected to support our mission of preventing tobacco addiction and helping individuals overcome their smoking addiction. The app facilitates this by providing tools to aid in your cessation journey, managing your account, ensuring communication as needed for our activities, and updating you on relevant initiatives. Your data is processed based on the legal grounds of contract performance (Article 5/2-c) and legitimate interest (Article 5/2-f) under the law.

Transfer of Personal Data

Green Crescent may share your personal data strictly for the purposes outlined above, such as enabling the creation and use of your account on the "Bırakabilirsin" mobile app, sending verification messages or emails, and supporting tobacco cessation efforts. If required, your data may be shared with affiliated organizations, including related associations or foundations, the Turkish Green Crescent Foundation, Green Crescent Counseling and Marketing Inc., and third-party service providers, such as software partners necessary to provide these services. In cases where GREEN CRESCENT needs to protect its legal rights or fulfill statutory obligations, your data may also be shared with authorized public bodies or other third parties, as permitted under Articles 5/2-e and 5/2-ç of Law No. 6698.

Certain sections and processes within our mobile application may be shared by you on your social media accounts.

Methods of Collecting Personal Data

The Turkish Green Crescent Society collects your personal information when you enter details in the 'Log In' section of the "Bırakabilirsin" mobile application. This data collection occurs during the setup and ongoing management of your user account, as well as when you reach out to us.

Retaining Personal Data

In accordance with the law, your personal data shall be kept for a limited time for the abovementioned purposes and for legal grounds, after which it will be deleted. This information is maintained in various databases hosted on servers affiliated with the domain .

Your Rights Regarding Your Personal Data

As a data subject, you have the right to reach out to GREEN CRESCENT to exercise the following rights:

• To ascertain whether your personal data has been processed;
• To request relevant information regarding the processing of your personal data;
• To understand the basis for processing your personal data and whether it has been used for its intended purpose;
• To learn about any third parties, both domestic and international, to whom your personal data has been transferred;
• To request corrections in cases of incomplete or incorrect processing of your personal data, and to have any relevant third parties notified of these corrections;
• To seek the deletion or destruction of your personal data when the grounds for its processing are no longer valid, along with notifications to any relevant third parties;
• To object to any outcomes resulting from automated data analysis that negatively affect you;
• To request deletion or destruction of your personal data in accordance with Article 7 of the Law, with notifications to relevant third parties regarding these actions;
• To claim compensation for any losses incurred due to unlawful processing of your personal data.

Should you submit a request related to the above listed rights to GREEN CRESCENT, in accordance with the procedures stipulated in the Communique on the Procedures and Principles of Requests to the Data Controller, GREEN CRESCENT will conclude your request free of charge as soon as possible, and in any case, within 30 days at the latest, depending on the nature of your request. If such a transaction requires any additional costs, GREEN CRESCENT may charge you in accordance with the tariffs set by the Personal Data Protection Board.

For further details, please consult our Protection of Personal Data Policy at “https://www.yesilay.org.tr/en/”