Privacy Policy

Data Controller

Fatih Gedikli. Istanbul, Türkiye. info@yorigu.com.

Contact Form Data

When you submit the contact form, we collect the information you provide: name, email address, company name, phone number (optional), website (optional), product interest, and message content. This data is used to respond to your inquiry and to discuss potential deployment scope. The contact form uses Cloudflare Turnstile to verify that the submission is not automated.

Server Logs

When you visit this website, our infrastructure providers automatically log technical data such as IP address, browser type, request timestamps, and pages visited. This data is used for security, abuse prevention, and basic site operation. Log data is retained for up to 90 days.

Purposes and Legal Basis

Responding to inquiries and discussing deployment scope. Legal basis under GDPR Article 6(1)(f) (legitimate interest in responding to business inquiries). Under KVKK Article 5(2)(f), processing is necessary for the legitimate interests of the controller, provided this does not harm the fundamental rights and freedoms of the data subject.

Protecting the website from abuse, including bot traffic and denial of service attempts. Legal basis: legitimate interest under GDPR Article 6(1)(f) and KVKK Article 5(2)(f).

Maintaining basic operational logs. Legal basis: legitimate interest and, where applicable, legal obligation under GDPR Article 6(1)(c) and KVKK Article 5(2)(a).

Where consent is the legal basis for a specific processing activity (for example, newsletters, product updates, or other marketing communications), the consent is requested at the point of collection and described separately.

Service Providers

The following service providers process data on our behalf as data processors:

Cloudflare, Inc. (United States). Used for content delivery, DDoS mitigation, bot detection, and the Turnstile widget on the contact form.

Microsoft Ireland Operations Limited (Ireland) and Microsoft Corporation (United States). Used for email delivery via Microsoft 365 Exchange Online.

Google LLC (United States). Used for virtual machine hosting of the website.

We do not sell personal data. We do not use the data for advertising.

International Data Transfers

Some of the service providers listed above process data outside Türkiye and the European Economic Area, including in the United States. Transfers rely on the safeguards published by each provider. Cloudflare maintains certification under the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, and uses the European Commission's Standard Contractual Clauses for transfers where DPF certification is not available or sufficient. Microsoft and Google maintain equivalent safeguards under the same frameworks.

Retention Periods

Contact form submissions are retained for up to 24 months after the last interaction, then deleted unless a longer retention period is required by law or for an ongoing engagement. Technical logs are retained for up to 90 days. Service provider retention follows each provider's published policy.

Your Rights

Under KVKK Article 11 you have the right to: learn whether your personal data is processed; request information if your data has been processed; learn the purposes of processing and whether your data is used in accordance with those purposes; learn the third parties to whom your data has been transferred, whether in Türkiye or abroad; request correction of incomplete or inaccurate data; request deletion or destruction of your data under the conditions set out in Article 7 of KVKK; request that corrections, deletions, or destructions be communicated to third parties to whom your data has been transferred; object to a result against you reached solely through automated analysis of your data; claim compensation for damages arising from unlawful processing.

Under the GDPR (Articles 15 to 22) you also have the right to access your data, request rectification, request erasure, request restriction of processing, request portability of your data in a structured format, and object to processing carried out on the basis of legitimate interest. Where processing is based on consent, you have the right to withdraw that consent at any time without affecting the lawfulness of processing carried out before the withdrawal.

How to Exercise Your Rights

To exercise any of these rights, contact info@yorigu.com from the email address associated with your data. We respond within the periods required by applicable law: within one month under GDPR Article 12(3), extendable by up to two further months where the request is complex or numerous; within 30 days under KVKK Article 13.

Complaints

If you believe your rights have not been respected, you may file a complaint with the Turkish Personal Data Protection Authority (kvkk.gov.tr), or with the supervisory authority in your EU member state if you are based in the European Economic Area. You may also contact us first at info@yorigu.com.

Cookies

This website uses only functional cookies required for basic operation: session, language preference, anti-forgery, and bot protection cookies set by Cloudflare. We do not use advertising or tracking cookies. Because only strictly necessary cookies are used, no consent banner is displayed.

Changes to This Policy

This Privacy Policy may be updated. The latest version is always published on this page with the effective date at the top. Material changes will be communicated where required by law.