Privacy Notice

Information Text on Personal Data Processing (KVKK Law No. 6698 & GDPR (EU) 2016/679 Compliant)

1. Data Controller

This Privacy Notice is provided by Vadi Grafik Tasarım ve Reklamcılık Ltd Şti (the “Company”), acting as:

  • Data Controller under the Law on the Protection of Personal Data No. 6698 (KVKK)
  • Controller and/or Processor under the General Data Protection Regulation (EU) 2016/679 (GDPR), depending on the nature of processing

The Company operates in the printing and publishing sector, including pre-press, printing, post-press, storage, and logistics processes.

2. Scope of Processing – Industry-Specific Context

Due to the nature of printing services, the Company may process personal data:

  • Directly collected from customers, suppliers, and employees
  • Indirectly contained within print materials such as books, catalogues, labels, packaging, and other content

In such cases:

  • The customer acts as the primary data controller
  • The Company acts as a data processor and processes data only based on instructions

3. Categories of Personal Data Processed

3.1 Customer & Business Partner Data

  • Name, surname
  • Email, phone, address
  • Company name, title, tax information

3.2 Supplier & Logistics Data

  • Authorized person details
  • Delivery and shipment information
  • Banking/payment details

3.3 Print Content Data (Critical Industry Category)

  • Personal data included in print files (books, ID cards, certificates, labels, exam papers, etc.)

May include:

  • Identity data
  • Visual/audio materials
  • Special categories of personal data (if provided by the customer)

The Company does not determine the purpose of this data and processes it only on behalf of the customer.

3.4 Technical & Digital Data

  • IP address, website logs
  • File transfer records (FTP, cloud systems)
  • Access and authorization logs

4. Purposes of Processing

  • Printing and production processes
  • Pre-press and file preparation
  • Order management and logistics
  • Customer relationship management
  • Supplier and procurement management
  • Quality control and audits
  • IT security and monitoring
  • Legal compliance
  • Contract performance and after-sales services

5. Legal Basis (KVKK & GDPR Alignment)

Under KVKK:

  • Explicit consent
  • Contract performance
  • Legal obligation
  • Legitimate interest

Under GDPR:

  • Contractual necessity
  • Legal obligation
  • Legitimate interests
  • Explicit consent
  • Special category processing (Article 9)

6. Data Transfers

Personal data may be transferred to:

  • Business partners and subcontractors
  • Logistics companies
  • IT and cloud service providers
  • Auditors and legal advisors
  • Public authorities

International Transfers:

When data is transferred outside Türkiye or the EU:

  • Standard Contractual Clauses (SCCs)
  • Data transfer agreements
  • KVKK-compliant undertakings

Transfers are limited to:

  • Global publishing operations
  • Cross-border printing workflows
  • International client services

7. Data Retention and Destruction

Personal data is retained:

  • As required by law
  • As necessary for processing purposes

Print-related data:

  • Stored temporarily during production
  • Deleted or anonymized after completion

At the end of retention:

  • Data is deleted
  • Destroyed
  • Or anonymized

8. Data Security Measures

  • Role-based access control
  • Secure file transfer (SFTP, encryption)
  • File segregation
  • Employee confidentiality agreements
  • Physical security measures
  • Production monitoring
  • Secure disposal of print waste
  • Logging and audits

9. Rights of Data Subjects

Under KVKK:

  • Learn if data is processed
  • Request information
  • Request correction or deletion
  • Learn data transfers
  • Object to automated processing
  • Claim compensation

Under GDPR:

  • Access
  • Rectification
  • Erasure
  • Restriction
  • Data portability
  • Object
  • File a complaint

If the Company acts as a processor, requests are forwarded to the data controller.

10. Application Methods

Requests can be submitted via:

  • Written application
  • Registered email (KEP)
  • Secure email
  • Other legal methods

Response time:

  • 30 days (KVKK)
  • 1 month (GDPR)

11. Updates

This Privacy Notice may be updated based on:

  • Legal changes
  • Operational changes
  • Industry practices

The latest version will always be available through official channels.

Contact