Environmental & Social Information • Dec 26, 2024
Environmental & Social Information
Open in ViewerOpens in native device viewer
Bu doküman Genel olarak sınıflandırılmıştır. This document is classified as Public.
Aygaz Anonim Şirketi Personal Data Protection and Processing Policy
Aygaz A.Ş. Company All natural persons other than employees of Aygaz Anonim Şirketi whose personal data are processed by
Aygaz Anonim Şirketi Personal Data Protection Committee
Version: 2.0
Approved by: Aygaz A.Ş. Board of Directors
Effective Date:
26/12/2024
In case of any discrepancy between the Turkish language version of the Policy and any translation, the Turkish text should be taken into account.
© Aygaz Joint Stock Company , 2024
This document cannot be reproduced or distributed without the written permission of Aygaz Anonim Şirketi .
| 1. | CHAPTER 1 - INTRODUCTION 3 | |
|---|---|---|
| 1.1. ENTRANCE3 |
||
| 1.2. SCOPE3 |
||
| 1.3. IMPLEMENTATION OF THE POLICY AND RELATED LEGISLATION3 |
||
| 1.4. ENFORCEMENT OF THE POLICY 3 |
||
| 2. | CHAPTER 2 - ISSUES RELATING TO THE PROTECTION OF PERSONAL DATA 4 | |
| 2.1. ENSURING THE SECURITY OF PERSONAL DATA4 |
||
| 2.2. PROTECTION OF SPECIAL NATURE PERSONAL DATA 4 |
||
| 2.3. INCREASING AWARENESS AND SUPERVISION OF BUSINESS UNITS ON PROTECTION AND PROCESSING OF PERSONAL DATA4 |
||
| 3. | CHAPTER 3 - ISSUES RELATING TO THE PROCESSING OF PERSONAL DATA 5 | |
| 3.1. PROCESSING OF PERSONAL DATA IN ACCORDANCE WITH THE PRINCIPLES PROVIDED IN THE LEGISLATION 5 |
||
| 3.2. CONDITIONS FOR PROCESSING PERSONAL DATA 5 |
||
| 3.3. PROCESSING OF SPECIAL NATURE PERSONAL DATA7 |
||
| 3.4. INFORMATION OF PERSONAL DATA OWNER7 |
||
| 3.5. TRANSFER OF PERSONAL DATA7 |
||
| 4. | CHAPTER 4 - CATEGORIZATION OF PERSONAL DATA PROCESSED BY OUR COMPANY AND PURPOSES OF PROCESSING 9 |
|
| 5. | CHAPTER 5 - STORAGE AND DESTRUCTION OF PERSONAL DATA 9 | |
| 6. | CHAPTER 6 - RIGHTS OF RELATED PERSONS AND EXERCISE OF THESE RIGHTS 9 | |
| 6.1. RIGHTS OF THE RELATED PERSON 9 |
||
| 6.2. EXERCISE OF RIGHTS BY THE RELEVANT PERSON10 | ||
| 6.3. OUR COMPANY'S RESPONSIBILITY TO APPLICATIONS 10 |
||
| ADDITIONAL 1 – Purposes of Processing Personal Data 11 | ||
| ANNEX 2 – CONTACT PERSONS 12 | ||
| ANNEX 3 – Personal Data Categories 13 | ||
| ANNEX 4 – Third Parties to Which Personal Data is Transferred by Our Company and the Purposes of Transfe 15 |
Aygaz A.Ş. Company One of our most important priorities within the scope of our business activities as ("Aygaz" or "Company") is the protection of personal data. This Aygaz Anonim Şirketi Within the framework of the Personal Data Protection and Processing Policy ("Policy"), the principles adopted by our Company in carrying out personal data processing activities and the basic principles adopted in terms of the compliance of our Company's data processing activities with the regulations in the Personal Data Protection Law No. 6698 ("Law") are explained and detailed information regarding all personal data processing activities carried out by our Company is set forth, thus ensuring the necessary transparency by informing the relevant persons who are personal data owners. With the full awareness of our responsibility in this context, your personal data is processed and protected within the scope of this Policy.
The activities carried out by our Company regarding the protection of personal data of our employees are written in parallel with the principles in this Policy . Its employees are managed under the Personal Data Protection and Processing Policy.
This Policy is related to all personal data of persons other than our Company employees processed by the Company through automatic or non-automatic means provided that it is part of any data recording system. Detailed information about the persons to whom the personal data in question is related can be accessed in ANNEX 2 of this Policy (" ANNEX 2- Relevant Persons ").
The relevant legal regulations in force regarding the processing and protection of personal data will primarily be applied. In the event of any inconsistency between the current legislation and the Policy, our Company accepts that the current legislation will be applied. The Policy regulates the rules set forth by the relevant legislation by concretizing them within the scope of Company practices.
This Policy issued by our Company is dated 26.12.2024.
the Policy or certain articles are renewed, the effective date of the Policy will be updated. Aygaz Anonim Şirketi Personal Data Protection Committee is responsible for the updating and enforcement of this Policy and sub-policies related to this Policy . The Policy is published on our Company's website http://www.aygaz.com.tr/ and is made accessible to the relevant persons upon the request of personal data owners.
With the entry into force of this Policy , the Aygaz A.Ş. Personal Data Protection and Processing Policy dated 07.10.2016 has been repealed.
3
Our Company , in accordance with Article 12 of the Law , takes the necessary measures in line with the nature of personal data in order to prevent and preserve the unlawful processing, access, transfer or other security deficiencies that may occur. In this context, our Company takes administrative measures, carries out inspections or has them carried out, in accordance with the guidelines published by the Personal Data Protection Board (" Board ") to ensure the necessary level of security.
Sensitive personal data has been given special importance within the scope of the Law due to the risk of causing victimization or discrimination when processed unlawfully. According to Article 6 of the Law, "special nature" personal data are determined as race, ethnic origin, political opinion, philosophical belief, religion, sect or other belief, appearance and dress, membership in an association, foundation or union, criminal conviction and security measures, and biometric and genetic data (" Special nature personal data other than health and sexual life "), data related to health and sexual life (" Special nature personal data related to health and sexual life ").
The technical and administrative measures taken by our Company for the protection of personal data are taken within the scope explained in the Policy on Processing and Security of Personal Data of a Special Nature, within the framework of the sufficient measures stipulated in the Board's Decision No. 2018/10, dated 31/01/2018, in terms of special personal data, and the work carried out in this direction is monitored and audited within the framework of the audits carried out within our Company.
Detailed information on the processing of special personal data is provided in section 3.3 of this Policy .
Our company organizes the necessary trainings for the business units in order to increase awareness on preventing the unlawful processing of personal data, unlawful access to data and ensuring the preservation of data. The training and awareness activities organized by the company are based on the "Personal Data Security Guide" published by the Board on its official website.
The aim of the training and awareness activities carried out by our Company is to ensure that personal data processing activities of employees during the performance of their job duties are carried out in accordance with the Law and secondary legislation.
company establishes the necessary systems to raise awareness of current employees and new employees on the protection of personal data, and works with consultants when necessary. In this regard, our company evaluates participation in relevant trainings, seminars and information sessions, and organizes new trainings in parallel with the updating of the relevant legislation.
4
Personal data is processed in accordance with the principles of trust and honesty, without harming the fundamental rights and freedoms of individuals. Within this framework, personal data is processed to the extent and limited to the business activities of our Company.
Our company takes the necessary measures to ensure that personal data is accurate and up-to-date throughout the period it is processed, and establishes the necessary mechanisms to ensure the accuracy and up-to-dateness of personal data for certain periods.
Our company clearly states the purposes for which personal data is processed and processes personal data in line with its business activities and for purposes related to these activities.
Our company collects personal data only in the nature and to the extent required by its business activities and processes it limited to the specified purposes.
Our Company stores personal data for the period required for the purpose for which they are processed and for the minimum period stipulated in the relevant legal legislation. In this context, our Company first determines whether a period is stipulated in the relevant legislation for the storage of personal data, and if a period is specified, it acts in accordance with this period. If there is no legal period, personal data is stored for the period required for the purpose for which they are processed. At the end of the specified storage periods, personal data is destroyed in accordance with the periodic destruction periods or the application of the relevant person and with the specified destruction methods (deletion and/or destruction and/or anonymization).
Unless the relevant person gives explicit consent, the basis for personal data processing may be only one of the conditions specified below, or more than one condition may be the basis for the same personal data processing activity. If the processed data is special personal data, the conditions set out in heading 3.3 ("Processing of Special Personal Data") of this Policy shall apply.
One of the conditions for processing personal data is the explicit consent of the relevant person. The explicit consent of the relevant person must be related to a specific subject, based on information and expressed with free will.
If the personal data processing conditions listed below are met, personal data may be processed without the need for the explicit consent of the relevant person.
If the personal data of the relevant person is clearly stipulated in the law, in other words, if there is a clear provision in the relevant law regarding the processing of personal data, the existence of this data processing condition can be mentioned.
If the processing of personal data is necessary to protect the life or physical integrity of a person who is unable to give his consent due to a de facto impossibility or whose consent cannot be validated, or of another person, the personal data of the relevant person may be processed.
This condition may be deemed to be fulfilled if the processing of personal data is necessary, provided that it is directly related to the establishment or performance of a contract to which the relevant person is a party.
Personal data of the relevant person may be processed if processing is necessary for our company to fulfill its legal obligations.
If the relevant person has made his/her personal data public, the relevant personal data may be processed limitedly for the purpose of making it public.
If data processing is necessary for the establishment, exercise or protection of a right, the personal data of the relevant person may be processed.
Personal data of the relevant person may be processed if data processing is mandatory for the legitimate interests of our Company, provided that it does not harm the fundamental rights and freedoms of the relevant person.
Special personal data is processed by our Company in accordance with the principles set forth in this Policy and by taking administrative and technical measures with the methods described in the Special Personal Data Processing and Security Policy and in the presence of the following conditions:
In accordance with Article 10 of the Law and secondary legislation, our Company informs the relevant persons as the data controller about who processes their personal data, for what purposes, with whom it is shared and for what purposes, by what methods it is collected and the legal reason, and the rights of the relevant persons within the scope of processing their personal data.
Our company may transfer the personal data and special data of the relevant person to third parties (third party companies, group companies, third real persons) by taking the necessary security measures in line with the purposes of processing personal data in accordance with the law. In this regard, our company acts in accordance with the regulations stipulated in Article 8 of the Law. Detailed information on this subject can be found in Annex 4 of this Policy (" Annex 4 - Third Parties to Which Personal Data is Transferred by Our Company and the Purposes of Transfer ").
Even if the person concerned does not give his/her consent, if one or more of the data processing conditions specified below (" Data Processing Conditions ") are present, personal data may be transferred to third parties by our Company, taking all necessary care and taking all necessary security measures, including the methods prescribed by the Board.
Transfer of personal data by our Company for the limited purpose of publicity, provided that it has been made public by the relevant person,
The transfer of personal data by the Company is necessary for the establishment, exercise or protection of the rights of the Company or the relevant person or third parties,
The transfer of personal data abroad by our Company will be carried out in the manner explained below, depending on whether the country to which the transfer will be made is one of the safe countries determined by the Board or not.
is not one of the safe countries with sufficient protection declared by the Board. In the event that at least one of the Data Processing Conditions is met and in accordance with the basic principles set out in Article 4 of the Law , personal data may be transferred to third parties abroad in the following cases.
If the country to which the transfer will be made is one of the safe countries with sufficient protection declared by the Board ; personal data may be transferred if any of the Data Processing Conditions are present.
Special personal data may be transferred by our Company in accordance with the principles set forth in this Policy and by taking administrative and technical measures with the methods described in the Special Personal Data Processing and Security Policy and in the presence of the following conditions:
In our Company, personal data is processed in accordance with the general principles set forth in the Law, especially the principles set forth in Article 4 of the Law on the processing of personal data, based on and limited to at least one of the Data Processing Conditions, and in line with the personal data processing purposes that arise within the framework of the conduct of our Company's business activities. Detailed information on the purposes of processing personal data in question is included in ANNEX 1 of the Policy ("ANNEX 1 - Purposes of Processing Personal Data").
The personal data categories processed by our Company within the framework of its business activities and detailed information about the categories can be found in ANNEX 3 of the Policy (" ANNEX 3 - Personal Data Categories ").
Our company stores personal data for the period necessary for the purpose for which it is processed and for the minimum period stipulated in the relevant legal legislation. Our company first determines whether a period is stipulated in the relevant legislation for the storage of personal data, and if a period is specified, it acts in accordance with this period. If there is no legal period, personal data is stored for the period necessary for the purpose for which it is processed.
Personal data processed by our Company are considered on a categorical basis and maximum data retention periods are determined for each personal data category in line with the relevant data processing process. The mentioned periods are set out in the table in our Company's Personal Data Storage and Destruction Policy . At the end of the determined maximum retention periods, personal data are destroyed in accordance with the periodic destruction periods or the application of the relevant person and with the determined destruction methods (deletion and/or destruction and/or anonymization).
As personal data owners, the persons concerned have the following rights:
(4) To know the third parties to whom personal data is transferred, either domestically or abroad,
(5) To request correction of personal data if they are processed incompletely or incorrectly and to request notification of the transaction made to third parties to whom personal data has been transferred,
Relevant persons may submit their requests regarding their rights listed in section 6.1 (" Rights of the Relevant Person ") to our Company through the methods determined by the Board. In this regard, They can benefit from the " Relevant Person Application Form" which can be accessed from the address Aygaz\_Veri\_Sahibi\_Basvuru\_Formu.pdf .
Our company takes the necessary administrative and technical measures to finalize the applications made by the relevant person in accordance with the Law and secondary legislation.
the relevant person submits his/her request regarding the rights set forth in section 6.1 (" Rights of the Personal Relevant Person ") to our Company in accordance with the procedure, our Company will finalize the relevant request free of charge as soon as possible and within 30 (thirty) days at the latest, depending on the nature of the request. However, if the transaction requires an additional cost, a fee may be charged in accordance with the tariff determined by the Board.
| ADDITIONAL 1 – | Purposes of Processing Personal Data | |
|---|---|---|
| MAIN PURPOSES (PRIMARY) | SUB-OBJECTIVES (SECONDARY) | |
|---|---|---|
| Planning and executing our company's | Planning of human resources processes | |
| human resources policies and processes | Carrying out personnel recruitment processes | |
| Carrying out the necessary work by our | Monitoring of finance and accounting affairs | |
| relevant business units and carrying out | Planning and execution of corporate |
|
| the related business processes in order to | communication activities | |
| carry out the commercial activities carried | Planning and execution of production and | |
| out by the company. | operation processes Planning, auditing and execution of |
|
| information security processes | ||
| Creation and management of information | ||
| technologies infrastructure | ||
| Carrying out the necessary work by our | Planning and execution of sales processes of | |
| business units and carrying out the |
products and services | |
| relevant business processes to enable the relevant people to benefit from the |
Planning and execution of after-sales support | |
| products and services offered by the |
services activities | |
| company. | Planning and execution of customer |
|
| relationship management processes | ||
| Creation and follow-up of the customer's insurance process |
||
| Follow-up of customer requests and |
||
| complaints | ||
| Planning and execution of customer |
||
| satisfaction activities | ||
| Planning and execution of activities required to recommend and introduce the |
Planning and execution of market research | |
| products and services offered by the |
activities for sales and marketing of products | |
| company to the relevant people by |
and services | |
| customizing them according to their |
Planning and execution of processes to create | |
| tastes, usage habits and needs. | and increase loyalty to the products and services offered by the company |
|
| Planning and execution of marketing |
||
| processes of products and services | ||
| Ensuring the security of company premises | ||
| and facilities | ||
| Ensuring the legal, technical and |
Planning and execution of operational |
|
| commercial-occupational security of the | activities required to ensure that the |
|
| Company and the relevant persons who | Company's activities are carried out in |
|
| have business relations with the Company. | accordance with Company procedures and legislation. |
|
| Following up on legal affairs | ||
| Planning and execution of company audit | ||
| activities |
| CONTACT PERSON CATEGORIES |
EXPLANATION | |
|---|---|---|
| Customer | Real persons who use or have used the products and services |
|
| offered by our Company, regardless of whether they have any | ||
| contractual relationship with our Company. | ||
| Potential Customer | Natural persons who have requested or shown interest in |
|
| using our products and services or who have been assessed in | ||
| accordance with commercial practices and rules of integrity | ||
| as likely to have such interest. | ||
| Visitor | Natural persons who have entered the physical premises of | |
| our company for various purposes or visited our websites. | ||
| Third Party | Third party real persons related to these persons ( e.g. | |
| guarantor, family members and relatives) or other real | ||
| persons not covered by this Policy and Aygaz Anonim Şirketi | ||
| Employees Personal Data Protection and Processing Policy | ||
| in order to ensure the security of commercial transactions | ||
| between our Company and the above-mentioned parties or to | ||
| protect the rights of the said persons and to provide benefits. | ||
| Employee Candidate | Natural persons who have applied for a job in our company | |
| by any means or have made their CV and related information | ||
| available for review by our company. | ||
| Company Shareholder | Our company's shareholders are real persons. | |
| Company Official | Our company's board of directors members and other | |
| authorized real persons | ||
| Employees, Shareholders | Natural persons working in institutions with which our | |
| and Authorities of | company has any kind of business relationship (such as, but | |
| Institutions We | not limited to, business partners, dealers, authorized services, | |
| Collaborate With | suppliers), including shareholders and officials of these | |
| institutions. |
| EXPLANATION | ||
|---|---|---|
| These are data that contain information about the person's identity: | ||
| documents such as driver's license, identity card and passport that | ||
| contain information such as name- surname , Turkish identity number, |
||
| nationality information, mother's name-father's name, place of birth, | ||
| date of birth, gender, and tax number, SSI number, vehicle plate, etc. | ||
| Phone number, address, email , fax number | ||
| Information that determines the location of the relevant person while | ||
| using our products and services or while our employees and | ||
| employees of institutions we cooperate with are using our Company's | ||
| vehicles. | ||
| Information obtained and produced about the relevant person as a | ||
| result of our commercial activities and the operations carried out by | ||
| our business units within this framework. Family Members |
||
| Information about the family members and relatives of the relevant | ||
| person within the scope of our Company's operations and in relation | ||
| to the products and services we offer or to protect the legal and other | ||
| interests of the Company and the relevant person. | ||
| Information that clearly belongs to an identified or identifiable natural | ||
| person and is included in the data recording system; records regarding | ||
| the use of our products and services and the instructions and requests | ||
| required for the customer to use the products and services. | ||
| that clearly belongs to an identified or identifiable natural person and | ||
| is included in the data recording system; records and documents taken | ||
| at the entrance to the physical location, during the stay in the physical | ||
| location ; camera records, fingerprint records and records taken at the | ||
| security point , etc. | ||
| Your personal data (e.g. log records) processed to ensure our | ||
| technical, administrative, legal and commercial security while |
||
| conducting our commercial activities. | ||
| Personal data processed through methods used in accordance with | ||
| generally accepted legal, commercial practices and rules of integrity in these areas in order to manage our commercial, technical and |
||
| administrative risks. | ||
| Financial Information |
Personal data processed regarding information, documents and records showing all kinds of financial results created according to the type of legal relationship our company has established with the relevant person, which are clearly related to an identified or identifiable natural person, partially or fully processed automatically or non-automatically as part of the data recording system, and data such as bank account number, IBAN number, credit card information, financial profile, asset data, income information. |
||
|---|---|---|---|
| Personal | Any personal data processed to obtain information that will form the | ||
| Information | basis for the establishment of personal rights of real persons who have | ||
| a working relationship with our company. | |||
| Candidate Personal data processed regarding individuals who have applied to |
|||
| Information become employees of our company or who have been evaluated as |
|||
| candidates for employment in line with our company's human | |||
| resources needs in accordance with commercial customs and rules of | |||
| integrity or who have a working relationship with our company. | |||
| Special Personal Data regarding individuals' race, ethnic origin, political views, |
|||
| Data | philosophical beliefs, religion, sect or other beliefs, appearance and | ||
| dress, membership in associations, foundations or unions, health, | |||
| sexual life, criminal convictions and security measures, as well as biometric and genetic data. |
|||
| Marketing | Personal data processed for the customization and marketing of our | ||
| Knowledge | products and services in line with the usage habits, tastes and needs of | ||
| the relevant person, and the reports and evaluations created as a result | |||
| of this processing. | |||
| Request/Complaint | Personal data regarding the receipt and evaluation of any requests or | ||
| Management | complaints directed to our company. | ||
| Information | |||
| Audiovisual Data | Data contained in documents that are clearly of a natural person with | ||
| a known or identifiable identity, such as photographs and camera | |||
| recordings (excluding records falling within the scope of Physical | |||
| Location Security Information), voice recordings, and copies of | |||
| documents containing personal data. | |||
| Audit and | It means personal data processed during internal or external audit | ||
| Inspection | activities within the scope of our company's legal obligations and | ||
| Information | compliance with company policies. | ||
| Legal Action and | Personal data processed within the scope of determining and | ||
| Compliance | following our legal receivables and rights, fulfilling our debts, and | ||
| complying with our legal obligations and our Company's policies. |
may transfer the personal data of the relevant persons specified in this Policy to the following third party categories in accordance with Articles 8 and 9 of the Law :
The scope of the above-mentioned persons to whom the data is transferred and the purposes of data transfer are stated below.
| Persons to whom data | Definition | Purpose of Data |
|---|---|---|
| may be transferred | Transfer | |
| Business / Solution Partner |
• Dealers with whom we cooperate to sell our company's products or services in a certain region and carry out other transactions, |
Limited to ensure that the purposes for which the business partnership was established are fulfilled. |
| • Banks, telecommunication companies, insurance service providers that we cooperate with for purposes such as receiving services within the scope of conducting business activities, |
||
| • Tanı Pazarlama ve İletişim Anonim Şirketi, which our company has established a business partnership with for the purposes of selling, promoting and marketing our company's products and services, after-sales support, and executing joint customer loyalty programs while carrying out our company's commercial activities. |
| • SAP Turkey Yazılım Üretim ve Ticaret A.Ş., the service provider of the SAP platform whose servers are located abroad and which is used within the scope of fulfilling all kinds of obligations arising from your business relationship with our company, • Within the scope of carrying out recruitment activities; ELBA HR Human Resources Training and Consultancy Joint Stock Company, the provider of the Peoplise platform used to receive your job applications, is the cloud-based Success For the purpose of using the Factors software service, the relevant service provider located abroad is SAP SuccessFactors , and for the purpose of using the online testing platform for the purpose of implementing the general talent and personality inventory application, the service provider of the platform is Korn Ferry |
||
|---|---|---|
| Supplier | Setur Servis Turistik Anonim Şirketi and other parties that provide services to our Company in line with our Company's data processing purposes and instructions within the scope of carrying out our Company's commercial activities. |
Limited to the purpose of providing the services that our company outsources and requires to carry out its commercial activities. |
| Affiliates | Companies in which our company is a shareholder and controlled |
Limited to ensuring the execution of commercial activities that require the participation of our company's affiliates. |
| Our Shareholders | Our shareholders are authorized to design strategies and audit activities related to our Company's commercial |
Limited to the design of strategies and auditing purposes regarding our |
| activities in accordance with the |
Company's commercial |
|
|---|---|---|
| relevant legislation. | activities in accordance | |
| with the relevant |
||
| legislation. | ||
| Legally Authorized | Public institutions and organizations | Limited to the purpose |
| Public Institutions and | authorized to receive information and |
requested by the relevant |
| Organizations | documents from our Company in |
public institutions and |
| accordance with the relevant |
organizations within their | |
| legislation. | legal authority. | |
| For example; CMB, EPDK, |
||
| Competition Board etc. | ||
| Legally Authorized | It refers to institutions or organizations | Personal data is shared on |
| Private Law Persons | (e.g. independent auditors, notaries) | a limited basis regarding |
| that are established in accordance with | issues that fall within the | |
| certain conditions determined by law | scope of the activities |
|
| in accordance with the relevant |
carried out by relevant | |
| legislation and continue their activities | private institutions and |
|
| within the framework determined by | organizations. | |
| law. | ||
| Koc Holding A.S. | Koc Holding A.S. | Limited to ensuring the |
| execution of corporate |
||
| communication, strategic | ||
| planning, commercial and | ||
| auditing activities that |
||
| require the participation | ||
| of Koç Group |
||
| Companies. | ||
| Koç Group Companies | Koç Group Companies from the list at | If the data owner gives |
| www.koc.com.tr. | explicit consent, it may be | |
| used for limited |
||
| evaluation purposes in |
||
| other Koç Group |
||
| Companies during |
||
| recruitment processes. | ||
| Company Board | Company Board Members | Limited to the purpose of |
| Members | carrying out the activities | |
| of the Board of Directors | ||
| of the Company | ||
Building tools?
Free accounts include 100 API calls/year for testing.
Have a question? We'll get back to you promptly.