Protecting the data you share with us during your visits to the website or mobile applications as a visitor, user or customer is important to us. For this reason, we have prepared this Privacy Policy (“Policy”) for you.

When you use our website or digital applications as a visitor, user or customer, your IP address and location are logged along with the date and time you entered the site. This information is used to analyze your use of the portals and the needs of our users and is not shared with third parties. The IP information of our website or mobile application visitors is not used to determine their identities.

Other confidential information, including your personal data, will not be transferred to or shared with third parties outside the purpose and scope determined by this Policy.

We adopt an approach that is fully compliant with internationally accepted privacy protection standards in protecting the privacy of our visitors, users and customers and providing a secure experience in providing information and in the use of personal information.

1. Your personal data you share with us

When you use and visit our website or mobile applications by becoming a member or when you register for our electronic newsletters, you share your personal data with us.

1.1. Personal data you provide to us
You share information such as your name, surname, e-mail address, home and mobile phone numbers, home address, credit card information, location information, accounts, profiles and media files on your mobile device with us when you register, contact customer service or use any of our products or services.

1.2. Your personal data that we collect automatically
Our services, advertisements, frequency of interaction with us, information and data regarding the devices you use, frequency of service use, category preferences, time, conversation records, information or date of the phone number or date of the person making the call, browser and log information collected through cookies, and voice recordings within the scope of your conversations with our customer services are automatically collected with the help of our programs and software. For more detailed information regarding cookies, we recommend that you review Article 6 of this Policy and our Cookie Policy on our website.

2. Our purposes for using your personal data

Sharing your information will allow us to provide you with products and services as needed, to provide more responsive service, and to improve our websites. The data you share with us or that we automatically collect from you includes, but is not limited to, the following:

· To provide personalized services to our visitors, users and customers and to increase user satisfaction by improving the user experience,
· To communicate with our visitors, users or customers to the extent they allow us to do so, and to inform them about our services and campaigns,
To monitor the technical functions of the website and mobile applications and ensure that they operate as required,
· To use for advertising sales purposes so that our visitors, users and customers can continue to benefit from the website and mobile applications free of charge,
· To send you our publications,
· To send newsletters or notifications via e-mail,
Answer your questions and provide effective customer service,
To inform you about our new services,
· conducting direct marketing through the website and mobile applications or through collaborators,
· To use in various statistical evaluations, database creation and market research without revealing the identity of our visitors, users or customers,
· Identifying system-related problems and promptly resolving any issues that may arise on the website or mobile applications,
· To develop and improve our services by analyzing visitor, user or customer experience and to increase content and product diversity,
· To communicate with you regarding our services (instant message, e-mail, other online and offline messages/push notifications), to offer you options in line with your preferences and likes, to provide you with technical support in case you encounter technical infrastructure problems, to share with you current developments and product recommendations regarding the products you follow;
· To take technical and legal measures regarding our products and services (for example, to prevent the sharing of illegal content)
· If you use our services from your mobile device or mobile application, you may be asked to share your geographic location information. In this way, in order to personalize your location information on our own digital platforms or in cases where we cooperate with third parties, and in cases where you share information about your geographic location, to provide you with content or related advertisements and services according to the region or country you are in, to respond quickly to your needs and produce solution suggestions, your account or;
· It is used for advertising sales purposes so that our visitors, users and customers can continue to benefit from our websites and mobile applications free of charge.

2.1. Data you share with us through our website or mobile applications

You may choose to share your information with us through various online channels, such as when you become a member or register through the website and mobile applications, or by signing up for an electronic newsletter. You may share your personal data with us by contacting one of our customer service representatives via e-mail, phone or letter. Sometimes we may also obtain your personal information from third parties outside of us. This may be in the form of an acquisition of a company you are a customer of, or the disclosure of your personal information by one of our partner companies, provided that your explicit consent is obtained by such companies.

It is also possible to register on the website without entering information such as name, surname, date of birth, e-mail address, etc. through your accounts on social networks such as Facebook, Twitter and Instagram. If you choose to register for our services via social networks within the scope of this Policy, you authorize us to process, transfer and store the data sent to us by the social networks in question. It is recommended that you check the current list of third parties to whom we transfer your data and review Article 3 of this Policy.

If you choose to disclose your information or personal data to the public (e.g., write comments, vote, give ratings, give advice and express your thoughts) and share it in a way that other visitors or users can access and see (e.g., your photo, name, surname, date of birth, nickname)), it will be considered disclosed by you and we may use it for statistical, advertising or promotional purposes without your explicit consent. We have no responsibility in cases where your disclosed personal data is used by third parties or other sites.

2.2. Data you share with us as a visitor through our website or mobile applications

If you visit our website or digital platforms without registering, we may collect information about your digital behavior (such as the number of clicks, the frequency of opening tabs or topics of interest), your IP address and the devices you use. This information is collected solely for analysis and statistical purposes without allowing the identification of individuals.

3. Sharing of Data

Your personal information may be transferred to the real or legal persons it cooperates with, limited to the presentation of products and services; and you may be contacted about our special product options or opportunities. It may also use your personal information for statistical purposes and may share it with real or legal persons it cooperates with only for the purpose of conducting these studies. We receive information about the frequency and manner of use of our website through cookie files. You may terminate this information sharing by changing your internet browser settings at any time. For more detailed information, please review Article 6 of this Policy.

3.1. Sharing personal data with cooperating real or legal persons

In partnership with legal entities or real persons with whom it cooperates, it may sell you a product or provide you with a service. In such cases, you will be informed in advance about the existence of such a partnership and who our partner is before you register through membership forms, electronic bulletins, etc.

It does not sell or share your personal data with third parties in a way that would allow them to use it for their own purposes.

4. Links provided by our website or mobile applications to third party websites or mobile applications

We may provide links to third party websites, portals or mobile applications on our website or mobile applications. However, we have no responsibility for the implementation of the privacy policies of third parties on these sites. Privacy policies on websites or mobile applications belonging to other parties may differ from this Policy. Therefore, it is recommended that you review the privacy policies and personal data processing policies of third parties.

5. Protecting the confidentiality of the information you share with us

We are aware of our responsibility to protect the information you entrust to us. We take measures to keep the personal data you share with us confidential, to keep them as trade secrets and to prevent the disclosure of your data to unauthorized third parties or the public regarding the maintenance of the confidentiality of confidential information. It is recommended that you review the Personal Data Processing and Protection Policy on our website for the administrative and technical measures we take.

5.1. Security

As; we undertake to take the most comprehensive and appropriate preventive security measures by analyzing the current information and data values ​​and risk status in order to protect your information, including your personal data, in the light of current technological developments, including secure databases, servers, firewalls (security software) and encryption of e-mail information, and to notify the personal data owner and the competent administrative authorities as soon as possible in the event that any user's information is stolen, deleted from the system or changed as a result of a cyber attack by third parties.

6. Data Collected via Cookies and Beacon (Location Requested Advertising Application)

The Cookies (“Cookies”) included within the scope of this Policy are valid for websites and mobile platforms operated by, platforms accessed and used through third party programs or websites.

Cookies are small pieces of data placed on devices (computer, phone, tablet) for the proper functioning of a website, improving user experience, developing and optimizing the site, providing more appropriate, interest-based advertising, and providing an attractive and personalized website/application and advertising portfolio for visitors.

Your usage information regarding websites and mobile applications is obtained with the mentioned Cookies. Cookies facilitate the use of the internet by storing the status and preferences about a website. Cookies help to obtain statistical information about how many people use the websites and mobile platforms operated by, for what purpose, how many times a person visits the websites and mobile platforms and how long they stay, and to dynamically generate advertisements and content from user pages specially designed for users.

Cookies are not designed to retrieve data or any other personal information from the main memory or e-mail. Most browsers are initially designed to accept Cookies, but users can change the settings to prevent receiving Cookies or to be notified when Cookies are sent. Unless the visitor or user changes these settings, they are deemed to have given their explicit consent to the use of Cookies.

We may use technologies such as cookies and beacons and place them on your device. If you do not accept technologies and packages such as cookies, websites and mobile platforms may not perform the functions you expect or disruptions may occur.

We may share data collected via cookies with third parties for advertising purposes. For more detailed information, please review our Cookie Policy on our website.

7. Management of Your Information

If you contact us and indicate that you do not want our data to be stored, we undertake to delete, destroy or anonymize the data that is not necessary for the operation of our system and that we are not obliged to keep due to legal obligations or for which the periods stipulated by law for storage have expired, under the conditions and methods stipulated in the relevant legislation.

With the support you will give us, we will keep your personal information up-to-date and accurate in light of technological possibilities. You can request your other rights under the Personal Data Protection Law, including which personal data we keep about you in our databases, by sending an e-mail to the e-mail address in accordance with the procedure specified in the Personal Data Processing and Protection Policy on our website.

8. Blocking of electronic messages

You can opt out of the e-mail or instant message services we send you for marketing or advertising purposes at any time, using the methods provided in the messages. In this case, your personal data in our databases will be deleted, destroyed or anonymized unless otherwise provided by legislation. For detailed information on these processes, you can review the Personal Data Processing and Protection Policy on our website.

9. Children

As, all our departments, including the real and legal persons we cooperate with, are aware of the sensitivity of your children's personal data and we show the highest level of care in protecting this data. Sharing your child's personal data with us is the responsibility of the parent or legal representative. You can contact us via e-mail for your child's personal data, including personal data shared without the parent/legal representative's approval.

We do not knowingly process data from users under the age of 18, and we recommend that parents take an active role in supervising their children's online activities.

10. Changes to our Policy

Our policy is published at for easy access and information of our customers. , may change its other policies, including this Policy, unilaterally, without prior notice to its users, subscribers or visitors.

Our policies come into effect from the date they are published on the address. For this reason, we recommend that you follow the Policy updates.

11. Applicable Law, Competent Courts and Enforcement Offices

This Privacy Policy is subject to the laws of the Republic of Turkey. Istanbul Çağlayan Courts and Enforcement Offices are authorized to resolve any disputes that may arise from the implementation of the Privacy Policy.

12. Communication Permission

By accepting this Privacy Policy, you have allowed the collection, storage, processing, use and transfer to third parties with whom you have a contractual relationship, of your personal data that you have consented to be shared with us, for the purpose of providing and offering you various advantages and for making all kinds of electronic communication for special promotions, advertisements, sales, marketing, surveys and similar purposes via telephone, short message (SMS), electronic mail and similar means and sending other communication messages.

PROTECTION AND PROCESSING OF PERSONAL DATA

POLICY


2018

1. PURPOSE

As; our priority is to process the personal data of real persons including our customers, consumers, suppliers and employees in accordance with the Constitution of the Republic of Turkey and international agreements on human rights to which our country is a party and the relevant legislation, primarily the Personal Data Protection Law No. 6698 (“LPPD”), and to ensure that the rights of the relevant persons whose data are processed are effectively exercised.

For this reason, we carry out the processing, storage and transfer of all personal data regarding our employees, visitors, business contacts, business partners, customers, suppliers, consumers, users visiting our website, in short, all personal data we obtain during our activities, including but not limited to those listed, in accordance with the Personal Data Protection and Processing Policy (“Policy”).

The protection of personal data and the protection of the fundamental rights and freedoms of real persons whose personal data is collected are the basic principles of our policy regarding the processing of personal data. Therefore, we carry out all our activities in which personal data is processed by observing the protection of privacy, confidentiality of communication, freedom of thought and belief, and the right to use effective legal remedies.

We take all administrative and technical protection measures required by the nature of the relevant data in accordance with legislation and current technology to protect personal data.

This Policy explains the methods we follow regarding the processing, storage, transfer and deletion or anonymization of personal data shared during our commercial or social responsibility and similar activities within the framework of the principles referred to in the KVKK.

2. SCOPE

All personal data processed by the Company, including our customers, consumers, business contacts, business partners, employees, suppliers, potential customers, and third parties, are within the scope of this Policy.

Our policy is applied to all activities related to the processing of personal data owned or managed by the Company and has been prepared and handled in accordance with the KVKK and other relevant legislation on personal data and international standards in this field.

3. DEFINITIONS AND ABBREVIATIONS

In this section, special terms and expressions, concepts, abbreviations, etc. used in the Policy are briefly explained.

3.1.

3.2. Explicit Consent: Approval given on a specific subject, based on information and free will, with clarity that leaves no room for hesitation, and limited only to that transaction.
3.3. Anonymization: Making personal data in a way that it cannot be associated with an identified or identifiable natural person, even when matched with other data.
3.4. Employee: Company Personnel.
3.5. Personal Data Owner (Relevant Person): The natural person whose personal data is processed.
3.6. Personal Data: Any information relating to an identified or identifiable natural person.
3.7. Special Personal Data: Data regarding individuals' race, ethnic origin, political opinion, philosophical belief, religion, sect, or other belief, appearance and dress, membership in associations, foundations or unions, health, sexual life, criminal convictions, and security measures, as well as biometric and genetic data.
3.8. Processing of Personal Data: Any operation performed on personal data, such as obtaining, recording, storing, changing, reorganizing, disclosing, transferring, taking over, making available, classifying or preventing the use of personal data, in whole or in part, by automatic means or non-automatic means provided that it is part of any data recording system.
3.9. Data Processor: Natural or legal person who processes personal data on behalf of the data controller based on the authority granted by the data controller.
3.10. Data Controller: The natural or legal person who determines the purposes and means of processing personal data and is responsible for establishing and managing the data recording system.
3.11. KVK Board: Personal Data Protection Board.
3.12. KVK Authority: Personal Data Protection Authority.
3.13. KVKK: Personal Data Protection Law published in the Official Gazette dated April 7, 2016 and numbered 29677.
3.14. Policy: Personal Data Protection and Processing Policy.

4. ROLES AND RESPONSIBILITIES

E-Commerce Manager: The natural or legal person who determines the purposes and means of processing personal data and is responsible for establishing and managing the data recording system. The natural or legal person who processes personal data.
E-Commerce Expert: A natural or legal person who processes personal data on behalf of the data controller based on the authority granted by the data controller.

5. LEGAL OBLIGATIONS

As a data controller, legal obligations regarding the protection and processing of personal data in accordance with the KVKK are listed below:
5.1. Our obligation to inform
While collecting personal data as the Data Controller;

➢ The purpose for which your personal data will be processed,
➢ Information regarding our identity and the identity of our representative, if any,
➢ To whom and for what purpose your processed personal data may be transferred,
➢ Our method of collecting data and its legal basis,
➢ We have the obligation to inform the Data Subject about the rights arising from the law.

As a company, we take care to ensure that this Policy, which is open to the public, is clear, understandable and easily accessible.

5.2. Our obligation to ensure data security
As the Data Controller, we take administrative and technical measures as required by the legislation to ensure the security of personal data in our possession. Obligations and measures taken regarding data security are detailed in sections 9 and 10 of this Policy.

6. CLASSIFICATION OF PERSONAL DATA
6.1. Personal data
Personal data is any information relating to an identified or identifiable natural person.

The protection of personal data is only related to natural persons, and information belonging to legal entities that does not contain information about natural persons is excluded from personal data protection. Therefore, this Policy does not apply to data belonging to legal entities.

6.2. Special personal data
Data regarding individuals' race, ethnic origin, political opinion, philosophical belief, religion, sect or other belief, appearance and dress, membership in associations, foundations or unions, health, sexual life, criminal convictions and security measures, as well as biometric and genetic data are special personal data.

7. PROCESSING OF PERSONAL DATA
7.1. Our principles for processing personal data
We process personal data in accordance with the principles set out below.
7.1.1. Processing in accordance with law and rules of integrity
We process personal data in accordance with the rules of integrity, transparency and within the framework of our obligation to inform.
7.1.2. Ensuring that personal data is accurate and up-to-date when necessary
We take the necessary measures in our data processing procedures to ensure that the processed data is accurate and up-to-date. We also provide the Personal Data Owner with the opportunity to contact us to update their data and correct any errors in their processed data.
7.1.3. Processing for specified, explicit and legitimate purposes
As a company, we process personal data for our legitimate purposes, the scope and content of which are clearly defined, in order to carry out our activities within the framework of legislation and the normal course of commercial life.
7.1.4. Personal data must be connected, limited and proportionate to the purpose for which they are processed.
We process personal data in a limited and proportionate manner, in connection with the purpose we have clearly and precisely determined.
We avoid processing personal data that is not relevant or does not need to be processed. Therefore, we do not process special personal data unless there is a legal requirement, or when we do need to process it, we obtain explicit consent.
7.1.5. Storage of personal data for the duration prescribed by legal regulations and for our legitimate commercial interests.
Many regulations in the legislation require personal data to be stored for a certain period of time. For this reason, we store the personal data we process for the period stipulated in the relevant legislation or necessary for the purposes for which personal data is processed.
We delete, destroy or anonymize personal data when the retention period stipulated in the legislation expires or the purpose of processing ceases to exist. Our principles and procedures regarding retention periods are detailed in Article 9.1 of this Policy.
7.2. Our purposes for processing personal data
As a company, we process personal data for purposes similar to, but not limited to, the following:
➢ Carrying out our activities,
➢ Providing support services to customers within the scope of the contract and service standards,
➢ Determining the preferences and needs of our customers and shaping, personalizing and updating the services to be provided to our customers within this scope,
➢ To ensure that our legal obligations are fulfilled as required or made mandatory by legal regulations,
➢ To be able to conduct market research and statistical studies,
➢ Surveys, competitions, promotions and sponsorships,
➢ Organizing events,
➢ To evaluate job applications,
➢ To contact people who have business relations with the company,
➢ Marketing,
➢ Compliance management,
➢ Vendor / supplier management,
➢ Advert,
➢ Legal reporting,
➢ Billing.

7.3. Processing of special personal data

Special personal data is processed by us by taking the administrative and technical measures prescribed by the laws and the Personal Data Protection Board, if there is explicit consent, or in cases where the legislation makes it mandatory.
Since special personal data related to health and sexual life can be processed by persons or authorized institutions and organizations under a confidentiality obligation for the purposes of protecting public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and their financing, we do not process them except for the data of our employees. Such data belonging to our employees can be processed by the persons specified in the laws.

7.4. Processing of personal data within the scope of other memberships

If you become a member of our website or one of the programs we offer for purposes such as becoming a member of our programs, benefiting from our campaigns, being informed about the advantages we offer, etc., we collect your personal data through membership forms, process and transfer the personal data you share.

7.5. Processing of personal data collected through cookies on our website

We use cookies to improve the way our website works and your use, and to make your time on our website more productive and enjoyable. In addition, we use some cookies to remember your preferences on our website, thus providing you with an improved and personalized experience.

We may collect your personal data through cookies on our website, process, transfer and store the data we collect.

If you do not want your personal data to be collected and processed through cookies, you can reject cookies on our website. We would like to remind you that if you reject cookies, our website may not function properly and there may be disruptions in the display or delivery of goods and services.

You can review our "Cookie Policy" for detailed information about the cookies we use on our website.

7.6. Exceptional cases where explicit consent is not required for the processing of personal data

We may process personal data without obtaining explicit consent in the exceptional cases listed below and arising from the law:

➢ It is clearly stated in the laws;
➢ The processing of personal data of the parties to a contract is necessary, provided that it is directly related to the establishment or performance of a contract;
➢ Data processing is necessary for the establishment, exercise or protection of a right;
➢ It is mandatory for us to process your data for our legitimate interests as the data controller, provided that it does not harm fundamental rights and freedoms.

Exceptional cases where special personal data may be processed without the explicit consent of the Data Subject are specified in Article 7.3 of this Policy.

8. TRANSFER OF PERSONAL DATA

8.1. Transfer of personal data within the country

As a company, we act in accordance with the decisions and regulations stipulated in the KVKK and made by the KVK Board regarding the transfer of personal data.

Save for the exceptional cases included in the legislation, personal data and special data will not be transferred to other natural persons or legal entities without the explicit consent of the Relevant Person.

In exceptional cases stipulated by the KVKK and other legislation, data may be transferred to the authorized administrative or judicial institution or organization in the manner and within the limits stipulated in the legislation, without the explicit consent of the Data Subject.

In addition, in exceptional cases stipulated by the legislation;

➢ In the cases explained in Article 7.6 of the Policy,
➢ In the cases listed in Article 7.3 of the Policy regarding special personal data,
➢ With the measures stipulated by the Personal Data Protection Board and the relevant legislation, special personal data regarding the health and sexual life of the Data Subject may only be transferred to persons or authorized institutions and organizations under a confidentiality obligation, without seeking explicit consent, for the purposes of protecting public health, providing preventive medicine, medical diagnosis, treatment and care services, planning and managing health services and their financing.

8.2. Transfer of personal data abroad

As a rule, personal data is not transferred abroad without the explicit consent of the Relevant Person. However, in cases where one of the exceptional cases set out in Articles 7.3 and 7.6 of this Policy exists, third parties abroad may only:

➢ Being located in countries with sufficient protection declared by the Personal Data Protection Board;
➢ If the data controllers are located in countries where there is insufficient protection, the data controllers in Turkey and the foreign country in question must undertake in writing to provide sufficient protection and the PDP Board must have permission;
In cases where personal data may be transferred abroad without explicit consent. Your personal data may be transferred to our business partners located abroad and processed by our business partners and third parties for purposes such as providing you with better service, personalizing our website according to the needs and preferences of our customers, members and consumers, promoting our products and services, having our search engines remember your preferences, etc.

8.3. Institutions and organizations to which personal data is transferred

Personal data includes, but is not limited to;
➢ To our suppliers,
➢ To our business partners and business contacts,
➢ To legally authorized public institutions and organizations,
➢ To legally authorized private law persons,
➢ It can be transferred to our shareholders in accordance with the principles and rules explained above.
8.4. Measures we take regarding the lawful transfer of personal data

8.4.1. Technical measures
To protect personal data, but not limited to the following:
➢ We carry out in-house technical organization to process and store personal data in accordance with the legislation,
➢ The security of the databases where your personal data will be stored is provided by our Business Partners.
➢ Monitors and audits the processes of the established technical infrastructure,
➢ We determine the procedures for reporting the technical measures and audit processes we take,
➢ Periodically updates and renews technical measures,
➢ Risky situations are re-examined and necessary technological solutions are produced,
➢ We use virus protection systems, firewalls and similar software or hardware security products and establish security systems in line with technological developments.
➢ We employ technically expert employees or work with business partners who have technically expert employees.

8.4.2. Administrative measures

To protect your personal data, we do the following, but are not limited to:

➢ We create policies and procedures for accessing personal data, including company and subsidiary employees within our company,
➢ We inform and train our employees regarding the legal protection and processing of personal data,
➢ In the contracts we make with our employees and/or the policies we create, we record the measures to be taken in cases where personal data is processed unlawfully by our Company Employees,
➢ We monitor the personal data processing activities of the data processors or partners of data processors we work with.

9. STORAGE OF PERSONAL DATA

9.1. Storage of personal data for the period required by the relevant legislation or for the purpose for which they are processed.
We store personal data for the period required for the purpose of processing personal data, without prejudice to the retention periods stipulated in the legislation.

In cases where we process personal data for more than one purpose, if the purposes of processing the data are eliminated or if there is no obstacle in the legislation to the deletion of the data upon the request of the Relevant Person, the data will be deleted, destroyed or stored in anonymized form. Legislative provisions and the decisions of the Personal Data Protection Board will be complied with in terms of destruction, deletion or anonymization.

9.2. Measures we take regarding the storage of personal data

9.2.1. Technical measures

➢ Creating technical infrastructures and related control mechanisms for the deletion, destruction and anonymization of personal data,
➢ We take the necessary measures to ensure the safe storage of personal data,
➢ Employing employees with technical expertise,
➢ We create business continuity and emergency plans against possible risks and develop systems for their implementation,
➢ We establish security systems in accordance with technological developments regarding the storage areas of personal data.

9.2.2. Administrative measures

➢ We raise awareness among our employees by informing them about the technical and administrative risks associated with the storage of personal data,
➢ In case of cooperation with third parties for the storage of personal data, we include provisions in the contracts made with the companies to which personal data is transferred regarding the persons to whom personal data is transferred and the necessary security measures to be taken for the protection and safe storage of the transferred personal data.

10. SECURITY OF PERSONAL DATA

10.1. Our obligations regarding the security of personal data

Personal data;

➢ To prevent unlawful processing,
➢ To prevent unlawful access,
➢ To ensure that it is stored in accordance with the law,
We take administrative and technical measures according to technological possibilities and implementation costs.

10.2. Measures we take to prevent unlawful processing of personal data

➢ We carry out and have carried out the necessary inspections within our company,
➢ We train and inform our employees about the lawful processing of personal data,
➢ The activities carried out by our company are evaluated in detail for all business units, and as a result of the evaluation in question, personal data is processed specifically for the commercial activities carried out by the relevant units.
➢ In cases where cooperation is made with third parties for the processing of personal data, the contracts made with the companies processing personal data include provisions regarding the necessary security measures to be taken by the persons processing personal data,
➢ In case of unlawful disclosure of personal data or data leakage, we notify the Personal Data Protection Board and carry out the investigations and take the measures required by the legislation.

10.2.1. Technical and administrative measures taken to prevent unlawful access to personal data
To prevent unlawful access to personal data;

➢ We employ employees with technical expertise or we take care to work with business partners that employ employees with technical expertise,
➢ Periodically updates and renews technical measures,
➢ We create access authorization procedures within our company,
➢ We determine the procedures for reporting the technical measures and audit processes we take,
➢ We create data recording systems used within our company in accordance with the legislation and periodically audit them,
➢ Creating emergency aid plans against possible risks and developing systems for their implementation,
➢ We train and inform our employees about access to personal data and authorization,
➢ In cases where cooperation is made with third parties for the purposes of activities such as processing and storing personal data, the contracts made with companies that provide access to personal data include provisions regarding the necessary security measures to be taken by persons who access personal data,
➢ Establishing security systems within the scope of technological developments to prevent unlawful access to personal data,
➢ Under this heading, we take care to work with business partners in cases where the above-mentioned activities are carried out through our business partners or employ employees with technical expertise.

10.2.2. Measures we take in case of unlawful disclosure of personal data

We take administrative and technical measures to prevent the unlawful disclosure of personal data and update them in accordance with our relevant procedures. If we detect that personal data has been disclosed without authorization, we establish systems and infrastructures in accordance with the legislation to notify the Relevant Person and the Personal Data Protection Board.

If an unlawful disclosure occurs despite all administrative and technical measures taken, this may be announced on the KVK Board's website or by another method if deemed necessary by the KVK Board.

11. RIGHTS OF THE PERSONAL DATA OWNER

Within the scope of our obligation to inform, we inform the Personal Data Owner and establish systems and infrastructures regarding this information. We make the necessary technical and administrative arrangements for the Personal Data Owner to exercise their rights regarding your personal data.

Personal Data Owner has the right to control his/her personal data;

➢ Learning whether personal data is being processed,
➢ To request information regarding personal data processed,
➢ To learn the purpose of processing personal data and whether they are used in accordance with their purpose,
➢ To know the third parties to whom personal data is transferred, either domestically or abroad,
➢ To request correction of personal data if it is processed incompletely or incorrectly,
➢ Requesting the deletion or destruction of personal data if the reasons requiring the processing of personal data are eliminated,
➢ Request that the above-mentioned correction, deletion or destruction be notified to third parties to whom personal data has been transferred,
➢ To object to any adverse results arising from the analysis of processed data exclusively through automated systems,
➢ In case of damage caused by unlawful processing of personal data, the person has the right to demand compensation for the damage.

11.1. Exercise of rights regarding personal data

In the application that the Personal Data Owner will make to exercise the above-mentioned rights and that includes explanations regarding the right he/she requests to exercise; the requested issue must be clear and understandable, the requested issue must be related to the applicant's person or if he/she is acting on behalf of someone else, he/she must be specifically authorized in this matter and this authority must be documented, and the application must also include his/her identity and address information and documents proving his/her identity must be attached to the application.

The requests in question will be made on an individual basis and requests made by unauthorized third parties regarding personal data will not be taken into consideration.

11.2. Evaluation of the application

11.2.1. Application response period

Requests regarding personal data are finalized as soon as possible, depending on their nature, and in any case within 30 (thirty) days at the latest, free of charge or against a fee in the tariff if the conditions in the tariff to be published by the Personal Data Protection Board are met.

Additional information and documents may be requested during the application or while the application is being evaluated.

11.2.2. Our right to reject the application

Applications regarding personal data;

➢ Processing of personal data for purposes such as research, planning and statistics by making them anonymous through official statistics,
➢ Processing of personal data for artistic, historical, literary or scientific purposes or within the scope of freedom of expression, provided that it does not violate the privacy of private life or personality rights or constitute a crime,
➢ Processing of personal data made public by the Personal Data Owner,
➢ The application is not based on a justified reason,
➢ The application contains a request that is contrary to the relevant legislation,
➢ In cases where the application procedure is not followed, it will be rejected with justification.

11.3. Application evaluation procedure

In order for the response period specified in Article 11.2.1 of this Policy to begin, requests must be sent in writing and with wet signature or via [electronic signature and KEP] or by other methods determined by the Personal Data Protection Board, along with information and documents proving the identity of the applicant.

If the request is accepted, the relevant procedure is implemented and a written or electronic notification is made. If the request is rejected, the reason is explained and the applicant is notified in writing or electronically.

11.4. Right to complain to the Personal Data Protection Board

In case the application is rejected, the response we provide is found insufficient or the response is not given in a timely manner; the applicant has the right to complain to the Personal Data Protection Board within 30 (thirty) days from the date of learning the response and in any case within 60 (sixty) days from the date of application.

12. PUBLISHING AND STORING THE DOCUMENT

This Policy is stored in two different environments: printed paper and electronic media.

13. UPDATE PERIOD

This Policy is reviewed at least once a year and updated, if necessary, in accordance with the principles set out in the Documentation Management Procedure.

14. ENFORCEMENT

This Policy is deemed to have come into force after its publication on the Company's website.