PROTECTION OF PERSONAL DATA POLICY

1. Legal Basis: We understand that everyone has the right to demand the protection of personal data regarding him or her, regulated in Article 20 of the Constitution, this right includes being informed about the personal data about him/her, accessing these data, requesting their correction or deletion and learning whether they are used for their purposes. Based on the legal basis that personal data can only be processed in cases stipulated by law or with the explicit consent of the person, in accordance with the Law No. 6698 on the Protection of Personal Data, we attach utmost importance to the legal protection and processing of Personal Data, and we act with this care in all our planning and activities. As the company, we take all administrative and technical measures for the protection and processing of Personal Data, which is the basis of privacy, and we inform and warn our personnel about the legal sanctions regulated in Article 135 of the Turkish Penal Code (TCK) No. 5237 and the following.
2. Purpose: With the Law No. 6698 on the Protection of Personal Data in force, the protection of fundamental rights and freedoms of individuals, particularly the privacy of private life, and the obligations of natural and legal persons who process personal data, as well as the procedures and principles to be followed, are regulated in the processing of personal data. The aim of our policy, which was prepared by taking into account the regulation, ensuring compliance with the obligations on the protection of personal data, processing, transferring and protecting the confidentiality of the information provided within the scope of the activities carried out by our Company, evaluating with a risk-based approach, determining the strategies, internal controls and measures, operating rules and responsibilities, and raising awareness of the employees of the institution on these issues. At the same time, it is aimed to ensure the transparency of personal data by informing the persons processed by our Company, especially our customers, potential customers, employees, employee candidates, Company shareholders, Company officials, visitors, employees of shareholders and officials of the institutions/organizations we cooperate with, and third parties.
3. Scope: This policy applies to all personal data of our customers, potential customers, employees, employee candidates, Company shareholders, Company officials, visitors, employees of shareholders and officials of the institutions we cooperate with, and third parties, which are processed automatically or by non-automatic means provided that they are part of any data recording system.
4. Definitions

                    4.1.          Explicit consent means freely given, specific and informed consent

             4.2.          Anonymization means rendering personal data impossible to link with an identified or identifiable natural person, even through matching them with other data, Example: Masking means making personal data incapable of being associated with a natural person through techniques such as aggregation, data corruption, etc.

                    4.3.          Employee means persons working in the Company pursuant to the employment contract with the Company.

                    4.4.          Employee Candidate means natural persons who have either applied for a job by any means or have opened their CV and related information to the Company's inspection.

               4.5.          Employees, Shareholders and Officials of the Institutions We Cooperate With means real persons, including shareholders and officials of these institutions, working in institutions (such as but not limited to business partners, suppliers) with which the company has any business relationship 

                4.6.          Processing of Personal Data: Obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making available, classification of personal data by fully or partially automatic or non-automatic means provided that it is a part of any data recording system or any kind of operation performed on the data, such as preventing its use.

                    4.7.          Personal Data Owner The natural person whose personal data is processed. For example; Customers and employees.

                    4.8.          Personal Data Any information relating to an identified or identifiable natural person. The processing of information regarding legal persons is not within the scope of the law. For example; name-surname, TR ID number, e-mail, address, date of birth, credit card number etc.

           4.9.          Customer Real persons who use or have used the products and services offered by the Company, regardless of whether they have any contractual relationship with the Company.

                 4.10.          Special Qualified Personal Data: Data on race, ethnicity, political thought, philosophical belief, religion, sect or other beliefs, dress, association, foundation or union membership, health, sexual life, criminal conviction and security measures, and biometric and genetic data are special data.

                 4.11.          Potential Customer Real persons who have requested or interested in using our products and services, or who have been evaluated in accordance with commercial practices and honesty rules that they may have. 

                  4.12.          Company Shareholder: Natural persons who are shareholders of the company

                  4.13.          Company Official: Member of the company's board of directors and other authorized natural persons

                  4.14.          Third Party Third-party real persons who are related to the above-mentioned parties in order to ensure the security of commercial transactions between the Company and the above-mentioned parties or to protect the rights of the aforementioned persons and to obtain benefits. (For example: Family Members and relatives)

                 4.15.          Data Processor is the natural and legal person who processes personal data on behalf of the data controller, based on the authority given by the data controller. For example, the firm or companies that keep the Company's data, etc.  

                 4.16.          Data Controller The person who determines the purposes and means of processing personal data, manages the place where the data is kept systematically (data recording system), provides the necessary information to the data owner about his personal information as a result of the request / application of the data owner, and makes the referrals.

                   4.17.          Visitor Real persons who have entered the physical premises of the company for various purposes or visited our websites. 

5. Abbreviations

                    5.1.          KVKK : Law No. 6698 Law on Protection of Personal Data No. 6698, dated March 24, 2016, published in the Official Gazette No. 29677, dated April 7, 2016.

                5.2.          Constitution : The Constitution of the Republic of Turkey, dated 7 November 1982 and numbered 2709, published in the Official Gazette dated 9 November 1982 and numbered 17863.

                    5.3.          KVK Board: Personal Data Protection Board

                    5.4.          KVK Authority Personal Data Protection Authority

                    5.5.          Policy Company Policy on Protection and Processing of Personal Data

                    5.6.          TBK Published in the Official Gazette dated February 4, 2011 and numbered 27836; Turkish Code of Obligations dated 11 January 2011 and numbered 6098.

                    5.7.          TCK Published in the Official Gazette dated October 12, 2004 and numbered 25611; Turkish Penal Code No. 5237 dated 26 September 2004.

                    5.8.          TTK Turkish Commercial Code No. 6102 dated January 13, 2011, published in the Official Gazette dated February 14, 2011 and numbered 27846

6. 1. Data Categories: The company may save, process or transfer data for the following categories of data.

                       6.1.          ID (name and surname, mother - father name, date of birth, place of birth, marital status, identity card serial number, TR ID number)

                       6.2.          Contact (address number, e-mail address, contact address, registered e-mail address (KEP), telephone number)

                      6.3.          Location (location information where he/she reside)

                       6.4.