KVKK

Protection of Personal Data Information Text within the Scope of Personal Data Protection Law No. 6698

PERSONAL DATA PROTECTION LAW

1.1 Introduction

Protection of personal data is among the top priorities of Fast Anatolia Foreign Trade Company (" Kinderhug ") and it makes every effort to comply with all legislation in force in this regard. The most important aspect of this issue is this Fast Anatolia Foreign Trade Company Personal Data Protection and Processing Policy (“Policy”). Within the framework of this Policy, the principles adopted in the execution of personal data processing activities carried out by our Company and the data processing activities of our Company are in accordance with the Personal Data Protection Law No. 6698 ( The basic principles adopted in terms of compliance with the regulations in the "Law") are explained and thus our Company provides the necessary transparency by informing personal data owners. With full awareness of our responsibility in this context, your personal data is processed and protected within the scope of this Policy.

1.2 Scope

This Policy relates to all personal data of persons other than our Company's employees and interns, processed automatically or non-automatically as part of any data recording system. Detailed information regarding such personal data owners can be found in ANNEX-2 (“ANNEX 2-) of this Policy. Activities carried out by our Company regarding the protection of the personal data of our employees are managed under the Fast Anatolia Foreign Trade Company , which has been written in parallel with the principles in this Policy.

  1. SECTION 2 - ISSUES RELATED TO THE PROCESSING OF PERSONAL DATA

2.1 Personal Data Processing Principles

Our company's personal data is processed in accordance with the procedures and principles stipulated in the Law and other relevant legislation. In this regard, our Company personal data,

  • In accordance with the law and the rules of honesty,
  • accurate and up to date when necessary,
  • for specific, explicit and legitimate purposes,
  • It is processed in a limited and proportionate manner, in connection with the purpose for which it is processed, for a period of time stipulated in the relevant legislation or required for the purpose for which it is processed.

2.2 Processing of Personal Data

2.2.1 Processing of Personal Data

Explicit consent of the personal data owner is only one of the legal bases that enable the lawful processing of personal data, and in case of the existence of one of the following conditions, personal data is processed by our Company without seeking the explicit consent of the data owner. The basis of personal data processing activities other than explicit consent is as follows. It may be only one of the specified conditions, or more than one condition may be the basis for the same personal data processing activity. If the data processed is personal data of special nature, the conditions contained in the heading 2.2.2 of this Policy (“Processing of Personal Data of a Special Category”) will apply.

i.Explicitly Provided in Laws

Personal data may be processed in cases clearly stipulated by law. In this case, our Company processes personal data within the framework of relevant legal regulations.

ii. Failure to Obtain Explicit Consent of the Person Relevant Due to Actual Impossibility

If it is necessary to process the personal data of a person who is unable to express his/her consent due to actual impossibility or whose consent cannot be recognized as valid, in order to protect the life or physical integrity of himself or another person, the personal data of the data owner may be processed.

iii. Directly Related to the Establishment or Performance of the Contract

It is possible to process personal data if it is necessary to process personal data of the parties to the contract, provided that it is directly related to the establishment or performance of a contract.

iv. Fulfillment of the Company's Legal Obligations

If processing is mandatory for our company to fulfill its legal obligations as the data controller, the personal data of the data owner may be processed.

v.Personal Data Owner's Publicization of Personal Data

Personal data that has been disclosed to the public by the data owner in any way and has been made available to everyone as a result of being made public may be processed by our Company limited to the purpose of making it public.

vi. Data Processing is Necessary for the Establishment or Protection of a Right

If data processing is mandatory for the establishment, exercise or protection of a right, the personal data of the data owner may be processed.

vii. Data Processing is Necessary for Our Company's Legitimate Interests

Personal data may be processed by our Company, provided that the balance of interests of our Company and the data owner is observed. In this context, in processing data based on legitimate interest, our Company first determines the legitimate interest it will obtain as a result of the processing activity, evaluates the possible impact of the processing of personal data on the rights and freedoms of the data owner, and carries out the processing activity if it is of the opinion that the balance is not disturbed.

2.2.2 Processing of Special Personal Data

Some of the personal data are regulated separately as "personal data of special nature" and are subject to special protection. Special importance has been attached to these data due to the risk of causing grievance to individuals or being exposed to discrimination when processed unlawfully. Special personal data is processed by our Company in accordance with the principles set out in this Policy and including the methods determined by the Personal Data Protection Board ("Board"). It is processed by taking all necessary administrative and technical measures, including the following conditions:

(i) Special categories of personal data, other than health and sexual life, can be processed if the data owner gives explicit consent or in cases clearly stipulated by law without requiring explicit consent.

(ii) Personal data of special nature regarding health and sexual life, if the data owner gives explicit consent or without explicit consent, for the purpose of protecting public health, carrying out preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing, under the obligation of confidentiality It can be processed by persons or authorized institutions and organizations.

2.3 Purposes of Processing Personal Data

Our Company's personal data processing purposes within the scope of the processing conditions of personal data and special personal data detailed in this Policy in accordance with the law and other relevant legislation are as follows:

MAIN OBJECTIVES

SUB-PURPOSES

carried out by the company
carrying out commercial activities
Our relevant business units for
required by
carrying out studies
and related work
execution of processes

1. Event Management

2. Planning and Execution of Corporate Communication Activities

3. Planning and Execution of Supply Chain Management Processes

4. Planning and Execution of Production and Operation Processes

5. Planning, Control and Execution of Information Security Processes

6. Creating and Managing Information Technologies Infrastructure

7. Planning and Execution of Information Access Authorizations of Business Partners and Suppliers

8. Follow-up of Finance and Accounting Affairs

9. Planning and Execution of Logistics Activities

Company's Human
Resources Policies
and its processes
Planning and
Execution

1. Fulfillment of Employment Contract and Legislation Obligations for Company Employees

2. Planning and Execution of Fringe Benefits and Benefits for Employees

3.Planning and Execution of Personnel Exit Procedures

4. Planning Human Resources Processes

5. Execution of Personnel Recruitment Processes

6. Planning and Monitoring of Employees' Performance Evaluation Processes

7.Monitoring and Supervising Employees' Business Activities

8. Planning and Execution of Employees' Access to Information Authorizations

Company's Commercial and Business
their strategies
Planning and Execution

1. Management of Relationships with Business Partners and Suppliers

by company
the product offered and
related services
benefit people
studies required for
by our business units
done and related
execution of business processes

1. Planning and Execution of Sales Processes of Products and Services
2. Planning and Execution of After-Sales Support Services Activities
3. Planning and Execution of Customer Relationship Management Processes
4. Planning and Execution of Reporting Activities
5. Follow-up of Contract Processes and Legal Requests
6. Tracking of Customer Requests and Complaints

by company
the product offered and
services related
people's likes,
use
habits and
according to your needs
related to customization
recommended to people
and to introduce
required
your activities
planning and execution

1. Market Research for Sales and Marketing of Products and Services
Planning and Execution of Activities
2. Planning and Execution of Marketing Processes of Products and Services
3. Planning and Execution of Customer Satisfaction Activities

of the Company and with the Company
in business relationship
relevant persons who are
legal, technical and
commercial-business security
supply

1. Follow-up of Legal Affairs
2. Company Activities Comply with Company Procedures and Relevant Legislation
Operational Operations Necessary to Ensure Its Execution as
Planning and Execution of Activities
3. Providing Information Based on Legislation to Authorized Institutions
4. Creation and Tracking of Visitor Records
5. Planning and Execution of Emergency Management Processes
6. Carrying out Company and Partnership Law Transactions
7. Planning and Execution of Company Audit Activities
8. Planning and Execution of Internal Audit and Investigation Processes
9. Ensuring that the data is accurate and up-to-date
10. Planning and Execution of Occupational Health and Safety Processes
11. Ensuring the Security of Company Campuses and Facilities
12. Ensuring the Security of Company Operations
13. Ensuring the Security of Company Fixtures and Resources
14. Consumers of Persons Who Will Be Subject to Marketing Activities
Detection and Evaluation of Behavior in Line with Criteria
15. Design and Execution of Personalized Marketing and Promotional Activities
16. Advertising, Promotion and Marketing in Digital and Other Media
Design and Execution of Activities
17. Customer Acquisition and Existence in Digital and Other Media
Activities to be Developed to Create Value for Customers
Design and Execution
18. Planning and Planning Data Analytics Studies for Marketing Purposes
execution
19. Organizing Competitions/Giveaways for Marketing Activities and
Ensuring Customer Satisfaction



2.4 Categories of Personal Data Processed by Our Company

By our Company in accordance with the Law and other relevant legislation, within the framework of the purposes and conditions specified in this Policy; identity information, audiovisual information, financial information, legal transaction and compliance information, family members and relatives information, CV, contact information, vehicle information, education information, physical location security information, customer transaction information, marketing information, audit and inspection information, transaction security information, employee candidate information, personnel information, demand and complaint management information, insurance information, location information, reputation management information, marital status information, side rights and benefits information, special personal data, customer information, business partner information, business information personal data. is being processed.

  1. CHAPTER 3 - ISSUES RELATED TO THE TRANSFER OF PERSONAL DATA

Our company may transfer personal data and sensitive personal data to third parties at home and/or abroad ("Third Parties") by taking the necessary security measures in line with the legal personal data processing purposes. In this regard, our company acts in accordance with the regulations stipulated in Articles 8 and 9 of the Law.

3.1 Transfer of Personal Data

In case of explicit consent of the data owner and in the presence of the following conditions, personal data can be transferred to Third Parties without seeking the explicit consent of the data owner, by taking necessary care and taking all necessary security measures, including the methods prescribed by the Board:

  1. The relevant activity regarding the transfer of personal data is clearly foreseen by law,
  2. The transfer of personal data by the Company is directly related to and necessary for the establishment or performance of a contract,
  3. Transfer of personal data is mandatory for the Company to fulfill its legal obligation,
  4. Limited transfer of personal data by the Company for the purpose of publicization, provided that it has been made public by the data owner,
  5. Transfer of personal data by the Company is mandatory for the establishment, exercise or protection of the rights of the Company or the data owner or third parties,
  6. It is mandatory to transfer personal data for the Company's legitimate interests, provided that it does not harm the fundamental rights and freedoms of the data owner,
  7. It is necessary for the person who is unable to express his consent due to actual impossibility or whose consent is not legally valid, to protect his own or someone else's life or physical integrity. If personal data will be transferred abroad, in addition to the above conditions, personal data will be transferred by our Company to foreign countries that have been declared to have adequate protection by the Board. ("Foreign Country with Adequate Protection") or, in the absence of adequate protection, to foreign countries where the data controllers in Turkey and the relevant foreign country have committed in writing to adequate protection and have the permission of the Board ("Foreign Country Where the Data Controller Committed to Adequate Protection" is located).

3.2 Transfer of Special Personal Data

Our company can transfer special personal data domestically or abroad in line with lawful data processing purposes, by showing due care and taking the necessary security measures, including the methods prescribed by the Board, and if the following conditions are met:

(i) Special categories of personal data, other than health and sexual life, can be transferred if the data owner gives explicit consent or in cases clearly stipulated by law without explicit consent.

(ii) Special personal data regarding health and sexual life, if the data owner gives explicit consent or without explicit consent, for the purpose of protecting public health, carrying out preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and their financing, confidentiality obligation If special personal data is to be transferred abroad, in addition to the conditions stated above, our company can transfer special quality personal data to Foreign Countries with Adequate Protection or to Foreign Countries Where the Data Controller Undertaking Adequate Protection is Located. .

3.3 Categories of Persons to whom Personal Data is Transferred

Our company can transfer personal data to the recipient group categories listed below in accordance with Articles 8 and 9 of the Law:

  • Our Suppliers
  • Our business partners
  • Legally Authorized Public Institutions
  • Legally Authorized Private Institutions

It is possible to access detailed information about the third parties to whom the personal data in question is transferred from the document ANNEX-4 ("ANNEX 4 - Third Party Categories to which Personal Data is Transferred") of this Policy.

  1. SECTION 4 - STORAGE AND DESTRUCTION OF PERSONAL DATA

In accordance with the obligation to delete, destroy or anonymize personal data stipulated in the Turkish Penal Code, the Law and other relevant legislation, even though it has been processed by our Company in accordance with the provisions of the Law and other legislation, in the event that the reasons requiring processing are eliminated, the personal data shall be subject to the ex officio decision of our Company or the personal data owner. It is deleted, destroyed or made anonymous based on your request.

  1. CHAPTER 5 - ENSURING THE SECURITY AND CONFIDENTIALITY OF PERSONAL DATA

Our company takes all necessary precautions, within the limits possible, depending on the nature of the data to be protected, in order to prevent unlawful disclosure, access, transfer of personal data or security deficiencies that may occur in other ways.

In this context, our Company takes all necessary (i) administrative and (ii) technical measures, (iii) an audit system is established within our Company, and (iv) in case of illegal disclosure of personal data, the measures foreseen in the Law are acted upon.

5.1 Administrative Measures Taken by Our Company to Ensure Lawful Processing of Personal Data and Prevent Unlawful Access to Personal Data

Our company trains and raises awareness of its employees regarding the processing and protection of personal data.

- In cases where personal data is subject to transfer, our Company ensures that records are added to the contracts concluded with the persons to whom personal data are transferred, stating that the party to whom personal data is transferred will fulfill its obligations to ensure data security.

- Personal data processing activities carried out by our company are examined in detail, and in this context, the steps that need to be taken to ensure compliance with the personal data processing conditions stipulated in the Law are determined.

- Our company determines the practices that must be implemented to ensure compliance with the Law and regulates these practices with internal policies.

5.2 Technical Measures Taken by Our Company to Ensure Lawful Processing of Data and Prevent Unlawful Access to Personal Data

- Regarding the processing and protection of personal data, our company takes technical measures to the extent technology allows, and the measures taken are updated and improved in parallel with the developments.

- Expert personnel are employed in technical matters.

- Inspections are carried out at regular intervals regarding the implementation of the measures taken.

- Software and systems are being installed to ensure security.

- Access to personal data processed within our company is limited to the relevant employees in line with the specified processing purpose.

- We comply with the measures contained in the Law and other relevant legislation in the protection of special personal data.

5.3 Measures to be Taken in Case of Illegal Disclosure of Personal Data

Within the scope of the personal data processing activity carried out by our Company, in case personal data is obtained by unauthorized persons unlawfully, the situation will be notified to the Board and the relevant data owners without delay.

  1. CHAPTER 6 - CLARIFICATION OF PERSONAL DATA OWNERS

Our company informs personal data owners during the collection of personal data in accordance with Article 10 of the Law. In this context, it clarifies the identity of our Company and its representative, if any, the purpose for which personal data will be processed, to whom and for what purpose the processed personal data can be transferred, the method and legal reason for collecting personal data, and the rights of the personal data owner. Article 20 of the Constitution of the Republic of Turkey provides that everyone has the right to It has been demonstrated that the person has the right to be informed about personal data. In this regard, Article 11 of the Law includes the right to "request information" among the rights of the personal data owner.

In this context, our company provides the necessary information in case the personal data owner requests information in accordance with the 20th article of the Turkish Constitution and the 11th article of the Law. Detailed information about the rights of the personal data owner can be found in section 7.1 of this Policy ( “Rights of the Personal Data Owner”) are included.

  1. CHAPTER 7 - RIGHTS OF THE PERSONAL DATA OWNER AND THE USE OF THESE RIGHTS

7.1 Rights of Personal Data Owner

The legal rights that the data owner can exercise regarding personal data are listed below: (1) Learning whether personal data is being processed or not, (2) Requesting information if personal data has been processed, (3) Learning the purpose of processing personal data and whether they are used in accordance with their purpose, (4) Learning the third parties to whom personal data are transferred domestically or abroad, (5) Requesting correction of personal data if their personal data is incomplete or incorrectly processed and requesting that the transaction carried out in this context be notified to third parties to whom personal data is transferred, (6) Requesting that it is processed in accordance with the law and other relevant legal provisions. However, to request that your personal data be deleted, destroyed or anonymized in case the reasons requiring processing are eliminated and to request that the action taken in this context be notified to third parties to whom your personal data has been transferred, (7) To object to the emergence of an unfavorable result by analyzing your processed data exclusively through automatic systems,( 8) Request compensation for damages in case of damage due to unlawful processing of personal data.

7.2 Situations in which the Data Owner Cannot Assert Their Rights

In the cases listed in Article 28 of the Law, personal data owners will not be able to assert their rights listed in section 7.1 (“Rights of the Personal Data Owner”). Because these situations are excluded from the scope of data protection specified in the Law. Situations within the scope of the said article are listed below: (1) Processing of personal data for purposes such as research, planning and statistics by anonymizing them with official statistics,

(2) Processing of personal data for artistic, historical, literary or scientific purposes or within the scope of freedom of expression, provided that it does not violate national defence, national security, public security, public order, economic security, privacy of private life or personal rights or constitute a crime, (3) ) Processing of personal data within the scope of preventive, protective and intelligence activities carried out by public institutions and organizations authorized by law to ensure national defence, national security, public security, public order or economic security, (4) Processing of personal data in investigation, prosecution, trial or execution procedures processing by judicial authorities or enforcement authorities.

7.3 Personal Data Owners' Exercise of Their Rights

Personal data owners section

You can submit your requests regarding the rights listed in 7.1 (“Rights of the Personal Data Owner”) at ilankabidunyasi.com.tr or by using your Registered Electronic Mail (KEP) address, Secure Electronic Signature, Mobile Signature or your e-mail address that you have previously notified to our Company and is registered in our system. They will be able to forward it to our company via:

7.4 Our Company's Response to Applications

Our company takes all necessary administrative and technical measures to finalize the applications made by the personal data owner effectively, in accordance with the law and the rule of honesty. Our company may accept the applications of the personal data owner or reject them by explaining the reason. Our Company may notify the relevant response to the personal data owner in writing or electronically. If the personal data owner submits his/her request regarding the rights set out in section 7.1 (“Rights of the Personal Data Owner”) to our Company in accordance with the aforementioned procedures, our Company will respond as soon as possible, depending on the nature of the request. and will finalize the relevant request free of charge within 30 (thirty) days at the latest. However, if the transaction requires an additional cost, the fee stated below may be charged. If our Company will respond to the application of the personal data owner in writing, no fee will be charged for up to ten pages, but a processing fee of 1 Turkish Lira may be charged for each page above ten pages, as specified in the Law and other relevant legislation.

  1. CHAPTER 8 - PROTECTION AND PROCESSING OF PERSONAL DATA GOVERNANCE STRUCTURE

In accordance with the decision of the Company's senior management, a "Personal Data Protection Committee" has been established within the Company to manage this Policy and other policies affiliated and related to this Policy. The duties of this committee are stated below:

  • To prepare basic policies regarding the protection and processing of personal data and submit them to the approval of senior management to put them into effect,
  • To decide how the policies regarding the protection and processing of personal data will be implemented and supervised, and to make internal assignments within the Company within this framework and to submit them to the approval of the senior management to ensure coordination,
  • To determine the issues that need to be done to ensure compliance with the law and other relevant legislation, to submit them to the approval of the senior management, to oversee their implementation and to ensure coordination,
  • To raise awareness within the Company and among the institutions with which the Company cooperates regarding the protection and processing of personal data,
  • To identify the risks that may occur in the Company's personal data processing activities, to ensure that the necessary precautions are taken and to submit improvement suggestions to the approval of the senior management,
  • Designing and ensuring the execution of trainings on the protection of personal data and ensuring the implementation of the policies established within this scope,
  • To decide on the applications of personal data owners at the highest level,
  • To coordinate the execution of information and training activities to ensure that personal data owners are informed about personal data processing activities and their legal rights,
  • To prepare changes in the basic policies regarding the protection and processing of personal data and to submit them to the approval of the senior management in order to put them into effect,
  • To follow the developments and regulations regarding the protection of personal data and to advise the senior management on what needs to be done within the Company in accordance with these developments and regulations,
  • To coordinate relations with the Board and the Personal Data Protection Authority, •To perform other duties assigned by the company's senior management regarding the protection of personal data.

ANNEX 1 - Definitions

Explicit Consent: It means consent regarding a certain subject, based on information and expressed with free will.

Personal Data Owner: It means the real person whose personal data is processed.

Personal Data: It means any information regarding an identified or identifiable natural person (e.g. name-surname, ID number, e-mail, address, date of birth, credit card number). Therefore, legal entities
Processing of relevant information is not within the scope of the Law.

Special Personal Data: Data regarding race, ethnic origin, political thought, philosophical belief, religion, sect or other beliefs, appearance, association, foundation or union membership, health, sexual life, criminal conviction and security measures, and biometric and genetic data. It means.

Processing of Personal Data: Obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, obtaining personal data by fully or partially automatic or non-automatic means provided that it is part of any data recording system.
It means any operation performed on data such as making it accessible, classifying it or preventing its use.

Data Processor: It refers to the real or legal person who processes personal data on behalf of the data controller based on the authority given by him/her (e.g. cloud computing company that keeps our company's data, surveyors who make customers sign forms, call center companies that make calls within the framework of scripts).

Data Controller: It means the natural or legal person who determines the purposes and means of processing personal data and is responsible for establishing and managing the data recording system.

Registered Electronic Mail (REM) Address: It refers to the qualified form of electronic mail that provides legal evidence regarding the use of electronic messages, including their sending and delivery.

Mobile Signature: It refers to the electronic signature created using a mobile device.

Secure Electronic Signature: It refers to an electronic signature that is exclusively linked to the signatory, created with a secure electronic signature creation tool that is only at the disposal of the signatory, enables the identification of the signatory based on a qualified electronic certificate, and enables the determination of whether any changes have been made to the signed electronic data subsequently.

ANNEX 2 – Personal Data Owners

PERSONAL DATA SUBJECT CATEGORY

Person on whose behalf the invoice is issued: As a result of the shopping made with our company, information (personal information) is added to the invoice.
is the person whose data) is written.

Press: It refers to the members of the press contacted by our company within the scope of corporate communication activities.

Employee and Intern Candidate: means real persons who have applied for a job to our Company by any means or who have made their CV and relevant information available for review by our Company.

Employee Family Members: Family members of people who have an employment contract with our company and
refers to relatives.

Former Employee: It refers to real persons whose employment contract with our company has been terminated for any reason (resignment, dismissal, retirement, etc.).

Business Partner Employee / Official / Shareholder: Based on the existing agreement between our Company and our Company.
It means real persons who are shareholders, officers or employees of companies with which they cooperate, establish business partnerships, for purposes such as selling, promoting and marketing our products and services, and carrying out joint customer loyalty programs while carrying out their commercial activities.

Customer: means real persons who use or have used the products and services offered by our Company, regardless of whether they have any contractual relationship with our Company.

Client Company Shareholder and/or Legal Entity Shareholder Representative: Anyone who uses the products and services offered by our Company, regardless of whether or not they have any contractual relationship with our Company.
or natural persons who are shareholders/officers/representatives or employees of our legal entity customers

Potential Business Partner Official/Employee/Shareholder: Official, shareholder or employee of legal entity companies with which our company intends to establish a collaboration, business partnership or program partnership in the future.
It means real persons.

Potential Customer: Real persons who have shown the will to benefit from the products or services offered by our Company or who have been assessed by our Company as likely to benefit from the products or services offered by our Company.

Potential Supplier Official/Employee/Shareholder: It means real persons who are shareholders, officers or employees of companies that provide goods and/or services to our Company, based on a possible future contract with our Company.

Reference: It means the real persons with whom the candidates who have applied for a job in our company share their information for the purpose of carrying out reference searches.

Supplier Employee / Official / Shareholder: It means real persons who are shareholders, officers or employees of companies that provide goods and / or services to our Company, based on the existing contract between them and our Company.

Person to be Delivered: It refers to the real persons to whom our customers want the relevant product to be delivered in purchases made with our company.

Member Customer: means real persons who use or have used the products and services offered by our company as members of our loyalty program.

Visitor: Real persons who visit our company's physical locations.
is coming.

ANNEX 3 – Personal Data Categories

PERSONAL DATA CATEGORIES

Identity Information: It means all information contained in driver's license, identity card, passport, professional IDs and similar documents that clearly belong to an identified or identifiable natural person.

Contact Information: It means telephone number, address, e-mail and similar contact information that clearly belongs to an identified or identifiable natural person.

Financial Information: It means personal data processed regarding information, documents and records showing all kinds of financial results, which clearly belong to an identified or identifiable natural person, processed partially or fully automatically or non-automatically as a part of the data recording system.

Customer Information: It means the data obtained about the customer during the performance of our commercial activities, which clearly belongs to an identified or identifiable natural person.

Customer Transaction Information: Records regarding the use of our products and services, which clearly belong to an identified or identifiable natural person, and information about our customer's access to our products and services.
It means information such as instructions and requests regarding its use.

Transaction Security Information: It means personal data that clearly belongs to an identified or identifiable natural person and is processed to ensure the technical, administrative, legal and commercial security of our Company while our Company's commercial activities are carried out.

Physical Space Security Information: It means personal data regarding records and documents taken upon entering the physical space and during the stay in the physical space, which clearly belongs to an identified or identifiable real person.

Location Information: It means information that clearly belongs to an identified or identifiable natural person and that determines the location of the personal data owner.

Audit and Inspection Information: Information that clearly belongs to an identified or identifiable natural person, processed within the scope of audit and compliance with our Company's legal obligations and Company policies.
means personal data.

Legal Transaction and Compliance Information: Determination and follow-up of our legal receivables and rights, and fulfillment of our debts and our legal obligations, which clearly belong to an identified or identifiable natural person.
and personal data processed within the scope of compliance with our Company's policies.

Request/Complaint Management Information: Receiving and evaluating all kinds of requests and/or complaints directed to our Company that clearly belong to an identified or identifiable natural person.
means personal data regarding.

Family Members and Relative Information: Personal data that clearly belongs to an identified or identifiable natural person, our customers, employees, employee candidates and/or with whom we cooperate.
It means information about the owners' family members and relatives.

Visual and Audio Data: Photographs, videos, etc. that clearly belong to an identified or identifiable real person. It means data of visual or auditory nature.

Marketing Information: Personal data that clearly belongs to an identified or identifiable natural person, processed for the marketing of our products and services by customizing them in line with the usage habits, tastes and needs of the personal data owner, and the results of this processing.
It means the reports and evaluations created as a result.

Vehicle Information: It means information about vehicles associated with the data owner, which clearly belongs to an identified or identifiable natural person.

Employee Candidate Information: It means the CV information of our employee and/or intern candidates who have applied for a job to our company by any means.

Personnel Information: It means information that will be the basis for the creation of personnel rights and files of our employees and/or employees of the company we cooperate with, which clearly belongs to an identified or identifiable real person.

Business Partner Information: Personal information about our Company's current or potential suppliers, business partners, dealers or authorized service shareholders, officials or employees, which clearly belongs to an identified or identifiable natural person.

Fringe Benefits and Benefits Information: It refers to personal data that is clearly belonging to an identified or identifiable natural person and is processed for the purpose of planning the fringe benefits and benefits that we offer or will offer to our employees, determining objective criteria for entitlement to them, and tracking their progress payments.

Personal Data of a Special Nature: Personal Data of a Special Nature: The race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, appearance and attire, membership of an association, foundation or union, health, which clearly belongs to an identified or identifiable natural person, sexual life, criminal convictions and security measures
It means relevant data and biometric and genetic data.

ANNEX 4 – Third Party Categories to which Personal Data is Transferred

Business/Solution Partner: It means the parties with which our Company cooperates for purposes such as sales, promotion and marketing of our Company's products and services, after-sales support, and execution of joint customer loyalty programs while carrying out its commercial activities.

Legally Authorized Public Institution: means public institutions or organizations authorized to request information and/or documents from our Company in accordance with the relevant legislation.

Legally Authorized Private Institution: means private institutions or organizations authorized to request information and/or documents from our Company in accordance with the relevant legislation.

Supplier: means the parties that provide goods or services for our Company to continue its commercial activities, in line with the instructions received from the Company and in accordance with the contract between them and our Company.