YAPITAŞ YAPI SAN. VE TİC. A.Ş.
EXPLANATION TEXT ON THE PROCESSING OF PERSONAL DATA

This Illumination Text, Yapıtaş Yapı San. ve Tic. Inc. It has been prepared by the Company for the purpose of enlightening the Company's customers regarding the processing of their personal data by the Company within the scope of the Law on the Protection of Personal Data No. 6698.

For detailed information regarding the processing of your personal data within the scope of this Clarification Text, Yapıtaş Yapı San. ve Tic. Inc. You can access the Personal Data Protection and Processing Policy.

a) Methods of Obtaining Personal Data and Legal Reasons

Your personal data is collected electronically or physically. Your personal data collected for legal reasons specified in this Clarification Text can be processed and shared within the framework of the personal data processing conditions specified in Articles 5 and 6 of the Law.

b) Purposes of Processing Personal Data

Planning and executing the activities required to customize your personal data, products and services offered by the Company according to the tastes, usage habits and needs of the persons concerned, and to recommend and promote them to the persons concerned, within the framework of the personal data processing conditions specified in Articles 5 and 6 of the Law, To carry out the necessary work by the business units to benefit the persons concerned from the products and services offered by the Company and to carry out the relevant business processes, It is processed for the purposes of planning and executing business strategies and ensuring the legal, technical and commercial-occupational safety of the Company and the persons who have a business relationship with the Company.

c) Personal Data Processed:

Name – Surname, Date of Birth, Gender, T.R. Identity Number, e-mail address, website, E-Billing & Delivery Addresses, Mobile Phone Number

d) Transaction Security Information Processed Personal Data:

IP Address Information, Website Login and Exit Information, Username Information, Password Information, Traffic Data (Connection Time / Duration etc.)

e) Financial Personal Data Processed:

Encrypted Credit Card Information, Bank Account / IBAN Number Information

f) Parties and Purposes of Sharing Personal Data

Planning the activities necessary to customize the products and services offered by the Company according to the tastes, usage habits and needs of the persons concerned, and to recommend and promote them to the relevant persons, within the framework of the personal data processing conditions and purposes specified in Articles 8 and 9 of the Law. and execution of the products and services offered by the Company by the business units and the execution of the related business processes, and/or business partners and suppliers of the Company, legally authorized institutions and organizations and legal entities within the scope of planning and execution of business strategies and ensuring the legal, technical and commercial-occupational safety of the Company and the persons in business relationship with the Company. It can be shared with the most authorized private law legal entities.

g) Rights of Data Owners and Use of These Rights

In case you, as personal data owners, submit your requests regarding your rights stated below to the Company through the methods specified under the heading Exercise of Rights by Data Owners, your requests will be evaluated and finalized by our Company as soon as possible and in any case within 30 (thirty) days.

According to Article 11 of the Law, you have the following rights as personal data owner:

• Learning whether your personal data is processed,
• If your personal data has been processed, request information about it,
• Learning the purpose of processing your personal data and whether they are used in accordance with the purpose,
• Knowing the third parties to whom your personal data is transferred, at home or abroad,
• Requesting correction of your personal data in case of incomplete or incorrect processing and requesting notification of the transaction made within this scope to the third parties to whom the personal data has been transferred,
• Demanding the deletion or destruction of your personal data in the event that the reasons requiring its processing cease to exist, despite the fact that it has been processed in accordance with the provisions of the law and other relevant laws, and requesting that the transaction carried out in this context be notified to the third parties to whom the personal data has been transferred,
• Objecting to the emergence of a result against the person by analyzing your processed data exclusively through automated systems,
• Demanding the removal of the damage in case of loss due to unlawful processing of your personal data.
• Paragraph 2 of Article 28 of the Law has listed the cases where data owners do not have the right to demand, and in this context;
• Personal data processing is necessary for the prevention of crime or for criminal investigation,
• Processing of personal data made public by the person concerned,
• Personal data processing is necessary for the execution of supervisory or regulatory duties and for disciplinary investigation or prosecution by authorized and authorized public institutions and organizations and professional organizations in the nature of public institution, based on the authority given by the law,
Personal data processing is necessary for the protection of the economic and financial interests of the State with regard to budget, tax and financial matters, In such cases, the above-mentioned rights cannot be used for the data.
• According to the first paragraph of Article 28 of the Law, since the data will be outside the scope of the Law in the following cases, the requests of the data owners will not be processed in terms of these data either:
• The processing of personal data by real persons within the scope of activities related to themselves or their family members living in the same residence, provided that they are not given to third parties and that the obligations regarding data security are complied with.
• Processing personal data for purposes such as research, planning and statistics by making them anonymous with official statistics.
• Processing personal data for art, history, literature or scientific purposes or within the scope of freedom of expression, provided that they do not violate national defense, national security, public security, public order, economic security, privacy of private life or personal rights or constitute a crime.
• Processing personal data within the scope of preventive, protective and intelligence activities carried out by public institutions and organizations authorized by law to ensure national defense, national security, public safety, public order or economic security.
• Processing of personal data by judicial authorities or execution authorities in relation to investigation, prosecution, trial or execution proceedings.

Exercise of Rights by Data Owners

• Data owners will be able to use the "Form for Applications to be Made by the Personal Data Owner to the Data Controller" on the link www.yapitaskablo.com to exercise the above-mentioned rights.
• Applications shall be made by one of the following methods, together with documents that will identify the relevant data owner:
Filling the form and sending the wet signed copy by hand, via a notary public or by registered letter with return receipt, to the address of Ayazağa Mah., Azerbaijan Cad., Vadistanbul Bulvar, 2A Blok, No: 3I, İç Kapı No: 32, 34396 - Sarıyer / İstanbul,
• Signing the form with a secure electronic signature issued within the scope of Electronic Signature Law No. 5070 and sending it via registered e-mail to yapitasyapisanayi@hs01.kep.tr,
• Following a method prescribed by the Personal Data Protection Board.
• The Company responds to data owners who want to exercise such rights within the limits set forth in the Law, within a maximum of thirty (30) days, as stipulated in the Law. In order for third parties to apply on behalf of personal data owners, a special power of attorney issued by the data owner through a notary public on behalf of the person to apply.
• As a rule, data owner applications are processed free of charge, however, a fee may be charged based on the fee schedule stipulated by the Personal Data Protection Board.
• The company may request information from the data subject in order to determine whether the applicant is the owner of personal data, and may ask a question about the application of the personal data owner in order to clarify the issues stated in the application.
• According to the "Communiqué on the Procedures and Principles of Application to the Data Controller" published in the Official Gazette dated 10.03.2018 and numbered 30356, if the application of the data owners is to be answered in writing, no fee is charged for up to ten pages. A transaction fee of 1 Turkish Lira may be charged for each page over ten pages. If the response to the application is given in a recording medium such as a CD or flash memory, the fee that may be requested by the Institution cannot exceed the cost of the recording medium.