General Information on the Personal Data Protection Act

The Personal Data Protection Act, No. 6698 (hereinafter referred to as the "PDPA"), was enacted on 24 March 2016 and published in the Official Gazette No. 29677 dated 7 April 2016. Parts of the PDPA came into effect on the date of publication, with the remainder taking effect on 7 October 2016.

As the Data Controller

Under the PDPA No. 6698 and in our capacity as the Data Controller, your personal data will be processed within the framework disclosed on this page; this includes recording, storing, updating, potentially disclosing/transferring to third parties where legislation allows, classifying, and processing in the ways listed in the PDPA.

How Your Personal Data May Be Processed

In accordance with the PDPA No. 6698, your personal data shared with our Company may be partially or fully, automatically, or non-automatically processed as part of any data recording system through collecting, recording, storing, altering, reorganising; in short, subject to all kinds of operations performed on data. Any operation performed on data within the scope of PDPA is considered as "processing of personal data."

Purposes and Legal Reasons for Processing Your Personal Data

Your personal data is processed:

• To fulfil the requirements of the services provided to our customers, in compliance with the obligations of the contract and technology;
• To record identity, address, and other necessary information for the determination of transaction owners within the scope of the Regulation on Service Providers and Intermediary Service Providers in Electronic Commerce, published in the Official Gazette No. 29457 dated 26.08.2015, and other relevant legislation;
• To arrange all records and documents which will be the basis for processing in banking and electronic payment systems, to comply with information storage, reporting, and informing obligations required by legislation;
• To provide information to prosecutors, courts, and relevant public officials on matters related to public safety and legal disputes upon request and as required by legislation;
• Your personal data will be processed in accordance with PDPA No. 6698 and related secondary regulations. Information on third parties or organisations to whom your personal data can be transferred For the purposes mentioned above, your personal data shared with our Company may be transferred to entities including but not limited to IdeaSoft Software Ind. and Trade Inc., which provides our e-commerce infrastructure, suppliers, courier companies, business partners, domestic/international organisations, and other third parties.

Collection of Personal Data

Your personal data may be collected through:

• Our company's website and mobile application forms by using usernames and passwords, preferences on pages accessed, records of actions taken, browser-collected cookie data, navigation time and details, location data;
• Verbal, written, or electronic mediums through our sales and marketing department employees, branches, suppliers, other sales channels;
• Physical or digital mediums during business relations establishment, job applications, bids through business cards, CVs, offers, and similar ways;
• Indirectly from websites, blogs, contests, surveys, games, campaigns, and similar activities; reading or clicking movements in newsletters, publicly available databases, open social media profiles, and data;

Your personal data obtained before the PDPA's enactment will also be processed and preserved in accordance with the conditions and purposes outlined in this document.

Transfer of Personal Data Abroad

Personal data collected through any of the methods listed above, processed in Turkey or processed and stored abroad, may be transferred to service intermediaries in countries accredited by the Personal Data Protection Board, which are deemed to have sufficient protection for personal data, in accordance with PDPA and for contractual purposes.

Storage and Protection of Personal Data

Your personal data will be stored confidentially in the database and systems of our Company in accordance with Article 12 of the PDPA; it will not be shared with third parties except for legal obligations and regulations stated herein. Our Company is obliged to take all necessary software and physical security measures to prevent the unlawful processing of and access to personal data.

Keeping Personal Data Accurate and Up-to-Date

In accordance with Article 4 of the PDPA, our Company is obligated to keep your personal data accurate and up-to-date. Customers are required to share accurate and current data for our Company to fulfill obligations arising from the current legislation.

Rights of the Personal Data Subject under the PDPA

Since 07 October 2016, the Personal Data Subject has the right to:

• Learn whether their personal data is processed;
• Request information if their personal data has been processed;
• Know the purpose of the data processing and whether it is used accordingly;
• Know the third parties to whom the personal data is transferred domestically or internationally;
• Request correction if the personal data is processed incompletely or inaccurately;
• Request deletion