PROCESSING AND PROTECTION OF PERSONAL DATA POLICY

1. INTRODUCTION

Data privacy is extremely important to website and Adgager Anonim Şirketi (hereinafter referred to as “Adgager”), owner of the mobile device app “Adgager”. For this reason, we pay special attention to the open and transparent process of processing your personal data.

In this respect, we explain in detail how your personal data will be processed and how it will be protected with this Personal Data Processing and Protection Policy. Therefore, it is of great importance that you read the content carefully and make sure that you control the privacy of your personal data.

Our privacy principles are as follows;

• We take the privacy of your personal data seriously.

• We are committed to protecting the security of your personal data.

• We undertake to use your personal data as specified in this Personal Data Processing and Protection Policy and not to collect your personal data if it is not necessary.

• We will carry out the collection, processing, confidentiality and security of your personal data in a limited and measured manner in connection with the purposes of processing, within the framework of the Personal Data Protection Law and relevant legislation.

• We will stop collecting your personal data unless it is necessary for the purposes of collecting the personal data.

• We will explain all your rights to protect your personal data.

2. POLICY PURPOSE

With this Personal Data Processing and Protection Policy, Adgager operating via website and “Adgager” mobile device application is regulated under the Personal Data Protection Law and adopted within the scope of the legislation in the processing and protection of personal data. principles and principles are regulated.

It is an integral part of the user agreement between the natural person user or the representative of the legal person user who becomes a member through the mobile application and website.

3. DEFINITIONS

3.1. Personal Data: It includes all kinds of information belonging to real persons whose identity is known or can be determined, who are under protection under the Law on the Protection of Personal Data No. 6698 and the relevant legislation.

3.2. Special Qualified Personal Data: The race, ethnic origin, political thought, philosophical belief, religion, sect or other belief, dress and dress, association, foundation or union membership of the individuals, which are protected under the Law on the Protection of Personal Data No. 6698 and the relevant legislation. These are personal data of special nature, including data on health, sexual life, criminal convictions and security measures, and biometric and genetic data.

3.3. Personal Data Owner: The real person whose personal data is processed. It also includes legal person authorities.

3.4. Processing of Personal Data: Obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making available personal data by fully or partially automatic or non-automatic means provided that it is a part of any data recording system, It covers all kinds of operations performed on data such as classification or prevention of use.

3.5. Data Controller: It is the person who determines the purposes and means of processing personal data and manages the place where the data is kept systematically (data recording system).

3.6. Data Processor: It is the natural or legal person who processes personal data on behalf of the data controller, based on the authority given by the data controller.

3.7. Data Registration System: It is the registration system in which personal data is processed and structured according to certain criteria.

3.8. Law: The Law on Protection of Personal Data No. 6698.

3.9. Explicit Consent: It is the consent that is declared on the basis of free will by the informed personal data owner regarding a certain subject.

3.10. Anonymization: It means making the data previously associated with a person incapable of being associated with an identified or identifiable real person under any circumstances, even by matching with other data.

4. PRINCIPLES OF PROCESSING PERSONAL DATA

In the processing of personal data, it is acted within the framework of the following written principles determined in accordance with all relevant legal legislation, especially the Constitution and the Law on the Protection of Personal Data

5. TYPES OF PERSONAL DATA COLLECTED

Credentials & Contact Information

Name and surname, date of birth, place of birth, identity number, identity information, mother’s name, father’s name, identity serial number, identity validity date, nationality, signature, identity photo, gender, e-mail address, postal address, residence address, phone number and other personal data.

Customer Transaction Information

Information obtained in case of membership opening, actions taken regarding business processes, logging in through the application, transactions performed by the user, routine follow-up of memberships for protection purposes.

Marketing Information

Information obtained through cookie records, the use of target or advertising cookies, and correspondence, information exchanges, communication history between other users.

Location Information

Location information of your current location.

Risk Management Information

Information processed for the management of commercial, technical, administrative risks.

Transaction Security Information

User’s IP address, website login and logout information, password and password information, snapshot, residence address, identity card sample document, internet provider, operating system and browser used, device type; eg laptop or smartphone, mobile app or website, device cookie settings and other device-related details, geographic region reported by user device.

6. PURPOSE OF PROCESSING YOUR PERSONAL DATA

OBJECTIVES OF PROCESSING	LEGAL BASIS
Performing user membership transactions, updating identity and contact information.	Checking up-to-date information on the performance of a contract and our legitimate interest in user/potential user evaluation.
To make mobile application development services and website usability and quality analysis in order to improve our products and services.	Our legitimate interest in performing a contract and sharing up-to-date information about our services with our User/Potential Users.
Fulfilling requests for updating identity and contact information.	Ensuring commercial, technical, administrative and legal security.
Keeping website and application entry-exit records.	Ensuring transaction security with our legitimate interest in getting to know our users better and improving our services in this direction.
Identifying visitors to our website.	Our legitimate interest in sharing up-to-date information about our services with our User/Potential Users and your prior express consent.
Conducting data analytics and market research.	Our legitimate interest and your express prior consent to share up-to-date information about our services with our User/Potential Users.
To resolve your questions and complaints.	Your express prior consent.
To perform legal and technical services and occupational health and safety information management system services of the Law on the Protection of Personal Data.	Legal obligations and the provision of legal and commercial security.
To send marketing communications about news, information and updates about our services, offers and special events, and other marketing communications that may be of interest to you (via SMS, email or phone). We may also use the data we collect about you to assist us with our advertisements for products and services on third party websites; Please review our Cookie Policy for more information.	Our legitimate interest in sharing up-to-date information about our services with our User/Potential Users and your express prior consent (your prior and appropriate consent is required for SMS and telemarketing).

Your personal data is processed within the scope of our services, in accordance with the principles in Article 4 of the Law, within the processing conditions set out in Articles 5 and 6.

7. PERSONAL DATA PROCESSING CONDITIONS

Finding the Explicit Consent of the Personal Data Owner

One of the conditions for the processing of personal data is the explicit consent of the owner. The explicit consent of the personal data owner should be disclosed on a specific subject, based on information and free will.

Circumstances in which Personal Data can be Processed without Obtaining Explicit Consent

Personal data of the data owner; if it is expressly stipulated in the law, if the processing of personal data is necessary in order to protect the life or physical integrity of the person or another person who is unable to express his consent due to actual impossibility or whose consent cannot be validated, if it is directly related to the establishment or performance of a contract, the fulfillment of legal obligations In case the processing is necessary for the purpose of obtaining the data, if the personal data has been made public by the data owner, if data processing is necessary for the establishment, exercise or protection of a right, and if the data processing is mandatory for the legitimate interests of Adgager, provided that fundamental rights and freedoms are not violated. may be processed without express consent.

8. PROCESSING CONDITIONS OF SPECIAL QUALITY PERSONAL DATA

Special categories of personal data regulated in Article 6 of the Law are processed by Adgager, upon the express consent of the personal data owner, by taking adequate measures to be determined by the Personal Data Protection Board in accordance with the relevant legal legislation, or, if there is no explicit consent, limited to the cases stipulated by the laws.

9. DELETING, DESTROYING OR MAKING PERSONAL DATA ANONYMOUS

Personal data processed in accordance with the law and other relevant legislation are deleted, destroyed or anonymized by the data controller ex officio or upon the request of the data subject, in case the reasons requiring processing are eliminated.

Adgager reserves the right not to fulfill the request of the data owner in cases where it has the right and/or obligation to preserve personal data in accordance with its legal provisions.

Adgager, within the period stipulated for periodic destruction, when the storage periods stipulated in the relevant legislation or required by the purpose of processing expire; It deletes or continues to use the personal data it processes by using one or more techniques that are most appropriate for its business processes and activities, from the deletion and anonymization methods specified in the guide on the Deletion, Destruction or Anonymization of Personal Data published by the Personal Data Protection Board.

In terms of the processes of deletion, destruction and anonymization of personal data;

• Detecting unnecessary data from the data in our company’s records, or which is illegal to keep, and determining who can access this data and by what means, and closing these channels,

• In case of receiving services from a third party service provider, such as cloud storage service providers, the data kept in the records of this service provider is deleted by checking whether this service provider has the authority (technical ability) to retrieve the data,

• Encrypted storage and deletion of data kept in portable data recorders,

• Deleting the relevant lines containing personal data in the operating system and databases of office files on the central server with database commands (DELETE, etc.),

• In terms of destruction, it is not sufficient to simply delete the records, divide them into incomprehensible pieces, destroy the copies of encryption keys, and render the recording media irreversible by methods such as demagnetization, physical deformation or overwriting,

• Measures are taken, such as destroying the data or removing the storage medium where the data is processed.

In terms of anonymisation, making the data incapable of being associated with the relevant person by removing or changing all direct and/or indirect identifiers, in this context, which does not provide value irregularity according to the concrete situation (removal of variables/records, regional hiding, generalization, lower and upper bound coding). Measures are taken, such as using anonymizing methods or statistical methods that provide (micro aggregation, data exchange, noise insertion) or provide (micro-combination, data exchange, noise insertion).

10. TRANSFERRING PERSONAL DATA

Your collected personal data; In accordance with the basic principles stipulated in the Law and within the conditions specified in Articles 8 and 9 of the Law, in order for us to fulfill our legal obligations, we show the utmost care and attention to share it with domestic and/or abroad, in accordance with the current regulations in this context. As stated above, including the use of outsourcing, in accordance with the conditions stipulated in the Law and other relevant legislation, and by taking all the security measures specified in the legislation, signed electronically with the data owner. Unless otherwise stipulated in the contract and other relevant legislation, it can be transferred abroad.

Regarding financial processes, with relevant public institutions and our financial advisors; with relevant organizations to fulfill our contractual obligations; It may be shared with the service providers from which we receive technical support within the scope of our legitimate interests, with the consultants from which we receive legal services, with the consultants we provide services and other technical services.

Your “name and surname, city of residence, date of birth, e-mail address, telephone number” information in order to provide you with a healthier service and to carry out our activities within the scope of the cooperation to be established as a result of the campaigns that our company currently carries out and can carry out with third parties; Domestic/foreign/international organizations that we are/will be in contractual relationship with, companies that provide services/support/consultancy or project/program partners, companies that provide security, SMS and e-mail services, companies that provide social media services, independent audit and support service providers, service and infrastructure providers and business partners to ensure the legal and commercial security of third parties and/or to ensure the security of electronic and physical environments.

Technical and administrative infrastructure and services for the establishment, development and maintenance of electronic systems (web site) and customer data can be transferred to third parties to the extent required by the job.

Mobile phone number and/or e-mail address of the Member User; Based on the commercial electronic message/SMS approval, it is shared with the commercial electronic message tool service provider in order to make promotions, advertisements, and offer benefits and opportunities in line with the account.

Adgager transfers abroad in accordance with the purpose of processing the data and provided that necessary security measures are taken. Our company also obtains approval from the data owner in the Explicit Consent Text for international transfer. Your personal data will also be shared with our business partners abroad for the purposes of providing business development services, providing statistical and technical services and conducting customer relations. Your personal data can be transferred to electronic media such as servers, hosting companies, programs, cloud computing for archiving and storage purposes abroad, where necessary security measures are taken, and processed and stored there.

11. YOUR RIGHTS REGARDING THE PROTECTION OF PERSONAL DATA

In accordance with the legislation regarding your processed personal data;

• Learning whether personal data is processed or not,

• If personal data has been processed, requesting information about it,

• To learn the purpose of processing personal data and whether they are used in accordance with the purpose,

• Knowing the third parties to whom personal data is transferred in the country or abroad,

• Requesting correction of personal data in case of incomplete or incorrect processing,

• Requesting the deletion or destruction of personal data,

• Requesting notification of the third parties to whom the personal data has been transferred, regarding the correction of personal data and/or the deletion or destruction of personal data, in case of incomplete or incorrect processing of personal data,

• Objecting to the possibility of unfavorable results if the processed data is processed by analyzing exclusively through automated systems,

• You have the right to demand the compensation of the damage in case of loss due to unlawful processing of personal data.

Pursuant to paragraph 1 of Article 13 of the Personal Data Protection Law, you may submit your requests regarding the exercise of your above-mentioned rights to our Company in writing or by other methods to be determined by the Board. If new application methods are determined by the Personal Data Protection Board, these methods will be announced by our Company.

Within this legal framework, your written applications to our Company, wet-signed application petition by registered letter with return receipt, via a notary public, or by signing with the “secure electronic signature” defined in the “Electronic Signature Law No. 5070”, to our Company’s registered e-mail address or by other methods determined by the Personal Data Protection Law, must be forwarded.

In the application,

a) Name, surname and signature if the application is written,

b) For citizens of the Republic of Turkey, T.R. identification number, nationality for foreigners, passport number or identification number, if any,

c) Domicile or workplace address for notification,

ç) If available, the e-mail address, telephone and fax number for notification,

d) The subject of the request,

is required by law.

Applications will be concluded free of charge as soon as possible and within thirty days at the latest. However, if the transaction requires an additional cost, a transaction fee of 1 (one) Turkish Lira may be charged for each page over ten pages. If the answer to the application is given in a recording medium such as CD or Flash Memory, a fee may be charged equal to the cost of the recording medium.

12. DATA SECURITY

• Adgager; protects your personal data in full compliance with all technical, administrative and legal security measures to be taken within the framework of information security standards and procedures. The said security measures are provided at a level appropriate to possible risks, taking into account the technological possibilities.
• Taking, but not limited to, firewall and gateway measures to ensure cyber security; preventing employees from accessing threatening websites or online services; deletion of unused software and services from computers; It takes precautions such as ensuring that software and hardware are in the most up-to-date version against security vulnerabilities.
• In order to monitor personal data security; Measures are taken such as checking which software and services are running in information networks, determining whether there is any infiltration or any action that should not occur in information networks, keeping log records of all users, preventing the acquisition of data by copying in case of maintenance and repair of any device where data is processed by third parties.
• In order to ensure the security of environments containing personal data; Necessary measures are taken to foresee risks such as theft, loss and damage to the devices or printed documents where personal data are stored, and to take measures to prevent these risks and to minimize the damages in case of realization of these risks.
• If personal data is stored in the cloud; The data security measures of the relevant cloud storage systems and providers are examined, measures such as encrypting the personal data to be transmitted (uploaded) to the data storage service providers with cryptographic methods, sending them encrypted to the cloud environments, limiting and controlling the people, places and internet networks that can be accessed by the data storage service providers.

13. EXPLANATIONS ON CHANGE OF THE DATA SUBJECT’S POSITIVE OR NEGATIVE PREFERENCES ON RECEIVING ELECTRONIC COMMERCIAL MESSAGES

You can change or update your positive or negative preferences for receiving commercial electronic messages, which you have given at a later time, when you become a member of the website or mobile application of the electronic trading platforms operated by Adgager, by following the steps below.

• Login to your account

• Uncheck the preference you have previously ticked.

• “………………….” Click the button.

Once you complete this process, we will update your profile to ensure that no future messages are sent to you via your preferred commercial receiving channel. Termination of membership does not mean withdrawing your consent to receive commercial electronic messages. For this reason, be sure to complete all the procedures to revoke your consent.

14. VALIDITY AND EFFECTIVENESS

The matters regulated in this Policy are subject to the Law and secondary legislation, and in case of conflict between the Policy and the provisions of the legislation, the provisions of the legislation will be applied. This Policy is published on our Company’s website (website) and mobile device application named “Adgager” and is in effect from the date of publication.

Adgager may make changes or updates to this policy in line with legal regulations and Company Policy. Necessary information is provided about the new Policy text reflecting all these changes and updates, via the website or other Adgager services such as a mobile application, or by communicating with other communication methods such as your e-mail.

DATA RESPONSIBLE INFORMATION;

COMPANY

Mersis Number:

Tax Number:

Trade Registry Number:

Address:

Electronic Notification Address: