Politique de Données Personnelles

İnfoset Teknoloji A.Ş. ("the Company") pays strict attention to the security of your personal data as the Data Controller. Having that awareness, we are extremely cautious in processing, recording, saving all kinds of personal data belonging to all persons related to the Company and our employees for the following purposes in conformity with law and ethics as well as transferring to/briefing 3rd parties limited by the purpose of processing within the framework of the limitations permitted by the legislation with the full comprehension of our responsibility.

Data Controller: İnfoset Teknoloji A.Ş.

Address: Marmara Kule, Esentepe Mh. E-5 Yanyol Kelebek Sk. No:2 Kat:11 D:93 Kartal, İstanbul

Trade Register Number: 228720-5

Mersis Number: 0478098927700001

Tel: 0850 450 00 40

Website: www.infoset.app

1. For what purposes do we process your personal data?

As Data Controller, we process your personal data for the following purposes:

• Negotiation, conclusion and execution of contracts,
• Providing products and services,
• Customizing the products and services offered in accordance with the demands; update and develop due to customer needs, legal and technical developments,
• User identification of systems in terms of products and services offered,
• Providing call center and remote support services, number of calls and content tracking,
• Announcing new or existing products, services and campaigns, conducting sales and marketing activities,
• Conducting market research,
• Creating statistics and analyzing the uses,
• Payment, collection and selection of product, service and service fees,
• Making contact/communication,
• Conducting commercial relations with cooperating firms, suppliers, resellers and service providers,
• Reporting within the framework of cooperation,
• Evaluation of the re-sellers' partnership application process,
• Developing the commercial strategies and plans of our company,
• Communication by our company for satisfaction measurement surveys,
• Discounts on purchases made from contracted websites and institutions,
• Management of judicial/administrative processes, responding to requests from public institutions, fulfillment of legal obligations in accordance with legal regulations, resolution of legal disputes,
• On an event of merger, division and transfer of all or part of our company with another company, ensuring the results of this legal transaction,
• Introducing our Company employees, Real Person Resellers/Customers, or other people in social media,
• Conducting job interviews, evaluating job applications,
• Establishment, execution and termination of business relationship/contract,
• Employee participation in training and creation of certificate records,
• Creation and follow-up of visitor records,
• Ensuring the internal and environmental security of our Company and the security of the Website and Applications,
• Usage analysis of the Website,
• Creating personal data inventory,
• Evaluating and responding to all questions, requests, suggestions, complaints and applications, including those related to personal data, written, verbally or electronically.

2. To whom and for what purposes do we transfer your processed personal data?

As per the purposes mentioned above, your processed personal data can be transferred to our business partners, shareholders, legally authorized state institutions and organizations, private persons, in order to carry out operational activities of our Company and to independent audit firms, survey firms within the framework of legal obligations and limitations within the scope of data processing conditions and purposes stated in 8 th and 9th articles of PDP Law and in conformity with the basic principles stipulated in PDP Law.

3. Methods and Legal Grounds of Collecting Personal Data

Your personal data are being collected by the Company for the purposes stated above through all kinds of verbal, written or electronical communication channels to carry out our business operations. The collected data are processed and transferred within the context of personal data processing conditions and purposes stated in 5th and 6th articles of PDP Law as well as for the purposes stated above.

Our data collection process; i) through third party digital media or software, including the Website, mobile applications, e-mail, recruitment portals; ii) through contracts, applications, forms, call center, remote support, sales and marketing unit, cookies on the Web Sites, business cards, telephone; or iii) through face-to-face interviews with the Data Owner.

4. Transfer of Personal Data Abroad

Your personal data shall be transferred abroad by obtaining your explicit consent stipulated in article 4(2) of PDP Law or without obtaining your explicit consent if the issues stated in articles 5(2) and 6(3)

shall take place and on the condition that the rules stated in 9 th article of the Law shall be obeyed. It shall be transferred after the Personal Data Protection Committee (“the Committee”) declares the foreign countries having adequate level of protection, only to the resident persons or organizations. For the countries that there is not an adequate level of protection, if the data controllers in Turkey and in relevant foreign countries commit, in writing, to provide an adequate level of protection and obtain the permission of the Committee, the data shall be transferred.

5. What Are Your Rights as a Data Owner?

In the event that you would submit your requests related to your rights to the Company as data subjects with the procedures mentioned below herein this General Disclosure, the Company shall conclude the requests included in the application free of charge and as soon as possible considering the nature of the request and within 30 (thirty) days at the latest. However, in case the operation necessitates a separate cost, the fee in the tariff designated by the Personal Data Protection Committee shall be collected. The rights as the data subject pursuant to the 11th article of PDP Law are as follows:

• Learn whether her/his personal data have been processed or not;
• Request information as to processing if her/his data have been processed;
• Learn the purpose of processing of the personal data and whether data are used in accordance with their purpose;
• Know the third parties in the country or abroad to whom personal data have been transferred; Request rectification in case personal data are processed incompletely or inaccurately and request notification of the operations made to third parties to whom personal data have been transferred;
• Request deletion or destruction of personal data in case the reasons necessitating their processing cease to exist even if the personal data that is processed in accordance with PDP Law or relevant other laws and request notification of the operations made to third parties to whom personal data have been transferred;
• Object to occurrence of any result that is to her/his detriment by means of analysis of personal data exclusively through automated systems;
• Request compensation for the damages in case the person incurs damages due to unlawful processing of personal data.

As per the 1st clause of 13th article of PDP law, you can convey your request relating to the use of rights stated above in writing or by other means designated by the Personal Data Protection Committee to our Company. As the Personal Data Protection Committee did not define any certain method, you are required to submit your application to our Company in writing pursuant to the PDP Law. Within that framework, in order to use your rights stated above, you have to fill in the form on www.infoset.app/static/kvkkBasvuruFormu.pdf and deliver a signed copy of the form together with your personal ID information and a letter of request indicating which of the rights stated in 11 th article of PDP Law you would like to use to the following address by hand, through a notary public or other methods specified in PDP Law: "Marmara Kule, Esentepe Mh. E-5 Yanyol Kelebek Sk. No:2 Kat:11 D:93 Kartal, İstanbul"

If there would be any amendment in the disclosure text, then the enforcement date and content of the disclosure shall be updated.

Last updated: 15.01.2020