1. Introduction

Our company gives a great importance to the protection of the personal data obtained by our company due to its activity. In this context, our company has prepared this policy in order to determine the principles to be applied and precautions to be taken about processing, storage, destruction and informing to the data owners. Our company performs the activities about the personal data in accordance both the law no. 6698 and the law on the protection of personal data.

2. Purpose

Our company may process the personal data in order to perform its own activities, to provide a better service to its own customers, to use the rights generated by the contracts and fulfill the obligations, to execute the duties and responsibilities generated by the law, to perform marketing or managing tourism facilities that belong to our customers under the most favorable conditions, to make advertisement in the most optimal conditions.

The purpose of the policy on protecting personal data is determining the principles and the rules that have to be obeyed during the personal data processing activity in the way that we explained above and the activity of processing personal data consists of providing the necessary transparency by informing to the data owners and by protecting the fundamental rights and freedoms of individuals, especially by focusing on the privacy of private life.

3. Scope

Protection of personal data policy is directly associated with the activities that are about personal data covered by the law no. 6698.

4. Reference

Protection of personal data policy refers to the law no. 6698 and the regulations that are made/will be made in the scope of this law. In this regard, the protection of personal data policy will be applied as long as it complies with the legislation in force.

5. Personal Data

Personal Data denotes all kind of information about real persons whose identities are identified or can be identified.

In general, data such as names, surnames, dates of birth, ID numbers, mobile phone numbers, e-mail addresses are personal data. However, such data have to be associated with a real person in order to be qualified as personal data, in other words, the real person must ensure the identification. This kind of personal data are qualified as general personal data in the policy of protecting personal data.

Some of the data that have sensitive content in law no. 6698 are assumed as private personal data. Therefore, any kind of data that are excluded from private personal data are described as general personal data by our company.

Private personal data are as follow;"race, ethnicity, political view, philosophical belief, religion, religious sects or other belief, disguise, membership of association, foundation or union, health, sexual life, data about criminal conviction and security measures, biometric and genetic data"

6. Conditions for Processing Personal Data

During the processing of personal data, our company will take precautions;

· To act in accordance with the legislation in force firstly, and then with the policy of protecting personal data and with the rules of integrity

· To ensure that the processed data are accurate and up-to-date

· To process the personal data with the purpose that has been expressed above and to act in this limit and to be restraint

· Our company will take the necessary preventions to ensure processing of the personal data in the way prescribed by legislation or preserving the data within the time allowed to be kept.

Our company does not process the personal data without explicit consent of data owner as a rule. However, explicit consent of data owner is ignored when the situations below are occured;

· When it is clearly prescribed in the law

· When it is required to process personal data of the parties only in condition of establishing a contract or executing it.

· When it is compulsory for our company to fulfill legal obligations.

· When it is publicized by related person.

· When it is compulsory to process the data for the establishment, usage or protection of a right.

· When it is compulsory to process the data for legitimate interests of our company only in condition of not giving any harm to fundamental rights and freedoms of data owners.

Private personal data is processed only when there is an explicit consent of the data owner or without explicit consent of data owners when these conditions are foreseen in law.

7. Purposes of Processing Personal Data

Our company processes personal data in the purposes of,

· Fulfilling the legal obligations and protecting legal rights and interests of our company.

· Performing, drawing up and executing contract negotiations and proceeding, concluding contract processes.

· Providing a better service for customers and determining the most suitable projects and services for our customers.

· Developing products and services.

· Managing, executing and supervising activities of our company.

· Representing suitable product and service for customer preferences.

· Following up and taking actions about demands and complains of customers. Measuring customer satisfaction.

· Supply of materials and services needed by our company.

· The promotion, announcement, sales and marketing activities of the company execution.

· Supply, planning, management, supervision and provision of personal rights of human resources that our company needs.

· Ensuring necessary coordination and business unity with group companies and suppliers within our company.

· Protecting rights that generated by contracts and law.

Processing of personal data refers to all kind of operations performed such as obtaining data in an automated or a non-automated way in the condition of being a part of a data saving system, saving, storing, preserving, changing, reusing, regulating, disclosing, transferring, taking over, making it vulnerable to obtain, classifying and preventing data from usage. Our company processes data for its own activities as a rule. In this context, our company may transfer personal data of personal data owner and private personal data to third persons (community companies, business partners, shareholders, participants, insurance companies, public institutions and/or organizations and the third persons who have the same purposes) by taking necessary security precautions in accordance with law and personal data processing purposes of our company.

Our company can reserve the personal data as long as the time which is stated in related legislations when it is foreseen in related legislations. If there is a regulation about time in the legislation about how long the personal data can be stored in the purpose of processing, the personal data is stored as long as the time which is stated in related legislation depending on the activity of our company while processing that data, the time required to be processed in accordance with their practices and commercial practices. If you request us to delete, destroy or anonymize your personal data, this demand will be fulfilled by our company at the end of the period determined by legal regulations, however, your personal data will not be processed within the framework of this period and will not be transferred to third persons except for the obligations arising from national or international laws, regulations and contracts.

Our company may transfer the personal data to abroad when there is adequate protection suitable to this policy or in case of the absence of protection, the transfer activity could be executed with a written protection commitment of data supervisors in Turkey or data supervisors in related foreign country and transfer could be executed with the permission of committee.

8. Retention Period of Personal Data

Personal data will be stored as long as the time that determined by related legislation or as long as the required time for the purpose of processing.

9. Precautions Regarding Protection of Personal Data

Our company pays attention to privacy and security of personal data. Our company takes legal, technical and administrative measures to protect personal data as long as the law and the relevant legislation prescribe.

Our company takes legal and administrative measures to prevent personal data from illegal process and illegal access and to provide conservation for personal data. Our company makes the necessary briefing to company employees as well as our company takes special measures in the contracts it will negotiate with employees and third persons.

Our company takes the necessary measures, but, in case of seizure of processed personal data by non-lawful third parties, you and committee of protecting personal data will be informed about the situation by our company as soon as possible.

10. Deleting, Destroying and Anonymizing Personal Data

When the conditions of processing of personal data become invalid, personal data will be deleted by our company or with the demand of data owner. Destruction of personal data will be applied by using one of the methods such as deleting, destroying or anonymizing.

· Deletion of personal data is process of making personal data inaccessible and unusable in every way used by related users.

· Destruction of personal data is process of making personal data inaccessible, irreversible and unusable in any way for anybody.

· Anonymizing personal data is process of making personal data unrelated with any real person whose identity is identified or able to be identified in any way even if these personal data can be matched with other data.

Our company records every process about deletion, destruction and anonymization of personal data and concerned records are reserved at least three years. Which method to destroy personal data will be determined by our company and it will be informed with its reason to data owner upon request of data owner. The periodic destruction time of our company is 6 (six) months.

11. Rights of Data Owner

Data owner have right to be enlightened during obtaining of personal data. Accoring to this, during obtaining of personal data our company is informed

About the title and representative identity of our company,

In which purpose personal data will be processed,

To whom the personal data will be transferred and in which purpose it will be transferred,

Obtaining method of personal data and its legal reason.

On the other hand, the data owner has rights,

· To know if the personal data is processed or not processed

· To request information if the personal data is processed

· To know the purpose of processing of personal data and if they are used suitable with purpose or not

· To know the domestic or abroad third parties that personal data are transferred to

· To request editing of personal data if they are processed missing or wrong

· To request destruction of personal data when the conditions necessary for processing expire.

· To request the third parties related with the transfer of personal data to be informed about the last status of personal data when they are changed or destroyed,

· To object to the emergence of a conclusion against data owner when it occurs after the analyze of processed personal data conducted by exclusive automated systems,

· To request the compensation of the damage when the personal data get damaged because of illegal processing,

Data owners may transmit their requests to the open address, phone number or e-mail address by documenting their identities;

You have rights as being the data owner in context of article no.11 of the KVKK (The Law on the Protection of Personal Data), you may inform us your demands on these rights by providing all the information stated on the application form and by visiting our company in the location

· "Sırma Caddesi No:30/1 Altındağ ANKARA 06160 Türkiye" in accordance with the 11’th article and 1’st sub-article of 13’th article of KVKK (The Law on the Protection of Personal Data) and Notification on the Procedures and Principles of Application to the Data Controller

· You contact us on registered electronic mail (REM) like KEP ADRESİ YAZILACAK or through a written form on behalf of a public notary in order to be able to identify your identity and not to inform or with a registered return letter, the wrong people

· You can contact us by sending e-mail to info@alkosan.com address if you have electronic signature, mobile signature or by using the e-mail address that has been registered by our system (if you have one) or you can contact us by other methods that the committee will determine in the future.

12. Changes and Updates

Hereby, this enlightenment text is prepared in context of Law on the Protection of Personal Data no.6698 and other relevant legislations. Necessary changes can be made in this enlightenment text when an update or a change will emerge in the relevant legal legislations and/or in the personal data processing policy or purpose of our company.

The most recent version of Enlightenment Text will always be accessible on www.alkosan.com