We are kindly requesting you to read carefully of the below given Clarification Text on Protection of Personal Data and learn about our purpose of processing your personal data and your associated rights within this scope.

a) Data Controller

Your personal data shall be processed by Kızılkaya Gümrük Müşavirliği A.Ş.  (“Data Controller”), as a Data Controller, according to the below explained scope, pursuant to Law No. 6698 on the Protection of Personal Data (“KVKK”).

b) Purpose of processing personal data

The personal data of our estimable online visitors to be obtained under the E-Bulletin Registration Form shall be processed by the Data Controller with a limited manner, in order to send the informative E-bulletins to your contact information about the activities of the Data Controller, to conduct marketing analysis studies, to conduct advertising/ campaign/promotion processes and marketing processes of products/services.

c) Method and legal reasons for collecting personal data

The personal data to be collected from you shall be automatically processed on an electronic environment by basing explicit consent to be obtained from you as specified in Article 5 of the KVKK.

d) Personal Data Categories and Types

Within the scope of the E-Bulletin Registration Form, the below-mentioned personal data shall be obtained from you:

⮚      Contact Details: E-mail Adress

e) Transferring Personal Data

Your personal data as specified in (d) sub-clause of this Clarification Text shall be transferred by the Data Controller to natural persons and private entities residing within country, in line with accomplishment of the purposes as specified in (b) sub-clause and with a limited manner for the data processing conditions as specified in Article 8 of KVKK and purposes of specified above.

f) Your rights concerning protection of personal data as a data subject

You may communicate your requests in writing, regarding the rights of data subject regulated by Article 11 of the KVKK according to the Communiqué on Application Methods and Principles to the Data Controller to the below given address of the Data Controller: Set Üstü, Ömer Avni Mah. Taşlı Çıkış Sok. No: 4, Kabataş, Beyoğlu, İstanbul, Türkiye or by e-mail to the following e-mail address: kvkk@kizilkaya.com.tr over your personal e-mail address written on the E-Bulletin Registration Form.

We are kindly requesting you to read carefully of the below given Clarification Text on Protection of Personal Data and learn about our purpose of processing your personal data and your associated rights within this scope.

a) Data Controller

Your personal data shall be processed by Kızılkaya Gümrük Müşavirliği A.Ş. (“Data Controller”), as a Data Controller, according to the below explained scope, pursuant to Law No. 6698 on the Protection of Personal Data (“KVKK”).

b) Purpose of processing personal data

The personal data of our estimable online visitors to be obtained under the Contact Form shall be processed by Data Controller with a limited manner, in order to conduct communication activities and follow-up of your requests/complaints.

c) Method and legal reasons for collecting personal data

The personal data to be collected from you shall be automatically processed on an electronic environment by basing on the legal ground as specified in Article 5 of the KVKK, which reads as follows: “It is necessary for the legitimate interests of the data controller, provided that the fundamental rights and freedoms of the data subject are not harmed.”

d) Personal Data Categories and Types

Within the scope of the Contact Form, the below-mentioned personal data shall be obtained from you:

•  Identity Details: Name-Surname, Coutry
•  Contact Details: E-mail Adress, Telephone Number
•  Information that may be included in the message you have sent us

e) Transferring Personal Data

Your personal data as specified in (d) sub-clause of this Clarification Text shall be transferred by Data Controller to natural persons and private entities residing within country, in line with accomplishment of the purposes as specified in (b) sub-clause and with a limited manner for the data processing conditions as specified in Article 8 of KVKK and purposes of specified above.

f) Your rights concerning protection of personal data as a data subject

You may communicate your requests in writing, regarding the rights of data subject regulated by Article 11 of the KVKK according to the Communiqué on Application Methods and Principles to the Data Controller to the below given address of the Data Controller: Set Üstü, Ömer Avni Mah. Taşlı Çıkış Sok. No: 4, Kabataş, Beyoğlu, İstanbul, Türkiye or by e-mail to the following e-mail address: kvkk@kizilkaya.com.tr over your personal e-mail address written on the E-Bulletin Registration Form.

GENERAL EXPLANATIONS

Personal data owners, who are defined as “data subject”(hereinafter referred to as “Applicant”) within the Law on the Protection of Personal Data no. 6698 (the “Law”) are entitled to make certain Requests regarding the processing of their personal data according to Article 11 of the Law. In accordance with the first paragraph of Article 13 of the Law, applications to be made to Kızılkaya Gümrük Müşavirliği A.Ş. (hereinafter referred to as “Data Controller”), acting in its capacity as data controller, concerning these rights shall be made in writing or by any other means determined by Personal Data Protection Board (“Board”).

Within this context, all applications to be made to the Data Controller shall be communicated to us “in writing” by using this form to be delivered to the Data Controller;

• Via Personal delivery of the Applicant,
• Through a notary public,
• By means of signed by the Applicant with the “secure electronic signature” defined in the Law on Electronic Signature no. 5070 and sent to the registered e-mail address of the Data Controller, is forwarded to us by printing-out herein form.

The following information contains explanations on how to communicate the written applications to the Data Controller through the written application channels.

In addition, following the announcement of the other channels to be determined by the Board, the Data Controller will announce how the applications will be received through these channels.

Applications that has been submitted to the Data Controller will be replied within the thirty days from the date on which the application was received by the Data Controller. However, if the transaction requires an additional cost, the fee in the tariff determined by the Board will be charged by the Data Controller. In accordance with Article 13 of the Law, respond to your request will be sent to you in writing or electronically.

A. Applicant’s Identity and Contact Information

B. Please select your relationship with the Data Controller from the options below. (Customer, Business Partner, Employee Candidate, Former Employee, Third Party Employee, Shareholder etc.)

C. Please provide details of your request and the nature of the personal data subject to the request in accordance with the Law.)

D. Please select the channel you want to be notified by the Data Controller regarding the response to your application:

□ I want the response to be sent to my address

□ I want the response to be sent via e-mail

(If you choose the e-mail channel, we will be able to respond to you faster.)

□ I want to receive it in person

(In case of submission of request by proxy, it is required to have a notarized power of attorney or certificate of authority.)

This application form was drafted to respond to your application within legal period in a correct manner by identifying the relationship between you and the Data Controller and, if any, detecting any of your personal data processed by the Data Controller. The Data Controller reserves the right to request additional documents and information (copy of the identity card or driver's license) for identification and authorization purposes to eliminate legal risks that may arise from data sharing in an illegal and unlawful manner, and particularly, to ensure the security of your personal data. In the event that the information submitted within the application form is not accurate or up-to-date or the request is made by an unauthorized third party, the Data Controller declines responsibility for any claim that may arise in consequence of such incorrect information or unauthorized application.

Applicant’s (Personal Data Owner) Name and Surname:

Date of application:

Signature:

As Kızılkaya Gümrük Müşavirliği A.Ş. (“Data Controller”), we exercise utmost due care about your personal data. For this reason, we would like to inform you about your rights on the use and protection of your personal data within the scope of the Law No. 6698 on the Protection of Personal Data (“KVKK”) in force with an aim to protect your fundamental rights and freedoms.

1. What is Personal Data?

In the KVKK, personal data is defined as any kind of information related to a natural person who is either identified or identifiable. In this regard, your name, last name, e-mail address, and phone number that you share with us are defined as personal data.

2. What is the purpose of personal data collection by Data Controller?

As Data Controller, we collect your personal information with an aim to provide you with services, fulfill our legal obligations, and inform you on campaigns, news, and recent developments and we process your personal information in this regard.

3. Why and to whom do we transfer your personal data?

We may share your personal data with our headquarters abroad, our affiliates that we collaborate at home as well as institutions and organizations collectively representing us during the period of our business relationship with them and/or our business partners that we cooperate to conduct our activities. In addition, we may share your personal data with courts and other public institutions to fulfill our legal obligations provided that such personal data sharing shall be limited thereof.

4. How do we keep your personal data?

Your personal data shared with Data Controller are kept in compliance with the applicable legal regulations, provisions of the KVKK, and Data Controller standards.

5. How long do we keep your personal data?

As Data Controller, we keep your personal data in compliance with the KVKK. We will delete or destroy your personal data, or otherwise make your personal data anonymous to continue to use when the purpose of processing personal data is no longer in effect as per Article 7/f.1 of the KVKK and/or upon expiry of the period of limitation under which we are obliged to process your personal data as per the applicable legislation.

6. What are your rights pursuant to the KVKK?

Pursuant to Article 11 of the KVKK, you are entitled to make the requests listed below by submitting an application to us regarding your personal data:

- Request to learn about whether your personal data are processed,

- Request for information on your personal data if such personal data are processed,

- Request to learn about the purpose for processing your personal data and whether such personal data are used in compliance with their intended purpose,

- Request to learn about third parties to which such personal data are transferred in Turkey or abroad,

- Request for correction of your personal data in case of incomplete or inaccurate processing of such personal data,

- Request for deletion or destruction of personal data,

- Request for notification to third parties, to which such personal data are transferred, of the processes for correction and/or deletion or destruction of your personal data in case such personal data are processed in an incomplete or an inaccurate manner,

- Raise an objection to any result against the person arising out of any analysis of such personal data exclusively by means of automated systems, and

- Claim for compensation of damages in case of damage arising out of any illegal processing of such personal data thereof.

As Data Controller, we will reply to your requests free of charge as soon as possible within 30 days based on the nature of such requests. However, in case such requests require for any additional costs, the fee stipulated in the tariff determined by the Board shall be payable.

ABOUT THE WEB SITE

The website https://www.kizilkaya.com.tr/ (“Site”) was launched by Kızılkaya Gümrük Müşavirliği A.Ş (hereinafter referred to “Data Controller”). All of the natural persons or legal entities (“User”) who access and/or use and/or make use of the Site (“User”) are required to carefully read these Terms of Use and Privacy Policy (“Policy”) applicable to any use of the Site.

By reading this Policy, users are informed that the necessary information about the usage and sharing of information within the scope of the Site is made to them in accordance with the Turkish Code of Commerce (Turkish Commercial Code No. 6102, Turkish Code of Obligations No. 6098, Personal Data Protection Law No. 6698) and general ethical principles. Protection and confidentiality of the information you provide to us, as Data Controller of utmost importance for us. Due to the many possibilities and risks offered by the Internet, we would like to inform you about the following issues regarding the protection of your information about the use of our Site.

ABOUT THE INFORMATION SHARED BY THE USER

Users of the Site accept and declare that all commercial and/or personal information (“Information”) they share with us through the Demo Form within the Site or in any other way with their express consent is correct and up-to-date. In the event that such information belongs to another third party (“Third Parties”), the Data Controller shall accept that the user shares such third party information with the Data Controller as required as a result of the necessary information and consent in accordance with the relevant Law and legal arrangements and we, as the Data Controller shall not assume and accept any legal and/or criminal liability thereof.

As the Data Controller, within the scope of your information collected through the website, we will provide you gradual information, in accordance with the relevant Law and legal regulations and we will provide detailed information about our legal reason in keeping your information, the purposes for which we use your information.

ABOUT CONNECTED WEB SITES

The legal owner of this Site is the Data Controller and the legal rights of the content and/or various items within the Site belong to the Data Controller and in some cases to other third parties. Any copying, unauthorized copying or imitation of the contents or elements of the Site is prohibited on the basis of the applicable legislations and is subject to the permission of the respective legal right holder.

The site contains links to the web sites of third parties. The Data Controller declares that it does not accept any liability or obligations for any third-party sites and/or contents and that the user cannot be held liable for any damages incurred by them.

CHANGES ON THE WEB SITE

The Data Controller may at any time modify and change this Policy, any legal and/or other texts, any technical elements, contents or features contained within the site. Any such changes shall be deemed to be valid upon the publication of the same on the Site and it is the personal responsibility of the users to carry out the necessary examinations and readings regarding such changes and the Data Controller shall not have any legal and/or criminal liability in this context.

CONTACT

You can contact with us through the “Contact ”section of the Site or directly by sending an e-mail to kvkk@kizilkaya.com.tr to share any comments and suggestions about the policy or to ask your questions.

WEB SITE OF KIZILKAYA GÜMRÜK MÜŞAVİRLİĞİ ANONİM ŞİRKETİ

(“DATA CONTROLLER”)

COOKIE POLICY

WHAT ARE COOKIES?

Cookies are very small text files, usually composed of letters and numbers, that are saved to your computer (or other devices such as smartphones or tablets) by browsers of the websites you visit. Cookies do not include personal information about visitors, such as name, gender or address.

Cookies are generated by servers that manage the website you visit. By this way, the server can understand when a visitor visits the same site. Cookies can be likened to identity cards that show website owners that the same visitor is visiting the site again.

HOW DATA CONTROLLER COOKIES ARE USED?

Data Controller cookies;

· are used in order to remember your preferences and personalize your use of the website/mobile application/ mobile site. This utilization:

o includes the cookies that record your password and keep your website/mobile app/ mobile site logged in continuously, saving you the trouble of entering passwords multiple times each time you visit, and

o the cookies that remember and recognize you on subsequent visits to the website/mobile application / mobile site.

· are used in order to determine how you use the website/mobile application/mobile site, including where and from which devices you connect to the electronic trading platforms operated by the Data Controller, what content you display on the website/mobile application/mobile site and in order to determine how you use the website/mobile application/ mobile site, such as the duration of your visit.

· are used in order to offer you more relevant contents and ads according to your interests, in other words they are used for the targeted advertising/promotion purposes. The Data Controller matches the information obtained through cookies with your other personal data and offers you more relevant contents, customized campaigns and products and it does not offer you any contents or opportunities that you previously stated that you did not want to interest with.

· Performing basic functions necessary for the operation of the Site. For example, Site members can login with membership information.

· Analyzing the Site and improving the performance of the Site. For example, identifying the numbers of visitors of the Site and adjusting performance accordingly or making it easier for visitors to find what they are looking for.

· Increasing the functionality of the Site and providing ease of use. For example, remembering the username or search queries on a subsequent visit of the visitor to the Site or linking to third-party social media activities through the Site.

· Performing personalization, targeting and advertising. For example, showing ads about visitors' interests on the pages and products that visitors have displayed previously.

HOW DOES THE DATA CONTROLLER USE THIRD PARTY COOKIES FOR ADVERTISING AND RE-TARGETING PURPOSES?

Data Controller cookies may also be used in order to offer you the advertisements that you may be interested in when you visit the website, mobile application or mobile site and/or websites of the Data Controller of the electronic trading platforms operated by the Data Controller or when you visit the websites on which the ads are placed by the Data Controller or when you visit the search engines, for the purpose of activating the “advertising technology” thereto. The advertising technology uses information about your previous visits to the website/mobile application /mobile site and to the websites / mobile / mobile site applications on which the ads are placed by the Data Controller, in order to offer you specific ads according to your interests. While offering such ads, a unique third-party cookie may be placed in your browser so that Data Controller can recognize you.

Data Controller is also using Google, Inc. ("Google"), which is a web analytics service provided by Google Analytics. Google Analytics uses cookies for the purpose of analyzing how the visitors use the website/mobile application/ mobile site through statistical information/reports thereof. For more information about using the Google Analytics (including rejection options), please visit the following website: https://www.google.com/intl/tr/policies/privacy/#infocollect 

In addition to this, your e-mail address is shared with these platforms, in order to offer you the ads that may be interesting for you on social media platforms and in order to create a special target audience. Your e-mail address is transmitted through secure channels and environments provided by these platforms. Social media platforms use your e-mail address only for matching purposes, by hashing your e-mail. Your e-mail address is not shared with third parties or other advertisers and it is deleted from the social media platforms, as soon as possible after the matching process is completed.

For example; Facebook is (a) responsible for maintaining the security and integrity of your data as long as it is available on Facebook systems; and (b) to take the necessary technical and physical security measures, in order to protect your personal data from accidental or unauthorized access and unauthorized use, alteration or disclosure of your personal data available in the Facebook systems, which are developed in a manner in order to include such technical and physical security measures and it shall ensure the privacy and security of your e-mail address and Facebook User ID collection, which creates your specific audience (“your specific audience”) and which is encrypted with the hash method. Furthermore, without your permission or unless required by law, Facebook will not provide access or information to third parties or other advertisers for your specific audience, or add your specific audience information into the information about our users, or create interest-based profiles or use your specific audience outside of providing services to you. In order to learn more about the terms of specific audience of Facebook, visit the below given address: https://www.facebook.com/ads/manage/customaudiences/tos.php?_=_ and you may also visit the below given address to learn about the Facebook Privacy Policy: https://www.facebook.com/privacy/explanation.

MANAGEMENT OF COOKIES

Depending on your Internet browser type, you can exercise your right to learn about cookies and allow or reject the cookies by following the below given steps:

· Google Chrome: You can allow or block cookies from the “Cookie” tab by clicking the “lock mark” or “i” in the “address section” in of your browser.

· Internet Explorer: Click on the “Tools” section at the top right corner of your browser and click on the “Security” segment and manage your cookies either by “allowing” them or by “not allowing” them.

· Mozilla Firefox: Click on the “open menu” section at the top right corner of your browser and click on the “Options” segment and manage your cookies by using the “Privacy and Security” button here.

· For other browsers (such as Opera, Microsoft edge), you may review the help or support pages of relevant browser.

· Safari: Select the “safari” segment from the “Adjustments” section of your smart phone and manage your cookies by using the “Privacy and Security” section.

· Along with the above-mentioned options, you may also visit the address of: https://www.allaboutcookies.org, https://www.youronlinechoices.eu/ in order to learn more about all of the cookies and for cookie management or you may use the "Privacy Badger" application. (https://www.eff.org/tr/privacybadger)

· For the management of the cookies or SDK in mobile applications, you may follow the instructions given in the Privacy or Adjustments sections of your device or you may download and use the Lumen Privacy Monitor (https://haystack.mobi) to your smart phone.

If you reject the persistent cookies or session cookies, you may still continue to use that website, mobile application or mobile site, however you may not be able to access overall functions of that website, mobile application or mobile site or you may have a limited access. This matter may vary depending on the mobile applications.

COOKIE TYPES

Types of Cookies depending on the durations of use: The electronic trading platforms operated by the Data Controller use session cookies and persistent cookies on the websites, mobile applications and mobile sites according to their duration of use. The session cookie ends when you close your browser. A persistent cookie remains on your hard disk for a long time or indefinitely.

Types of cookies depending on the owner or the party placing the cookie: Data Controller cookies “first party cookies” and “third party cookies” are used on the websites, mobile applications and mobile sites of the electronic trading platforms operated by the Data Controller, depending on the party placing such cookies on such websites. Data Controller cookies are generated by the Data Controller and the third party cookies are managed by third party companies, that we work in collaboration with.

Types of cookies depending on the intended use: The technical cookies, verification cookies, targeting/advertising cookies, personalization cookies and analytical cookies are used on the websites, mobile applications and mobile sites of the electronic trading platforms operated by the Data Controller, depending on their intended use. By using these cookies the Data Controller, determines the characteristics that separate the members from each other and segregates the members into large groups for the purpose of offering suitable campaigns and advertisements according to the preferences and tastes of the members and it conducts statistical studies in order to determine their spending habits basing on the categories such as average spending amounts, age, gender, shopping categories, mobile usage rate and etc. habits.

The details regarding the cookies given place on the website of the Data Controller are given in the below table: