Privacy and Personal Data Protection for Website Visitors

INFORMATION ON PRIVACY AND PERSONAL DATA PROTECTION FOR WEBSITE VISITORS

Setaş System Information Technology Industry Trade Inc. (“SETAŞ”) places utmost importance on protecting the fundamental rights and freedoms of individuals, particularly the right to privacy as stipulated in Article 20 of the Constitution. In this regard, SETAŞ is committed to ensuring the lawful protection and processing of personal data and acts in accordance with this understanding in all its planning and activities.

SETAŞ does not view the protection of personal data, which is fundamental to privacy, as merely a compliance issue; instead, it places human value at the core of its approach. With this awareness, SETAŞ takes all necessary administrative and technical measures to ensure the secure storage of personal data and to prevent unlawful processing.

In this context, in accordance with the Law No. 6698 on the Protection of Personal Data, the following information is provided regarding the conditions for the processing and transfer of personal data produced or shared during the use of the website "http://www.setasbilisim.com.tr/".

Definitions

• Website: The website located at the address “http://www.setasbilisim.com.tr/”.
• Law: The Law on the Protection of Personal Data No. 6698.
• Personal Data: Any information relating to an identified or identifiable natural person.
• Cookies: Small text files sent to the Online Visitor via browsers by servers. Cookies track the Online Visitor's navigation information and usage history on the Website to provide personalized services, enhance service quality, improve page content, and offer promotions and marketing suggestions; they can remain on the Online Visitor's device for a specified duration.
• Online Visitor/Related Person: All individuals accessing the Website. In related company policies, this group is classified under Visitors.
• Board: The Personal Data Protection Board.
• Company: Setaş System Information Technology Industry Trade Inc.
• Hosting Provider: Refers to real or legal persons who provide or operate systems hosting services and content in the online environment.

Processed Personal Data

The personal data processed based on the Online Visitor's access to the Website and the actions taken on the Website are presented below:

For Online Visitors visiting the Website:

• Transaction Security Information (IP address, site traffic information, etc.)
• Cookie Information

For Online Visitors filling out forms on the Website:

• Identity Information (first name, last name)
• Contact Information (email address, phone number)

Apart from the above, it may also be possible to process other data necessary for the operation, development, and security of the Website in accordance with the Law.

Method and Legal Reason for Collecting Personal Data

Personal data is collected through the use of the Website and the completion of communication forms to be processed for as long as necessary.

Personal data is processed based on the explicit consent of the Online Visitor. However, personal data may also be processed without seeking explicit consent based on one of the legal grounds specified in Article 5, paragraph 2 of the Law: (i) explicit provision in the laws, (ii) necessity for the data controller to fulfill a legal obligation, (iii) necessity for the establishment, exercise, or protection of a right, (iv) necessity for processing data for legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subjects.

Purposes of Processing Personal Data

Personal data may be processed in connection with the transactions made by the Online Visitor on the Website in cases explicitly provided in the laws or in accordance with other conditions specified in Article 5, paragraph 2 of the Law:

• “Identity and contact information” will be processed for the purpose of managing business operations (ensuring the execution and oversight of our business operations), managing customer relationship management processes (managing relationships with customers regarding the products and services offered, addressing requests), and tracking requests/complaints (contacting you based on the information you provided when responding to complaints, requests, thank-you notes, and suggestions) when the communication form is filled out.
• “Site traffic information” will be processed for the purpose of managing information security processes. Additionally, the Hosting Provider is required to record and store site traffic information in accordance with Law No. 5651 and other relevant regulations.

Cookie Information

Third-party cookies are not used on the Website. However, only cookies that are essential for the operation and security of the site may be utilized. The Online Visitor can refuse cookies or request to be alerted when cookies are used by changing their browser settings. Disabling cookies may affect the proper functioning of certain functions on the Website.

Purposes of Using Cookies

We use various cookies on our website and application for different purposes, through which we process your personal data. The primary purposes include:

• Performing essential functions necessary for the operation of the site and application, e.g., eliminating the need for logged-in users to re-enter their password while visiting different pages.
• Analyzing the site and application to enhance performance, e.g., integrating different servers on which the site operates, detecting the number of visitors, and making performance adjustments accordingly, or facilitating visitors in finding what they are looking for.
• Enhancing the functionality of the site and application and providing user convenience, e.g., sharing on third-party social media platforms, remembering usernames or search queries for future visits.

Cookies Used on Our Site

Only essential cookies are used on our site. The use of these cookies is necessary for the proper functioning of our website and application. For example, authentication cookies activated when you log in to our site ensure the continuity of your session when moving from one page to another on the site.

How Can I Control the Use of Cookies?

The preferences of our visitors and users regarding the use of cookies and similar technologies are essential to us. However, it is necessary to use cookies that are essential for the operation of the Platform. We would also like to remind you that disabling certain cookies may partially or completely prevent some functions of the Platform from working.

Information on how visitors can manage their preferences regarding the cookies used on the Platform is as follows:

Visitors have the option to personalize their preferences regarding cookies by changing the browser settings they use to view the Platform. If the browser being used offers this option, it is possible to change preferences regarding cookies through the browser settings. Therefore, although it may vary according to the capabilities offered by the browser, data subjects have the option to prevent the use of cookies, request to be alerted before cookies are used, or disable or delete only certain cookies.

These preferences may vary depending on the browser used, but a general explanation can be found at https://www.aboutcookies.org/. Preferences regarding cookies may need to be made separately for each device through which the visitor accesses the Platform.

To disable cookies managed by Google Analytics, visit https://tools.google.com/dlpage/gaoptout.

To manage personalized advertising experiences provided by Google, visit https://myaccount.google.com/not-supported.

Preferences regarding cookies used by many companies for advertising activities can be managed at Your Online Choices (https://www.youronlinechoices.com/tr/reklam-tercihleriniz).

To manage cookies on mobile devices, use the settings menu of the mobile device.

To Whom and for What Purposes Personal Data May Be Transferred

Personal data may be transferred to authorized public institutions and organizations of SETAŞ with the necessary security measures, provided that one of the conditions specified in paragraph 2 of Article 5 of the Law is present, limited to the purposes stated in this document’s fourth section.

If none of the conditions specified in paragraph 2 of Article 5 of the Law are present, the transfer of Personal Data is subject to the explicit consent of the Online Visitor.

Measures Taken to Ensure Data Security

SETAŞ is required to take all necessary administrative and technical measures to prevent unlawful processing of personal data and unauthorized access to personal data, to ensure the preservation of personal data, and to maintain an appropriate level of security.

In cases where the website redirects to other sites or applications, SETAŞ does not have information about the compliance of these sites and applications with the relevant legislation on the protection of personal data and assumes no responsibility for their privacy policies and contents.

Administrative Measures

SETAŞ provides necessary training to its personnel for the lawful processing and protection of your personal data and regularly audits its employees to measure compliance with the Law. The compliance and diligence of our personnel with the Law is considered a criterion in their performance evaluation.

While these measures are taken within the Company, we ensure your data security by signing confidentiality agreements and undertakings with the groups to whom we share your personal data in compliance with the Law (suppliers, business partners) and ensure that our stakeholders also show the necessary sensitivity regarding your personal data.

In addition to this training, audit, and measures, intervention plans have been created to address any violations that may occur regarding your personal data, and necessary preparations have been made to resolve the violation in cooperation with the Board.

Technical Measures

An IT infrastructure equipped with security measures compliant with international standards has been established to ensure data security and prevent unlawful access to your data. The system built on this infrastructure is continuously audited internally to ensure its proper functioning.

The IT infrastructure where your data collected through our website is processed and stored adheres to the technical measures specified by the Personal Data Protection Authority, including encryption, authorization matrix, application and network security, data masking, firewalls, backup, key management, and up-to-date antivirus systems.

Additionally, intrusion detection and prevention systems have been established to prevent attacks on our IT infrastructure, and regular risk analysis, data classification, vulnerability scans, and penetration tests are conducted to control the security of the system. All these operations require software programs and support compliant with international standards due to the importance we place on your personal data.

Rights of Personal Data Subjects Pursuant to Article 11 of the Law

SETAŞ informs data subjects of their rights in accordance with Article 10 of the Law and provides guidance on how to exercise these rights, as well as establishing the necessary internal procedures, administrative, and technical arrangements.

Under Article 11 of the Law, personal data subjects have the following rights:

To learn whether their personal data is being processed,

To request information regarding their personal data if it has been processed,

To learn the purpose of processing their personal data and whether it has been used in accordance with its purpose,

To know the third parties to whom their personal data has been transferred, both domestically and internationally,

To request the correction of their personal data if it is incomplete or incorrectly processed,

To request the deletion or destruction of their personal data within the framework of the conditions set forth in Article 7 of the Law,

To request notification of the transactions regarding the correction and deletion of their personal data to the third parties to whom their data has been transferred, as stipulated in subparagraphs (d) and (e) of Article 11 of the Law,

To object to the emergence of a result against themselves by means of the analysis of processed data solely through automated systems,

To demand compensation for damages incurred due to unlawful processing of their personal data.

Requests and applications related to the implementation of the Law can be submitted in writing, either in person at the following address: "Mansuroğlu Mahallesi 283/6 Sokak No:2 Bayraklı/İZMİR," or sent via Notary Public, or transmitted electronically via a registered electronic mail (KEP) address at setasbilisim@hs01.kep.tr using a secure electronic signature or mobile signature.

If the data subject has previously provided an electronic mail address registered in SETAŞ's system, requests and applications can also be sent to setas@setasbilisim.com.tr.

The requests and applications must include:

• Name and surname, and if the application is in writing, a signature,
• For Turkish citizens, the Turkish ID number; for foreigners, nationality, passport number, or identification number if available,
• Address for notification (residential or workplace),
• If available, the electronic mail address, telephone, and fax number for notification,
• The subject of the request.

It is necessary to include information and documents related to the subject in the application.

SETAŞ will conclude the requests based on the nature of the application as soon as possible and at the latest within thirty days, free of charge. However, if the requested transaction incurs an additional cost, a fee may be charged according to the rate determined by the Board.

SETAŞ may accept or reject the request, providing the reasons for rejection, and will inform the relevant person in writing or electronically. If the request is accepted, SETAŞ will take necessary action as soon as possible and inform the relevant person. If the rejection of the application is due to an error on the part of SETAŞ, any fees paid will be refunded to the data subject.

In case of rejection of the application, dissatisfaction with the response, or failure to respond within the specified time, the data subject has the right to file a complaint with the Board within thirty days from the date of learning about the response, and in any case, within sixty days from the date of the application.

By using the website, the online visitor declares that they have read all the terms written in this information text and that they have been informed regarding the processing of their personal data.