HDDİZAYN Software Information Technologies (referred to as “hddizayn”) will not share, sell, or use the personal data electronically transmitted by users through the website www.hddizayn.com ("Website") or mobile applications for purposes other than those described in the "Law No. 6698 on the Protection of Personal Data" and the General Data Protection Regulation (GDPR).

The “Personal Data and General Privacy Policy” of hddizayn is provided below.

IP Numbers: hddizayn, when necessary, identifies and uses the IP addresses of users to diagnose system-related problems, address issues quickly that may arise on the website/mobile applications, and, if required, report to legal authorities in accordance with the law. IP addresses can also be used to identify users in a general (anonymous) manner and to collect broad demographic information.

Anonymous Data: Information requested by hddizayn or provided by the user, or information about transactions conducted through the Website/Mobile Application, can be used anonymously by hddizayn and its partners (without disclosing the user's identity) for statistical evaluations, database creation, personalized packages/offers, and market research.

Linking to Other Sites: hddizayn may provide links to other sites within the Website/Mobile Application. hddizayn is not responsible for the privacy practices and content of the sites accessed through these links.

Bank/Credit Card Information: hddizayn ensures data security with an SSL certificate (green bar) using a 256-bit encryption algorithm for data transmission. Users' bank/credit card information is used only by the bank or payment institution during the purchase process and is not stored in the database in any way. hddizayn may offer an infrastructure through PCI DSS-certified institutions to store card information to facilitate users' next purchases. As a result of the Card Storage Services, which are PCI DSS standard and licensed by BDDK, the information on bank/credit cards provides secure and easy payment options for cardholders by facilitating Authentication and Authorization steps.

Situations Where User Data Can Be Disclosed: Personal data of users, including name, surname, address, phone number, email address, and any other information to identify the user, will not be disclosed to third parties other than hddizayn's partners and affiliated companies unless otherwise stated in this privacy policy. However, in the following cases, hddizayn may disclose user information to third parties outside the provisions of this privacy policy:

• Compliance with obligations imposed by law, Decree-Law, regulation, etc., enacted and in force by the competent legal authority;
• Fulfilling the requirements of contracts executed with users and putting them into practice;
• When information about users is requested in accordance with the procedure by a competent administrative and judicial authority conducting an investigation or inquiry;
• When it is necessary to provide information to protect users' rights or security.

hddizayn is committed to keeping confidential information private and confidential, treating it as a confidentiality obligation, ensuring and maintaining confidentiality, taking necessary measures to prevent unauthorized use or disclosure to third parties, and showing due diligence.

Cookies: hddizayn may use a technical communication file (Cookie) prepared by itself or third parties to obtain information about users and their use of the Website. Technical communication files are small text files sent to the user's browser by a website to be stored in the main memory. The technical communication file keeps the session open by storing user session information, passwords, and preferences, recognizes the user on their next visit, and facilitates use. Technical communication files provide statistical information about how many people use the Website, for what purpose, how often, and how long they stay, and help dynamically generate advertisements and content for specifically designed user pages. Technical communication files are not designed to retrieve data or any other personal information from the main memory or email. Most browsers are initially designed to accept technical communication files, but users can change the settings to prevent technical communication files from being received or to be notified when a technical communication file is sent.

Data Collected in Surveys, Competitions, etc.: Information requested from users responding to periodic surveys and competitions conducted by hddizayn within the Website can be used by hddizayn and its partners for direct marketing, statistical analysis, and database creation.

E-Newsletter and Announcements: hddizayn sends weekly e-newsletters to inform users about economic developments, current news, and their fields of interest. If necessary, or if agreed with third-party partners, it may send promotional and informational Campaign/Offer/Package announcements. When you first create an account on our system, you automatically accept receiving emails and SMS. Users can prevent these emails from reaching them by clicking on the link provided at the bottom of the email. Additionally, user panels contain options to prevent these. If you wish to unsubscribe from our daily email list at any time, you can easily unsubscribe with one click by clicking the "Click here to unsubscribe from our newsletter" link at the bottom of the emails we send.

General Information About the Personal Data Protection Law: The Law No. 6698 on the Protection of Personal Data was adopted on March 24, 2016, and published in the Official Gazette No. 29677 on April 7, 2016. The European Union General Data Protection Regulation (EU GDPR) entered into force on May 25, 2018. As a data controller under the Law No. 6698 on the Protection of Personal Data and the EU General Data Protection Regulation (GDPR), we will record, classify, process, store, update, and, in cases permitted by legislation and with your permission, disclose your personal data to third parties. We inform you about our mutual rights and obligations within the scope of this legal regulation.

Information as Data Controller: As hddizayn, whose detailed corporate information is published below, we will record, store, update, disclose/transfer to third parties, classify, and process your personal data, as explained below, within the framework of the aforementioned laws, as a data controller.

Definition of Personal Data Under the Law: Any information that allows your identification or makes you identifiable, such as your identity (name, surname, date of birth, TC ID number, etc.), contact information, information about methods used during access to products (IP, mobile phone brand-model, browser type, version, social media information, actions on screens, etc.), is considered personal data.

How Your Personal Data Can Be Processed: Under the Law No. 6698 on the Protection of Personal Data and the EU General Data Protection Regulation (GDPR), the personal data you share with our company can be obtained, recorded, stored, altered, rearranged, disclosed, transferred, taken over, made obtainable, classified, or processed in other ways, provided that their security and confidentiality are ensured in accordance with the legislation. Any processing performed on the data will be considered "processing of personal data" under the aforementioned laws.

Purposes and Legal Reasons for Processing Your Personal Data:

The personal data you share will be processed for the following purposes:

• To fulfill the requirements of the services we provide to our customers in accordance with the contract and technology,
• To issue an official invoice after the purchase of the products and services we offer,
• To comply with information retention, reporting, and information obligations imposed by legislation and other authorities,
• To provide information to prosecutors, courts, and relevant public officials upon request and in accordance with the law regarding matters of public security and legal disputes;
• Your personal data will be processed within the scope, procedures, and principles of the Law No. 6698 on the Protection of Personal Data and the EU General Data Protection Regulation (GDPR).

Your personal data will be processed to identify the owner and addressee of any transaction and operation related to any product and service to be provided to you, to prepare information and documents that will be the basis for electronic transactions, to comply with the information retention, reporting, and information obligations imposed by all relevant judicial and administrative authorities (courts, TBB, BDDK, SPK, TCMB, MASAK, BTK, etc.), and to fulfill the requirements of our contracts and provide other requested products and services.

Information About Third Parties or Organizations to Which Your Personal Data Can Be Transferred: Your personal data may be transferred to our main shareholders, direct or indirect domestic/foreign affiliates, and other third parties, within the scope of the above-mentioned purposes, as well as to program partner organizations, domestic/foreign organizations, and other third parties we cooperate with and from which we receive services as a Data Processor, within the scope of our activities.

Additionally, your personal data may be transferred to institutions and organizations with which we cooperate, program partner institutions, organizations, banks, financial institutions, providers, or companies, institutions, and organizations that provide data storage services in the cloud environment, institutions, and organizations with which we have an agreement for sending notifications to our customers, and other third parties within the framework of our collaborations.

Methods of Collecting Your Personal Data: Your personal data can be collected through forms on our company's website and mobile applications, using information such as name, surname, citizenship number, passport number, address, phone, work or private email address, age, gender, profession, username, and password, IP records of transactions performed, cookie data collected by the browser, browsing time and details, location data;

• Through our sales and marketing department employees, agencies, dealers, paper forms, business cards, digital marketing and call center channels;
• From people who share their personal data with us for purposes such as establishing a commercial relationship with our company, making a job application, submitting an offer, and other methods, in physical or virtual environments, face-to-face or remote, verbally or in writing or electronically;
• Additionally, data obtained indirectly through various channels, websites, blogs, contests, surveys, games, campaigns, and similar micro-websites, social media, Google, and other third-party social media channels, from email, market intelligence companies, or digital marketing companies, online transactions, offers, etc., can be processed and collected in compliance with the law.

Your Rights as a Data Subject: As a data subject, if you submit your requests regarding your rights to our company by the methods set out below, our company will finalize your request free of charge within thirty days, depending on the nature of the request. However, if a fee is stipulated by the Personal Data Protection Board, our company will charge the fee specified in the tariff.

As per Article 11 of the Law No. 6698 on the Protection of Personal Data and Article 15 of the EU General Data Protection Regulation (GDPR), you have the following rights as a data subject:

• To learn whether personal data is processed,
• To request information if personal data has been processed,
• To learn the purpose of processing personal data and whether it is used in accordance with its purpose,
• To know the third parties to whom personal data is transferred domestically or abroad,
• To request the correction of personal data if it is incomplete or incorrectly processed,
• To request the deletion or destruction of personal data,
• To request that third parties to whom personal data is transferred be notified of the correction, deletion, or destruction of personal data,
• To object to the occurrence of a result against you by analyzing the processed data exclusively through automated systems,
• To request compensation for damages if you suffer damage due to the unlawful processing of personal data.

Pursuant to paragraph 1 of Article 13 of the Law No. 6698 on the Protection of Personal Data, you can submit your request to exercise your rights mentioned above to our company in writing or by other methods determined by the Personal Data Protection Board. Since the Personal Data Protection Board has not yet determined any method, you must submit your application to our company in writing in accordance with the Law No. 6698 on the Protection of Personal Data. In this context, the channels and methods through which you will submit your application in writing to our company are described below:

To exercise your rights mentioned above, you can send your request with the necessary identification documents, specifying your right you want to exercise, in person, by registered mail, notary public, or by other methods specified in the Law No. 6698 on the Protection of Personal Data to the address below.

Contact Information: Address: Büyükdere Cad. No: 35 Mecidiyeköy/Istanbul Email: info@hddizayn.com Phone: +90 (212) 123 45 67