Policy on The Protection

POLICY ON THE PROTECTION AND PROCESSING OF PERSONAL DATA Purpose and Scope   This Personal Data Protection and Processing Policy (“Policy”) contains the processing, storage, deletion, destruction, anonymization, transfer, enlightenment of data owners and ensuring data security of the personal data obtained from the visitors, artists, and customers of the website https://ahmetgunestekin.com/ within the scope of the Law No. 6698 on the Protection of Personal Data (“Law”) by Ahmet Güneştekin (“Data Controller”).   The data controller fulfils his obligations arising from the law by providing information about the processing and storage of personal data, deletion, destruction, anonymization, transfer, processing and storage of personal data within the scope of the Law, within the destruction periods or upon the request of the person whose personal data is processed and obtaining his consent and ensuring data security within the scope of the principles stipulated by the Law.   Definitions The definitions explained below are those that are also included in the Law:   Legislation: Refers to other relevant legislation, primarily the Law on Protection of Personal Data No. 6698, in which the rules regarding the storage, processing and protection of personal data are determined. Explicit Consent: It refers to the declaration of consent on a specific subject, based on information and freely disclosed by the Data Owners. Anonymization: It means making the Personal Data incapable of being associated with an identified or identifiable natural person in any way, even by matching with other data. Board: Refers to the Personal Data Protection Board. Relevant Person/Data Owner: Refers to the real person whose personal data is processed. Personal Data: It means all kinds of information related to an identified or identifiable natural person. E.g., name, surname, date of birth, place of birth, etc.   Sensitive Personal Data: The race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, disguise and dress of the persons, which may cause the Relevant Person / Data Owner to be victimized or exposed to discrimination in cases such as their disclosure or loss, means the data subject to a stricter protection regime within the scope of the Law on membership of associations, foundations or trade unions, health, sexual orientation and sexual life, criminal convictions and security measures, biometric data.   Processing of Personal Data: Obtaining, recording, storing, maintaining, changing, rearranging, disclosing, transferring, taking over, making available Personal Data in whole or in part, automatically or by non-automatic means provided that it is a part of any Data Recording System. refers to all kinds of operations performed on data such as classification or prevention of use. Data Registration System: It refers to the registration system in which Personal Data is processed and structured according to certain criteria. Data Controller: It refers to the natural or legal person who determines the purposes and means of processing Personal Data and is responsible for the establishment and management of the Data Recording System. Within the scope of this Policy, the Data Controller is Ahmet Güneştekin. Data Processor: Refers to the natural or legal persons who process personal data on behalf of the Data Controller based on the authority given by him.   Execution As the Data Controller, we declare and undertake the following:

1. Within the scope of activities related to personal data, it is acted in accordance with general principles, law, and honesty rules.
2. The necessary facilities are provided to the data owners for the requests to update, destroy and store their personal data, and necessary measures are taken to ensure that the data is included in the database in an accurate and up-to-date manner.
3. Personal data processing activities are limited to legitimate and compatible activities, and data subjects are clearly informed about their activities for these purposes, through the disclosure texts and consent statements/forms when deemed necessary within the scope of the legislation on the protection of personal data.
4. Personal data are processed in connection with and limited to the purpose notified to the Data owner.
5. If a certain period of time is determined within the scope of the legislation in force, personal data will be kept during this period; Even if there is no provision in the legislation, personal data will be kept for the required periods for the purposes of processing. After the reasons for the processing of this data are over, it will be deleted, destroyed, or anonymized.

  Personal Data The personal data that can be collected within the scope of the legislation on the protection of personal data are as follows:   Identity Information: Name, surname and other identity information, company tax number Contact Information: Contact address, telephone number, e-mail address, fax number, IP-PORT information and the information given to the Data Controller by the person whose data will be processed, and which allows the person whose data will be processed to be contacted and reached.   Sensitive Personal Data: Although it is not the direct processing purpose of the Data Controller, it is among the information presented to the Data Controller and is indirectly obtained; religion, philosophical belief, political opinion, and personal health data, as well as information about other associations or unions that may be a member, which may be optionally specified.   Legal Action and Compliance Information: In correspondence with judicial and administrative authorities; Information submitted to the authorities by the Data Controller or given to the Data Controller by the authorities, information regarding the lawsuit files filed against the Data Controller, filed by the Data Controller, or the title of the Data Controller, which is not a party, but should be followed for any other reason. Transaction Security Information: IP address information, website login and exit information, password, and password information. Location Information: Address information   Purposes and Reasons for Processing Personal Data Personal Data are processed within the scope of the following purposes:

1. Carrying out activities in line with the purposes and activities of the Data Controller,
2. Ensuring communication on the rights and obligations of the people visiting the Website and fulfilling the relevant rights and obligations, strengthening the communication and cooperation between the relevant real and legal persons and the Data Controller, and conducting the legal processes between the parties,
3. Giving information about the introduction of the Data Controller and the activities carried out and / or to be carried out,
4. Determining and implementing the activities and services of the Data Controller and executing the policies,
5. Submitting the necessary information and documents to these authorities upon the request of judicial and administrative authorities and various institutions and organizations,
6. Keeping the books and records required to be kept by the Data Controller within the scope of their legal obligations.

      Copying/backing up to prevent data loss: Personal data by the Data Controller, in case of an application and/or communication with the Data Controller, physically or through information and documents transferred electronically, via the website at https://ahmetgunestekin.com/, in particular, by e-mail, telephone. The information given within the scope of various communications with the responsible person is collected and processed in written form or in electronic media.   In the processing of personal data, the Data Controller adheres to the personal data processing principles and obligations, in particular the Personal Data Protection Law No. 6698   Personal Data Collection Method and Legal Reasons Your personal data, if any, in accordance with the basic principles envisaged for the Data Controller to continue his activities, including but not limited to the contracts signed with me, applications, visits to my address and website, social media accounts and other similar means; Personal data can be collected, processed, and transferred within the scope of processing conditions and purposes specified in Articles 5 and 6 of the Law.   Transfer of Personal Data and Purposes of Transfer Your personal data will be shared with the relevant institutions and organizations in accordance with the basic principles listed above and the conditions specified in Articles 8 and 9 of the Law, to be foreseen by the Data Controller in accordance with any legislation in force or to fulfil an obligation stipulated by the legislation. It can also be passed on to people:   If the Data Controller is necessary for the above-mentioned data processing purposes, in order for the Data Controller to carry out his activities; within the scope of the legitimate interest of the Data Controller, provided that it is compulsory for the establishment, exercise or protection of the rights of the Data Controller and does not harm your fundamental rights and freedoms, with the institutions and organizations that he/she cooperates with, and third parties such as consultants, financial advisors, and auditors from whom he/she receives services, support and consultancy. Your personal data may be shared.   In addition to the ones listed above, your personal data, which will be requested by the authorities, if necessary for the fulfilment of the legal and/or legal obligations under the legislation in force at the date of the relevant transaction or request, or in case of such a request from the official institutions, will fulfil the legal obligations with the relevant institutions and organizations or judicial bodies. may be shared for the purpose.   Rights of Data Owner Persons whose personal data are processed, by applying to the Data Controller; learning whether their personal data is being processed; if it is processed, to request information about the reason for the processing, which data is processed and whether the processed data is used in accordance with its purpose; learning the third parties to whom personal data is transferred at home or abroad; to request correction of data in case of incomplete or incorrect processing; Requesting the deletion and/or destruction of personal data within the scope of the law and relevant legislation, notification of correction-deletion-destruction processes to third parties to whom the data is transferred; has the right to object to the emergence of an unfavourable result by analysing the data exclusively through automated systems, and to demand the elimination of such damage in case of damage due to data processed in violation of the Law. The exceptions regulated in Article 28 of the Law are reserved.   Application Ways of Data Owners The request regarding the use of existing rights within the framework of the provisions of the Law on the Protection of Personal Data and the Communiqué on the Procedures and Principles of Application to the Data Controller published in the Official Gazette dated March 10, 2018, together with the documents certifying the identity, must be submitted in writing and with a wet signature to “Refik Saydam Cad. No: 28 34440 Beyoğlu İstanbul” by hand or by postal service, or to the official e-mail address of the Data Controller [email protected].   Response and Time to Applications The requests included in the application of the data owner are concluded by the Data Controller as soon as possible, provided that it is within thirty days at the latest, depending on the nature of the request. However, in cases where the process initiated as a result of the request requires additional costs, the fee in the tariff determined by the Personal Data Protection Board may be requested from the data owner by the Data Controller. The request can be accepted by the Data Controller or rejected by explaining the reason, and the result is notified to the relevant data owner via written or electronic media. If the request in the application is accepted, the requirement of the request is fulfilled, and the applicant is notified by the same procedures that the requirement of the request has been fulfilled. In case the application of the data owner is rejected, the response given by the Data Controller is found insufficient or the response time specified in the legislation is violated; The data owner can make a complaint to the Personal Data Protection Board within thirty days from the date of learning the answer and probably within the first sixty days from the date of application. Compensation rights of those whose personal rights are violated are reserved.   Terms of Deletion, Destruction and Anonymization of Personal Data Data Controller collects and processes personal data through channels such as physical, electronic, website at https://ahmetgunestekin.com/ and e-mail address with @gsmsanat.com extension within the scope of business processes; Pursuant to Articles 7 and 17 of the Law and Article 138 of the Turkish Penal Code No. 5237, it keeps personal data for the periods stipulated by the relevant legislation and/or for the periods required by the purpose of processing. In the event that these periods expire, it will delete, destroy or anonymize in accordance with the provisions of the Law on the Protection of Personal Data and the Regulation on the Deletion, Destruction or Anonymization of Personal Data and other legislation.     Validity This Policy enters into force upon its publication on the website of the Data Controller. While the Data Controller reserves the right to make changes on the Personal Data Protection and Processing Policy, provided that it does not violate the provisions of the legislation, the changes to be made in the Policy and its current version will be announced on the website https://ahmetgunestekin.com/.