POLICY ON THE PROCESSING AND PROTECTION OF PERSONAL DATA

I. INFORMATION ABOUT THE LAW
The Law numbered 6698 on Protection of Personal Data(“PPDL”) entered into force on 07.04.2016. The PPDL sets forth the procedures and principles regarding the processing of personal data by real persons or legal person classified as "data controller", who determine the purposes and devices of processing personal data, and are responsible for the establishment and management of the data recording system. 
In the scope of PPDL the following terms shall apply;
- Explicit consent: Consent on a specific subject, based on information and expressed with free will,
- Anonymization: Making personal data incapable of being associated with an identified or identifiable natural person in any way, even by matching with other data,
- Relevant person: The real person whose personal data is processed,
- Personal data: Any information relating to an identified or identifiable natural person,
- Processing of personal data: Any operation which is performed on personal data such as collection, recording, storage, protection, alteration, adaptation, disclosure, transfer, retrieval, making available for collection, categorization, preventing the use of the data wholly or partially, by automated means or non-automated means as long as it forms part of a data filing system, 
- Data processor: The natural or legal person who processes personal data on behalf of the data controller upon its authorization,
- Data filing system: The system where personal data are processed by being structured according to specific criteria,
- Data Controller: The natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data filing system.  

PPDL has imposed an obligation on data controllers of the other regulations to inform and enlighten data owners whose personal data will be processed during the acquisition of personal data. 
According to PPDL Article 10, data controllers shall inform the data subjects of the identity of the data controller and its representative, if any, the purpose for which personal data will be processed, to whom and for what purpose the processed personal data can be transferred, the method and legal reason for collecting personal data, and other rights listed in Article 11 of the PPDL. Our Policy on the Processing and Protection of Personal Data has been prepared within the scope of this purpose and legal responsibility, and has been submitted to the information of the users.

II. PURPOSE OF COLLECTING AND PROCESSING PERSONAL DATA
Our Company processes personal data within the framework of the personal data processing conditions and purposes specified in Articles 5 and 6 of the PPDL, based on the purposes of promoting, conducting marketing in the field of activity of the company; improving the website and services; providing services to users; making the website easy to use, providing customer service; providing users with a personalized experience; conducting personalized advertising and marketing; recording the identity, address and other necessary information to identify the information of the transaction owner, within the scope of the Law on the Regulation of Electronic Commerce No 6563, the Law on the Protection of the Consumer No 6502 and the Regulation on Electronic Commerce Service Providers and Intermediary Service Providers, which was published in the Official Gazette dated 26.08.2015 and numbered 29457 prepared on the basis of the aforementioned regulations, the Distance Contracts Regulation, which was published in the Official Gazette dated 27.11.2014 and numbered 29188, and other relevant legislation; recording the identity, address and other necessary information of the transaction owner, to arrange payment systems that are mandatory in the field of banking and electronic payment and all the records and documents that will be the basis of electronic contract or transaction in paper; complying with the information storage, reporting and providing information obligations stipulated by legislation and other authorities; meeting the demands of the competent authorities, fulfilling legal obligations, providing transaction security; preventing illegal activities and by basing on the legal reasons which are "processing personal data belonging to parties of an agreement, is necessary provided that it is directly related to the conclusion or fulfillment of the agreement, processing personal data is mandatory for the data controller to be able to perform its legal obligations; processing personal data is mandatory for the establishment, exercise or protection of any right, processing personal data is mandatory for the legitimate interest of the data controller, provided that this processing shall not violate the fundamental rights and freedoms of the data owner."

Persons / organizations with whom your personal data can be transferred for the purposes stated above are notably the Company providing the e-commerce infrastructure of our company, suppliers, the people and organizations related to the services offered such as cargo companies, the program partner organizations, domestic/foreign organizations and other third parties that we cooperate with, from which services are acquired for Data Processing and / or to carry out our activities.

Your personal data is collected in audio, electronic or written form through websites, mobile applications of websites, social media accounts, cookies, call center, received notifications sent by administrative and judicial authorities and other communication channels.

III. PRINCIPLES ON THE PURPOSE OF USING PERSONAL DATA AND THEIR TRANSFER
Pursuant to Article 5 of PPDL;
Personal data cannot be processed without the explicit consent of the relevant person. However, in the presence of one of the following conditions, it is possible to process personal data without seeking the explicit consent of the relevant person: 
- If it is expressly set forth in laws.
- If it is necessary for the protection of life or physical integrity of the person himself/herself or of any other person, who is unable to explain his/her consent due to physical disability or whose consent is not deemed legally valid. 
- If the processing of personal data belonging to the parties of the contract is necessary, provided that it is directly related to the establishment or execution of the contract 
- If it is necessary for compliance with a legal obligation to which the data controller is subject. 
- If personal data have been made public by the relevant person himself/herself. 
- If data processing is necessary for the establishment, exercise or protection of any right. 
- If processing of data is necessary for the legitimate interests pursued by the data controller, provided that this processing shall not violate the fundamental rights and freedoms of the data subject.

Furthermore, as per Article 6 of the PPDL; Personal data relating to the race, ethnic origin, political opinion, philosophical belief, religion, religious sect or other belief, appearance, membership to associations, foundations or trade-unions, data concerning health, sexual life, criminal convictions and security measures, and the biometric and genetic data are deemed to be sensitive personal data. It is prohibited to process sensitive personal data without explicit consent of the data subject. However, personal data, excluding those relating to health and sexual life, listed in the first paragraph of the Law may be processed without seeking explicit consent of the person concerned, in the cases stipulated in the laws. In this context, our Company can transfer your personal data within the framework of the conditions stated under articles 5 and 6 of the PPDL.

Our Company clarifies the data owners by the Clarification Text as per Article 10 of the PPDL prior to the collection of personal data from the data owners/users, within the scope of its obligations arising due to its capacity as the data controller under the PPDL. In the circumstance where any data processing carried out by our Company does not meet the conditions specified in the PPDL, the explicit consent is obtained from the relevant persons and the transactions are carried out within the framework of explicit consent.

According to the principles of the PPDL; it may be possible to share your personal data for the purposes of providing content and services such as recording, transaction and customer support, detecting or preventing fraudulent transactions or transactions that are suspected of being related to deceit, illegal transactions, data security breaches, providing personalized and relevant advertising to our users, directing the decisions to be made on products, website, applications, services and marketing communications.

We may also share your personal data in order to comply with legal requirements, to fulfill our agreement with users, to intervene against claims that any content violates the rights of others, or to protect anyone's rights or safety. Data may also be shared with law enforcement or official authorities or authorized third persons in response to an official request regarding criminal investigations or suspected illegal activities and other activities that may expose the Company or users to legal liability.

As per Article 9 of the PPDL,your personal data collected by any of the methods listed above to be stored and processed in or outside  Turkey may also be transferred to the service intermediaries located abroad (countries accredited by the Board of Personal Data and where there is adequate protection for the protection of personal data), provided that it is within the scope of the PPDL and in accordance with the purposes of the agreement.

IV. PROTECTION OF PERSONAL DATA
In the scope of PDPL, our company; takes all necessary technical and administrative measures  
- To prevent the unlawful processing of personal data, 
- To prevent unlawful access to personal data, 
- To ensure the protection of personal data and to ensure the appropriate level of security.

Our Company takes reasonable technical and administrative measures to prevent unauthorized access risks, possible data loss, deliberate deletion or damage to personal data in order to ensure the security of personal data. In this context, software and hardware security measures are taken in accordance with the personal data processed, trainings and audits are carried out, and in-house authorizations are made according to the principles of the PPDL.

In line with Article 4 of the PPDL, our Company has an obligation to keep your personal data accurate and up to date. In this context, in order for our Company to fulfill its obligations arising from the current legislation, our Customers are required to share their accurate and up-to-date data or to update such data via the website/mobile application.

We will keep your personal data for as long as it is necessary for and related to the Company activities, as required by our storage purpose and our obligations arising from the legislation. The storage period may vary according to the period that we need personal data to provide our services as a Company, however such period is usually shorter if the personal data is personal data of special nature. Additionally, if you give your explicit consent to the storage of your personal data for a longer period of time, your data will be stored for that long period of time. If we have a legal, contractual or similar obligation to store your personal data, it is possible to store your personal data for a period of time required in order to comply with the law, to assist investigations and to carry out other actions required by the legislation. In the event that the circumstances requiring the storage of your personal data cease to exist, your personal data shall be securely destroyed or anonymized.

V. RIGHTS ARISING FROM THE LAW ON THE PROTECTION OF PERSONAL DATA
In accordance with Article 11 of the PPDL, users who are data owners have the following rights;
- to learn whether his/her personal data are processed or not, 
- to demand information if his/her personal data have been processed,
- to learn the purpose of the processing of his/her personal data and whether this personal data has been used in compliance with the purpose, 
- to know the third parties to whom his personal data are transferred in country or abroad, 
- to request the rectification of incomplete or inaccurate data, if any,  and to ask for third parties to whom personal data has been transferred to be notified, 
- to request the erasure or destruction of personal data in the event that the reasons requiring the processing of the data cease to exist, although it has been processed in accordance with the provisions of the PPDL and other relevant laws, and to request the notification of the transaction made in this context to the third parties to whom the personal data has been transferred
- to object to consequences generated against the person himself/herself by analyzing the data processed solely through automated systems, and to claim compensation for damages arising from the unlawful processing of his/her personal data.

When the user demands to exercise one or more of the above stated rights, she/he shall make a written application to our Company at the address of SERIFALI MAH. TURKER CAD. NO: 51/2 UMRANIYE- ISTANBUL, and she/he may also reach our Company through our registered email address by using a secure electronic signature, mobile signature or through the Customer Services.

E-mail: info@technowell.com.tr
Phone: +90 (216) 466 20 06