Cookie Policy

COOKIE BANNER RECOMMENDATION and REGARDING THE PROCESSING OF PERSONAL DATA COOKIE INFORMATION TEXT

COOKIE INFORMATION TEXT

Tracking technologies such as cookies, pixels, and GIFs (“ Cookies ”) are small files placed on your devices, such as your tablet, phone, or computer, when you use websites or online applications such as mobile apps. Cookies allow our website and application servers to recognize your devices, such as remembering your language preferences, your saved usernames and passwords, and managing traffic on the site. Cookies also help us improve our software to provide you with a better experience by analyzing the number and audience of visitors to our website or application. If you prefer, we can personalize the ads you see while you're online.

In accordance with the Personal Data Protection Law No. 6698 (“Law”), your personal data regarding the cookies used on the https://www.kameya.com.tr/ website (“Platform”) may be processed by Sinba Tekstil İht. İhr. San ve Tic. Ltd. Şti. (“Company”), as the data controller, within the scope explained below.

Purposes for Processing Personal Data and Legal Reasons

Your collected personal data may be processed for the purposes set forth below ("Purposes"), in accordance with the personal data processing conditions and purposes specified in Article 5 of the Law. Cookies are used on the Platform for different purposes. The data processing purposes and the data processing conditions under the Law on which we rely when using the relevant cookie may vary depending on the type of cookie used.

Mandatory Cookies

Necessary cookies are cookies placed on your device while you are viewing the Platform and are necessary for the proper functioning of the offered online services. For the data processing activities we perform when using these cookies, we rely on the data processing requirement under Article 5 of the Law, which states, "Processing personal data of the parties to a contract is necessary, provided that it is directly related to the establishment or performance of a contract."

Performance and Analytics Cookies

Performance cookies allow us to track and analyze the number of people viewing the Platform and Platform traffic. These cookies allow us to gather information, such as which areas on the Platform are most frequently and infrequently visited, and to optimize Platform traffic.

For the data processing activities we carry out during the use of these cookies, we rely on the data processing condition under Article 5 of the Law, which states that "Data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the relevant person."

Functionality Cookies

Functionality cookies are cookies that are necessary to provide certain functions on the Platform and remember your preferences for these functions. Functionality cookies are used to remember your language preference on the Platform or to save your cookie settings. For the data processing activities we perform when using these cookies, we rely on the data processing requirement under Article 5 of the Law, which states, "Data processing is necessary for the legitimate interests of the data controller, provided that it does not prejudice the fundamental rights and freedoms of the relevant person."

Personalized Advertising Cookies

Personalized advertising cookies are used to offer you personalized product and service promotions on or off the Platform, based on your viewing history and visitor profile. For the data processing activities we perform when using these cookies, we rely on your "explicit consent" as a condition for data processing under Article 5 of the Law.

Below you can find the different types of cookies we use on the Platform. The Platform uses both first-party cookies (placed by the Platform you are visiting) and third-party cookies (placed by servers other than the Platform you are visiting).

Mandatory Cookies
Cookie Name	Provider	Purpose of use	Usage Period
- _cmp_a	Shopify		July 3, 2026
_fbp	Shopify		July 3, 2026
_ga_03P81GT762	Shopify		July 3, 2026

Performance and Analytics Cookies
Cookie Name	Provider	Purpose of use	Usage Period
_landing_page	Shopify		July 3, 2026
_orig_referrer	Shopify		July 3, 2026
_ttp	Shopify		July 3, 2026

Functionality Cookies
Cookie Name	Provider	Purpose of use	Usage Period
[●]cart_sig	[●] shopify	[●]	[●] 03 July 2026
[●]cart_ts	[●] shopify	[●]	[●] 03 July 2026
[●]cart	[●] shopify	[●]	[●] 03 July 2026

Personalized Advertising Cookies
Cookie Name	Provider	Purpose of use	Usage Period
[●]keep_alive	[●] shopify	[●]	[●] 03 July 2026
[●]localization	[●] shopify	[●]	[●] 03 July 2026
[●]queue_token	[●] shopify	[●]	[●] 03 July 2026

To Whom and For What Purposes Can Processed Personal Data Be Transferred?

Your personal data collected in line with the fulfillment of the above-mentioned Purposes may be transferred to consultants and other technical service providers from whom we procure services within the scope of our legitimate interest; to our business partners with whom we cooperate within the scope of our legitimate interest; to legally authorized public institutions and legally authorized private organizations within the scope of the express provision of the law and the fulfillment of our legal obligations; to official institutions and organizations such as lawyers, consultants, courts, law enforcement agencies, enforcement offices, notaries within the scope of the condition that data processing is mandatory for the establishment, exercise or protection of a right; and in accordance with the rules regarding the transfer of personal data specified in Article 8 of the Law within the scope of the data processing conditions regulated in Article 5 of the Law.

Some cookies used on the Platform are provided by third-party service providers outside the Company. If you provide your explicit consent [the categories of data to be transferred abroad must be written in accordance with VERBIS], your data may be transferred to [the party to be shared abroad must be written - e.g., Google, Facebook] resident abroad for the purposes of [e.g., "Obtaining statistical data and conducting analyses about Platform users and visitors," "Showing you personalized ads,"] in accordance with the rules on the transfer of personal data specified in Article 9 of the Law, within the scope of the data processing conditions set forth in Article 5 of the Law.

Method of Collecting Personal Data

Your personal data is collected electronically through cookies and other tracking technologies within the scope of fulfilling the above-mentioned Purposes.

Rights of the Relevant Person Listed in Article 11 of the Law

We hereby inform you that you have the following rights regarding your personal data, in accordance with Article 11 of the Law:

Learning whether your personal data is being processed,
Request information regarding your personal data if it has been processed,
To learn the purpose of processing your personal data and whether they are used in accordance with their purpose,
Knowing the third parties to whom your personal data is transferred, whether domestically or abroad,
To request correction of your personal data if it is processed incompletely or incorrectly and to request that the action taken in this context be notified to third parties to whom your personal data has been transferred,
To request the deletion or destruction of your personal data in case the reasons requiring processing are eliminated, even though it has been processed in accordance with the provisions of the Law and other relevant laws, and to request that the action taken within this scope be notified to third parties to whom your personal data has been transferred,
To object to any adverse results arising from the analysis of your processed data exclusively through automated systems,
To request compensation for damages if you suffer damages due to the unlawful processing of your personal data.

If you submit your requests regarding your rights listed above to our Company by completing the Data Subject Application Form, which you can access at https://www.kameya.com.tr/ , our Company will process your request free of charge as soon as possible and within thirty days at the latest, depending on the nature of the request. However, if the process requires additional costs, our Company will charge the fee set by the Personal Data Protection Board.

Our Application Address: Halide Edip Adıvar Neighborhood Çiftecevizler Street No 24/2 Şişli Istanbul
Our Email Address: info@kameya.com.tr

I have read and understood the Information Text.

Name Surname:

History :

Signature :

CONNECTED PERSON APPLICATION FORM

Application Method

You may submit your requests within the scope of your rights listed in Article 11 of the Personal Data Protection Law No. 6698 (“ Law ”) to our Company through this form and one of the methods explained below, in accordance with Article 13 of the Law and Article 5 of the Communiqué on the Procedures and Principles of Application to the Data Controller.

	APPLICATION METHOD	APPLICATION ADDRESS	INFORMATION TO BE SHOWN IN THE APPLICATION
Written Application	Application in person with a wet signature or Through a notary	Halide Edip Adıvar, Çifte Cevizler Cd. 24/2, 34384 Şişli/Istanbul info@kameya.com.tr	"Request for Information Within the Scope of the Personal Data Protection Law" will be written on the envelope/notification.
Via Registered Electronic Mail (KEP)	With registered electronic mail (KEP) address	Halide Edip Adıvar, Çifte Cevizler Cd. 24/2, 34384 Şişli/Istanbul Kep address information	The subject of the e-mail will be "Personal Data Protection Law Information Request".
Application via the e-mail address in our system	By using your e-mail address registered in our company's system.	Halide Edip Adıvar, Çifte Cevizler Cd. 24/2, 34384 Şişli/Istanbul info@kameya.com.tr	The subject of the e-mail will be "Personal Data Protection Law Information Request".
Application with an e-mail address not found in our system	By using your e-mail address that does not exist in our Company's system, including a mobile signature/e-signature.	Halide Edip Adıvar, Çifte Cevizler Cd. 24/2, 34384 Şişli/Istanbul info@kameya.com.tr	The subject of the e-mail will be "Personal Data Protection Law Information Request".

Your Identity and Contact Information

Please fill in the fields below so we can contact you and verify your identity.

Name-Surname	:
Turkish Identity Number / Passport Number or ID Number for Citizens of Other Countries	:
Residence Address / Workplace Address for Notification	:
Mobile Phone	:
Phone Number	:
Fax Number	:
Email Address	:

Your Relationship with Our Company

Your Relationship with Our Company

Customer

Former Employee:

Worker:

Other:

Subject of Request

Please clearly state your request regarding your personal data below. Relevant information and documents must be attached to your application.

Select the Method by Which You Will Be Notified of the Response

I would like the response to be sent to the mailing address I provided in section 2.

I would like the response to be sent to the e-mail address I provided in the second section.

I would like the response to be sent to the fax number I provided in the second section.

In line with the requests I have stated above, I would like to request that my application to your Company be evaluated in accordance with Article 13 of the Law and that I be informed.

I hereby declare and undertake that the information and documents I have provided to you in this application are accurate and up-to-date, that your Company may request additional information in order to finalize my application, and that I have been informed that I may be required to pay the fee determined by the Personal Data Protection Board if such a fee is required.

Applicant Relevant Person

Name and Surname:

Application Date:

Signature :

PERSONAL DATA PROTECTION AND PROCESSING POLICY

Contents

Introduction................................................................................................................................ 3
Purpose........................................................................................................................................ 3
Scope................................................................................................................................ 3
Definitions................................................................................................................................ 3
General Principles Regarding the Processing of Personal Data................................................................. 4
Conditions for Processing Personal Data.............................................................................................. 5

6.1. Processing of Personal Data........................................................................................................ 5

6.2. Processing of Special Personal Data:........................................................................................ 5

Ensuring the Security and Confidentiality of Personal Data...................................................... 6

7.1. Ensuring the Lawful Processing of Personal Data and Preventing Unlawful Processing of Personal Data

Technical Measures Taken to Block Access................................................................................. 6

7.2. Ensuring the Lawful Processing of Personal Data and Preventing Unlawful Processing of Personal Data

Administrative Measures Taken to Block Access............................................................................... 6

7.3. Measures to be Taken in Case of Unlawful Disclosure of Personal Data.................. 6

Purposes of Processing Personal Data and Storage Periods............................................................... 6

8.1. Purposes of Processing Personal Data......................................................................................... 6

8.2. Storage Periods of Personal Data......................................................................................... 9

Deletion, Destruction and Anonymization of Personal Data.................................. 10

9.1. Techniques for Deletion and Destruction of Personal Data............................................................... 10

9.2. Techniques for Anonymizing Personal Data............................................................... 10

Third Parties to Which Personal Data Are Transferred and the Purposes of Transfer.................................... 11

10.1. Domestic Transfer of Personal Data............................................................................... 11

10.2. Transfer of Personal Data Abroad........................................................................ 11

10.3. Groups of People to Whom Personal Data Are Transferred by Our Company.................................. 11

Our Company's Disclosure Obligation............................................................................... 12
Rights of Personal Data Owners and the Exercise of These Rights.................................................. 12

12.1. Right to Apply........................................................................................................ 12

12.2. Situations Outside the Scope of the Right to Apply.................................................................. 12

12.3. Response Procedure............................................................................................... 13

Personal Data Processing Activities Conducted Within the Company and on the Website

Data Processing Activities........................................................................................................ 13

13.1. Camera Monitoring within the Company......................................................................... 13

13.2. Entry and Exit of Customers Visiting the Company............................................................... 13

13.4. Website Visitors............................................................................................... 14

Entrance

Pursuant to Article 20 of the Constitution of the Republic of Turkey, everyone has the right to demand the protection of their personal data. This right includes being informed about their personal data, accessing it, requesting its correction or deletion, and learning whether it is being used for its intended purpose.

Personal Data Protection Law No. 6698 ( "PDPL Law" ) regulates the protection of individuals' fundamental rights and freedoms in the processing of personal data, the obligations of natural and legal persons who process personal data, and the procedures and principles they must comply with. This Policy, prepared in this regard, aims to ensure compliance with the obligations related to the PPD Law.

The purpose of this Policy is to protect the personal data of guarantors, customers, visitors, suppliers, and third parties governed by this Policy. The protection of our employees' personal data is governed by the Policy on the Processing of Personal Data of Sinba Tekstil İth. İhr. San ve Tic. Ltd. Şti Employees, which was drafted in accordance with the principles set forth in this Policy.

In case of any conflict between the Personal Data Protection Law and other relevant legislation and Sinba Tekstil İth. İhr. San ve Tic. Ltd. Şti. Personal Data Protection and Processing Policy, the current legislation will apply.

Aim

Sinba Tekstil İht. İhr. San ve Tic. Ltd. Şti. ( “Company” ) has prepared the Personal Data Protection and Processing Policy ( “Policy” ) in order to protect the fundamental rights and freedoms of individuals, especially the right to privacy, in the processing of personal data and to regulate the obligations of real and legal persons processing personal data and the procedures and principles they must comply with.

The policy aims to maintain and develop the activities carried out by the Company in accordance with the principles set out in the Personal Data Protection Law.

Scope

Data owners whose personal data are processed within the scope of this Policy are categorized as follows:

It has been done:

Customers/	Natural persons whose personal data are obtained due to business relationships within the scope of the activities carried out by the Company, regardless of whether there is any contractual relationship.
Third Parties	Third party natural persons related to these persons (e.g. guarantor, companion, family members and relatives) or all natural persons whose personal data our Company has to process for a specific purpose, even if not explicitly stated within the Policy, in order to ensure the security of commercial transactions between our Company and the above-mentioned parties or to protect the rights and provide benefits to the aforementioned persons (e.g. former employees).
Employee Candidate / Intern Candidate	Natural persons who have applied for a job in our Company by any means or have made their CV and related information available for review by our Company.
Employees, Shareholders, and Officials of the Institutions We Collaborate With	Natural persons working in institutions with which our company has any kind of business relationship (including, but not limited to, business partners, suppliers, etc.), including shareholders and officials of these institutions.
Visitor	Natural persons who have entered the physical facilities (offices, etc.) owned by our company or where an organization is held, or who have visited our websites for various purposes.

Explicit consent	Consent based on informed consent and expressed freely on a specific subject
Anonymization	Making personal data in no way identifiable with an identified or identifiable natural person, even when matched with other data.
Supplier	Real persons who provide products or services to the Company
Personal health data	All kinds of information regarding the physical and mental health of an identified or identifiable natural person and information regarding the health services provided to the person.
Processing of personal data	Personal data may be collected fully or partially by automatic means or non-automatic means provided that it is part of any data recording system. obtaining, recording, storing, preserving, changing, rearranging, explaining, transferring, Any operation performed on data, such as taking over, making available, classifying or preventing its use
Personal Data Protection Law	Personal Data Protection Law No. 6698
Personal Data Protection Board	Personal Data Protection Board
Personal Data Protection Authority	Personal Data Protection Authority
Special categories of personal data	Data regarding race, ethnic origin, political opinion, philosophical belief, religion, sect or other belief, appearance and dress, membership in associations, foundations or unions, health, sexual life, criminal convictions and security measures, as well as biometric and genetic data.
Turkish Penal Code	Turkish Penal Code No. 5237
Data processor	A natural or legal person who processes personal data on behalf of the data controller based on the authority granted by the data controller.
Personal data owner	The natural person whose personal data is processed, who is deemed as the "related person" in the Personal Data Protection Law.
Personal Data Owner Application Form	The application form that personal data owners, whose personal data is processed within the company, will use when applying for their rights as described in Article 11 of the Personal Data Protection Law.
Data controller	The natural or legal person who determines the purposes and means of processing personal data and is responsible for establishing and managing the data recording system.
Data Controllers Registry	Data controllers registry kept by the Presidency under the supervision of the Personal Data Protection Board
Data Inventory	The inventory created and detailed by the Company by associating the personal data processing activities it carries out in connection with its business processes with the purposes of personal data processing, the recipient group to which personal data is transferred and the relevant personal data owner group.

Definitions

The definitions used in this Policy are listed below:

General Principles Regarding the Processing of Personal Data

Pursuant to Article 3 of the Personal Data Protection Law, any operation performed on personal data, such as obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making available, classifying or preventing the use of personal data, whether fully or partially by automatic means or non-automatic means provided that it is part of any data recording system, falls within the scope of processing personal data.

The following principles must be adhered to when processing personal data:

Compliance with law and rules of integrity

Our company carries out its personal data processing activities in accordance with the law and the rules of honesty, in accordance with the Constitution, the Personal Data Protection Law and relevant legislation.

Being accurate and up to date when necessary

While our company is processing personal data,

All administrative and technical measures are taken to ensure its accuracy and up-to-dateness.

Processing for specified, explicit and legitimate purposes

Before our company starts processing personal data, it determines the purpose of processing personal data.

clearly and precisely determined.

Being connected, limited and proportionate to the purpose for which they are processed

Our company processes personal data to the extent necessary to achieve the specified purposes. Data processing is not conducted with the assumption that it may be used later.

Storage for the period required by the relevant legislation or for the purpose for which they are processed.

Our company stores personal data for a limited period of time as stipulated in the Personal Data Protection Law and related legislation or as required by the purposes of data processing.

Conditions for Processing Personal Data

Our company, with the explicit consent of the personal data owner or as stipulated in Articles 5 and 6 of the Personal Data Protection Law.

In such cases, personal data and special categories of personal data may be processed without explicit consent.

6.1. Processing of Personal Data

Our company carries out its personal data processing activities in accordance with the data processing regulations set forth in Article 5 of the Personal Data Protection Law.

carries out in accordance with the conditions of:

It is clearly provided for in the laws.
If it is necessary for the protection of the life or physical integrity of a person or someone else who is unable to give his consent due to a physical impossibility or whose consent is not legally valid.
It is necessary to process personal data of the parties to a contract, provided that it is directly related to the establishment or performance of a contract.
It is mandatory for our company to fulfill its legal obligations.
Personal data has been made public by the owner himself.
Data processing is necessary for the establishment, exercise or protection of a right.
Data processing is necessary for the legitimate interests of our Company, provided that it does not harm the fundamental rights and freedoms of the personal data owner.

Your special personal data is collected, stored and processed based on the following legal reasons:

a) The explicit consent of the relevant person,
b) It is clearly provided for in the laws,
c) If it is necessary for the protection of the life or physical integrity of a person who is unable to give his consent due to a physical impossibility or whose consent is not legally valid, or if it is necessary for the protection of the life or physical integrity of another person,

d) It is in accordance with the personal data made public by the relevant person and his/her will to make it public,

d) It is necessary for the establishment, use or protection of a right,
e) It is necessary for the protection of public health, preventive medicine, medical diagnosis, treatment and care services, and the planning, management and financing of health services by persons under the obligation of confidentiality or authorized institutions and organizations,
f) It is mandatory to fulfill legal obligations in the fields of employment, occupational health and safety, social security, social services and social assistance,
g) It should be directed to current or former members and affiliates of foundations, associations and other non-profit organizations or formations established for political, philosophical, religious or union purposes, or to people who are in regular contact with these organizations and formations, provided that it complies with the legislation and objectives to which they are subject, is limited to their fields of activity and is not disclosed to third parties.

6.2. Processing of Special Personal Data

Our company carries out the processing of personal data designated as special categories that carry the risk of discrimination when processed unlawfully, in accordance with the data processing conditions set forth in Article 6 of the Personal Data Protection Law.

Processing of special categories of personal data;

a) The explicit consent of the relevant person,
b) It is clearly provided for in the laws,
c) If it is necessary for the protection of the life or physical integrity of a person who is unable to give his consent due to a physical impossibility or whose consent is not legally valid, or if it is necessary for the protection of the life or physical integrity of another person,

d) It is in accordance with the personal data made public by the relevant person and his/her will to make it public,

d) It is necessary for the establishment, use or protection of a right,
e) It is necessary for the protection of public health, preventive medicine, medical diagnosis, treatment and care services, and the planning, management and financing of health services by persons under the obligation of confidentiality or authorized institutions and organizations,
f) It is mandatory to fulfill legal obligations in the fields of employment, occupational health and safety, social security, social services and social assistance,
g) It should be directed to current or former members and affiliates of foundations, associations and other non-profit organizations or formations established for political, philosophical, religious or union purposes, or to people who are in regular contact with these organizations and formations, provided that it complies with the legislation and objectives to which they are subject, is limited to their fields of activity and is not disclosed to third parties.

"It is possible in case of

6.3 Legal Reason for Processing Your Personal Data

We process your personal data for the following legal reasons, primarily regulated under the Turkish Commercial Code No. 6102, the Turkish Code of Obligations No. 6098, the Tax Procedure Law No. 213, and electronic commerce legislation, as well as Article 5 of the KVKK:

In cases where we are required to obtain your explicit consent pursuant to KVKK and other legislation, we process your data based on your consent (In this case, we would like to remind you that you can withdraw your consent at any time).
In any case permitted by applicable legislation
When there is a necessity to protect the vital interests of any person
In cases where we need to establish a contract with you, perform the contract and fulfill our obligations under a contract
To fulfill our legal obligations,
If your personal data has been made public by you
It is necessary for us to process data to establish or protect a right, to exercise our legal rights and to defend against legal claims filed against us.
In cases where our legitimate interests require it, provided that it does not harm your fundamental rights and freedoms.

Ensuring the Security and Confidentiality of Personal Data

In accordance with Article 12 of the Personal Data Protection Law, our company takes all necessary technical and administrative measures to prevent the unlawful processing of personal data and unlawful access to personal data, and to ensure the appropriate level of security to ensure the preservation of personal data.

7.1. Technical Measures Taken to Ensure Lawful Processing of Personal Data and Prevent Unlawful Access to Personal Data

The Company has implemented all technical and technological security measures to protect your personal data and protect it against potential risks. These measures are listed below:

- Taking technical measures to the extent that technology allows

- Employment of experts in technical matters

- Conducting regular inspections to ensure the implementation of the measures taken.

- Creating the necessary software and infrastructure to ensure security

- Limiting access to data being processed within the company

- Using a legal backup program to ensure the safe storage of personal data.

- Using software that includes virus protection systems

7.2. Administrative Measures Taken to Ensure Lawful Processing of Personal Data and Prevent Unlawful Access to Personal Data

- Training and raising awareness of company employees regarding the Personal Data Protection Law,

- In cases where personal data transfer is involved, ensuring that a clause stating that the party to whom personal data is transferred will ensure data security is included in the contracts concluded with the persons to whom personal data is transferred,

- Determining what needs to be done to comply with the Personal Data Protection Law and preparing internal policies for their implementation,

7.3. Measures to be Taken in Case of Unlawful Disclosure of Personal Data If the processed personal data is obtained by others through unlawful means, our Company will notify the relevant data owner and the Board of this as soon as possible.

Purposes of Processing Personal Data and Storage Periods

8.1. Purposes of Processing Personal Data

Personal data may be processed by the Company for the following purposes and may be stored for as long as stipulated by these purposes and the relevant legal periods.

Purposes of Processing Personal Data

Carrying out electricity production, distribution and retail sales activities
Carrying out the activities that the Company is responsible for within the scope of legal and administrative obligations,
Informing the data owner about changes in legislation or rules and policies accepted by the Company,
Investigating, detecting, reporting and preventing illegal transactions, as well as managing and carrying out activities subject to legal process,
Protection of legitimate interests,
Negotiation, creation and execution of contracts,
Determining the situation within the scope of requests and questions and providing feedback to the relevant person,
In addition to carrying out promotional activities, obtaining the opinions of data owners through surveys and voting and ensuring customer/employee satisfaction,
Increasing productivity by ensuring workflow and coordination between units,
Examining the suitability of candidates for the relevant position during the job application, candidate evaluation and recruitment processes, and communicating with these candidates and the persons related to the application,
Keeping visit records and tracking cargo,
Ensuring the security of digital systems and physical environments belonging to or used by the Company and taking necessary precautions by making relevant assessments,
Carrying out the necessary work by business units to ensure that customers benefit from the products and services offered,
Planning and execution of corporate sustainability activities,
Carrying out company law transactions,
Ensuring the legal and commercial security of people in business relationships,
It is the execution of commercial activities for the purpose of determining and implementing commercial and business strategies.

8.2. Storage Periods of Personal Data

We only retain your personal data for the period necessary to fulfill the purpose for which it was collected. We determine these periods individually for each business process, and upon expiration of these periods, we destroy your personal data in accordance with the Personal Data Protection Law, unless there is another reason we need to retain your personal data.

We take the following criteria into consideration when determining the destruction periods of your personal data:

The period accepted by general practice in the sector in which the data controller operates, within the scope of the purpose of processing the relevant data category,
The period during which the legal relationship established with the relevant person will continue and which requires the processing of personal data in the relevant data category,
The period during which the legitimate interest of the data controller will be valid in accordance with the law and the rules of honesty, depending on the purpose of processing the relevant data category,
The period during which the risks, costs and responsibilities arising from the storage of the relevant data category, depending on the purpose of processing, will continue legally,
Whether the maximum period to be determined is suitable for keeping the relevant data category accurate and up-to-date when necessary,
The period during which the data controller is obliged to store personal data in the relevant data category in accordance with his legal obligation,
The limitation period determined by the data controller for asserting a right related to personal data in the relevant data category.

Deletion, Destruction and Anonymization of Personal Data

In accordance with Article 7 of the Personal Data Protection Law, even though personal data has been processed in accordance with the relevant legislation, if the reasons requiring processing are eliminated, personal data will be deleted, destroyed or anonymized by our Company ex officio or upon the request of the personal data owner.

The procedures and principles regarding this matter will be fulfilled in accordance with the Personal Data Protection Law and the secondary legislation to be created based on this Law.

9.1. Techniques for Deletion and Destruction of Personal Data

Our Company may delete or destroy personal data, even if it has been processed in accordance with relevant legal provisions, at its own discretion or upon the request of the data owner, if the reasons requiring processing no longer exist. The most commonly used deletion or destruction techniques by our Company are listed below:

Physical Destruction

Personal data may also be processed non-automatically, provided it is part of a data recording system. When such data is deleted/destroyed, a system is implemented to physically destroy the personal data so that it cannot be used later.

Safely Deleting Software

When data processed by fully or partially automatic means and stored in digital environments is deleted/destroyed, methods are used to delete the data from the relevant software in a way that it cannot be recovered again.

Secure Deletion by an Expert

In some cases, our company may hire an expert to delete personal data on our behalf. In this case, the expert will securely delete/destroy the personal data so that it cannot be recovered.

9.2. Techniques for Anonymizing Personal Data

Personal data cannot be identified or identified in any way, even when matched with other data.

It refers to making it unrelated to a real person.

Masking

Data masking is a method of anonymizing personal data by removing the basic identifying information of personal data from the data set.

Example: Transforming the personal data into a data set that makes it impossible to identify the personal data owner by removing information such as name, TR ID Number, etc. that enable the identification of the personal data owner.

Consolidation

With the data aggregation method, many data are aggregated and personal data is made unrelated to any person.

Example: Revealing that there are y customers of x age without showing the ages of the customers one by one.

Data Generation

With the data generation method, a more general content is created from the content of personal data and personal data is made unrelated to any person.

Example: Indicating ages instead of dates of birth; indicating the region of residence instead of the full address.

Data Hashing

Data hashing method is used to break the connection between the values and the individuals by mixing the values in the personal data set.

Example: Changing the quality of voice recordings so that they cannot be associated with the data owner.

Third Parties to Which Personal Data Are Transferred and the Purposes of Transfer

The procedures and principles applicable to personal data transfers are regulated in Articles 8 and 9 of the Personal Data Protection Law. Data subjects' personal data and special categories of personal data may be transferred to third parties, both domestically and internationally. To provide services, your personal data may be shared with third parties from whom the Company receives services, contracted institutions, lawyers for the resolution of legal disputes, natural and legal persons with whom we have a power of attorney relationship, our business partners, and other third parties, including, but not limited to, the Law and other legislation, regulations related to the law, regulations of supervisory and regulatory institutions and organizations, and cases mandated by public authorities. However, in all cases, except in exceptional cases, personal data cannot be transferred without the data subject's explicit consent.

10.1. Transfer of Personal Data Domestically

In accordance with Article 8 of the Personal Data Protection Law, the transfer of personal data within the country will be possible provided that one of the conditions specified in Section 6 of this Policy titled “Conditions for Processing Personal Data” is met.

10.2. Transfer of Personal Data Abroad

In accordance with Article 9 of the Personal Data Protection Law, if personal data is transferred abroad, in addition to meeting the conditions for domestic transfers, one of the following is required:

- Data can be transferred abroad by data controllers and data processors if there is an adequacy decision made by the Board regarding the country to which the transfer will be made, sectors within the country or international organizations.

- Provided that the person concerned has the opportunity to exercise his rights and apply for effective legal remedies in the country where the transfer will be made, one of the appropriate safeguards specified below must be provided by the parties.

a) Existence of an agreement that is not an international contract between public institutions and organizations or international organizations abroad and public institutions and organizations or professional organizations with public institution status in Türkiye, and permission for transfer by the Board.
b) The existence of binding company rules approved by the Board, which contain provisions regarding the protection of personal data, with which the companies within the group of undertakings engaged in joint economic activity are obliged to comply.
c) The existence of a standard contract announced by the Board, which includes matters such as data categories, purposes of data transfer, recipients and recipient groups, technical and administrative measures to be taken by the data recipient, and additional measures taken for special personal data.

d) The existence of a written commitment containing provisions to ensure adequate protection and the Board's permission for the transfer.

The standard contract is notified to the Authority by the data controller or data processor within five business days of its signing.

- In the absence of an adequacy decision and failure to provide any of the appropriate safeguards stipulated in the fourth paragraph, data controllers and data processors may transfer personal data abroad only if one of the following circumstances exists, provided that it is incidental:

a) The relevant person gives explicit consent to the transfer, provided that he/she is informed about the possible risks.
b) The transfer is necessary for the performance of a contract between the data subject and the data controller or for the implementation of pre-contractual measures taken at the request of the data subject.
c) The transfer is necessary for the establishment or performance of a contract between the data controller and another natural or legal person for the benefit of the data subject.

c) The transfer is necessary for a superior public interest.

d) The transfer of personal data is mandatory for the establishment, exercise or protection of a right.
e) If the transfer of personal data is necessary for the protection of the life or physical integrity of the person or another person who is unable to give his consent due to actual impossibility or whose consent is not legally valid.
f) Transferring information from a registry that is open to the public or to persons with a legitimate interest, provided that the conditions required for accessing the registry in the relevant legislation are met and the person with a legitimate interest requests it.

The provisions of other laws regarding the transfer of personal data abroad are reserved.

10.3. Groups of People to Whom Personal Data Are Transferred by Our Company

Our Company may transfer personal data of personal data owners within the scope of this Policy, in accordance with Articles 8 and 9 of the Personal Data Protection Law, to the following groups of persons for the specified purposes:

GROUPS OF PEOPLE	DEFINITION	PURPOSE OF TRANSFER
Legally Authorized Public Institutions and Organizations	(Official, administrative authorities such as Turkish Employment Agency, Republic of Turkey Ministry of Family, Labor and Social Services, Social Security Institution, District Health Directorate, municipalities)	Relevant public institutions and Authority of organizations Complying with the obligations such as informing, reporting, etc. before these organizations and fulfilling their requests, within the scope of the purpose requested.
Legally Authorized Private Law Persons	In accordance with the relevant legislation Private legal entities authorized to receive information and documents from our company	Relevant private legal persons limited to the purpose requested within its legal authority.
Service providers	Companies that provide cloud computing services or database services, servers	Limited to the purpose of carrying out functions and services in the most efficient manner and in accordance with the latest technologies.
Professional Consultants	Banks Insurance companies Auditors Lawyers Accountants · Shipping Companies, Warehouses Shipping Companies Service Companies Travel Agencies	Limited to the purposes of carrying out tender processes, conducting mediation and arbitration proceedings, and managing our relationships with our suppliers in order to maintain business activities.

Our Company's Disclosure Obligation

In accordance with Article 10 of the Personal Data Protection Law, our Company must inform data subjects when collecting personal data. In this context, our Company fulfills its obligation to inform on the following matters:

Our Company's title as data controller
The purpose for which personal data will be processed
To whom and for what purpose the processed personal data can be transferred
Method and legal basis for collecting personal data
Rights of personal data owners
Rights of Personal Data Owners and the Exercise of These Rights

In accordance with Article 13 of the Personal Data Protection Law, the assessment of the rights of personal data subjects and the necessary information to be provided to personal data subjects are carried out through this Policy and the Company's Personal Data Subject Application Form. Personal data subjects may submit complaints or requests regarding the processing of their personal data to us in accordance with the principles set forth in the relevant form.

12.1. Right to Apply

In accordance with Article 11 of the Personal Data Protection Law, anyone whose personal data is processed may apply to our Company and make requests regarding the following matters:

To learn whether your personal data is being processed,
To request information regarding the processing of personal data,
To learn the purpose of processing personal data and whether they are used in accordance with their purpose,
To learn the third parties to whom personal data is transferred domestically or abroad,
To request correction of personal data if it is processed incompletely or incorrectly and to request that the action taken in this context be notified to third parties to whom personal data has been transferred,
To request that personal data be deleted, destroyed or anonymized if the reasons requiring processing of personal data are eliminated and to request that the action taken in this context be notified to third parties to whom personal data has been transferred,
To object to the emergence of a result to the detriment of the data owner by analyzing the processed personal data exclusively through automated systems,
To request compensation in case of damages due to unlawful processing of personal data.

12.2. Situations Outside the Scope of the Right to Apply

In accordance with Article 28 of the Personal Data Protection Law, it will not be possible for personal data owners to assert their rights in the following cases:

Processing of personal data by real persons within the scope of activities related to themselves or their family members living in the same residence, provided that they are not disclosed to third parties and that data security obligations are complied with.
Processing of personal data for purposes such as research, planning and statistics by making them anonymous with official statistics,
Processing of personal data for artistic, historical, literary or scientific purposes or within the scope of freedom of expression, provided that it does not violate national defense, national security, public safety, public order, economic security, privacy of private life or personal rights or does not constitute a crime,
Personal data may be transferred to public institutions and organizations authorized by law to ensure national defense, national security, public safety, public order or economic security.

Processing within the scope of preventive, protective and intelligence activities carried out by organizations,

Processing of personal data by judicial authorities or enforcement authorities in relation to investigation, prosecution, trial or execution proceedings.

In accordance with Article 28, paragraph 2 of the Personal Data Protection Law, it will not be possible for personal data owners to assert their rights (except for the right to demand compensation for damages):

Processing personal data is necessary for the prevention of crime or criminal investigation.
Processing of personal data made public by the person concerned.
Supervision or regulation of personal data processing by authorized public institutions and organizations and professional organizations with public institution status, based on the authority granted by law.

necessary for the performance of their duties or for disciplinary investigation or prosecution.

The processing of personal data is necessary to protect the economic and financial interests of the State regarding budgetary, tax and financial matters.

12.3. Response Procedure

In accordance with Article 13 of the Personal Data Protection Law, our Company will finalize the application requests made by the personal data owner free of charge, as soon as possible and within 30 (thirty) days at the latest, depending on the nature of the request.

The application of the personal data owner may be rejected in the following cases:

Obstructing the rights and freedoms of other people
Requires disproportionate effort
The information is publicly available information
Compromising the privacy of others
One of the situations that are not covered by the Personal Data Protection Law is present.
Personal Data Processing Activities Conducted Within the Company and Data Processing Activities Conducted on the Website

13.1. Camera Monitoring Within the Company

To protect the interests of our Company and other people regarding the security of our Company, camera surveillance is carried out within our Company.

In accordance with the regulations in the Personal Data Protection Law, this Policy regarding camera surveillance activities is published on our website by our Company and a notification notice regarding surveillance is posted at the entrances of the areas where surveillance is carried out.

There is no monitoring in areas that could result in an invasion of personal privacy. Security camera recordings are accessible only to a limited number of Company employees and, if necessary, to employees of our supplier security companies. Those who have access to the recordings sign a confidentiality agreement, pledging to protect the confidentiality of the data they access.

13.2. Entry and Exit of Customers Visiting the Company

Personal data processing is carried out to track the entries and exits of our guests who visit our company. The name and surname information of visitors to our company is collected and processed solely for this purpose, and the relevant personal data is physically recorded in the registration system.

13.3. Records Regarding Internet Access Provided to Company Visitors

Storage

Our Company provides internet access to visitors who request it during their stay in our buildings and facilities. In this case, log records related to your internet access are recorded in accordance with the mandatory provisions of Law No. 5651 and the legislation issued pursuant to this Law. These records are processed only upon request by authorized public institutions and organizations or to fulfill our legal obligations during audits conducted within our Company. Only a limited number of employees, under a commitment to confidentiality, have access to these logs. Employees with access to these records do so only for the purposes of responding to requests from authorized public institutions and organizations or for audits, and they are shared with legally authorized individuals.

13.4. Website Visitors

Visitors to our company's website are recorded (using technical means, such as cookies) to display personalized content and engage in online advertising so they can visit in a way that aligns with their intended purpose. Detailed explanations of our company's activities are included in the Privacy Policy on our website.

This Policy may be revised by the Company as necessary. In such cases, the most current version of the Policy will be posted on the Company's website.

INFORMATION TEXT ON THE PROCESSING OF PERSONAL DATA

As [ Sinba Tekstil İht. İhr. San ve Tic. Ltd. Şti ] (“Company”), we attach importance to the protection of your personal data and would like to inform you about the processing method, purpose and legal basis of your personal data, to whom and for what purpose it may be transferred, and your rights under the relevant law, within the scope of the Personal Data Protection Law No. 6698 ( “KVKK”) .

In all personal data processing activities we carry out, we act in accordance with all obligations and principles stipulated in the relevant legislation, especially KVKK, and we take the necessary security measures to ensure the secure processing of your personal data.

DATA CONTROLLER

Within the scope of KVKK, your personal data is processed by [[ Sinba Tekstil İht. İhr. San ve Tic. Ltd. Şti. in its capacity as data controller, limited to the purposes specified below.

YOUR PROCESSED PERSONAL DATA

We process your personal data below within the scope of your business relationship with our company.

Identity Information: Information included in identity documents such as name, surname, gender, date and place of birth, military service status, citizenship, nationality, marital status, marriage date, Turkish ID number, identity information included in driver's license, passport and driver's licenses, photograph.

Contact Information: Personal email address, company email address, personal phone number, corporate phone number, address and residence, emergency contact information

Location: Location information

Transaction Security Information: Online identifier information, IP address, cookies, device identification number, websites visited, language settings, timeline information, login ID, credentials, employee or manager online identification number, Company systems and Other information used to access and/or secure applications, electronic data that may be processed as a result of audit findings, personal data to be processed during the backup process,

Visual and Audio Recordings: Images on Company accounts or internal Company social media or services, photo and video footage taken at our Company events and organizations, images or videos uploaded to media provided to you by us in other ways.

Financial Information: Bank account information, salary, advance, premium matrix, payroll deductions including insurance, data regarding retirement plans, expense reports, payment frequency, e-declaration information,

Personnel Information: Social Security Institution (SGK) occupation code, department, date of hire, title, duty/grade, business unit, part-time or full-time position, annual leave entitlements, sick leave, long-term leave, work history, trial period, hire/rehire and termination date(s) and reasons, information regarding retirement, promotions and discipline, ethics and compliance records, employment certificate and KGVM letter, date of transfers, manager(s), other details of the employment contract, job application form and evaluations, personality inventory test results, interviews and reference interviews, health insurance information including private health insurance, payroll and timesheet information, personnel registration number, resume form, mobility, overtime commitments, residence and work permit details, company entry and exit and overtime records, general aptitude test, opinions, complaints, and suggestions you have conveyed to us regarding your satisfaction as an employee, appointment and promotion information, long-term incentives, awards, retirement, employee performance and career development information such as activities you have participated in for career development, goals, projects, and performance evaluations.

Association Membership: Registered associations and professional organizations

Other Information: Data regarding family members/dependents of employees (e.g., name, surname, date of birth, contact information, birth/death information regarding family members/dependents of employees), travels made on behalf of the company, information regarding business-related meetings and organizations attended, holidays, company registration number, entry-exit records, travel allowances, visa documents, travel requests, information used for transfers and accommodation on business trips.

Clothing Information: Body measurements, height, weight, shoe size information taken from employees for the purpose of providing clothing to the personnel.

Professional Experience Information: Details presented in application letters and resumes, diplomas, experience, special expertise, professional qualifications, foreign language(s) spoken, proficiency assessments, professional licenses and certifications, courses, information on planned and completed training, information used to create employee biographies.

Physical Space Security Information: CCTV footage, card access system log records, building-office entry and exit records

Vehicle Information: Information about the vehicle (vehicle license plate / vehicle registration / vehicle chassis number / vehicle brand-model / car park type, etc.)

Union Membership: Union membership information

Legal Transaction and Compliance Information: Your personal data, audit and inspection data, your signature, audit findings, traffic fines processed within the scope of determining and pursuing our legal receivables and rights, fulfilling our debts, and complying with our legal obligations and our Company's policies.

Biometric data: Fingerprint and retina scan

Information on Criminal Conviction and Security Measures : Criminal record of the working personnel

Health Information: To the extent permitted by applicable law:

- Information about your disability as it relates to your work performance (for example, if we need to make adaptations or changes to the work or workspace)

- Your blood type data and health data collected based on your explicit consent in case of emergency (e.g. pre-employment health report, health information in case of a work accident, disability report)

- Your physical or mental health data (for example, in cases where the said data is required to organize the work or the workplace, such as illness or pregnancy, for writing prescriptions, writing sickness reports, and for absence records)

- Your personal health data collected by the workplace physician within the scope of periodic health checks.

SCOPE, PURPOSE AND LEGAL REASON FOR PROCESSING YOUR PERSONAL DATA

Your personal data will be processed within the scope of the legal reasons listed in Articles 5 and 6 of the KVKK, as explained in detail below:

Carrying out human resources processes, especially the execution of employment and termination procedures and personnel processes, and fulfilling the obligations arising from employment contracts and legislation for employees.

For this purpose, your identity, contact information, personal information, professional experience and financial information, as well as information regarding your family members and relatives, are processed pursuant to Article 5/2 (a) of the Personal Data Protection Law, and provided that it is clearly prescribed by law and directly related to the establishment or performance of a contract pursuant to Article 5/2 (c) of the Personal Data Protection Law, within the scope of the conditions that the processing of personal data of the parties to the contract is necessary, and your health data is processed pursuant to Article 6 of the Personal Data Protection Law, based on the legal reason that it is necessary to fulfill legal obligations in the fields of employment, occupational health and safety, social security, social services and social assistance.

Information regarding criminal convictions and security measures and criminal records of personnel carrying out customs procedures within the scope of the legislation will be processed based on the legal reason clearly provided for in the laws in accordance with Article 6 of the KVKK.

Managing internal job change and promotion processes

For this purpose, identity and personal data are processed in accordance with Article 5/2 (f) of the KVKK, provided that it does not harm the fundamental rights and freedoms of the relevant person and that it is necessary for the legitimate interests of the data controller.

Organization and execution of career, talent development and training processes

For this purpose, your identity, contact, personal and professional experience information is processed in accordance with Article 5/2 (f) of the KVKK, provided that it does not harm the fundamental rights and freedoms of the relevant person and is mandatory for the legitimate interests of the data controller.

Salary, fringe benefits, progress payments, advances and expense management,

For this purpose, your physical location security, professional experience, identity, personal information, vehicle and financial information and other information are processed based on the legal grounds that the processing of personal data of the parties to the contract is necessary, provided that it is necessary for the data controller to fulfill its legal obligations in accordance with Article 5/2 (ç) of the KVKK and is directly related to the establishment or performance of a contract in accordance with Article 5/2 (c) of the KVKK. Trade union information is processed based on the legal grounds that it is necessary for the fulfillment of legal obligations in the fields of employment, occupational health and safety, social security, social services and social assistance in accordance with Article 6 of the KVKK.

Providing employee benefits and benefits (private health insurance, private pension, group life insurance, shuttle service, meal vouchers, etc.) and carrying out transactions

For this purpose, your identity, personal, financial and contact information is processed on the condition that it is directly related to the establishment or performance of a contract in accordance with Article 5/2 (c) of the KVKK, the processing of personal data belonging to the parties to the contract is necessary, and provided that it does not harm the fundamental rights and freedoms of the relevant person in accordance with Article 5/2 (f) of the KVKK, it is mandatory for the legitimate interests of the data controller. Your health data is processed on the basis of the legal ground that it is mandatory for the fulfillment of legal obligations in the fields of employment, occupational health and safety, social security, social services and social assistance in accordance with Article 6 of the KVKK.

Strengthening communication between employees within the company, making internal announcements regarding special days such as employment, marriage, birth, and death.

For this purpose, your identity, contact information, professional experience, photograph information and other information are processed in accordance with Article 5/2 (f) of the KVKK, provided that it does not harm the fundamental rights and freedoms of the relevant person and is mandatory for the legitimate interests of the data controller.

Management of disciplinary and ethical processes

For this purpose, your identity, contact, personnel, legal proceedings and compliance, professional experience and financial information as well as visual and audio records are processed in accordance with Article 5/2 (f) of the KVKK, provided that it does not harm the fundamental rights and freedoms of the relevant person and is mandatory for the legitimate interests of the data controller.

Management of audit processes, including the conduct of internal audits and investigations,

For this purpose, your identity, contact, legal process and compliance information and financial information are processed in accordance with the conditions that it is necessary for the legitimate interests of the data controller and that the data controller is required to fulfill its legal obligations in accordance with the Article 5/2 (f) of the KVKK, provided that it does not harm the fundamental rights and freedoms of the relevant person.

Conducting the company's general assembly meeting processes, preparing documents such as signature circulars, powers of attorney, work directives and using them in business processes, preparing the annual activity report, preparing and presenting periodic financial reports, representing the company on different platforms, carrying out processes carried out before public institutions and organizations, establishing and executing commercial contracts, making applications to relevant official authorities in accordance with the Turkish Commercial Code No. 6102 and other relevant legislation.

For these purposes, your identity, contact and professional experience information will be processed based on the legal grounds that it is expressly required by law in accordance with Article 5/2 (a) of the KVKK, that it is necessary for the data controller to fulfill its legal obligations in accordance with Article 5/2 (ç) of the KVKK, and that it is necessary for the legitimate interests of the data controller, provided that it does not harm your fundamental rights and freedoms in accordance with Article 5/2 (f) of the KVKK.

Managing employee requests and complaints, managing employee satisfaction and loyalty, activity and social responsibility management processes, and conducting internal company surveys.

For this purpose, your transaction security, identity and contact information are processed within the scope of the condition that it is necessary for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the relevant person in accordance with Article 5/2 (f) of the KVKK.

Fulfilling our legal obligations arising from the legislation to which our Company is subject, especially the Labor Law No. 4857 and the Occupational Health and Safety Law No. 6331, such as managing work accident processes and making the necessary reporting, and organizing occupational health and safety training,

For this purpose, your identity, contact and personal information is processed on the condition that it is mandatory for the data controller to fulfill its legal obligations in accordance with Article 5/2 (ç) of the KVKK, and your health data is processed on the legal ground that it is mandatory for the fulfillment of legal obligations in the fields of employment, occupational health and safety, social security, social services and social assistance in accordance with Article 6 of the KVKK.

Complying with the obligations such as informing, reporting, etc. and fulfilling the requests of official and administrative authorities such as the Ministry of Family, Labor and Social Services of the Republic of Turkey, Social Security Institution, District Health Directorate, Municipalities,

For this purpose, your identity, contact, legal process and compliance, personal and financial information is processed on the condition that it is mandatory for the data controller to fulfill its legal obligations in accordance with Article 5/2 (ç) of the KVKK, and your health data is processed on the legal ground that it is mandatory for the fulfillment of legal obligations in the fields of employment, occupational health and safety, social security, social services and social assistance in accordance with Article 6 of the KVKK.

Identifying employees to the systems and applications used by the company within the scope of fulfilling information security processes, managing platform testing processes, defining access rights, ensuring network security and uninterrupted execution of other information technology processes.

For this purpose, your identity, financial, communication, transaction security, physical location security and personal information are processed in accordance with Article 5/2 (f) of the KVKK, provided that it does not harm the fundamental rights and freedoms of the relevant person and is mandatory for the legitimate interests of the data controller.

Management of emergency processes

For this purpose, your identity and contact information are processed for the legal reason that it is necessary for the protection of the life or physical integrity of a person or someone else who is unable to give his consent due to a physical impossibility or whose consent is not legally valid, in accordance with Article 6 of the KVKK.

Issuing ID cards to employees and carrying out physical space security processes

For this purpose, your physical location security, personal information, professional experience, identity, transaction security and vehicle information, biometric data and visual and audio recordings are processed in accordance with Article 5/2 (f) of the KVKK, provided that it does not harm the fundamental rights and freedoms of the relevant person and is mandatory for the legitimate interests of the data controller.

Carrying out business activities, ensuring continuity and business continuity, carrying out processes related to cargo, courier and mail, carrying out finance and accounting activities, participating in tenders opened by the relevant authorities,

For this purpose, your identity, contact, personnel, legal proceedings and compliance, professional experience, financial information and other information are processed in accordance with Article 5/2 (f) of the KVKK, provided that it does not harm the fundamental rights and freedoms of the relevant person and that it is mandatory for the legitimate interests of the data controller and that it is mandatory for the data controller to fulfil its legal obligations in accordance with Article 5/2 (ç) of the KVKK.

Ensuring the allocation and tracking of work-related tools, equipment and devices, ensuring the security of movable goods and resources, embezzlement approval and allocation and tracking of company vehicles

For this purpose, your identity, contact, location, vehicle, personal, transaction security and financial information are processed within the scope of the condition that the processing of personal data of the parties to the contract is necessary, provided that it is directly related to the establishment or performance of a contract in accordance with Article 5/2 (c) of the KVKK, and that it is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the relevant person in accordance with Article 5/2 (f) of the KVKK.

To maintain our existing relationships with our business partners, customers and suppliers, to ensure that the obligations within the scope of the contractual relationship are duly fulfilled, and to ensure the coordination of projects are carried out by the business units,

For this purpose, your identity, legal process and compliance and contact information are processed within the scope of the conditions that the processing of personal data of the parties to the contract is necessary, provided that it is directly related to the establishment or performance of a contract in accordance with Article 5/2 (c) of the KVKK, and that it is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the relevant person in accordance with Article 5/2 (f) of the KVKK.

Monitoring and execution of legal affairs,

For this purpose, your identity, contact, legal proceedings and compliance, personnel, professional experience and financial information are processed within the scope of the condition that data processing is mandatory for the establishment, exercise or protection of a right in accordance with Article 5/2 (e) of the KVKK.

Fulfilling our legal, financial and commercial obligations,

For this purpose, your identity, contact, legal process and compliance, personnel, professional experience and financial information are processed based on your explicit consent within the scope of Article 6/2 of the KVKK, provided that it is necessary for the data controller to fulfill its legal obligations in accordance with Article 5/2 (ç) of the KVKK, and provided that it does not harm the fundamental rights and freedoms of the relevant person in accordance with Article 5/2 (f) of the KVKK, and your health data collected in physical media through printed documents within the scope of the condition that it is necessary for the legitimate interests of the data controller.

Carrying out internal company information announcements and bulletin processes,

For this purpose, your identity, contact, personal information, photograph and professional experience information are processed in accordance with Article 5/2 (f) of the KVKK, provided that it does not harm the fundamental rights and freedoms of the relevant person and is mandatory for the legitimate interests of the data controller.

In addition, in accordance with Article 6 of the KVKK, your personal data will be processed in the following processes based on your explicit consent;

Processing of your visual and audio recordings by the Company for publication in events organized or attended by the Company, in printed or electronic media, in written and visual communication materials belonging to the Company or third parties,
Processing your identity, contact information, professional experience, photograph information and other information for the purpose of strengthening communication between employees within the company and making internal announcements regarding special days such as employment, marriage, birth and death,

METHOD OF COLLECTING PERSONAL DATA

Your personal data is collected and processed electronically and physically through physical interviews, printed documents and forms, cargo/mail and hand-delivered documents, closed-circuit camera systems, in-company applications and systems, websites, e-mail, telephone, call centers, messaging applications, online forms, and career platforms.

TRANSFER OF YOUR PERSONAL DATA

Your personal data may be processed in accordance with Articles 8 and 9 of the KVKK, to the extent necessary and limited to the purposes specified above and to fulfill the obligations arising from company policies:

In accordance with Article 5/2 (f) of the KVKK, provided that it does not harm the fundamental rights and freedoms of the data subject, within the scope of the condition that it is mandatory for the legitimate interests of the data controller.

With GSM operators for the purpose of providing telephone lines,
Voice recordings are shared with business partners and service providers that offer call center services,
With car rental companies in case of a rental car,
With cargo companies to make deliveries on your behalf and send your cargo when necessary,
With associations to carry out social responsibility and civil society activities,
With written and visual media organizations for the purpose of carrying out company communication activities,

In accordance with Article 5/2 (c) of the KVKK, the processing of personal data of the parties to the contract is necessary, provided that it is directly related to the establishment or performance of a contract;

Communication data is shared with travel agencies and hotels to enable transportation and accommodation transactions within the scope of planning and execution of business trips,
To service providers within the scope of providing training,
With the building management to ensure your building entrances,
With the solution partners we have agreements with to provide our services (companies that receive payroll services, companies that receive non-human resources support),
With our service providers who provide services related to our IT infrastructure,
With authorized persons, institutions and organizations within the scope of ensuring business continuity, carrying out audits and carrying out activities,

Pursuant to Article 5/2 (ç) of the KVKK, within the scope of the condition that it is mandatory for the data controller to fulfill his legal obligation;

With banks for the purpose of making salary payments to employees,
Occupational health and safety companies, hospitals and health institutions in order to fulfill emergency medical interventions and occupational health and safety obligations,
With auditors, forensic computer experts, cyber security consultants, tax consultants and other third parties from whom we receive consultancy and services regarding the fulfillment of our legal obligations, ensuring information security and defending our rights,
Service providers that provide independent auditing, customs, financial advisory/accounting services,
Personnel entry and exit information may be transferred to police stations and SGK, İŞKUR due to legal obligations; employee personal data may be transferred to SGK during the inspection of SGK and Ministry of Health; Ministry of Family, Labor and Social Services, when necessary; Tax Offices for the purpose of making mandatory tax declarations arising from the law.
In order to fulfill our legal obligations, with the Energy Market Regulatory Authority, Chamber of Energy Engineers, Capital Markets Board, Ministry of Energy of the Republic of Turkey, administrative and judicial authorities,

Within the scope of the condition that data processing is mandatory for the establishment, exercise or protection of a right in accordance with Article 5/2 (e) of the KVKK;

If necessary, with official institutions and organizations such as lawyers, consultants, courts, enforcement offices, notaries to protect our rights and interests,
With the companies from which we receive services to provide side benefits (insurance, meal card companies, service companies, etc.),

In accordance with Article 6 of the KVKK, your health data may be shared with authorized public institutions and organizations in order to fulfill our legal obligations and with insurance companies within the scope of carrying out insurance activities, based on the legal grounds that it is clearly provided for in the laws.

Provided that one of the appropriate safeguards stipulated in Article 9 of the KVKK is established, your personal data may be transferred to a service provider company located abroad that provides services for testing and awareness-raising activities within the scope of information security processes, to a supplier company that provides products and services used for the purpose of carrying out training and certification processes, to a service provider company that provides information technology platforms whose servers are located abroad that are used for the execution of human resources processes, and to information technology companies located abroad from which the Company receives services due to technical infrastructure in order to carry out procedures related to its business processes.

Based on your explicit consent, in accordance with Article 5/1 of the KVKK, your identity, visual and audio data are published in written and visual communication materials, interviews, corporate social media accounts, corporate bulletins, websites, written and visual announcements and advertising campaigns of companies from which we receive services, primarily organization companies, event, news and advertising agencies and third parties in the country with whom we operate, in order to carry out events.

YOUR RIGHTS REGARDING YOUR PERSONAL DATA

We hereby inform you that you have the following rights regarding your personal data, in accordance with Article 11 of the Law:

Learning whether your personal data is being processed,
To request information regarding your personal data if it has been processed,
To learn the purpose of processing your personal data and whether your personal data is used in accordance with the purpose of processing,
Knowing the third parties to whom your personal data is transferred, whether domestically or abroad,
To request correction of your personal data if it is processed incompletely or incorrectly and to request that the action taken in this context be notified to third parties to whom your personal data has been transferred,
To request the deletion or destruction of your personal data in case the reasons requiring processing are eliminated, even though it has been processed in accordance with the provisions of the Law and other relevant laws, and to request that the action taken within this scope be notified to third parties to whom your personal data has been transferred,
To object to a result that is detrimental to you, as a result of your personal data being processed exclusively through automated systems,
To request compensation for damages in case you suffer damages due to the unlawful processing of your personal data.

In this context, you can submit your requests regarding your rights by filling out the PERSONAL DATA PROTECTION LAW RELATED PERSON APPLICATION FORM found on our website at the [x] link, or by creating your own request that meets the requirements set by the Personal Data Protection Authority and sending it to our email address or postal address below, using the methods specified by the Personal Data Protection Authority. Your request will be finalized free of charge as soon as possible, depending on its nature, and within 30 days at the latest.

Our Application Address:
Our Email Address: [x]

I have read and understood the Information Text.

Name Surname:

History :

Signature :

EXPLICIT CONSENT TO THE PROCESSING OF PERSONAL DATA

In accordance with the information text communicated to me by the company;

I want my identity, visual and audio data to be published in written and visual communication materials, interviews, corporate social media accounts, corporate bulletins, websites, written and visual announcements and advertising works of companies from which we receive services, event, news and advertising agencies or third parties, especially in the organization companies for the purpose of carrying out the events.

󠅶 I approve

󠅶 I do not approve

My identity, contact information, professional experience, photograph information and other information may be processed and shared for the purpose of strengthening communication between employees within the company and making internal announcements regarding special days such as employment, marriage, birth and death.

󠅶 I approve

󠅶 I do not approve

Date: __/__/20__

Name-Surname: ______________

Signature : ______________

Identity of the Data Controller

As Sinba Tekstil İht. İhr. San ve Tic. Ltd. Şti., we are extremely sensitive to the security and confidentiality of your personal data. With this awareness, and as a data controller under Law No. 6698 on the Protection of Personal Data ("Law"), we hereby submit the following information for your information within the scope of our obligation to inform you to ensure that we act in compliance with the Law regarding the personal data we obtain:

Processing of Personal Data and Purposes of Processing

While your personal data may vary depending on the services and commercial activities offered by Sinba Tekstil, our Company processes it to ensure that services are provided in the best possible way. In this context;

If you are a natural person customer of our company/legal entity or a natural person merchant customer's employee/contact person/partner/authorized person and in some cases parent/guardian/representative, guarantor or potential customer, your personal data (identity, contact, customer transaction information) and special personal data (in case of sharing by natural person customers, the religion and blood type information included in the health report and also the identity documents can be obtained indirectly through a copy of the identity document and/or driver's license in accordance with the Electricity Market Consumer Services Regulation) for the execution of contract processes, after-sales support services, customer relations management processes, customer satisfaction activities, legal, financial and accounting affairs, follow-up of requests/complaints, execution of activities in accordance with the Electricity Market Law and secondary legislation and other relevant legislation, execution/audit of business activities, execution of audit activities, execution of business continuity activities, execution of risk management processes, execution of strategic planning activities, monitoring and execution of social responsibility and civil society activities, upon request, to the authorized person, person, institution and It may be processed limited to the purposes of providing information to organizations, carrying out communication activities, carrying out storage and archive activities, and carrying out information security processes.

If you are a legal entity or a natural person trader/an employee/contact person/partner/authorized person of our suppliers/business partners/subcontractors:

If you share your personal data (identity, contact, professional experience, financial, legal transactions, vehicle license-plate, personnel data), your special personal data (health, criminal conviction, association/foundation/union membership data) may also be processed for the purposes of contract processes, goods and service sales processes, follow-up of legal, financial and accounting affairs, risk management processes, carrying out activities in accordance with the legislation, carrying out goods/service purchasing processes, carrying out after-sales support services for goods/services, carrying out goods/service production and operation processes, occupational health and safety processes, carrying out/auditing business activities, carrying out performance evaluation processes, providing information to authorized persons, institutions and organizations upon request, carrying out communication activities, carrying out information security processes.

Moreover,

If you visit our company's workplaces, please provide identification, physical space security, ensure physical space security, create visitor records and ensure compliance with Sinba Tekstil İth. İhr. San ve Tic. Ltd. Şti policies and procedures.
When you visit our website, your transaction security data will be kept electronically in order to fulfill the obligations arising from the legislation in accordance with Law No. 5651, to ensure compliance with Sinba Tekstil İth. İhr. San ve Tic. Ltd. Şti policies and procedures, and to carry out information security processes.
If you access the wireless network system provided free of charge by our Company, your personal data regarding identity, communication and transaction security may be processed in a limited and measured manner for the purposes of ensuring your access to the system, fulfilling obligations arising from legislation, preventing unlawful and immoral use of the system, ensuring compliance with Sinba Tekstil İth. İhr. San ve Tic. Ltd. Şti policies and procedures, and carrying out information security processes.

Your personal data may also be stored in both digital and physical environments by being transferred to physical archives and information systems.

To Whom and For What Purposes Can Processed Personal Data Be Transferred?

Your collected personal data may be transferred to the systems of domestic and international information technology service providers whose services we utilize and with whom we cooperate, including official institutions and organizations, auditors, consultants, law and mediation offices, banks, travel agencies, our business partners and suppliers, for the purposes explained in Article 2 of this Disclosure Text and within the scope of the relevant legislation and depending on and limited to the reasons requiring transfer, and to the main shareholder of our Company located in the country and its group companies and to the databases used in common with them for the execution of operational processes and receiving support.

Method and Legal Reason for Collecting Personal Data

Your personal data may be collected for the purposes explained in Article 2 of this Disclosure Text and in accordance with the basic principles stipulated in the Law, based on and limited to the legal grounds of execution of a contract, establishment, exercise or establishment of a right, and the legitimate interest of the data controller, as specified in Article 5 of the Law; and your special personal data may be collected for the purposes explained in Article 6 of the Law, based on and limited to the legal grounds of execution of a contract, establishment, exercise or establishment of a right, and the legitimate interest of the data controller, as specified in Article 6 of the Law, through automatic or non-automatic methods, through verbal or written information transmitted by your employer or by you directly through our e-mail address, applications and software used within the scope of Company activities, and camera circuit camera systems records.

Your Rights Regarding the Protection of Personal Data

Within the framework of personal data protection legislation, you have the right to learn whether your personal data is being processed, to request information about it if it has been processed, to learn the purpose of processing and whether it is being used by us in accordance with these purposes, to learn the third parties to whom it has been transferred, whether domestically or internationally, to request correction if it is processed incompletely or inaccurately and to request notification to third parties to whom it has been transferred if it has been transferred, to request deletion or destruction if the conditions for processing cease to exist and to request notification to third parties to whom it has been transferred if it has been transferred, to object if you believe that a result to your detriment has been produced by the analysis of processed data exclusively through automated systems, and to request compensation for any damages you have suffered due to unlawful processing.

You can submit your requests within the scope of Article 11 of the Law, which regulates the rights of the data subject, in writing to Halide Edip Adıvar, Çifte Cevizler Cd. 24/2, 34384 Şişli/İstanbul, using the form on the link www.kameya.com , in accordance with the “Communiqué on the Procedures and Principles of Application to the Data Controller”, by verifying your identity, or in person or via the e-mail address info@kameya.com.tr , provided your membership is confirmed.

In accordance with Article 13 of the Law, our Company will finalize application requests, depending on the nature of the request, within 30 (thirty) days at the latest. Detailed information regarding the evaluation process for application requests can be found in the Personal Data Protection and Sensitive Personal Data Policy, which you can access at https://kameya.com/ .

SPECIAL NATURE PERSONAL DATA PROCESSING POLICY

Document Name

Special Personal Data Processing Policy

Target group:

Sinba Textile Import. Export. Industry and Trade Ltd. employees who are involved in the processing of special personal data at the company.

Preparer:

Sinba Textile Import. Export. Industry and Trade Co. Ltd. Personal Data Protection Committee

Contents

INTRODUCTION. 2

1.1. Purpose. 2

1.2. Scope. 2

ISSUES RELATED TO THE PROCESSING OF SPECIAL NATURE PERSONAL DATA. 2

2.1. General Principles to be Followed During the Processing of Special Personal Data. 2

2.2. Conditions for Processing of Special Personal Data 2

ISSUES REGARDING THE TRANSFER OF SPECIAL NATURE PERSONAL DATA. 3
INFORMATION OF RELEVANT PERSONS DURING THE OBTAINING OF SPECIAL NATURE PERSONAL DATA 3
STORAGE AND DESTRUCTION OF SPECIAL NATURE PERSONAL DATA 4
ENSURING THE SECURITY AND CONFIDENTIALITY OF SPECIAL NATURE PERSONAL DATA 4

6.1. Administrative Measures Taken by Our Company to Ensure Lawful Processing of Special Personal Data and to Prevent Unlawful Access to Special Personal Data. 4

6.2. Technical Measures Taken by Our Company to Ensure Lawful Processing of Special Personal Data and to Prevent Unlawful Access to Special Personal Data. 5

6.3. Measures Taken by Our Company to Ensure the Lawful Transfer of Special Personal Data 5

6.4. Measures to be Taken in Case of Unlawful Disclosure of Special Personal Data 5

APPENDIX 1 – Definitions.. 6

1. INTRODUCTION

1.1. Purpose

The protection of personal data is among the top priorities of Sinba Tekstil İht. İhr. San ve Tic. Ltd. Şti. (“ Company ”) and makes every effort to comply with all applicable legislation in this regard. Law No. 6698 on the Protection of Personal Data (“ Law ”) classifies data related to an individual’s race, ethnic origin, political opinion, philosophical belief, religion, sect or other belief, appearance and dress, membership in associations, foundations or unions, health, sexual life, criminal convictions and security measures, as well as biometric and genetic data, as “ Special Personal Data .” This data is of particular importance and obligates data controllers to protect this data with a heightened security standard.

Each of the group companies within Sinba Tekstil is subject to the provisions of this Policy.

Within the framework of this Company's Special Personal Data Processing Policy (" Policy "), the principles adopted in carrying out the Special Personal Data processing activities carried out by our Company and the minimum data security measures to be taken by the Company during the Special Personal Data processing activities are determined.

1.2. Scope

This Policy relates to Special Personal Data belonging to identified or identifiable natural persons as defined within the scope of the Law, processed within the Company by automatic means or non-automatic means provided that it is part of any data recording system.

2. ISSUES RELATED TO THE PROCESSING OF SPECIAL NATURE PERSONAL DATA

2.1. General Principles to be Followed During the Processing of Special Personal Data

Our Company processes Special Personal Data in accordance with the procedures and principles stipulated in the Law and other relevant legislation. Accordingly, our Company acts in accordance with the principles listed below (" General Principles ") in the processes in which it processes Special Personal Data.

Our Company's Special Personal Data;

In accordance with the law and the rules of honesty,
Accurately and up-to-date when necessary,
For specific, clear and legitimate purposes,
In connection with the purpose for which they are processed, limited and proportionate,
They are processed for the period stipulated in the relevant legislation or necessary for the purpose for which they are processed.

2.2. Conditions for Processing Special Personal Data

Special Personal Data is listed separately and in a limited way in the law, and special importance is given to these data due to the risk of causing victimization or discrimination to individuals when processed unlawfully.

Special Personal Data is processed by our Company in accordance with the principles set forth in this Policy and by taking all necessary administrative and technical measures, including the minimum security measures determined or to be determined by the Personal Data Protection Board (“ Board ”), and in the presence of at least one of the following conditions.

a) The explicit consent of the relevant person,
b) It is clearly provided for in the laws,
c) If it is necessary for the protection of the life or physical integrity of a person who is unable to give his consent due to a physical impossibility or whose consent is not legally valid, or if it is necessary for the protection of the life or physical integrity of another person,

d) It is in accordance with the personal data made public by the relevant person and his/her will to make it public,

d) It is necessary for the establishment, use or protection of a right,
e) It is necessary for the protection of public health, preventive medicine, medical diagnosis, treatment and care services, and the planning, management and financing of health services by persons under the obligation of confidentiality or authorized institutions and organizations,
f) It is mandatory to fulfill legal obligations in the fields of employment, occupational health and safety, social security, social services and social assistance,
g) It should be directed to current or former members and affiliates of foundations, associations and other non-profit organizations or formations established for political, philosophical, religious or union purposes, or to people who are in regular contact with these organizations and formations, provided that it complies with the legislation and objectives to which they are subject, is limited to their fields of activity and is not disclosed to third parties.

3. ISSUES RELATED TO THE TRANSFER OF SPECIAL NATURE PERSONAL DATA

Our Company may transfer Special Personal Data to third parties (" Third Parties ") by taking the necessary security measures in line with the lawful purposes of processing Special Personal Data. In this regard, our Company complies with the regulations stipulated in Articles 8 and 9 of the Law.

4. INFORMATION OF RELEVANT PERSONS DURING THE OBTAINING OF SPECIAL NATURE PERSONAL DATA

According to Article 10 of the Law, data controllers or their authorized persons must inform data subjects when collecting personal data. In fulfilling our obligation to inform data subjects, our company informs data subjects, at a minimum, on the following matters:

The identity of the data controller and its representative, if any,
The purpose for which personal data will be processed,
To whom and for what purpose personal data can be transferred,
The method and legal reason for collecting personal data,
The rights listed in Article 11 of the Law and granted to the relevant persons and how these rights can be used.

Except where alternative methods are adopted, the Company uses disclosure texts provided to data subjects, either physically or electronically, in a manner that can be subsequently proven, to fulfill its obligation to provide information. Company employees involved in processes involving the processing of Sensitive Personal Data must ensure that the necessary disclosure texts are provided to data subjects and that the data subjects are informed before obtaining personal data.

5. STORAGE AND DESTRUCTION OF SPECIAL NATURE PERSONAL DATA

In accordance with the obligation to delete, destroy or anonymize personal data regulated in Article 7 of the Law, all personal data, including Special Personal Data, shall be deleted, destroyed or anonymized upon the decision of our Company ex officio or upon the request of the Personal Data Subject, in the event that the reasons requiring processing are eliminated, even though they have been processed by our Company in accordance with the provisions of the Law and other legislation.

6. ENSURING THE SECURITY AND CONFIDENTIALITY OF SPECIAL NATURE PERSONAL DATA

Our Company takes all necessary measures, within the bounds of possibility, according to the nature of the data to be protected, to prevent the unlawful disclosure, access, transfer or other security deficiencies that may occur in Special Personal Data.

In this context, our Company takes all necessary administrative and technical measures; relevant measures are reviewed and updated in accordance with current Board decisions, and in case of unlawful disclosure of personal data, action is taken in accordance with the measures stipulated in the Law.

The data security measures specified in this section are the minimum measures to be taken by the Company when processing Special Personal Data. These measures are determined in accordance with the Board's Decision No. 2018/10, dated January 31, 2018, on "Adequate Measures to be Taken by Data Controllers in the Processing of Special Personal Data" ^[1] and will be updated if the Board issues new decisions on this matter.

The standard technical and administrative data security measures currently taken by the Company in its other processes will continue to be taken to the extent appropriate for the processes in which Special Personal Data is processed.

6.1. Administrative Measures Taken by Our Company to Ensure Lawful Processing of Special Personal Data and to Prevent Unlawful Access to Special Personal Data

The risks that may arise regarding Special Personal Data have been identified in our company and the measures to be taken against them have been determined,
Our company trains its employees, raises their awareness and carries out awareness activities regarding the processing and protection of Special Personal Data.
In order to ensure the security of Special Personal Data, an Employee Privacy Commitment is signed with employees who access this data.
The scope and duration of employees' access to Special Categories of Personal Data is limited.
Authorization checks are performed periodically.
Access rights for employees who change positions or leave their jobs are immediately revoked. In this context, the inventory allocated to them is refunded.

6.2. Technical Measures Taken by Our Company to Ensure Lawful Processing of Special Personal Data and to Prevent Unlawful Access to Special Personal Data

The environments where Special Qualified Persons Data are processed, stored and/or accessed are electronic environments;

Our company protects Specially Qualified Persons Data using cryptographic methods.
Cryptographic keys are kept in secure and separate environments.
Transaction records of all transactions performed on Special Personal Data are securely logged.
Security updates for the environments where Special Personal Data is located are constantly monitored, necessary security tests are regularly performed, and test results are recorded.
If Special Personal Data is accessed through software, user authorizations for this software are made, necessary security tests are regularly performed, and test results are recorded.
If remote access to Special Categories of Personal Data is required, at least a two-stage authentication system is provided.

The physical environment where Special Qualified Persons Data is processed, stored and/or accessed is;

It is ensured that adequate security measures are taken (against electrical leakage, fire, flood, theft, etc.) depending on the nature of the environment where the Special Personal Data is located.
By ensuring the physical security of these environments, unauthorized entry and exit are prevented.

6.3. Measures Taken by Our Company to Ensure the Lawful Transfer of Special Personal Data

If Special Personal Data needs to be transferred via e-mail, our company transfers it in encrypted form using a corporate e-mail address or a Registered Electronic Mail (KEP) account.
If it needs to be transferred via media such as Portable Memory, CD, DVD, it is encrypted using cryptographic methods and the cryptographic key is kept in a different medium.
If data transfer is made between servers in different physical environments, data transfer is carried out by establishing a VPN between the servers or using the sFTP method.
If it is necessary to transfer Special Personal Data via paper, necessary precautions are taken against risks such as theft, loss or viewing by unauthorized persons, and the documents are sent in the format of "confidential documents".

6.4. Measures to be Taken in Case of Unlawful Disclosure of Special Personal Data

Within the scope of the processing of Special Personal Data carried out by our Company, in case the Special Personal Data is obtained unlawfully by unauthorized persons, the situation will be reported to the Board within 72 (seventy-two) hours at the latest, in accordance with the Board’s decision dated 24.01.2019 and numbered 2019/10 [2], and the relevant persons affected by the breach will be informed as soon as possible.

7. APPENDIX 1 – Definitions

Explicit Consent	:	It means consent regarding a specific subject, based on information and expressed with free will.
Contact Person	:	It refers to the natural person whose personal data is processed.
Personal Data	:	It means any information relating to an identified or identifiable natural person (e.g., name-surname, TR ID No., e-mail, address, date of birth, credit card number). Therefore, it is not within the scope of the Law on processing information relating to legal entities.
Special Personal Data	:	It means data regarding race, ethnicity, political opinion, philosophical belief, religion, sect or other beliefs, dress code, association, foundation or union membership, health, sexual life, criminal conviction and security measures, as well as biometric and genetic data.
Processing of Personal Data	:	It means any operation performed on personal data, such as obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making available, classifying or preventing the use of personal data, either fully or partially by automatic means or non-automatic means provided that it is part of any data recording system.
Data Controller	:	It means the natural or legal person who determines the purposes and means of processing personal data and is responsible for establishing and managing the data recording system.
Registered Electronic Mail (KEP) Address	:	It refers to the qualified form of electronic mail that provides legal evidence regarding the use of electronic messages, including their sending and delivery.
Mobile Signature	:	It refers to an electronic signature created using a mobile device.
Secure Electronic Signature	:	It refers to an electronic signature that is created with a secure electronic signature creation tool that is solely at the disposal of the signatory, which allows the identification of the signatory based on a qualified electronic certificate, and which allows the determination of whether any changes have been made to the signed electronic data subsequently.

[1] The relevant decision can be accessed at the following web address: https://kvkk.gov.tr/Icerik/4110/2018-10

[2] The relevant decision can be accessed at the following web address: https://kvkk.gov.tr/Icerik/5362/Veri-Ihlali-Bildirimi

Kadın Beden Tablosu (cm)

EU	36	38	40	42	44
UK	8	10	12	14	16
US	4	6	8	10	12
Göğüs	94	98	102	106	112
Normal Bel	70	74	78	82	88
Düşük Bel	74	78	82	86	92
Basen	96	100	104	108	114
Arka Sırt	36	37	38	40	43
Kol Boyu	62	62.3	62.6	62.9	63.4
Omuzdan Aşağı Bel Hattı	41	41.5	42	42.5	43.6
Pantolon Uzun Boy	112	112.5	113	113.5	114
Normal Omuz	11	11.3	11.6	11.9	12.4

Women's Size Chart (inches)

EU	36	38	40	42	44
UK	8	10	12	14	16
US	4	6	8	10	12
Bust	37.0	38.6	40.2	41.7	44.1
Waist	27.6	29.1	30.7	32.3	34.6
Low Waist	29.1	30.7	32.3	33.9	36.2
Hip	37.8	39.4	40.9	42.5	44.9
Back Width	14.2	14.6	15.0	15.7	16.9
Sleeve Length	24.4	24.5	24.6	24.8	25.0
Shoulder to Waist	16.1	16.3	16.5	16.7	17.2
Pants Length	44.1	44.3	44.5	44.7	44.9
Shoulder Width	4.3	4.4	4.6	4.7	4.9

CART 0

No more products available for purchase

Cookie Policy

1. INTRODUCTION

1.1. Purpose

1.2. Scope

2. ISSUES RELATED TO THE PROCESSING OF SPECIAL NATURE PERSONAL DATA

2.1. General Principles to be Followed During the Processing of Special Personal Data

2.2. Conditions for Processing Special Personal Data

3. ISSUES RELATED TO THE TRANSFER OF SPECIAL NATURE PERSONAL DATA

4. INFORMATION OF RELEVANT PERSONS DURING THE OBTAINING OF SPECIAL NATURE PERSONAL DATA

5. STORAGE AND DESTRUCTION OF SPECIAL NATURE PERSONAL DATA

6. ENSURING THE SECURITY AND CONFIDENTIALITY OF SPECIAL NATURE PERSONAL DATA

6.1. Administrative Measures Taken by Our Company to Ensure Lawful Processing of Special Personal Data and to Prevent Unlawful Access to Special Personal Data

6.2. Technical Measures Taken by Our Company to Ensure Lawful Processing of Special Personal Data and to Prevent Unlawful Access to Special Personal Data

6.3. Measures Taken by Our Company to Ensure the Lawful Transfer of Special Personal Data

6.4. Measures to be Taken in Case of Unlawful Disclosure of Special Personal Data

7. APPENDIX 1 – Definitions

Language

Language

Language

CART 0

No more products available for purchase

Cookie Policy

1. INTRODUCTION

1.1. Purpose

1.2. Scope

2. ISSUES RELATED TO THE PROCESSING OF SPECIAL NATURE PERSONAL DATA

2.1. General Principles to be Followed During the Processing of Special Personal Data

2.2. Conditions for Processing Special Personal Data

3. ISSUES RELATED TO THE TRANSFER OF SPECIAL NATURE PERSONAL DATA

4. INFORMATION OF RELEVANT PERSONS DURING THE OBTAINING OF SPECIAL NATURE PERSONAL DATA

5. STORAGE AND DESTRUCTION OF SPECIAL NATURE PERSONAL DATA

6. ENSURING THE SECURITY AND CONFIDENTIALITY OF SPECIAL NATURE PERSONAL DATA

6.1. Administrative Measures Taken by Our Company to Ensure Lawful Processing of Special Personal Data and to Prevent Unlawful Access to Special Personal Data

6.2. Technical Measures Taken by Our Company to Ensure Lawful Processing of Special Personal Data and to Prevent Unlawful Access to Special Personal Data

6.3. Measures Taken by Our Company to Ensure the Lawful Transfer of Special Personal Data

6.4. Measures to be Taken in Case of Unlawful Disclosure of Special Personal Data

7. APPENDIX 1 – Definitions