INFORMATION ABOUT THE PROCESSING AND PROTECTION OF PERSONAL DATA HASSEL ENDÜSTRİ ÜRÜNLERİ SAN. TİC. LTD. ŞTİ (“Company”) places utmost importance on the lawful processing and protection of personal data in accordance with Law No. 6698 on the Protection of Personal Data (“Law”). We operate with this principle in mind across all our planning and activities. The primary aim of this notice is to provide explanations about systems for the lawful processing and protection of personal data in line with the purpose of the Law and the law itself. This notice specifically informs individuals whose personal data are processed by our Company, including but not limited to Company Stakeholders, Company Officials, Business Partners, Employees, Employee Candidates, Visitors, Company Customers, Potential Customers, and Third Parties. Through this notice, we aim to ensure full compliance with legislation in our personal data processing and protection activities and to safeguard all rights derived from the legislation for personal data owners. Scope of the Notice and Personal Data Owners This notice applies to individuals whose personal data are processed by our Company, whether automatically or non-automatically as part of a data recording system. It primarily covers Company Stakeholders, Company Officials, Business Partners, Employees, Employee Candidates, Visitors, Company Customers, Potential Customers, and Third Parties. Our Company publishes this notice on its website to inform the aforementioned Personal Data Owners about the Law. General Principles in Processing Personal Data Personal data processed by the Company comply with the procedures and principles set forth in the Law and this Policy. When processing personal data, the Company adheres to the following principles: Lawfulness and Fairness: Personal data is processed in compliance with the relevant legal rules and principles of fairness. Accuracy and Up-to-Dateness: Data is kept accurate and up to date. The sources of data, its verification, and the necessity for updates are carefully considered. Purpose Limitation: Personal data is processed for specific, explicit, and legitimate purposes. The purpose must align with the services provided by the Company. Data Minimization: Data processing is limited to what is necessary for the specified purposes. Data unrelated to or unnecessary for the purpose is not processed. Storage Limitation: Data is stored for the period required for its processing purpose, or as stipulated by relevant legislation. Once the purpose is achieved or the legal retention period expires, the data is deleted, destroyed, or anonymized. Conditions for Processing Personal Data The Company processes personal data only with the explicit consent of the data owner. However, personal data may be processed without explicit consent under the following conditions: Legal Requirement: Data processing is permitted when explicitly required by law. Vital Interest: Data may be processed without consent to protect the life or physical integrity of the data owner or another person in cases where the owner cannot give consent due to physical or legal incapacity. Contract Fulfillment: Data necessary for the establishment or performance of a contract may be processed. Legal Obligation: Data processing is permissible to fulfill legal obligations of the Company. Public Availability: Publicly disclosed personal data may be processed. Legal Claims: Data may be processed when necessary to establish, exercise, or protect a legal right. Legitimate Interest: Data may be processed for the legitimate interests of the Company, provided it does not infringe upon the fundamental rights and freedoms of the data owner. Purposes of Processing and Transferring Personal Data Personal data is processed in line with the Law and for the following purposes: Planning and implementing human resources policies. Managing business partnerships and strategies effectively. Ensuring legal, commercial, and physical security for the Company and its partners. Maintaining corporate operations and communication. Enhancing services provided to data owners and tailoring them to individual needs. Ensuring data security and creating databases. Improving the services offered on the website and fixing errors. Handling requests and complaints. Managing relations with business partners or suppliers. Conducting recruitment processes. Ensuring compliance with relevant regulations during recruitment processes. Planning and executing audit activities. Managing financial reporting and risk analysis. Following up on legal procedures and corporate governance. In cases where these activities do not meet the conditions outlined in the Law, the Company obtains explicit consent from the data owner. Recipients of Transferred Personal Data Personal data may be shared with public authorities, business partners, banks, or third parties providing technical, logistical, or similar services on behalf of the Company, as required for delivering the service accurately and efficiently. Data may also be shared to fulfill legal obligations or under a lawful judicial or administrative order. Anonymous data, which cannot identify the data owner, ensures confidentiality and is securely managed. Collection Methods and Legal Basis of Personal Data Personal data is collected verbally, in writing, or electronically through various means such as call centers, the Company website, or mobile applications. It is processed to fulfill obligations arising from legislation, contracts, requests, or demands within the purposes outlined in the Policy. Safeguards for Personal Data Protection In accordance with Article 12 of the Law, the Company takes necessary technical and administrative measures to prevent unlawful access to personal data and ensure its security. These measures include: Training employees on the lawful processing and protection of personal data. Conducting regular audits and ensuring compliance.