PERSONAL DATA PROTECTION AGREEMENT

Confidential Information, before or after the signature date of this Agreement, for the purpose of execution of this Agreement, by each Party itself or on behalf of the relevant Party's employees, to the other Party and / or to the employees of the other Party, in writing and / or verbally. and / or disclosed in the internet and / or soft environment and / or acquired by the other Party, the employees of the other Party; Customer information, shopping information, sales information, service information, product information, payment information, account information, banking information, financial models, simulations, personnel information, working and service information, pricing information, operating methods, ideas, inventions. , know-hows, brands, logos, patents, software, source codes, intellectual and industrial property rights, design rights, trade secrets, technical processes, formulas, plans, designs, licenses and permits, drawings, models, projections, business plans ALL INFORMATION disclosed by the Parties to each other through any channel and / or obtained by one Party about the other, including market opportunities, reports or data prepared by the relevant Party or a third party on its behalf; ALL INFORMATION received; All service analysis, compilation, study, proposal and other documents prepared by both parties; All commercial agreements or agreements concluded between the parties, contracts involving confidential information exchange; and refers to all kinds of information and / or documents, but not limited to those listed.

The parties unconditionally accept that they have declared and disclosed all necessary confidential information to each other with their free will and acceptance, following the execution of this contract.

Both sides;

Each of the parties is to keep all information strictly private and confidential, not to use it for any reason, not to use or allow the use of Confidential Information directly or indirectly for itself or any third real and / or legal persons and organizations for any reason. Not to disclose, report, publish or disclose the Confidential Information to any real and / or legal person, company, agency or institution, take all necessary measures in this regard, not copy or reproduce any part of the Confidential Information or any other 3 not to transfer / give original / duplicate versions to real and / or legal persons and organizations, not to disclose confidential information to real and / or legal persons and organizations in whole or in part. notify its employees and managers and provide their employees under their commitment; and that they are directly responsible in accordance with this confidentiality agreement and warn them about this matter, to apply security measures and care applied to the Confidential Information of the Other Party, at least to its own confidential information and intellectual property information, They undertake that they will be fully and completely bound by and comply with all the matters and responsibilities specified, that the defective party will be liable for any damages that may occur and / or that may occur, unconditionally and irrevocably.

The company accepts and undertakes to show the same care it has shown in protecting its confidential information, as well as in protecting the confidential information of the Customer. The company also warns its employees and sub-employees about the confidentiality of information.

1.PERSONAL DATA PROTECTION LAW

11.1. Limit to purpose and instructions

Within the scope of the contract, the parties may be in the "data controller" or "data processor" position depending on the processes. In cases where one of the parties processes Personal Data on behalf of the other party, the related party will be considered as "data processor" within the scope of the Personal Data Protection Law ("Law"). In this case, the aforementioned party is obliged to process Personal Data exclusively in line with the instructions of the other party, and cannot perform any data processing activity outside of the instructions and / or on its behalf.

The data controller and the party that processes the data and / or transfers Personal Data to a third party, undertakes that the necessary explicit and informed consent is obtained from the relevant data owners within the scope of the Law and that the necessary information is made to the relevant data owners within the scope of Article 10 of the Law.

Personal Data can be processed by the party to whom the data is transferred, exclusively for the purpose of transferring the data to it. Any processing of Personal Data beyond the aforementioned scope is subject to the written consent of the party transferring the data.

In the event that third party services are used for the storage and processing of Personal Data and the transfer of Personal Data to the country or abroad in this direction, the relevant third parties will be concluded in order to ensure compliance with the Law and other applicable legislation in accordance with the approval of the transferring party.

Personal Data transferred within the contract period will be d or destroyed in accordance with the relevant legislation upon the termination of the service relationship between the parties, unless a separate legal / contractual relationship is established with the relevant data owner. In the event that each of the parties has a legal obligation to store Personal Data, the party obliged to store Personal Data may keep the Personal Data for a limited time and purpose under the relevant legislation.

1.2. Data security

The parties are obliged to take the measures stipulated in the legislation to prevent unauthorized access to and processing of Personal Data by both their own personnel and third parties, and the use of Personal Data other than the purpose of transferring it to them. In this context, each party declares, accepts and undertakes that it will fully and completely fulfill all obligations stipulated by the Law, the relevant legislation and the Personal Data Protection Board, otherwise it will be liable for all damages that may occur and / or may occur.

Any dispute that may arise in this matter will try to be resolved through negotiations between the parties; If this is not possible, Kocaeli Körfez Courts and Enforcement Offices will be authorized exclusively. This supplementary contract is subject to Turkish law.

1.3. Implementation of legislative changes

In case a change is required in the processes of the parties regarding the processing of Personal Data due to any change or that may occur within the scope of the aforementioned regulations, the relevant party is obliged to complete the said change at the latest before the relevant new / d regulation enters into force.

In case the changes that may occur in the relevant legislation require the amendment of this Agreement, the parties accept, declare and undertake that they make reasonable efforts to make the said changes as soon as possible. However, even if no action has been taken within the maximum period deemed appropriate in the relevant legislation by the parties, the contract provision requiring amendment shall be implemented in accordance with the new / current legislation as of the effective date of the new / current legal regulation.