Confidentiality Policy

General Data Protection Regulation

This privacy policy is in the capacity of data controller within the scope of the Communiqué on the Procedures and Principles to be Complied with in Fulfilling the Obligation of Disclosure with Article 10 of the Law on the Protection of Personal Data No. 6698 (the “Law”). Vimesoft Inc. Prepared by.

Vimesoft A.Ş. ensures safe keeping of personal data in order to fulfill the obligations regarding data security in Article 12 of the Law on Protection of Personal Data No. 6698 (the “Law”). and takes the necessary technical and administrative measures by using its technological and infrastructural facilities to ensure that it is processed in accordance with the law.

Personal data, Vimesoft A.Ş. is processed in accordance with the Law and regulations. Real persons whose personal data are processed within the scope of the law, Vimesoft A.Ş. can obtain information about the personal data that can be processed by the Company in the capacity of data controller and the purposes of processing, the recipient groups to which it can be transferred, the method of collection and legal reason and their rights regarding the personal data in question.

Vimesoft A.S. Personal data processed in products and services offered by Vimesoft A.Ş. may differ from person to person. All categories of personal data that can be processed by us in general are listed below:

Identity Data: In this data category, the name and surname data of the person are processed.

Contact Data: In this data category, the data of the person's mobile phone number, e-mail address, address, City-Province, Postal Code, Tax office and number are processed.

Personnel Data: In this data category, the information of the institution/organization that the person works with is processed.

Transaction Security Data: In this data category, the user's identity information, password and verification code information are processed.

Visual and Audio Recordings: In this data category, the person's photograph, camera image; and audio data are processed.

Finance Data: In this data category, the name and surname of the person on the credit card, the credit card number, the expiry date of the credit card and the security code of the credit card are processed.

Vimesoft A.S. In the products and services offered by our company, your personal data below are processed for the following purposes:

Contact Data: In this data category, in order to carry out the mobile phone number service purchase process of the person and to enforce the access authorizations, E- Address, province-province information, zip code, tax office and tax number data for the purpose of carrying out postal address service purchasing processes, executing access authorizations and providing services on the other hand, it is processed for the purpose of carrying out financial and accounting affairs, and the execution of service sales processes.

Operational Data: In this data category, the information of the institution/organization that the person works for, the impact of the service purchasing processes and the product. / are processed for the purpose of carrying out the marketing processes of the services.

Transaction Security Data: In this data category, password information is used in service purchasing processes in order to enforce the user's identity information and verification code information access authorizations. It is processed for the purpose of executing and executing access authorizations.

Visual and Audio Recordings: In this data category, the person's photograph, camera image; and voice data are processed for the purpose of providing services.

Finance Data: In this data category, the name and surname of the person on the credit card, credit card number, expiry date of the credit card and the security code of the credit card are the data of the service sales processes. walking, finaIt is processed for the purpose of conducting ns and accounting works.

The personal data collected shall be transferred to legally authorized public institutions and organizations, in accordance with the basic principles set forth by the Law and for the personal data transfer conditions specified in Articles 8 and 9 of the Law, and for the purposes listed below. institutions, domestic and foreign real persons or private law legal entities, Vimesoft A.Ş. It can be transferred to suppliers and service providers that will establish a business contract with.

Identity Data: In this data category, the name and surname data of the person can be transferred to the suppliers providing the infrastructure on which the membership process will be operated, to other users during the realization of the service.

Contact Data: In this data category, the person's mobile phone number and e-mail address, membership registration process, and suppliers providing the infrastructure where the system is kept for the purpose of logging into the application, membership It can be transferred to the SMS service provider company in making the initiation notification, and to the E-Mail service provider, whose infrastructure will be used to forward the invoice containing the address, province-province information, postal code, tax office and tax number information to the relevant person.

Permanent Data: In this data category, the institution/organization information the person works with, the membership process and the suppliers providing the infrastructure where the system is kept for the application login processes. can be transferred.

Transaction Security Data: In this data category, the user's user credential and verification code information must be submitted to the SMS service provider company, the user password to the application login process, in order to use the SMS service for the user to start a membership. It can be transferred to the suppliers that provide the infrastructure where the system is kept for the purpose of making the system.

Visual and Audio Recordings: In this data category, the person's photo, the camera image, the suppliers providing the infrastructure that the system is kept in order to customize the profile. and voice data can be transferred to other participants during the implementation of the service.

Finance Data: In this data category, the name and surname of the person on the credit card, credit card number, expiry date of the credit card and the security code of the credit card are included in the membership process. öcan be transferred to use the deme service.

Electronic media such as personal data application membership page, offer request form, deposit information page, profile page, conference creation and invitation page, conference screen, fully automatic, partially automatic or non-automatic methods via voice communication may be collected, processed and transferred for the purposes set out in this policy. Pursuant to Article 5 of the Law, Vimesoft A.Ş. may process the personal data it has collected in accordance with the law, without seeking express consent, in the following cases:

It is clear in the laws; cases,

In order to protect the life or bodily integrity of the Personal Data Owner or someone else, in cases where the Personal Data Owner is unable to express his consent due to actual impossibility or in cases where the consent is not legally valid; it is mandatory to process personal data,

Vimesoft A.S. Provided that it is directly related to the establishment or performance of a contract concluded between the Personal Data Owner and the Personal Data Owner, it is necessary to process the personal data of the parties to the contract,

A legal obligation of Vimesoft A.Ş.; it must be mandatory in order to fulfill it,

Personal data has been made public by the Personal Data Owner,

Data processing is mandatory for the establishment, exercise or protection of a right,

Without harming fundamental rights and freedoms, data processing is mandatory for the legitimate interests of Vimesoft A.Ş.

In addition, in accordance with Article 6 of the Law, Vimesoft A.Ş. may process personal data of special nature that it has received in accordance with the law, without seeking express consent, in the following cases:

People's race, ethnicity, political thought, philosophical belief, religion, sect or other beliefs, dress, association, foundation or union membership, health, sexual life, punishment Data on convictions and security measures, as well as biometric and genetic data are personal data of special nature.

Special quality personal data other than the health and sexual life of the personal data owner, if it is specified in the law,

Private personal data related to the health and sexual life of the personal data owner can only be used for the protection of public health, the execution of preventive medicine, medical diagnosis, treatment and care services, the planning and management of health services and financing. for the purpose of keeping secrets; by persons or authorized institutions and organizations under it.

Within the framework of Article 11 of the Law, the Personal Data Owner always applies to the data controller and relates to himself/herself;

Learning whether your personal data is processed or not,

If personal data has been processed, requesting information about this,

Learning the purpose of processing personal data and whether they are used in accordance with its purpose,

Third, where personal data is transferred at home or abroad; know people,

Requesting correction of personal data if it is incomplete or incorrectly processed,

Requesting the deletion or destruction of personal data, in case the reasons requiring the processing of personal data disappear, to be evaluated within the principles of purpose, duration and legitimacy, Requesting the deletion or destruction of personal data,

Demanding the deletion, destruction or anonymization of personal data in the event that the reasons for processing disappear, although it has been processed in accordance with the Law on the Protection of Personal Data No. 6698 and other relevant legal provisions

The procedures regarding the correction, deletion or destruction of personal data are transferred to the third; requesting people to be notified,

Objecting to the emergence of a result against the person by analyzing the processed data exclusively through automated systems,

Has the right to demand the compensation of the damage in case of loss due to unlawful processing of personal data.

According to Article 11 of the Law, the Personal Data Owner must fill in the application form completely and submit it to Vimesoft A.Ş.

Vimesoft A.Ş., according to the nature of the request, as soon as possible and the latest; will conclude it free of charge within thirty (30) days. However, if the transaction requires an additional cost, Vimesoft A.Ş.'s right to charge the tariff determined by the Personal Data Protection Board is reserved.

Personal data processed for the purposes specified in this privacy policy in accordance with the Law, is for the purpose that requires processing in accordance with Article 7 of the Law; disappears and/or in accordance with the legislation, Vimesoft A.Ş. Vimesoft A.Ş. It will be deleted, destroyed or anonymized by us.

Confidentiality Policy

This confidentiality policy is hereby drawn up by Vimesoft A.Ş. acting as the data controller pursuant to the Communiqué on Terms and Procedures for Compliance with Privacy Notice Obligation as well as pursuant to the Personal Data Protection Law no. 6698 (the “Law”). Vimesoft A.Ş. makes technological and infrastructural facilities and accordingly adopts necessary technical and administrative measures to ensure that personal data are securely stored and lawfully processed in order to fulfil those obligations regarding data security as required under Article 12 of the Personal Data Protection Law no. 6698 (the “Law”). Personal data are processed by Vimesoft A.Ş. in line with the Law and applicable legislation. Individuals whose data are processed under the Law may inquire and be informed about their personal data to be processed by Vimesoft A.Ş. in its capacity as data controller, and the purposes of such processing, recipient groups to whom these data may be transferred, methods and legal grounds for collecting such data, as well as their rights regarding these personal data.

PERSONAL DATA THAT ARE OR MAY BE PROCESSED

While personal data processed in products and services offered by Vimesoft A.Ş. may vary from one individual to another, all categories of personal data that can be processed by Vimesoft A.Ş. in general are given below: Identity Data: An individual’s name and surname are processed in this data category. Contact Data: This data category includes the individual’s mobile-phone number, email address, address, province/district name, postal code, tax office and tax ID number. Personnel Data: This personal data are processed by the individual’s employer. Process Security Data: The individual’s user ID data, passwords and verification codes are processed in this category. Audio-Visual Records: The individual’s photos, camera images and voice data are processed in this category. Financial Data: The individual’s name and surname that appear on his

credit cards, his credit card number, the expiry date of the card, as well as its security code are processed in this data category.

PURPOSE OF PROCESSING PERSONAL DATA

Your personal data listed below are processed for the following purposes in connection with products and services offered by Vimesoft A.Ş. Identity Data: In this category, a data subject’s name and surname are processed to proceed with service purchase and sales procedures, as well as to provide services. Contact Data: In this category, a data subject’s mobile-phone number is processed to proceed with service purchase and sales procedures and to execute access authorizations, while his email address is processed to execute purchasing procedures and access authorization and to provide services, whereas his address, province-district data, postal code, tax office and tax ID number are processed with the purpose of carrying out financial and accounting procedures and to execute service sales. Personnel Data: In this data category, the data of the data subject’s employer are processed to execute service purchase and sales procedures, and to proceed with marketing operations of products/services. Process Security Data: In this data category, the data subject’s employer details are processed to execute service purchases and to proceed with the marketing of products/services. Audio-visual Records: In this data category, the data subject’s photos, camera images and voice data are processed to provide services. Financial Data: In this data category, the data subject’s name and surname that appears on his credit cards, his credit card number, the expiry date of the card, as well as its security code are processed to proceed with service sales, and to execute financial and accounting procedures.

PERSONAL DATA TRANSFER

Personal data collected by Vimesoft A.Ş. may be transferred to its business partners, i.e. contractual suppliers and services providers, or individuals and private legal persons in Turkey or abroad, or statutorily authorized public agencies and bodies for the purposes listed below, and are subject to personal data transfer terms and conditions set out in Articles 8 and 9 of the Law, and are in line with the fundamental principles therein.

Identity Data: In this data category, the data subject’s name and surname are transferred to vendors that provide the infrastructure for running the membership process and other users within the context of service provision. Contact Data: In this data category, the data subject’s mobile phone number and email address may be transferred to vendors of the infrastructure where the system is maintained for completing the registration process and log-in procedures, to SMS service providers for sending membership activation notices to members, and to email service providers whose infrastructure is used for sending invoices to the data subject that contain the data subject’s address, province-district data, postal code, tax office and tax ID number, which is issued following charging. Personnel Data: In this data category, the data subject’s employer data may be transferred to vendors that maintain the infrastructure by which the system is maintained in order to complete the membership process and application log-ins. Process Security Data: In this data category, the data subject’s user ID data and verification code are transferred to the SMS service provider for the use of the SMS service to activate the user’s membership, and to vendors that provide the infrastructure on which the system is hosted to log in the application with a user password. Audio-Visual Records: In this data category, the data subject’s photo may be transferred to vendors that provide the infrastructure on which the system is run for profile customization, and his camera images and voice data may be transferred to other participants within the context of provision of the system. Financial Data: In this data category, the data subject’s name and surname that appear on his credit cards, his credit card number, the expiry date of the card, as well as its security code may be transferred for the use of payment services within the context of the membership process.

METHOD AND LEGAL GROUNDS FOR COLLECTING PERSONAL DATA

Personal data may be collected by means of fully-automated, partly-automated and non-automated methods through the application

membership page, requests for proposal forms, the payment details page, profile page, conferencing and call page, conference screen and similar electronic media, as well as voice communication methods, and may be processed and transferred for purposes defined in this Policy. Pursuant to Article 5 of the Law, Vimesoft A.Ş. may process personal data that it collects in line with the law without seeking explicit consent:

· If expressly required under the applicable law;

· If the processing of personal data is mandatory to protect the life or physical wellbeing of a person or someone else in case such person is not in a position to express his consent due to actual impossibility, or his consent is legally invalid;

· Provided that it is directly related to the execution or performance of a contract between Vimesoft A.Ş. and the Data Subject, and if it is necessary to process the personal data of the contract parties;

· If processing is necessary for Vimesoft A.Ş.to fulfil its statutory obligations;

· Where personal data are made public by the data subject;

· If processing is necessary to establish, exercise or protect a right;

· Provided that it does not prejudice fundamental rights and freedoms, if it is necessary for Vimesoft A.Ş. to process data for its legitimate purposes.

Moreover, pursuant to Article 6 of the Law, Vimesoft A.Ş. may process special category of personal data collected by it in line with the law without the need to seek explicit consent:

· Special category of personal data are such data about an individual’s race, ethnic origins, political thoughts, philosophical belief, religion, sect or faith, clothing and attire, membership in associations or unions, health, sexual life, criminal convictions and security data, as well as biometric and genetic data.

· If required under the applicable law, special category of personal data of the data subject other than data about his health or sexual life may be processed.

· Special category of personal data pertaining to his health or sexual life may be processed by persons subject to confidentiality obligations or by competent public bodies and authorities for the sole purposes of public health protection, preventive medicine, medical diagnosis, supply of treatment and care services, and planning and management of healthcare services and the financing thereof.

RIGHTS OF THE DATA SUBJECT

Pursuant to Article 11 of the Law, the data subject may at all times apply for the controlled data in order to exercise his rights listed below:

· the right to be informed about whether his personal data are processed;

· if his personal data are processed, to request information about this;

· the right to be informed about the purposes of processing his personal data, and whether such data are being used in line with those purposes;

· to know about the third parties to whom his personal data are transferred in Turkey and/or abroad;

· if personal data are processed incompletely or misprocessed, then the right to request rectification;

· to request that his personal data be erased or destroyed if the reasons for processing his personal data are no longer applicable in terms of purpose, timeframe or legitimacy;

· to request that his personal data be erased or destroyed if the reasons for processing his personal data are no longer extant, even if they have been processed in line with the Personal Data Protection Law no. 6698 and other applicable law;

· to request that operations carried out for the rectification, erasure or destruction of personal data must be conveyed to third parties to whom his personal data are transferred;

· to object to any results unfavorable to him that may arise from the analysis of his processed data by means of fully-automated systems;

· to request indemnification against any losses that may arise due to the unlawful processing of his personal data.

HOW TO EXERCISE RIGHTS OF THE DATA SUBJECT

Pursuant to Article 11 of the Law, the Data Subject shall fully complete and deliver the application form to Vimesoft A.Ş. via the channels described in the form in order to exercise his rights listed above. Vimesoft A.Ş. will finalize the request free of charge as soon as possible, and at the latest within thirty (30) days, depending on its nature. However, if this requires any additional cost, Vimesoft A.Ş. reserves its right to charge the

fee laid out in the tariff published by the Personal Data Protection Committee.

TIME PERIODS FOR PROCESSING PERSONAL DATA

Personal data processed for the purposes defined in this confidentiality policy and in line with the Law shall be erased, destroyed, or remain in use following their anonymization by Vimesoft A.Ş. when the purposes for processing them under Article 7 of the Law are no longer applicable or when the time periods during which Vimesoft A.Ş. is obliged to process them under the applicable law expire.

General Data Protection Regulation

Confidentiality Policy

Products

Solutions

Sectors

Corporate

General Data Protection Regulation

Confidentiality Policy

Stay Connected

Products

Solutions

Sectors

Corporate