PERSONAL DATA PROTECTION LAW CLARIFICATION TEXT

This clarification text outlines the terms and conditions regarding how the information obtained about you and the services you request during your visit to this website and your use of the services we offer through this site will be processed and protected. By visiting this website and requesting to benefit from the services provided through it, you agree to the terms specified in this “Clarification Text on the Law on the Protection and Processing of Personal Data.”

INFORMATION ON THE PROTECTION AND PROCESSING OF PERSONAL DATA

The purpose of the Personal Data Protection Law No. 6698 (KVKK) is to protect the fundamental rights and freedoms of individuals, particularly the right to privacy, in the processing of personal data, and to regulate the obligations, procedures, and principles that must be followed by real and legal persons processing such data. This text has been prepared to fulfill the obligation to inform as stipulated by the law, and is presented for the information of visitors as the “Personal Data Protection and Data Sharing Consent.”

Edes Endüstriyel Damla Etiket San. ve Tic. A.Ş. (hereinafter referred to as EDES) may process your personal data as the Data Controller within the framework described below, in accordance with the Personal Data Protection Law No. 6698 and relevant legislation.

COLLECTION, PROCESSING, AND PURPOSE OF PERSONAL DATA

Your personal data may vary depending on the products and services offered by EDES or the nature of the commercial activity, and may be processed by our company to ensure the effective delivery of products and services.

Collection of Personal Data

Personal data that you share with our company may be collected through automatic or non-automatic methods, including our offices, branches, call center, website, social media channels, mobile applications, and other similar means, either verbally, in writing, or electronically.

Additionally, video recordings of visitors may be obtained via the camera monitoring systems located at the entrances and inside the company’s facilities. This activity is carried out in compliance with the Law on Private Security Services and related regulations, aiming to enhance service quality, ensure security, and protect the rights and interests of the company, its customers, and other individuals.

Digital records obtained through this monitoring are accessible only by a limited number of authorized company employees. All necessary technical and administrative measures are implemented to ensure the security of personal data collected through this process.

PURPOSES OF PROCESSING PERSONAL DATA

Your personal data may be processed for the following purposes:

1. To provide products and services to you and/or your affiliated institution effectively,

2. To determine and implement the company’s commercial and business strategies, including marketing, business development, and planning activities,

3. To carry out administrative operations related to communication,

4. To ensure the physical security and supervision of company premises,

5. To manage relationships with business partners, customers, and suppliers,

6. To fulfill contractual obligations and financial settlements for products and services offered together with business partners, suppliers, or other third parties,

7. To execute the company’s human resources policies,

8. To handle legal proceedings and compliance,

9. To manage customer service operations, such as call center interactions and website usage,

10. To facilitate participation in training, seminars, or events organized by the company.

Your personal data will be stored in electronic and/or physical formats, with necessary security processes and technical infrastructure designed to prevent unauthorized access, manipulation, loss, or damage. Personal data will not be used beyond the scope of the stated purposes and will be securely deleted, destroyed, or anonymized upon the expiration of the storage period or when the processing purpose no longer exists.

TRANSFER OF PERSONAL DATA

In accordance with Articles 8 and 9 of the Law, and subject to additional regulations specified by the Personal Data Protection Authority, your personal data may be transferred domestically or internationally under the following conditions:

• Domestic transfer: When at least one of the data processing conditions specified in Articles 5 and 6 of the Law exists, and provided that the basic principles regarding data processing are respected.

• International transfer: When there is sufficient protection in the destination country or upon obtaining written assurance of sufficient protection from the relevant data controller abroad, subject to the approval of the Personal Data Protection Board.

---

DESTRUCTION OF PERSONAL DATA

When the legal grounds for processing personal data no longer exist, either by decision of the company or at the request of the data subject, personal data may be deleted, destroyed, or anonymized using the following methods:

• Physical Destruction: Complete destruction of manually processed data in a way that it cannot be recovered.

• Secure Deletion from Software: Irrecoverable deletion from digital storage using secure deletion methods.

• Secure Deletion by an Expert: Deletion by a professional third-party service provider when required.

Anonymization Techniques:

• Masking: Removing key identifiers from data sets.

• Aggregation: Combining multiple data sets to prevent individual identification.

• Data Derivation: Generalizing data content to make identification impossible.

• Data Shuffling: Mixing values within a data set to sever ties between data and individuals.

PROCESSING PERSONAL DATA WITHOUT EXPLICIT CONSENT

According to Article 5 of the Law, your personal data may be processed without your explicit consent under the following circumstances:

1. When explicitly permitted by law,

2. When necessary to protect the life or physical integrity of the data subject or another person in cases where consent cannot be obtained,

3. When processing is necessary for the performance of a contract,

4. When required for the data controller’s legal obligations,

5. When data has been made public by the data subject,

6. When necessary for the establishment, exercise, or defense of legal claims,

7. When processing is required for the legitimate interests of the data controller, provided that it does not violate the fundamental rights and freedoms of the data subject.

YOUR RIGHTS REGARDING PERSONAL DATA

As the data subject, in accordance with Article 11 of the Law, you have the right to:

• Learn whether your personal data has been processed,

• Request information about such processing,

• Understand the purpose of processing and whether it has been used accordingly,

• Learn about third parties to whom data has been transferred domestically or abroad,

• Request correction of incomplete or inaccurate data,

• Request the deletion or destruction of your personal data,

• Request notification of such corrections or deletions to third parties to whom data has been transferred,

• Object to any unfavorable outcomes resulting from the automatic processing of your personal data,

• Request compensation for any damages arising from the unlawful processing of your data.

You may exercise these rights by completing the “Personal Data Protection Law (KVKK) Application Form” available on our website and submitting it via hand delivery, postal mail, notary, or by sending a digitally signed email to kvkk@edes.com.tr.

Depending on the nature of your request, a response will be provided within the shortest possible time and no later than 30 days, free of charge. However, if the process incurs a cost, the fee determined by the Personal Data Protection Authority may be requested.For the full documents:

• Personal Data Subject Application Form

• Personal Data Retention and Destruction Policy

• Personal Data Protection and Processing Policy