1. Scope and Modification

This Policy has been prepared for Company Shareholders, Company Business Partners, Company Officials, Employee Candidates, Visitors, Company Customers, Potential Customers and Third Parties, if they are real persons, and will be applied within the scope of these specified persons. The Company informs these Personal Data Owners about the Law by publishing this Policy on its website. This Policy prepared by our Company has been prepared in accordance with the Law No. 6698 on the Protection of Personal Data ("PPD").
‍
This Policy shall apply to the above-mentioned data subjects if our Company processes the Personal Data of these data subjects by fully or partially automated or non-automated means, if it is part of any data recording system. This Policy shall not apply if the data is not included in the scope of "Personal Data" within the scope specified below or if the Personal Data processing activity carried out by our Company is not by the means specified above.
‍
The data obtained from you with your consent or in accordance with other legal compliance cases listed in the Law will be used to increase the quality of the services we offer and to improve our quality policy. Again, some of the data we have are de-personalized and anonymized. These data are data used for statistical purposes and are not subject to the application of the Law and our Policy.
Our Company has the right to change our Policy and Directive on Personal Data if it complies with the Law and personal data is better protected.

2. Basic Rules Regarding the Processing of Personal Data

YENERER KAYNAK SAN VE TİC. A.Ş. processes personal data in accordance with the procedures and principles stipulated in the PPD and other relevant laws. In this context, the following principles in the PPD are complied with while processing personal data.

• a)     Compliance with the law and honesty rules: YENERER KAYNAK SAN VE TİC. A.Ş. questions the source of the data it collects or received from other companies and attaches importance to obtaining them in accordance with the law and honesty rules.
• b)     Being accurate and up to date when necessary: YENERER KAYNAK SAN VE TİC. A.Ş. attaches importance to the fact that all data within the organization are accurate, do not contain false information and finally, if there is a change in personal data, to update them as soon as they are communicated to it.
• c)     Processing for specific, explicit, and legitimate purposes: YENERER KAYNAK SAN VE TİC. A.Ş. processes data limited to the purposes it offers and obtains the consent of the persons during the service. It does not process, use, or have data used for purposes other than business purposes.
• d)     Being connected, limited, and measured for the purpose for which they are processed: YENERER KAYNAK SAN VE TİC. A.Ş. only uses the data limited to the purpose for which they are processed and to the extent required by the service.
• e)     Being retained for the period stipulated in the relevant legislation or required for the purpose for which they are processed: YENERER KAYNAK SAN VE TİC. A.Ş. retains the data arising from the contracts for the dispute periods of the Law and the requirements of commercial and tax law. However, it deletes or anonymizes the data when these purposes disappear. It deletes or destroys them according to the Personal Data Deletion Directive.

3. Maximum Savings Principle/Principle of Stinginess

According to this principle, which is called the principle of maximum savings or the principle of stinginess, the data reaching YENERER KAYNAK SAN VE TİC. A.Ş. is processed into the system only as much as necessary. Therefore, which data we collect is determined according to the purpose. Unnecessary data is not collected. Other data transferred to our company are transferred to the company information systems in the same way. Excess information is not saved in the system, deleted, or anonymized. This data may be used for statistical purposes.

4. Deletion of Personal Data

YENERER KAYNAK SAN VE TİC. A.Ş. keeps the personal data it collects for the periods stipulated by the relevant laws and/or for the periods required by the purpose of processing in accordance with Articles 7, 17 of the PPD Law and Article 138 of the Turkish Penal Code. If these periods expire, it will delete, erase, or anonymize the personal data in accordance with the provisions of the Regulation on the Deletion, Destruction or Anonymization of Personal Data.
YENERER KAYNAK SAN VE TİC. A.Ş. explains in detail the methods of deletion, destruction and anonymization and the technical and administrative measures taken within the scope of the Policy on Storage and Destruction of Personal Data prepared in accordance with the Regulation on Deletion, Destruction or Anonymization of Personal Data.

5. Accuracy and Data Up to date

As a rule, the data within YENERER KAYNAK SAN VE TİC. A.Ş. are processed as declared by the relevant persons upon their declaration. YENERER KAYNAKSAN VE TİC. A.Ş. is not obliged to investigate the accuracy of the data declared by customers or persons in contact with YENERER KAYNAKSAN VE TİC. A.Ş., nor is this done legally and due to our working principles. The declared data is considered correct. The principle of accuracy and timeliness of personal data has also been adopted by YENERER KAYNAK SAN VE TİC. A.Ş. Our company updates the personal data it has processed upon the request of the relevant person, or the official documents received by our company. It takes the necessary measures for this.

6. Confidentiality and Data Security

Personal data is confidential and YENERER KAYNAK SAN VE TİC. A.Ş. respects this confidentiality. Personal data can only be accessed by authorized persons within the company. All necessary technical and administrative measures are taken to protect the personal data collected by YENERER KAYNAK SAN VE TİC. A.Ş. and to prevent unauthorized access and to prevent the data owner from being victimized. Within this framework, it is ensured that the software complies with the standards, third parties are carefully selected, and the Privacy Policy is complied with within the company. Data protection is also requested from the companies with which we share personal data in accordance with the law.

7. Data Processing Purposes

YENERER KAYNAK SAN VE TİC. A.Ş. Processing of Personal Data will be carried out in line with the purposes specified in the Clarification Text.

8. Customer, Prospective Customer and Business and Solution Partners Data

9. Data Processing for Advertising Purposes

Personal data is processed for advertising or market and public opinion research only if the purpose of collecting this information is appropriate for such purposes. Data subjects are informed that their data will be used for advertising purposes. Data subjects may refrain from providing their data that will be used for advertising purposes or consent to their processing. For data processed for advertising purposes, the explicit consent of the data owner must be obtained, even if the data owner is an employee of YENERER KAYNAK SAN VE TİC. A.Ş. The data controller will be able to obtain the explicit consent of the data subject in this respect by electronic confirmation, mail, e-mail, SMS, or telephone. The use of personal data for advertising purposes without the explicit consent of the data subject is prevented.

10. Data Transactions Performed Due to the Company's Legal Obligation or Explicitly Stipulated in the Law

Personal data may be processed without further consent if the processing is explicitly stated in the relevant legislation or to fulfill a legal obligation determined by the legislation. The type and scope of data processing must be necessary for the legally permitted data processing activity and must comply with the relevant legal provisions.

11. Data Processing by the Company

Personal data may be processed in line with the services provided by the Company and its legitimate purposes. However, the data may not be used for unlawful services in any way.

12. Processing of Special Categories of Data

YENERER KAYNAK SAN VE TİC. A.Ş. takes all adequate measures determined separately by the Board in the processing of special categories of personal data. In our company, special categories of personal data are processed in accordance with the "Policy on Protection and Processing of Special Categories of Personal Data".

13. Data Processed by Automated Systems

YENERER KAYNAK SAN VE TİC. A.Ş. acts in accordance with the Law regarding the data processed through automated systems. The information obtained from this data cannot be used against the person without the explicit consent of the person. However, YENERER KAYNAK SAN VE TİC. A.Ş. can make decisions about the people it will process by using the data in its own system.

14. User Information and Internet

If personal data is collected, processed, and used in the websites and other systems or applications belonging to YENERER KAYNAKSAN VE TİC. A.Ş., the relevant persons are informed about the privacy statement and, if necessary, about cookies. Persons are informed about our applications on the internet pages. Personal data will be processed in accordance with the law.

15. Data of Our Employees

16. Transfer of Personal Data to Domestic and Foreign Countries

Personal data may be shared by YENERER KAYNAK SAN VE TİC. A.Ş. with shareholders, group companies and business and solution partners to provide services.
YENERER KAYNAK SAN VE TİC. A.Ş. may transfer personal data to the suppliers of YENERER KAYNAK SAN VE TİC. A.Ş. for the limited purpose of providing our Company with the services that our Company outsources from the supplier and that are necessary to fulfill our Company's commercial activities.
YENERER KAYNAK SAN VE TİC. A.Ş. is authorized to transfer personal data domestically and abroad within the conditions determined by the Board, in accordance with other conditions in the Law and subject to the consent of the person.

17. Rights of the Personal Data Owner listed in Article 11 of the PPD

The rights of the Data Owner in accordance with Article 11 of the PPD Law on personal data processed by YENERER KAYNAK SAN VE TİC. A.Ş. are listed below: To facilitate these rights, an application form has also been prepared by YENERER KAYNAK SAN VE TİC. A.Ş. and presented to you on your website.
Persons whose personal data are processed can apply to our contact person announced by YENERER KAYNAK SAN VE TİC. A.Ş. on our website regarding their data.

• a)     Learn whether personal data is being processed,
• b)     Request information if personal data has been processed,
• c)     To learn the purpose of processing personal data and whether they are used in accordance with their purpose,
  
• d)     To know the third parties to whom personal data are transferred domestically or abroad,
• e)     To request correction of personal data in case of incomplete or incorrect processing and to request notification of the transaction made within this scope to third parties to whom personal data is transferred,
• f)     Within the framework of the conditions stipulated in Article 7 of the PPD Law, although it has been processed in accordance with the provisions of the PPD Law and other relevant laws, to request the deletion or destruction of personal data if the reasons requiring its processing disappear and to request notification of the transaction made within this scope to third parties to whom personal data is transferred,
• g)    To object to the emergence of a result to the detriment of the person himself/herself by analyzing the processed data exclusively through automated systems,
• h)     In the event that personal data is damaged due to unlawful processing of personal data, they have the right to demand the compensation of the damage.
  

However, individuals do not have any rights regarding anonymized data within the Company. YENERER KAYNAK SAN VE TİC. A.Ş. may share personal data with the relevant institutions and organizations in accordance with the business and contractual relationship, for a judicial duty or state authority to exercise its legal powers.
Personal data owners may submit their requests regarding the above-mentioned rights to the Company by filling out the application form, which you can obtain from the official website of the Company, completely and signing it with a wet signature and sending it by registered letter with return receipt and photocopies of their identity cards (only the front side photocopy for the identity card). Your applications will be answered as soon as possible or within 30 days at the latest after they are received by our Company, depending on the content of your application. Your applications must be sent by registered letter with return receipt. In addition, only the part of your applications related to you will be answered, and an application made about your spouse, relative or friend will not be accepted. YENERER KAYNAK SAN VE TİC. A.Ş. may request other relevant information and documents from the applicants.

18. Privacy Policy

The data of employees and other persons in YENERER KAYNAK SAN VE TİC. A.Ş. are confidential. No one can use, copy, reproduce, reproduce, transfer, transfer to others, or use this data for any other purpose other than business purposes without compliance with the contract or law.

19. Transaction Security

All necessary technical and administrative measures are taken to protect the personal data collected by YENERER KAYNAKSAN VE TİC. A.Ş. and to prevent unauthorized access and to prevent our customers and prospective customers from being victimized. Within this framework, it is ensured that the software complies with the standards, third parties are carefully selected, and the Privacy Policy is complied with within the company. Security measures are constantly renewed and improved.

20. Audit

YENERER KAYNAK SAN VE TİC. A.Ş. carries out the necessary internal and external audits on the protection of personal data.

21. Notification of Violations

YENERER KAYNAK SAN VE TİC. A.Ş. acts with the awareness that when it is notified of any violation of personal data, it must notify the PPD Board without delay and within 72 hours at the latest from the date of learning of this situation. Minimizes the damage to the data subject and compensates the damage. Immediately notifies the Personal Data Protection Board when personal data is seized by unauthorized persons from outside.
With the notification of violations, you can apply according to the procedures specified on our corporate website.