Personal Data Protection Law

Under Personal Data Protection Legislation

CUSTOMER INFORMATION TEXT

Dear Customer / Concerned,

To protect the fundamental rights and freedoms of individuals, especially the privacy of private life, in the processing of personal data, and to regulate the obligations of real and legal persons who process personal data and the rules to be complied with, the "Personal Data Protection Law No. 6698" ("PDPL") has been published on 07.04.2016 and came into force.

As SPACE DIGITAL BILISIM LIMITED SIRKETI ("Company"), in the capacity of data controller, we inform you that we will record, store, preserve the personal data of our customers obtained from our customers within the purposes stated in PDPL and detailed below, related to these purposes, in a limited and measured way, by preserving the accuracy and the most up-to-date state of personal data, and share it with institutions legally authorized to request personal data under the conditions foreseen by PDPL to third parties and companies.

1.Definitions Related to PDPL

In the application of PDPL;

Anonymization: The process of making personal data unable to identify a specific or identifiable real person in any way, even by matching with other data,

Data Subject: The real person whose personal data is processed,

Personal Data: All kinds of information related to an identified or identifiable real person,

Processing of Personal Data: Any operation which is performed on personal data, such as collection, recording, storage, preservation, modification, reorganization, disclosure, transfer, acquisition, making available, classification, or prevention of use, entirely or partly by automatic means or by non-automatic means provided that it is a part of any data recording system,

Board: The Personal Data Protection Board,

Institution: The Personal Data Protection Authority,

Data Processor: The real or legal person who processes personal data on behalf of the data controller upon its authorization,

Data Recording System: The recording system in which personal data are processed by structuring according to certain criteria,

Data Controller: The real or legal person who determines the purposes and means of processing personal data, and is responsible for the establishment and management of the data recording system,

Special Categories of Personal Data: Data related to individuals' race, ethnic origin, political opinion, philosophical belief, religion, sect, or other beliefs, appearance and dress, membership in associations, foundations or trade unions, health, sexual life, criminal conviction and security measures, and biometric and genetic data.

2. What is Personal Data? Which Personal Data are Processed?

Personal data is any information that identifies or makes you identifiable. Within this scope, primarily your identity information such as your name and surname, Turkish Republic ID number, as well as your address and phone information, your bank account information, and any information that can be associated with you are referred to as "Personal Data." Sensitive personal data regulated under Article 6 of PDPL, such as your race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, association, foundation, or trade union membership, health, sexual life, criminal convictions and security measures, as well as biometric and genetic data, are referred to as "Special Categories of Personal Data." Accordingly, the explanations to be made for Your Personal Data also cover Your Special Categories of Personal Data.

In this context, as a COMPANY, we are collecting and maintaining Personal Data of our customers in compliance with PDPL. Personal Data processed by the COMPANY can be detailed as follows:

Identity Information: The data that identify the person, such as the name and surname, Turkish Republic ID number, copy of the identity card, place and date of birth, passport, etc., collected from our customers.

Contact Information: Data such as phone number, place of residence address, e-mail address, etc., collected from our customers, that enable communication.

Visual and Audio Data: Personal data including all visual materials and voice recordings during conversations, collected from our customers and can be associated with the related data subject.

Financial Information: Data such as debt balance, amount of receivable, fee, bank account information, etc., collected from our customers and can be associated with the related data subject.

Communication and Complaint Management Data: Personal data obtained from customers in the process of receiving and evaluating all kinds of requests or complaints directed to our company.

Special Categories of Personal Data: Data such as biometric data (voice and image recordings) specified in Article 6 of PDPL, collected from our customers.

Other Data: Technical transaction security data, purchase information, cookies, domain names, and other data collected automatically by various means.

3. How and For What Legal Reasons Do We Collect/Process Your Personal Data?

The COMPANY primarily processes Personal Data of its customers based on the following legal reasons:

• Having your explicit consent,
• Being explicitly provided for by the laws of the Republic of Turkey,
• Being necessary for the performance of the contract with you or your company,
• Being necessary for compliance with a legal obligation to which the COMPANY is subject.

The COMPANY may also process the mentioned Personal Data based on one or more of the following legal reasons:

• The data subject making the data publicly available,
• Data processing being necessary for the establishment, exercise, or protection of any right,
• Processing being necessary for the legitimate interests of the COMPANY, provided that it does not harm your fundamental rights and freedoms.
• Ensuring the continuity of the services and products owned, addressing potential malfunctions and/or technical problems,
• Updating the existing data for the continuity of the service and/or product and/or the whole of service,
• Providing and/or arranging and/or updating and/or allocating the product, service, or service that is to be purchased from and/or arranged and/or updated and/or allocated for the service, product, or service,

Personal Data of customers are collected through the above-mentioned main purposes and methods and other channels that may be added in the future, automatically or non-automatically, through audio, verbal, written, or electronic means.

Personal Data are collected through the internet and various social media platforms operated on behalf of the COMPANY, our website, email, text messages ("SMS") or multimedia messages ("MMS") and other communication methods, COMPANY sales and marketing, support, satisfaction, feedback activities including call center records, help/support center applications, and similar tools and/or intermediaries by various channels verbally, in writing, or electronically, either fully or partially automated or as part of any data recording system by various methods.

4. For What Purpose Do We Process Your Personal Data?

The COMPANY primarily processes the Personal Data of its customers; in cases explicitly stipulated by laws, provided that the processing is directly related to the establishment or performance of a contract, provided that it is necessary for the COMPANY to fulfill its legal obligations, in cases where the personal data is made public by the data subject, in cases where it is necessary for the establishment, use, or protection of a right, and provided that it does not harm the fundamental rights and freedoms of the data subject, in cases where data processing is necessary for the legitimate interests of the COMPANY. In the presence of these exceptions specified in PDPL, it is not required to obtain the consent of the person for the processing of personal data.

Apart from these, the COMPANY processes the Personal Data of its customers based on their explicit consent.

Other purposes of processing Personal Data of the COMPANY’s customers are as follows:

• To arrange all records and documents that will be the basis for processing in electronic (internet/mobile/Call Center, etc.) or paper environment,

• To provide information to public officials on issues related to public safety upon request and as required by legislation,
• To offer a better shopping experience to our customers, to provide information about our products that our customers may be interested in by "taking into account the interests of our customers," to transfer campaigns,
• To inform customers about products and services whose usage period is about to end,
• To increase customer satisfaction, to recognize customers shopping from our website and/or mobile applications, to use in customer environment analysis, to use in various marketing and advertising activities, and to organize surveys through contracted organizations electronically and/or physically in this context,
• To allow our contracted organizations and solution partners to offer suggestions to our customers, to inform our customers about our services,
• In cases where suppliers and/or business partners that provide products and services offered by the COMPANY are located abroad and the service must be performed abroad for the delivery of the service, product, or service (such as domain registration, SSL issuance, server allocation, license issuance and/or renewal and/or updating, etc.), to purchase, arrange, update, and/or allocate the product, service, or service,
• To evaluate customer complaints and suggestions regarding our products and services,
• To fulfill our legal obligations and exercise our rights arising from the current legislation,
• In the event of merger, division, change of type, change of control, or restructuring of the COMPANY, to carry out these processes in a healthy manner
• To arrange all records and documents that will be the basis for the transaction in electronic or paper environment

• Recording of conversations with data subjects for the purpose of ensuring service/transaction security;
• Fulfilling the obligations (identity verification, information storage, reporting, informing) and commitments under the contracts to which our institution is a party;
• Planning and executing the service processes after the sale of products and/or services, improving, identifying and developing alternative production techniques,
• Planning and implementing processes for developing and/or increasing loyalty to the products and/or services offered by our Company
• Detecting the error received by the customer on the COMPANY’s website and improving services through experience surveys,

In addition, the personal data mentioned above can be processed within the framework of the provisions of the Turkish Obligations Law No. 6098, the Law on the Protection of the Consumer No. 6502, the Turkish Commercial Law, the provisions of the secondary legislation related to these laws, the obligations arising from the tax legislation, and other cases where it is mandatory by other competent public authorities and other legislation provisions, and can be transferred to physical archives and information systems of the COMPANY, and kept both in digital and physical environments.

5. How is the Security of Personal Data Ensured?

The COMPANY attaches great importance to the confidentiality and security of Personal Data. In this context, necessary technical and administrative security measures are taken to protect Personal Data against unauthorized access, harm, loss, or disclosure. Accordingly, necessary systemic controls, data access controls, security transfer controls, business continuity controls, and other necessary corporate controls are implemented. Moreover, special categories of personal data are processed with adequate measures determined by the Authority. Customers can inquire about the measures taken regarding the security of personal data by reaching out to the communication channels of the COMPANY.

6. Do We Transfer Your Personal Data to Third Parties and/or Abroad?

As the COMPANY, we commit to ensuring the safekeeping of your Personal Data and not to process it unlawfully.

Again, in the presence of the legal reasons mentioned above, we may transfer your Personal Data to third parties and group companies, including business partners, suppliers, official authorities including PROSECUTORS and MASAK, regulatory and supervisory public institutions and organizations, digital marketing firms based in Turkey and abroad, cargo companies, software support service companies, lawyers, consultants, and other third parties we receive services from or cooperate with, both domestically and abroad.

7. What are Your Rights as the Data Subject and the Application Procedure?

i. Your Rights Regarding Your Personal Data

We would like to inform you that you have the following rights regarding your data processed within the COMPANY:

• To learn whether your Personal Data are processed,
• If your Personal Data are processed, to request information regarding this,
• To learn the purpose of processing your Personal Data and whether they are used in accordance with their purpose,
• To know the third parties in the country or abroad to whom Personal Data have been transferred,
• If your Personal Data are processed incompletely or inaccurately, to request their correction,
• To request the deletion or destruction of Personal Data in case the reasons necessitating their processing cease to exist or if the Personal Data are no longer up-to-date,
• If your Personal Data are corrected, deleted, or destroyed, to request notification of these operations to third parties to whom Personal Data have been transferred,
• To object to the occurrence of a result against the person himself by analyzing the processed data exclusively through automated systems,
• In case you suffer damage due to unlawful processing of your Personal Data, to request the compensation of the damage

rights.

You can send your requests regarding these rights to us through the application procedures below.

ii. Application

You can send your requests related to your Personal Data, including the necessary information to identify you and your explanations regarding the right you request to exercise from the rights specified in Article 11 of the PDPL; you can personally deliver it to the address of SPACE DIGITAL BILISIM LIMITED SIRKETI Meclis Mahallesi Derviş Sokak Fuat Özal Plaza No:38/1 Sancaktepe-ISTANBUL, send it through a notary or other methods specified in the PDPL, or send it to destek@ruzgarhost.com with a secure electronic signature. All exceptions regulated primarily in Articles 28 and 5 of the PDPL are exceptions to this provision.

As a result of the requests sent to the COMPANY, the COMPANY may accept or reject the request by explaining its reason and inform the requesting party in writing or electronically. If the request is accepted, the COMPANY is obliged to fulfill the request immediately.

iii. Complaint

If your request submitted to the COMPANY is rejected, you are not satisfied with the response given by the COMPANY, or no response is given, you may file a complaint with the Personal Data Protection Board within 30 days from the date of notification of the response or within 30 days following the end of the 30-day period if no response is given.

iv. Data Controller Identity Information

The expression COMPANY used in this text has been arranged for SPACE DIGITAL BILISIM LIMITED SIRKETI, established in Turkey with the information given below, and addresses the data subjects of the data for which the company specified below is the data controller:

SPACE DIGITAL BILISIM LIMITED SIRKETI