Corporate General Personal Data Protection Disclosure Text

CORPORATE GENERAL NOTICE ON THE PROCESSING OF PERSONAL DATA

As ORSAN OPS TALAŞLI İMALAT SAN. VE TİC. KOLLEKTİF ŞTİ SALİM SERİM AND GÖKHAN SERİM (“ORSAN OPS”), we attach importance to the confidentiality of your personal data. In this context, this notice has been prepared to inform you—our Visitors, Online Visitors, Customers, Potential Customers, Supplier Employees, and Supplier Representatives—about the processing, storage, and transfer of your personal data within the scope of the Personal Data Protection Law No. 6698 (“KVKK”) and related legislation and legal regulations.

1. CATEGORIES AND PURPOSES OF PROCESSED PERSONAL DATA

Your personal information may be processed by ORSAN OPS TALAŞLI İMALAT SAN. VE TİC. KOLLEKTİF ŞTİ.-SALİM SERİM- GÖKHAN SERİM in accordance with the principles set forth in Article 4.2 of KVKK:

• (i) Compliance with law and honesty rules,
• (ii) Accuracy and updating when necessary,
• (iii) Processing for specific, clear, and legitimate purposes,
• (iv) Being relevant, limited, and proportionate to the purpose for which they are processed,
• (v) Retention for the period required by the relevant legislation or necessary for the purpose for which they are processed,

and may be processed within the scope of the purposes specified below in the context of ongoing business relationships with our partners (a person may fall into more than one category).

A. Our Visitors

Identity information of our visitors (e.g., name, surname, Turkish ID number, vehicle plate), physical premises security information (e.g., camera recordings);

• a) creation and tracking of visitor records,
• b) enabling access to the free zone,
• c) ensuring physical security of the premises.

B. Our Online Visitors

Processing security information of our online visitors (e.g., IP address), marketing information (e.g., cookie records), and (if provided*) identity and contact information (e.g., email address, phone number);

• a) conducting activities in compliance with the legislation,
• b) carrying out information security processes,
• c) tracking requests/complaints,
• d) enabling the creation of proposals,
• e) conducting communication activities,
• f) providing information to authorized persons, institutions, and organizations,
• g) enabling access to our website via the Internet.

C. Our Customers

Identity, contact, transaction information (e.g., order information), physical premises security, financial information (e.g., balance sheet), legal transaction information, and marketing information (e.g., purchase history) of our individual customers or representatives/employees of corporate customers;

• a) conducting activities in compliance with the legislation,
• b) carrying out finance and accounting processes,
• c) managing/monitoring business activities,
• d) managing logistics activities,
• e) conducting post-sales support services for goods/services,
• f) managing sales processes of goods/services,
• g) conducting marketing analysis studies,
• h) managing contract processes,
• i) providing information to authorized persons, institutions, and organizations,
• j) ensuring physical security of premises,
• k) resolving legal disputes,
• l) conducting storage and archiving activities,
• m) managing risk management processes,
• n) managing customer/company/product/service loyalty processes,
• o) conducting communication activities.

D. Our Potential Customers

Identity, contact, transaction information, physical premises security information, and marketing information of our individual customers or representatives/employees of corporate customers;

• a) managing goods/services sales processes,
• b) managing contract processes,
• c) ensuring physical security of premises,
• d) conducting marketing analysis studies.

E. Our Supplier Employees

Identity, contact, physical security, and professional experience information of supplier employees (e.g., in-service training information);

• a) conducting communication activities,
• b) managing/monitoring business activities,
• c) ensuring physical security of premises,
• d) managing supply chain processes,
• e) managing logistics activities,
• f) conducting activities in compliance with the legislation,
• g) managing occupational health and safety activities.

F. Our Supplier Representatives

Identity, contact, physical security, transaction, financial, marketing, and legal information of our individual suppliers or corporate supplier representatives;

• a) managing/monitoring business activities,
• b) managing goods/services procurement processes,
• c) carrying out finance and accounting processes,
• d) managing contract processes,
• e) managing investment processes,
• f) ensuring physical security of premises,
• g) managing legal activities.

2. METHODS OF PERSONAL DATA COLLECTION AND LEGAL REASONS

Your personal data, categorized above, are collected physically (e.g., order forms, contracts, visitor forms) or electronically via information systems and devices (e.g., telecommunication infrastructure, computers, and phones), third parties (e.g., KKB and Findeks), our website, and other documents provided by the relevant person, either automatically or manually.

Your personal data are processed based on the legal grounds specified in Article 5 of KVKK:

• (i) Explicitly stipulated in the laws,
• (ii) Necessity for processing personal data of the parties to a contract directly related to the establishment or performance of the contract,
• (iii) Necessity for the data controller to fulfill its legal obligations,
• (iv) Necessity of data processing for the establishment, exercise, or protection of a right,
• (v) Necessity of data processing for the legitimate interests of the data controller, provided it does not harm the fundamental rights and freedoms of the relevant person.

These legal grounds form the basis for the processing of your personal data.

3. TRANSFER OF PERSONAL DATA TO THIRD PARTIES

a) Personal data of our visitors may be shared with law enforcement and judicial authorities for the purpose of resolving legal disputes and upon request as required by the relevant legislation, and with İSBAŞ to enable access to the free zone.

b) Personal data of our online visitors may be shared with judicial authorities and authorized public institutions and organizations for the purpose of resolving legal disputes and upon request as required by the relevant legislation.

c) Personal data of our customers may be transferred to authorized public institutions and organizations for conducting activities in compliance with the legislation, monitoring and managing legal affairs, and providing information to authorized parties; to auditing companies for monitoring business activities; to financial institutions for risk management processes; to IT companies for resolving technical issues; to suppliers for business process management; to cargo companies for transfer operations; to insurance companies for product and workplace security; to banks for finance tracking; and to our certified public accountant for accounting operations. Additionally, these personal data may be shared with our legal counsel and judicial authorities as evidence in potential future legal disputes.

d) Personal data of our potential customers may be shared with our legal counsel and judicial authorities as evidence in potential future legal disputes.

e) Personal data of our supplier employees may be transferred to authorized public institutions and organizations for conducting activities in compliance with the legislation, monitoring and managing legal affairs, and providing information to authorized parties; to cargo companies for transfer operations; to insurance companies for product and workplace security; to OSGB companies for occupational health and safety management. Additionally, these personal data may be shared with our legal counsel and judicial authorities as evidence in potential future legal disputes.

f) Personal data of our supplier representatives may be transferred to authorized public institutions and organizations for conducting activities in compliance with the legislation, monitoring and managing legal affairs, and providing information to authorized parties; to IT companies for resolving technical issues; to suppliers for business process management; to cargo companies for transfer operations; to insurance companies for product and workplace security; to banks for finance tracking; to our certified public accountant for accounting operations; and to OSGB companies for occupational health and safety management. Additionally, these personal data may be shared with our legal counsel and judicial authorities as evidence in potential future legal disputes.

4. YOUR RIGHTS REGARDING PERSONAL DATA

You can submit your requests regarding your rights under Article 11 of KVKK through the “Application Form to the Data Controller” available at https://www.orsanops.com/.

Data Controller: ORSAN OPS TALAŞLI İMALAT SAN. TİC. KOLLEKTİF ŞTİ.-SALİM SERİM- GÖKHAN SERİM

Address: Ferhatpaşa SB. Mah. Ali Rıza Efendi Cad. No:27 Çatalca/İstanbul

Email: kvkk@orsanops.com