1. INTRODUCTION

As the data controller, the protection of personal data belonging to its customers, employees and other real persons with whom it has a relationship is of great importance for Emoyra Global Bilişim Tekstil Sanayi ve Ticaret A.Ş. ("Emoyra" or the "Company"). For the processing and protection of personal data, targeted by this Policy and other written policies; It is the lawful processing and protection of the personal data of our customers, potential customers, employees, employee candidates, visitors, employees of the institutions we cooperate with, employees of the group of companies we are involved in and third parties who establish a relationship with Emoyra.

In this context, in accordance with the Law No. 6698 and the relevant legislation,  the necessary administrative and technical measures are taken by Emoyra for the processing and protection of personal data.

In this Policy, the following basic principles adopted by Emoyra for the processing of personal data  will be explained:

·  Processing of personal data within the scope of consent,

·  Processing of personal data in accordance with the law and good faith,

·  Keeping personal data accurate and up-to-date when necessary,

·  Processing personal data for specific, explicit and legitimate purposes,

·  Processing personal data in connection with the purpose for which they are processed, limited and measured,

·  To keep personal data for the period stipulated in the relevant legislation or required for the purpose for which they are processed,

·  Clarifying and informing the relevant persons whose personal data are processed,

·  To create the necessary infrastructure for the relevant persons whose personal data are processed to exercise their rights,

·  Taking the necessary measures for the protection of personal data,

·  To act in accordance with the relevant legislation and KVK Board regulations in the determination and implementation of the purposes of processing personal data, in the transfer to third parties,

·  Special regulation of the processing and protection of personal data of special nature.

·  If there is a clear regulation in the laws regarding the transfer of personal data,

·  If it is necessary to transfer the personal data of the parties to the contract, provided that it is directly related to the establishment or performance of a contract,

·  If the transfer of personal data is mandatory for Emoyra to fulfill its legal obligation,

·  If the transfer of personal data is mandatory for the establishment, exercise or protection of a right,

·   If the transfer of personal data is mandatory for the legitimate interests of Emoyra, provided that it does not harm the fundamental rights and freedoms of the person concerned.

·  Customers; product-service promotion, information, personalized advertising, campaign and other benefits, sending commercial electronic messages within the framework of loyalty programs, providing various advantages through survey and tele-sales applications, statistical analysis,

·  To carry out studies to improve the quality of service and to provide better service,

·  Issuance of invoices for our services,

·  Identity confirmation,

·  Responding to questions and complaints,

·  Taking the necessary technical and administrative measures within the scope of data security,

·  Providing financial reconciliation regarding the products and services offered with relevant business partners and other third parties,

·  Providing the necessary information in line with the demands and audits of the regulatory and supervisory institutions and official authorities,

·  Maintaining information about the data required to be kept in accordance with the relevant legislation,

·  Ensuring auditing the consistency of their information,

·  In terms of employees; creation of a personnel file, determination of whether the job is qualified to fulfill the requirements continuously, private health insurance, creation of a health file, taking occupational safety measures,

·  Fulfillment of legal obligations,

·   Execution/follow-up of Emoyra financial reporting and risk management transactions,

·  Emoyra partners

·  Banks and insurance companies

·  Emoyra suppliers

·  Emoyra company officials

·  Legally authorized public institutions and organizations

2. PURPOSE OF THE POLICY

The main purpose of this Policy is  to make statements about the personal data processing activity carried out by Emoyra in accordance with the law and the systems adopted for the protection of personal data, and in this context, to provide transparency towards the persons with whom our company is related.

3. SCOPE OF THE POLICY

This Policy; It relates to all personal data of our customers, employees, employee candidates, visitors, employees of the institutions we cooperate with and third parties that are processed automatically or by non-automatic means provided that they are part of any data recording system.

4. ISSUES REGARDING THE PROTECTION OF PERSONAL DATA

In accordance with Article 12 of the KVK Law, Emoyra takes the necessary technical and administrative measures to ensure the appropriate level of security in order to prevent the unlawful processing of the personal data it processes, to prevent the unlawful access to the data and to ensure the protection of the data, and to carry out or have the necessary audits carried out in this context.

4.1. Measures Taken to Ensure the Legal Processing of Personal Data and to Prevent Unlawful Access to Personal Data

Emoyra takes technical and administrative measures according to technological facilities and application cost in order to ensure that personal data are processed in accordance with the law and to prevent unlawful access.

4.1.1. Technical Measures

The main technical measures taken by Emoyra to ensure the lawful processing of personal data and to prevent unlawful access are listed below:

·      Network security and application security are provided.

·      A closed system network is used for personal data transfers via the network.

·      Security measures are taken within the scope of supply, development and maintenance of information technology systems.

·      Personal data stored in the cloud is secured.

·      Access logs are kept regularly.

·      Current anti-virus systems are used.

·      Firewalls are used.

·      Log records are kept in a way that there is no user intervention.

·      Cyber security measures have been taken and their implementation is constantly monitored.

·      Encryption is done.

·      Personal data is backed up and the security of the backed up personal data is also ensured.

·      User account management and authorization control system are applied and these are also followed.

·      Intrusion detection and prevention systems are used.

·      Employees who have a change of duty or leave their jobs are removed from their authority in this area.

·      Necessary security measures are taken regarding the entrances and exits to physical environments containing personal data.

 4.1.2. Administrative Measures

 Administrative measures taken by Emoyra for the lawful processing of personal data and the prevention of unlawful access:

·      There are disciplinary regulations for employees that include data security provisions.

·      Training and awareness activities are carried out periodically for employees on data security.

·      Corporate policies on access, information security, use, storage and destruction were prepared and started to be implemented.

·      Confidentiality undertakings are made.

·      The signed contracts contain data security provisions.

·      Extra security measures are taken for personal data transferred via paper and the relevant document is sent in confidential document format.

·      Personal data security policies and procedures have been determined.

·      Personal data security issues are reported quickly.

·      Personal data security is monitored.

·      The security of physical environments containing personal data against external risks (fire, flood, etc.) is ensured.

·      The security of environments containing personal data is ensured.

·      Personal data are reduced as much as possible.

·      Existing risks and threats have been identified.

·      Protocols and procedures for the security of personal data of special nature are determined and implemented.

·      Data processing service providers are aware of data security.

4.2. Supervision of the Measures Taken for the Protection of Personal Data

There is a Personal Data Protection Committee within Emoyra. On  behalf of Emoyra, which is the data controller,  in accordance with its duty arising from Article 12 of the Law, the Committee personally carries out the necessary audits in order to ensure the implementation of the provisions of the Law in its own institution or organization and has it done by receiving support from competent institutions when necessary. According to the results of this audit, the detected violations, negativities and nonconformities are reported to the information security officer in the committee and the necessary measures are taken in front of these issues.  In the event that an external service is received by Emoyra due to technical requirements for the storage of personal data, additional contracts are concluded containing provisions that the relevant companies to whom the personal data is transferred in accordance with the law and the persons to whom the personal data are transferred will take the necessary security measures for the protection of personal data and that these measures will be complied with in their own organizations. In addition to these, Emoyra makes contracts for compliance with personal data protection measures with its personnel in recruitment processes and internal disciplinary policies.

5. RIGHTS AND CLAIMS OF THE PERSONAL DATA OWNER

Emoyra, as the data controller against the requests of the relevant person in accordance with Article 13 of the KVK Law, has established the Personal Data Application and Response Procedure as an annex to the personal data inventory and the procedures for directing the written template for the applications that do not meet the application conditions specified in the law. In accordance with these procedures, technical preparations have been made in order to carry out the necessary procedures. 

The requests of the relevant persons whose personal data are processed regarding the rights listed below; to Emoyra  by submitting an identity card and a personal application, in writing or by using the electronic mail address  previously notified to Emoyra by the person concerned and registered in Emoyra's system, or by means of a software or application developed for the purpose of the application.  If they submit their identity in a verifiable form, the Company will respond to the request free of charge within thirty days at the latest depending on the nature of the request. A detailed explanation in this regard is given below, in Article 20 of this policy.

The relevant persons whose personal data are processed will be able to request all the rights in the relevant article of the law, including all processing processes, purposes and transfer information of their personal data, with the application they will make in accordance with this procedure.

6. PROTECTION OF PERSONAL DATA OF SPECIAL NATURE

With the KVK Law, special importance has been attached to some personal data due to the risk of causing victimization or discrimination of persons when processed unlawfully. These data are; race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, clothing and clothing, association, foundation or union membership, health, sexual life, criminal convictions and security measures, and biometric and genetic data.

Emoyra acts sensitively in the protection of personal data of special nature determined as "special quality" by the KVK Law and processed in accordance with the law. In this context,  the technical and administrative measures taken by Emoyra for the protection of personal data are carefully implemented in terms of special quality personal data and the  necessary audits are provided within Emegra.

7. TRAINING OF EMOYRA EMPLOYEES ON THE PROTECTION AND PROCESSING OF PERSONAL DATA

Emoyra ensures that the necessary trainings are organized for its employees in order to increase the awareness of preventing the unlawful processing of personal data, unlawful access to the data and ensuring the protection of the data.

8. ISSUES RELATED TO THE PROCESSING OF PERSONAL DATA

In accordance with Article 20 of the Constitution and Article 4 of the PDP Law, Emoyra carries out personal data processing activities in a purpose-related, limited and measured manner in accordance with the law and good faith, taking into account the protection of public health, and pursuing accurate and when necessary, up-to-date, specific, clear and legitimate purposes.  Emoyra retains personal data for the period stipulated in the laws or required by the purpose of personal data processing.  Emoyra provides personal information belonging to its customers, employees, visitors, supplier employees and third parties; identity information (name, surname, Turkish identity number, gender, age, date of birth), contact information (e-mail address, telephone number address information, IP address), occupational data, visual and audio data, digital trace data, physical space security data, financial data  is processed and processed while processing these data, in order for the relevant persons whose personal data are processed herein  to benefit effectively from the services of Emoyra, to  develop the variety of products and services and to be informed about marketing and innovations as a result of these services, as well as to perform contracts, to fulfill the work and to process financial/legal / commercial obligations.  Detailed information on this subject can be found in Annex-2 ("Annex 2- Personal Data Processed by the Company and Its Purposes") document of this Policy.

Emoyra enlightens the relevant persons whose personal data are processed in accordance with Article 10 of the KVK Law and requests the consent of the relevant persons in cases where consent is required and processes these personal data on the basis of the following criteria.

8.1. Processing in Accordance with the Law and the Rule of Honesty

Emoyra acts in accordance with the principles introduced by legal regulations and the general rule of trust and honesty in the processing of personal data. In accordance with the principle of compliance with the rule of honesty, Emoyra takes into account the interests and reasonable expectations of the relevant persons while trying to achieve its objectives in data processing.

8.2. Ensuring Personal Data is Accurate and, Where Necessary, Up-to-Date

Keeping personal data accurate and up-to-date is necessary for Emoyra in order to protect the fundamental rights and freedoms of the person concerned. Emoyra has an obligation of active care to ensure that personal data is accurate and, when necessary, up-to-date  . For this reason,  all communication channels are open in order to keep the information of the relevant persons whose personal data are processed by Emoyra accurate and up-to-date.

8.3. Processing for Specific, Explicit and Legitimate Purposes

Emoyra clearly and precisely determines the purpose of processing personal data that is legitimate and in accordance with the law.  Emoyra processes as much personal data as is necessary for and related to the activity it carries out.

8.4. Being Relevant, Limited and Proportionate to the Purpose for which they are Processed

Emoyra processes personal data within the scope of the purposes related to the subject of its business and necessary for the execution of its business. For this reason, Emoyra processes personal data in a manner conducive to the realization of the specified purposes and avoids the processing of personal data that is not related to the realization of the purpose or is not needed.

8.5. Retention for the Period Stipulated in the Relevant Legislation or Required for the Purpose for which they are Processed

Emoyra retains personal data only for the period specified in the relevant legislation or required for the purpose for which they are processed. In this context, Emoyra  first determines whether a period of time is foreseen for the storage of personal data in the relevant legislation, acts in accordance with this period if a period is determined, and if a period is not determined, it stores the personal data for the period required for the purpose for which they are processed and specified in the Internal Retention Policy published by Emoyra. Emoyra is based on the retention periods in the personal data inventory and at the end of the periods specified herein, personal data are deleted, destroyed or anonymized according to the nature of the data and the purpose of use within the framework of the obligations under the Law.

9. DISCLOSURE AND INFORMATION OF THE PERSONAL DATA OWNER

In accordance with Article 10 of the KVK Law, Emoyra enlightens the relevant persons whose personal data are processed during the acquisition of personal data. In this context, Emoyra clarifies the identity of the data controller, the identity of the representative, if any, the purpose for which the personal data will be processed, to whom and for what purpose the processed personal data can be transferred, the method and legal reason of collecting personal data and the rights of the relevant persons whose personal data is processed according to the nature of the relevant person and the data processing process. In this context, Front Lighting Information and Lighting Texts that the Company and the personnel can easily see in the common areas have been placed.  Along with this policy, customer disclosure text, cookie policy, application form have also been published on Emoyra website.

10. TRANSFER OF PERSONAL DATA

In line with the personal data processing purposes that are in accordance with the law, Emoyra may transfer the personal data and special quality personal data of the relevant person to third parties by taking the necessary security measures.  Personal data may be transferred by Emoyra to foreign countries declared to have adequate protection by the KVK Board or, in  the absence of adequate protection, to foreign countries where the data controllers in Turkey and the relevant foreign country have undertaken an adequate protection in writing and where the KVK Board has the permission. The reasons for the transfer are explained below:

11. EMOYRA PERSONAL DATA INVENTORY AND CLASSIFICATION OF PERSONAL DATA

 In the presence  of Emoyra, in line with the legitimate and lawful personal data processing purposes of Emoyra, based on and limited to one or more of the personal data processing conditions specified in Article 5 and Article 6 of the KVK Law, in particular the principles specified in Article 4 regarding the processing of personal data, in accordance with the general principles specified in the KVK Law and all the obligations regulated in the KVK Law and by complying with  all the obligations regulated in the KVK Law and by complying with the personal data within the scope of this Policy,  The following categories of personal data, limited to the relevant persons whose data are processed, are processed by informing the relevant persons.

Emoyra has created a personal data inventory in accordance with the Regulation on the Registry of Data Controllers issued by the Personal Data Protection Authority. This data inventory includes data categories, the source of the data, the purposes of data processing, the data processing process, the groups of recipients to whom the data is transferred and the retention periods. In this context, the following types of data categories are included in the Emoyra personal data inventory, although they are not limited to these types.

Emoyra has determined the Emoyra Personal Data Inventory, which it has created within the scope of data processing activities and based on the data types used within the company,  as  shown in the table above  and with the Emoyra Data Retention and Destruction Policy.

12. PURPOSES OF PROCESSING PERSONAL DATA

Emoyra processes personal data limited to the purposes and conditions within the personal data processing conditions specified in Article 5, paragraph 2 and Article 6, paragraph 3 of the KVK Law. These purposes and conditions are:

·       Execution of Emergency Management Processes

·       Execution of Information Security Processes

·       Execution of Employee Candidate / Intern / Student Selection and Placement Processes

·       Execution of Application Processes of Employee Candidates

·       Execution of employee satisfaction and loyalty processes

·       Fulfillment of Obligations Arising from Employment Contract and Legislation for Employees

·       Execution of Benefits and Benefits for Employees

·       Conducting Audit / Ethical Activities

·       Conducting Training Activities

·       Execution of Access Authorizations

·       Conducting Activities in Accordance with the Legislation

·       Execution of Finance and Accounting Works

·       Execution of Loyalty to Company / Product / Services Processes

·       Ensuring Physical Space Security

·       Execution of Assignment Processes

·       Follow-up and Execution of Legal Affairs

·       Conducting Internal Audit / Investigation / Intelligence Activities

·       Carrying Out Communication Activities

·       Planning of Human Resources Processes

·       Execution / Supervision of Business Activities

·       Carrying out Occupational Health / Safety Activities

·       Receiving and Evaluating Suggestions for the Improvement of Business Processes

·       Carrying out Business Continuity Activities

·       Execution of Logistics Activities

·       Execution of Goods / Services Purchasing Processes

·       Execution of Goods / Services After-Sales Support Services

·       Execution of Goods / Services Sales Processes

·       Execution of Goods / Services Production and Operation Processes

·       Execution of Customer Relationship Management Processes

·       Carrying out activities for customer satisfaction

·       Organization and Event Management within the Company

·       Conducting Marketing Analysis Studies

·       Execution of Performance Evaluation Processes

·       Execution of Advertising / Campaign / Promotion Processes

·       Execution of Risk Management Processes

·       Carrying out storage and archive activities

·       Carrying out social responsibility and civil society activities

·       Execution of Contract Processes

·       Conducting Sponsorship Activities

·       Carrying out Strategic Planning Activities

·       Follow-up of Requests / Complaints

·       Ensuring the safety of movable goods and resources

·       Execution of Supply Chain Management Processes

·       Execution of Remuneration Policy

·       Execution of Marketing Processes of Products / Services

·       Ensuring the Security of Data Controller Operations

·       Foreign Personnel Work and Residence Permit Procedures

·       Execution of Investment Processes

·       Conducting Talent / Career Development Activities

·       Providing information to authorized persons, institutions and organizations

·       Execution of Management Activities

·       Creation and Follow-up of Visitor Records

13. RETENTION PERIODS OF PERSONAL DATA

Emoyra stores personal data for the period specified in these legislations if stipulated in the relevant laws and regulations.

If a period of time is not regulated in the legislation on how long the personal data should be stored, the personal data is stored for the period that requires it to be stored in accordance with Emoyra's practices and the practices of the sector,  depending on the activity carried out by Emoyra while processing that data, then Emoyra in accordance with the nature of the data.  is deleted, destroyed or anonymized in accordance with the Personal Data Storage and Destruction Policy.

If the purpose of processing the personal data has come to an end and the retention periods determined by the relevant legislation and Emoyra have come to an end, the personal data can only be stored for the purpose of constituting evidence in possible legal disputes or for the purpose of asserting the relevant right related to the personal data or establishing the defense. In the establishment of the periods herein, the retention periods are determined on  the basis of the examples in the requests previously made to Emoyra on the same issues despite the expiration of the statute of limitations and the statute of limitations for the assertion  of the said right. In this case, the stored personal data is not accessed for any other purpose and access to the relevant personal data is provided only when it is necessary to use it in the relevant legal dispute. Here, too, after the expiry of the said period, personal data are deleted, destroyed or anonymized.

14.  THIRD PARTIES TO WHOM PERSONAL DATA IS TRANSFERRED BY EMOYRA AND THE PURPOSES FOR WHICH THEY ARE TRANSFERRED

In accordance with Article 10 of the KVK Law, Emoyra notifies the groups of persons to whom the personal data are transferred to the relevant person whose personal data is processed.

In accordance with Articles 8 and 9 of the KVK Law, Emoyra may transfer the personal data of the relevant persons whose personal data are processed by this Policy to the following categories of stakeholders:

·       Direct/indirect domestic/overseas shareholders

·       Persons / institutions and / or organizations permitted by the provisions of other relevant legislation

·       Lawyers or attorney partnerships for the purpose of pursuing legal affairs

The scope of transfer and the purposes of data transfer are as follows:

·   After filling out the form on the website, a wet signed copy should  be sent to Tuna Mah. Gazeteci Rauf Lütfü Aksungur Sok. No:2/A Martı Apt. 35600 KARŞIYAKA/İZMİR by registered mail  or personally applied,

·  Sending an e-mail to the address of the emoyra@emoyra.com by using the e-mail address previously notified to Emoyraby the person concerned and registered in the system of Emoyra or applying by means of a software or application developed for the purpose of application.

15. PROCESSING OF PERSONAL DATA

15.1. Processing of Personal Data

The explicit consent of the person whose personal data is processed is only one of the legal bases that make it possible to process the personal data in accordance with the law. Apart from explicit consent, personal data may also be processed in the presence of one of the conditions specified in the law. The basis of the personal data processing activity may be only one of the following conditions, and more than one of these conditions may be the basis of the same personal data processing activity.

16. EMOYRA COMPANY BUILDING ENTRANCES AND PERSONAL DATA PROCESSING ACTIVITIES CARRIED OUT WITHIN THE BUILDING

 In order to ensure security by Emoyra,  personal data processing activities are carried out in Emoyra buildings and facilities for monitoring with security cameras and tracking guest entrances and exits.

 Personal data processing activities are carried out by Emoyra by using security cameras and recording guest entrances and exits.

Within the scope of security camera monitoring activity, Emoyra has purposes such as protecting the interests of the company and other persons in ensuring their security. This monitoring activity is carried out in accordance with the KVKK and the Law on Private Security Services and related legislation. In this context, the information that camera monitoring is carried out is announced to all employees and visitors and people are enlightened. Notification letters are hung at the entrances of the monitored areas.  In accordance with Article 12 of the KVK Law, necessary technical and administrative measures are taken by Emoyra to ensure the security of the personal data obtained as a result of the camera monitoring activity.

16.1.  Follow-up of Guest Entrances and Exits Carried Out at the Emoyra Building, Facility Entrances and Inside

 For the purpose of ensuring security and other purposes specified in this Policy,  Emoyra  carries out personal data processing activities for the follow-up of guest entries and exits in Emoyra buildings and facilities. While  obtaining the identity data of the persons who come to  the Emoyra buildings as guests or through the texts hung before Emoyra or otherwise made available to the guests, the relevant persons are enlightened in this context. The data obtained for the purpose of guest entry and exit follow-up are processed only for this purpose and the personal data of the relevant person are recorded in the data recording system in the physical environment.

16.2.  Retention of Log Records Regarding Access to Software Provided to Personnel at Emoyra Facilities

 For the purpose of ensuring security by Emoyra and for other purposes specified in this Policy, internet access can be provided to visitors who request it during their stay in buildings and facilities. In this case, the log records related to internet access are kept in accordance with the governing provisions of the Law No. 5651 and the legislation issued in accordance with this Law, and these records are processed only if requested by the authorized public institutions and organizations or  in order to fulfill the relevant legal obligation in the audit processes to be carried out within Emoyra.

17. CONDITIONS FOR DESTRUCTION (DELETION, DESTRUCTION AND ANONYMIZATION) OF PERSONAL DATA

In accordance with Article 138 of the Turkish Criminal Code, Article 7 of the KVK Law and the "Regulation on the Deletion, Destruction and Anonymization of Personal Data" issued by the Board, personal data shall be deleted, destroyed or anonymized pursuant to Emoyra's own decision or upon the request of the personal data subject, in the event that the reasons requiring the processing disappear, despite being processed in accordance with the provisions of the relevant law. Emoyra has established a policy in this regard according to the provisions of the regulation and in accordance with this policy, it disposes of the data according to its nature.

18. RIGHTS OF PERSONAL DATA OWNERS; EXERCISE OF THESE RIGHTS

Emoyra informs itself of the rights of the personal data subject in accordance with Article 10 of the KVK Law and guides the relevant person whose personal data is processed on how to use these rights regulated in Article 11, and  Emoyracarries out the necessary channels, internal functioning, administrative and technical arrangements in accordance with Article 13 of the PDP Law in order to evaluate the rights of the relevant persons and to provide the necessary information to the relevant persons.

18.1. Rights and Exercise of These Rights by the Data Subject

18.1.1. Rights of the data subjects whose personal data are processed

The relevant persons whose personal data are processed have the following rights:

a. To learn whether personal data is processed or not,

b. If their personal data has been processed, to request information about it,

c. To learn the purpose of processing personal data and whether they are used in accordance with their purpose,

d. To know the third parties to whom personal data are transferred at home or abroad,

e. In case the personal data are processed incompletely or incorrectly, to request their correction and to request that the transaction carried out within this scope be notified to the third parties to whom the personal data are transferred,

f. To request the deletion or destruction of personal data in the event that the reasons requiring the processing of the personal data disappear despite the fact that it has been processed in accordance with the provisions of the KVK Law and other relevant laws and to request that the transaction carried out within this scope be notified to the third parties to whom the personal data are transferred,

g. To object to the result of a result against the person himself by analyzing the processed data exclusively by means of automatic systems,

h. Requesting the compensation of the damage in case of damage due to unlawful processing of personal data.

18.1.2. Situations in which the Data Subject whose Personal Data is Processed Cannot Assert the Rights

Subject persons whose personal data are processed cannot assert their rights listed in 20.1.1. in these matters since the following cases are excluded from the scope of the KVK Law pursuant to Article 28 of the KVK Law:

a. Processing personal data for purposes such as research, planning and statistics by anonymizing them with official statistics,

b. Processing of personal data for artistic, historical, literary or scientific purposes or within the scope of freedom of expression, provided that it does not violate national defense, national security, public security, public order, economic security, privacy of private life or personal rights or does not constitute a crime,

c. Processing of personal data within the scope of preventive, protective and intelligence activities carried out by public institutions and organizations mandated and authorized by law to ensure national defense, national security, public security, public order or economic security,

d. Processing of personal data by judicial or enforcement authorities in connection with investigation, prosecution, trial or execution proceedings.

In accordance with Article 28/2 of the KVK Law; In the following cases, the relevant persons whose personal data are processed cannot assert their other rights listed in 20.1.1., except for the right to request the compensation of the damage:

a. The processing of personal data is necessary for the prevention of crime or for the investigation of crimes,

b. Processing of personal data made public by the person whose personal data is processed,

c. The processing of personal data is necessary for the execution of supervisory or regulatory duties and for disciplinary investigation or prosecution by the authorized and authorized public institutions and organizations and professional organizations that are public institutions based on the authority given by the law,

d. The processing of personal data is necessary for the protection of the economic and financial interests of the State in relation to budgetary, tax and financial matters.

18.1.3. Exercise of Rights by Personal Data Subject

Relevant persons whose personal data is processed will  be able to submit their requests regarding their rights specified in this Policy to Emoyra free of charge by filling out and signing the Application Forum with the information and documents that will determine their identities and by the methods specified below or other methods determined by the Personal Data Protection Board. Comprehensive regulation in this regard  has been made in Emoyra  Personal Data Application and Response Procedure, Emoyra customer clarification text and inside.

In order for the above-mentioned application to be accepted as a valid application, in accordance with the Communiqué on Application Procedures to the Data Controller, the relevant person;

a) Name, surname and signature if the application is in writing,

b) T.R. identity number for citizens of the Republic of Turkey, nationality for foreigners, passport number or identity number, if any,

c) The address of the place of residence or place of business in which the notification is made,

ç) The electronic mail address, telephone and fax number, if any, for which the notification is made,

d) The subject of the request,

information. Otherwise, the application will not be considered a valid application. In the applications to be made without filling out the application form, the issues listed here must be submitted to Emoyra in full.

In order for third parties to request an application on behalf of the relevant persons whose personal data is processed, there must be a special power of attorney issued by the relevant person on behalf of the person to be applied through a notary.

19. RELATIONSHIP OF EMOYRA PERSONAL DATA PROTECTION AND PROCESSING POLICY WITH OTHER POLICIES

Emoyra has established the principles set forth in this document  on the  basis of the policies regarding other data assets within Emoyra and the sub-procedures for internal use on the protection and processing of personal data.

Data Controller        : EMOYRA GLOBAL BİLİŞİM TEKSTİL SANAYİ VE TİCARET ANONİM ŞİRKETİ
Address                                 :  Tuna Mah. Gazeteci Rauf Lütfü Aksungur Sok. No:2/A Martı Apt. 35600 KARŞIYAKA/İZMİR

Below are definitions to assist in the review of the policy and a table of purposes for processing personal data and purposes of transfer.

ANNEX-1 DEFINITIONS

Explicit Consent: Consent related to a specific subject, based on being informed and explained with free will.

Anonymization: It is the modification of personal data in such a way that it will lose its personal data quality and this situation cannot be recovered. Ex: Making personal data unassociative with a natural person through techniques such as masking, aggregation, data corruption, etc.

Application Form: "Application Form for the Applications to be Made to the Data Controller by the Relevant Person (Personal Relevant Person) in Accordance with the Law on the Protection of Personal Data No. 6698", which includes the application to be made by the relevant persons whose personal data is processed to exercise their rights.

Employee Candidate : Real persons who have applied for a job at Emoyra in any way or who have opened their resume and related information. 

Employees, Shareholders and Officers of the Institutions That Cooperate with: Real and legal persons, including the shareholders and officials of Emoyra, who work in the institutions with which Emoyra has all kinds of business relations (such as business partners, suppliers, but not limited to). 

Business Partner: Parties with whom Emoyra establishes business partnerships for purposes such as carrying out various projects and receiving services personally or together while carrying out its commercial activities.

Processing of Personal Data: Any operation performed on personal data such as obtaining, recording, storing, preserving, changing, rearranging, disclosure, transferring, taking over, making available, classifying or preventing the use of personal data by fully or partially automatic means or by non-automatic means provided that it is part of any data recording system.

Data subject: The natural person whose personal data is processed. For example; customer, staff...

Personal Data: Any information relating to an identified or identifiable natural person. Therefore, the processing of information related to legal entities is not covered by the Law. For example; name-surname, TCKN, e-mail, address, date of birth, credit card number, etc.

Personal Data of Special Nature: Data on race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, clothing, membership of associations, foundations or trade unions, health, sexual life, criminal convictions and security measures, and biometric and genetic data.

Supplier:  Parties that provide services to Emoyra on a contractual basis in accordance with Emoyra's orders and instructions while carrying out Emoyra's commercial activities.

Third Party: Natural persons whose personal data are processed under the policy, who are not defined differently under the policy. For example; family members, former employees,...

Data Processor: The natural and legal person who processes personal data on behalf of the data controller based on the authorization given by him/her. For example;  Departments working within Emoyra, etc.

Data Controller: The person who determines the purposes and means of processing personal data and manages the place where the data is kept systematically (data recording system). Within the scope of this policy, Emoyra Global Bilişim Tekstil Sanayi ve Ticaret A.Ş is the data controller.

Deletion of Data: It refers to the fact that all relevant users within the company are encrypted in such a way that access to personal data is prevented and only the data protection officer has this password.

Destruction of Data: It refers to the complete elimination of personal data by physical or technological methods in a way that cannot be reversed.

Visitor: Real persons who have entered the physical premises owned by Emoyra for various purposes or who have visited our websites. 

ANNEX 2-PERSONAL DATA PROCESSED BY THE COMPANY AND ITS PURPOSES