I Objective and Scope of the Policy

This Policy on Personal Data Protection and Processing ("Policy") has been prepared to provide information about the personal data processing activities carried out by Mitsubishi Electric Turkey Elektrik Ürünleri A.Ş. ("Company") within the scope of its operations and the set of rules and principles taken as basis for these activities.

This Policy applies all real persons whose personal data is processed by the Company, except for the employees of the Company. Legal entities and information about legal entities are not within the scope of the Policy.

II Definitions Used in the Policy

The definitions in this Policy are used as provided below. Definitions not specified herein shall be deemed to be used as they are defined in the Personal Data Protection Law No. 6698 and secondary regulations enacted under this Law.

Explicit Consent: means informed and freely given consent based on specific information regarding a particular subject.

Anonymization: means the processing of personal data in such a way that the data subject can no longer be associated with an identified or identifiable natural person or its source cannot be ascertained,

Employee: means an employee of the Company.

Relevant Person/ Data Subject: means real person whose personal data is processed;

Destruction: means the deletion, destruction and anonymization of personal data.

Law: Personal Data Protection Law No. 6698 of 24/3/2016.

Personal Data: means all kinds of information relating to an identified or identifiable natural person.

Processing of Personal Data: means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure, or destruction.

Board: Personal Data Protection Board

Organization: Personal Data Protection Authority

Special Categories of Personal Data: means data about race, ethnic origin, political affinity, philosophical view, religion, sect or other beliefs, clothing style, membership to any association, foundation or union, health, sexual preferences, criminal history and security measures as well as biometric and genetic data.

Data Processor: refers to a real person or legal entity processing personal data based on the authorization given by and in the name of the data controller;

Data Controller: refers to a real person or legal entity who is responsible to determine the objectives and means of processing personal data, establishes and manages the data retention system.

Data Registry System: means the recording system where personal data is processed through configuration based on certain criteria.

III Effective Date and Revision

This procedure came into effect on [19.01.2024]. The Company has the right to update the Policy by publishing the most recent version on its website when deemed necessary, especially in the event of legislative revisions. For this reason, the data subjects should check the most recent version of the Policy by entering the website when they require to get information about the Policy.

IV Data Controller within the Scope of Personal Data Processing Activities

Pursuant to the Law, Mitsubishi Electric Turkey Elektrik Ürünleri A.Ş. determines the purposes and means of data processing regarding the personal data it processes in the course of operations and activities of the Company. In this context, the Company informs the data subjects about the purposes and how it processes personal data by informing them in the channels where it collects personal data.

Likewise, the Company is also responsible for the establishment and management of the data registry system where such personal data is processed. Therefore, the Company acts as the data controller for most of the personal data processed under the Law.

In some cases, the Company does not determine the purposes and means of personal data processing; it may process personal data with the instructions of another company. In this case, the Company acts as a data processor within the scope of the Law; this Policy aims to inform the relevant persons only regarding the personal data processing activities in which the Company acts as a data controller.

V Personal Data Processing Activities and Objectives

1 Processing of Personal Data through Corporate Communication Channels

1. a) Processing of Personal Data through the Call Centre

   The Company collects personal data such as name, surname, mobile phone number, telephone number, address, call date, dealer-sale point, inquiry-complaint information, survey answers, voice recordings of the persons contacted through the call centre.

   The mentioned personal data is processed automatically in electronic media based on the legal reasons of establishing or performing the contract, establishing, using, or protecting a right, and the legitimate interests of the Company for the purposes of tracking requests and complaints, conducting customer relationship management processes, planning and executing after-sales support processes, conducting communication activities, ensuring the use of products and services, making follow-ups/returns regarding the subject of communication with the Company, planning and executing business activities, and planning and executing customer satisfaction activities.

   Your personal data is shared with dealers and authorised services for the purpose of finalising customer inquiries and complaints, and with the supplier company from which call centre service is received for the purpose of conducting customer satisfaction surveys, receiving call centre service and carrying out call centre processes.

1. b) Processing of Personal Data through Social Media and Other Online Media

   The Company processes information such as name, surname, phone number, address, email address, and the content of messages shared on social media and other online platforms in line with the posts made on social media and requests/complaints directed to the Company. The mentioned personal data is processed in electronic media automatically based on the legal grounds of establishing, exercising, or protecting a right and the legitimate interests of the Company for the purposes of tracking requests and complaints, receiving opinions, suggestions, and gratitude notifications, conducting communication activities, managing customer relations processes, conducting activities for customer satisfaction, and executing processes related to advertising, campaigns, promotions, and brand monitoring.

   Your personal data is shared with dealers, authorized services, agencies and sales points for the purpose of finalising customer inquiries and complaints, and with the supplier company from which call centre service is received for the purpose of conducting customer satisfaction surveys, receiving call centre service and carrying out call centre processes.

1. c) Processing of Personal Data through the Web Sites

   Some of your personal data is processed through the contact forms on the Company’s websites.

   These personal data include name, surname, telephone number, province, district, e-mail address, information regarding the request and information provided to the Company within the scope of the message in the contact form. The mentioned personal data is processed automatically in electronic media based on the legal reasons of establishing or performing the contract, establishing, using, or protecting a right, and the legitimate interests of the Company for the purposes of tracking requests and complaints, conducting customer relationship management processes, planning and executing after-sales support processes, conducting communication activities, ensuring the use of products and services, making follow-ups/returns regarding the subject of communication with the Company, planning and executing business activities, and planning and executing customer satisfaction activities.

   However, cookies are used on our websites. These cookies are used to enable the visitor to navigate between pages, remember visitor preferences and improve the user experience in subsequent visits. For detailed information on the cookies used, it is recommended to check at the Cookie Policy of the relevant site.

   Some of our websites also include sections where information is collected for job application, authorised dealer and service application. Accordingly:

   • For detailed information, please refer to section "4.Processing of Personal Data of Candidates During Recruitment Processes" regarding the processing of personal data within the scope of job applications,
   • section "5. Processing of Personal Data of Employees and Authorized Representatives of the Authorized Services and Dealers" regarding the processing of your personal data within the scope of authorized service and dealer application.

2 Processing of Personal Data within the Scope of Products and Services

1. a) Processing of Personal Data through Kesfetteam

   The Company may process some personal data while the Company provides a discovery process service called Kesfetteam. These personal data include name, surname, mobile phone number, telephone number, address and coordinate information related to the address, physical information and photographs of the place of discovery, and notes taken during the discovery process. The personal data is collected and processed automatically in the electronic media through Kesfetteam mobile application, internet sites, e-mail and call centre channels based on the legal grounds of establishing, exercising or protecting a right and legitimate interests of the Company for the purposes of follow-up and supervision of business activities, carrying out the survey service process in order to determine and recommend products suitable for the expectations of the person and the needs of the place, following up requests and complaints, carrying out customer relationship management processes, carrying out communication activities, carrying out follow-up/feedback on the subject communicated with the Company, planning and execution of customer satisfaction activities

   Your personal data is shared with dealers and sales points in order to provide Keşfetteam service, follow-up and supervision of business activities, execution of progress payment processes; with the supplier company from which call centre service is received in order to receive call centre service and to conduct satisfaction surveys.

1. b) Processing of Personal Data through MELCloud

   The Company will process the name, surname, gender, address, telephone number, mobile phone number, e-mail address, password, MAC address, serial number, LAN and WAN IP addresses of the product used, guest user access records and e-mail address, information about product settings and instructions given within the scope of the MELCloud service. The personal data is collected and processed automatically in the electronic media through MELCloud WebApp channels, internet site at MELCloud.com address based on the legal grounds of execution and performance of an agreement, establishing, exercising and protecting a right for the purposes of monitoring, controlling and supporting and after-sales services related to services, developing and improving services and products, providing information to authorised persons/institutions and organisations In this context, the personal data in question are processed by Mitsubishi Electric group companies for the same purposes. For detailed information about MELCloud, please visit the internet site at MELCloud.com and MELCloud Terms and Conditions of Use available in MELCloudWebApp.

1. c) Processing of Personal Data through MSA Application

   The Company will process name, surname, address, phone number, mobile phone number, and email address within the MSA Application. The personal data is processed through the receipt and transfer of physical or electronic documents, partly automatically or as part of the data recording system, non-automatically based on legal grounds of the establishing or performing the contract and the necessity of personal data processing for the fulfillment of the legal obligations of the Company for the purposes of performing the installation and commissioning services of Mitsubishi Electric branded devices by the authorized services of the Company and for the maintenance and repair services of Mitsubishi Electric branded devices carried out by the authorized services of the Company.

   Your personal data will be shared with authorized service providers of the Company for the purposes mentioned above.

3 Processing of Visitors’ Personal Data

If visitors come to the Company’s building or premises, personal data processing activities are carried out in order to ensure building and facility security, keep records of visitors properly, prevent and detect crime, and provide information to authorised institutions and organisations when necessary.

These personal data processing activities are carried out by means of:

• keeping camera records within the scope of monitoring activities carried out through the camera (CCTV) system in the buildings,
• keeping internet access records within the scope of providing internet access to visitors,
• keeping records of entry and exit of visitors.

1. a) Keeping camera records

   Camera surveillance activities are carried out in the Company’s premises. In areas where camera surveillance is carried out, the relevant persons are informed with warning signs regarding the surveillance.

   The Company carries out camera surveillance activities and keeps the necessary records in order to:

   • assist in the prevention and detection of crime;
   • facilitate the identification, arrest and prosecution of offenders and public disorder offenders;
   • help ensure public safety and the security of the Company’s facilities and buildings;
   • assist in identifying actions that may result in the initiation of disciplinary proceedings against employees.

   The images recorded automatically in electronic media by means of the aforementioned camera system shall be retained for 30 days from the date of capture, unless they need to be retained for a longer period of time as evidence or for the investigation of the offence, or unless required by the legislation.

   Camera footage may be shared with authorised institutions and organisations when necessary or in case of a legal request in order to help prevent and detect crime, facilitate the identification, arrest and prosecution of those who commit crimes and disrupt public order, and perform our legal obligations. Responsibility for the operation of cameras within the company, their management and all other matters related to the camera operating system are specified in the Policy on CCTV Use.

   The processing of personal data through the retention of camera recordings is necessary for the Company to fulfill its legal obligations, to protect and exercise the legal rights of the Company, and for the legitimate interests of the Company in preventing crime and ensuring security.

1. b) Keeping records of internet access

   Some personal data is processed when visitors connect to the Company’s internet network as guest users.

   These personal data include the person’s name, surname, title and company information, mobile phone number, internet access records such as the start and end time of internet use, IP address, MAC address, internet pages visited and log records. This information is not disclosed to any third party outside the Company, except for sharing it with authorised institutions and organisations in order to perform our legal obligations in case of a legal request.

   The specified personal data is processed for the purposes of conducting activities in compliance with regulations, providing information to authorized individuals/organizations in necessary cases or legal requests, granting internet access to visitors as guest users, and ensuring information security.

   Internet access records are kept and personal data is processed automatically in the electronic media based on the legal grounds that the personal data processing activity is clearly foreseen in the Law No. 5651 on Regulation of Internet Publications and Prevention of Crimes Committed through Such Publications, for the purpose of compliance with our legal obligations under the Regulation on Providers for Mass Use of the Internet (Official Gazette Date and No: 11.04.2017, 30035) and providing right to access by giving internet access to you as visitor.

   Personal data processed within this scope is kept for two years, which is the legal period.

1. c) Keeping records of entry and exit of visitors

   Some personal data of individuals is processed in case they visit the Company as visitors.

   These personal data is T.R. identification number, identity information in the form of name and surname, building entrance and exit time, name of the company he/she works for and visit information in the form of the person visited. This information is not disclosed to any third party outside the Company, except for sharing it with authorised institutions and organisations in order to perform our legal obligations in case of a legal request.

   The specified personal data is processed for the purposes of carrying out the activities in accordance with the legislation, creating and tracking visitor records, ensuring the security of the physical space, ensuring the security of the Company’s fixtures, employees, premises and facilities, and providing information to authorised persons/institutions and organisations.

   Personal data is processed in the physical environment based on the legal grounds that the Company has a legitimate interest in performing our legal obligations and ensuring the security of the Company’s buildings and employees by keeping visitors’ entry and exit records.

4 Processing of Personal Data of Candidates in Recruitment Processes

Personal data can be processed in order to carry out recruitment processes within the scope of candidate’s application for an ad we have published or information provided for job application to areas such as İŞKUR candidate database, career sites.

Personal data may be transmitted to our Company directly by you (physically, by e-mail or through the application fields on our website), as well as candidate applications may be transmitted to the Company in electronic or physical environments through career sites, İŞKUR candidate database, our business partners that we receive support in recruitment processes.

In this context, depending on the position applied for, all personal data provided by the candidate at the time of application and during the job interviews, such as name and surname, mobile phone and telephone number, photograph, past work experience information, education level, experience outside the company, foreign language knowledge, general aptitude test result, personality inventory result, interview notes, military service status, gender, date of birth, certificates held, driving licence information, computer programs used, seminars and courses attended, salary expectation, information on why the candidate left the previous workplace is processed.

In the recruitment process for certain positions, health information may be processed solely to assess whether the candidate is physically fit for the job and information about criminal convictions/records may be processed to determine whether there is any legal impediment to the individual’s employment in the respective position. This data is processed only for the specified purposes and is not used for other purposes.

The specified personal data is processed for the purposes of conducting employee candidate job application and recruitment processes, conducting reference research on employee candidates, conducting selection and placement processes for employee candidates, conducting general aptitude test and personality inventory processes for employee candidates.

The processing of personal data of candidates in the recruitment processes is carried out based on the legal ground of the legitimate interests of the Company to ensure that the candidate can exercise their application right and to establish the necessary human resources for the Company to continue its activities. In the absence of these legal reasons, personal data is processed based on the legal reason of "explicit consent" if the candidate gives explicit consent to the personal data processing activity.

5 Processing of Personal Data of Employees and Authorized Representatives of the Authorized Services and Dealers

As the data of legal entities is not accepted as personal data, this data is not included in the scope of this Policy. However, the personal data of employees and authorized representatives of the authorised services and dealers with whom we have business partnership within the scope of authorised service and dealer relationship is processed in the ordinary course of our operations.

Personal data of the employees and authorized representatives of the authorized services and dealers is processed for the purposes of planning and/or execution of contract and proposal processes, evaluation of dealer/authorised service applications, execution of sales processes of products and services, planning and/or execution of business continuity activities within the scope of execution of ordinary operational processes, management of relations with dealers and authorised services and execution of communication activities within the scope of these relations, planning and/or execution of after-sales support services activities, planning and execution of logistics activities, execution of product and service production/operation processes, planning and execution of trainings for authorised service/dealer employees, organisation and event management, execution of finance and accounting works, follow-up of requests and complaints, planning and execution of financial risk processes, execution of storage and archive activities, planning and execution of business activities, execution of customer relationship management processes, planning of project processes, planning and follow-up of performance evaluation processes, execution of activities in accordance with the legislation, carrying out import and export processes, carrying out the necessary operational activities for the realisation of payment and collection processes, carrying out the assembly-installation and discovery processes of the products, carrying out brand tracking processes, following and supervising authorised service and dealer processes, business activities, carrying out advertising/campaign/promotion/publicity processes, following and carrying out legal affairs, carrying out progress payment processes, carrying out audit and ethical activities.

Personal data of company partners, officials and/or employees may be processed within the scope of applications made to the Company to become an authorised service and dealer. In this context, personal data provided to the Company is processed in order to evaluate dealer and authorised service applications and carry out the selection and evaluation processes related to these applications. At the same time, within the scope of the execution of the processes of signing agreements with authorised services and dealers, the personal data of the signatories in the company’s signature circular is also processed.

The personal data of authorized service and dealer employees and officials is processed in electronic and physical environments based on legal grounds such as the establishment or performance of the contract, the necessity of personal data processing for the fulfillment of the legal obligations of the Company, processing of personal data for the establishment, exercise, or protection of a right, and the legitimate interests of the Company in continuing its ordinary operational activities within the scope of authorized service and dealer processes.

6 Processing of Personal Data of Employees and Authorized Representatives of the Suppliers and Business Partners

As the data of legal entities is not accepted as personal data, this data is not included in the scope of this Policy. However, the personal data of the supplier companies from which services is received within the scope of the supply of goods and services and the employees and authorized representatives of the business partners with whom we have business partnerships in order to carry out the activities/operations of the Company is processed in the ordinary course of operations.

Personal data of the employees and authorized representatives of the suppliers and business partners is processed for the purposes of management of relations with business partners and/or suppliers, execution of supplier selection, proposal and contract processes, execution of goods/service production and operation processes, planning and/or execution of after-sales support services activities, execution of sales and shipment processes of products, execution of supply chain management processes, planning and execution of logistics activities, planning and execution of market research activities, execution of import and export processes, execution of financial and accounting affairs, follow-up and execution of legal affairs, execution of audit and ethical activities, planning and execution of financial risk processes, planning and follow-up of business activities, organisation and event management, communication in order to carry out business processes in the ordinary course of operations.

At the same time, within the scope of the execution of the processes of signing agreements with suppliers and business partners, the personal data of the signatories in the company's signature circular is also processed.

The personal data of the employees and authorized representatives of the suppliers and business partners is processed electronically and physically based on the legal grounds that the personal data processing is necessary for the Company to fulfill its legal obligations Company (e.g. issuing an invoice in the name of the company), to protect and exercise the legal rights of the Company right (e.g., establishing right to accommodation through booking for the authorized representative of the business partner who will visit the Company) and for the legitimate interests of the Company in receiving support within the scope the supply of goods and services by the Company and maintaining ordinary operations with the business partners.

VI Principles of Personal Data Processing

The Company informs its employees and takes all necessary administrative/technical measures to ensure compliance with the following five main principles in all operations regarding the personal data, starting from the moment personal data is collected in accordance with the Law until the moment it is destroyed:

• Lawfulness and fairness
• Being accurate and kept up to date where necessary.
• Being processed for specified, explicit and legitimate purposes.
• Being relevant, limited and proportionate to the purposes for which they are processed.
• Being stored for the period laid down by relevant legislation or the period required for the purpose for which the personal data are processed.

In this context, the Company acts in accordance with the legislation and in good faith while processing personal data. In this context, the relevant persons are informed about the personal data processing activities through information notices in the relevant channel and ensuring compliance with the principles of processing personal data for specific, explicit, and legitimate purposes, and ensuring that processing is relevant, limited, and proportionate to these purposes. Personal data is deleted, destroyed or anonymised when the purpose of processing no longer exists.

VII Conditions of Personal Data Processing

Personal data processing conditions are set out in Articles 5 and 6 of the Law. The Company takes into consideration the data processing conditions set out in Article 5 of the Law when processing personal data other than special categories of personal data and Article 6 of the Law when processing special categories of personal data.

1 Conditions for Processing Personal Data Other Than Special Categories of Personal Data

The conditions for the processing of personal data other than special categories of personal data is set out in Article 5 of the Law as follows:

• It is expressly provided for by the laws,
• It is necessary for the protection of life or physical integrity of the person himself/herself or of any other person, where the data subject is unable to express their consent due to physical impossibility or where their consent is not legally recognized,
• Processing of personal data of the parties of a contract is necessary, provided that it is directly related to the execution or performance of the contract,
• It is necessary for the Company to fulfil its legal obligations,
• Personal data have been made public by the data subject himself/herself,
• Data processing is necessary for the establishment, exercise or protection of any right,
• Processing of data is necessary for the legitimate interests of the Company.
• Explicit consent of the data subject will be used in the absence of at least one of the above-mentioned data processing conditions.

2 Conditions for Processing Special Categories of Personal Data

Special categories of personal data are defined in the Law as race, ethnic origin, political opinion, philosophical belief, religion, religious sect or other belief, appearance, membership to associations, foundations or trade-unions, data concerning health, sexual life, criminal convictions and security measures, and the biometric and genetic data. The conditions for the processing special categories of personal data are set out in Article 6 of the Law as follows:

• Explicit provision in the law for special categories of data other than health and sexual life,
• For information on health and sexual life, the processing of these data by persons or authorised institutions and organisations under the obligation of confidentiality for the purposes of protecting public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing.
• Explicit consent of the data subject in the absence of at least one of the above-mentioned data processing conditions.

VIII Disclosure of Personal Data

Personal data processed by the Company may be transferred to third parties within the framework of the principles specified in the Law. In this context, personal data is shared domestically and internationally with the following parties and purposes:

• with Mitsubishi Electric Group Companies for the purposes of execution of reporting processes, follow-up and management of proposal and contract processes, execution of order, production and operation processes of products and services, execution of warranty processes, execution of project follow-up processes, follow-up of agreement processes, execution of reference customer processes, follow-up and execution of audit, legal and legal compliance processes,
• with the authorized services for the purposes of execution of after-sales service processes such as assembly, commissioning, maintenance and breakdown, follow-up and supervision of authorised service business activities, follow-up of requests and complaints, execution of operational processes necessary to benefit from products and services, execution of customer relations processes,
• with the dealers for the purposes of execution of sales processes of products and services, follow-up and supervision of dealer business activities, follow-up of requests and complaints, execution of operational processes necessary for the utilisation of products and services, execution of customer relations processes,
• with the consultants, suppliers and business partners providing services and goods for the purpose of procurement of goods and services for the Company, execution of procurement processes,
• with the authorized organizations and institutions for the purposes of performance of activities in accordance with the legislation, follow-up and execution of legal affairs, providing information to authorised persons/institutions and organisations.

For the purpose of such personal data sharing, personal data is shared with the specified parties based on one or more of the legal reasons for the establishment, protection, use of a right, legal obligation of the data controller, legitimate interest.

IX Retention of Personal Data and Data Security Measures

Your personal data may be stored by the Company for the following periods:

• The periods stipulated in all applicable legislation to which the Company is subject;
• Until the purposes for processing your personal data no longer exist;
• For the time necessary to provide our products and services.

In case none of these periods are available to continue the personal data processing activity, personal data is deleted, destroyed or anonymised by the Company.

In addition, the Company takes necessary technical and administrative measures to prevent unlawful processing of personal data, prevent unlawful access to data and ensure the safe storage of data.

Below you can find the main technical and administrative measures taken by the Company regarding data security:

• Network security and application security are ensured.
• Security measures are taken within the scope of procurement, development and maintenance of information technology systems
• Disciplinary regulations with data security provisions are in place for employees.
• Training and awareness raising activities on data security are carried out at regular intervals for employees.
• An authorisation matrix has been created for employees.
• Access logs are kept regularly.
• Corporate policies on access, information security, use, storage and disposal have been prepared and started to be implemented.
• Confidentiality commitments are made.
• The authorisation of employees who change their duties or leave their jobs in this area is cancelled.
• Up-to-date anti-virus systems are used.
• Firewalls are used.
• The signed agreements contain data security provisions.
• Personal data security policies and procedures have been adopted.
• Personal data security is monitored.
• Necessary security measures are taken regarding entry and exit to physical environments containing personal data.
• Physical environments containing personal data is secured against external risks (fire, flood, etc).
• The security of environments containing personal data is ensured.
• Personal data is minimised as far as possible.
• Internal periodic and/or random audits are carried out and procured.
• Log records are kept without user intervention.
• Existing risks and measures have been identified.
• If sensitive personal data is to be sent via electronic mail, it is sent encrypted and using KEP or corporate mail account.
• Intrusion detection and prevention systems are used.
• Penetration test is performed.
• Cyber security measures have been taken and their implementation is constantly monitored.
• Encryption is performed.
• Sensitive personal data transferred in portable memory, CD, DVD media are encrypted.
• Extra security measures are taken for personal data transferred via paper and the relevant document is sent in confidential document format.

In addition to those mentioned herein, special additional technical and administrative measures are also taken by the Company, taking into account the nature of personal data and the degree of confidentiality required.

X Rights Regarding the Personal Data

The Company has the title of data controller regarding the processing of your personal data. For this reason, data subjects may apply to the Company regarding the following rights regarding the processing of their personal data:

• Learning whether your personal data is being processed - You can get information from us about whether we process your personal data.
• Requesting information if we process your personal data - You have the right to receive information about how we process your personal data.
• Learning the purpose of processing your personal data and whether they are used in accordance with their purpose - You have the right to receive information about whether we use your personal data for the purpose for which they were obtained.
• Knowing the third parties to whom we transfer your personal data, if any, domestic or abroad - If there are third parties to whom we transfer your personal data, you can get information about them from us.
• To request correction of your personal data in case of incomplete or incorrect processing of your personal data and to request us to notify the third parties to whom we transfer personal data, if any, of the transaction made within this scope - You can apply to us for the correction of personal data that you think we have processed incompletely or incorrectly. In this case, we will update your data at your request. In cases where we transfer personal data to third parties, we also inform the third parties for the correction of the data.
• Even though we process your personal data in accordance with the Law and the applicable legislation, you have the right to request the deletion or destruction of your personal data in the event that the reasons requiring its processing disappear and to request us to notify the third parties to whom we have transferred your personal data, if any, of the transaction made within this scope - You have the right to request the deletion or destruction of your personal data. Please inform us if the reason for processing your personal data no longer exists. Where we are unable to fulfil your request, we will inform you of the reason why (for example, if we have a legal obligation that requires us to retain your personal data).
• You have the right to object if there are cases where a result arises against you by analysing your personal data that we process exclusively through automated systems - If you think that the result arising in cases where your personal data is analysed exclusively through automated systems is against you, you have the right to apply to us in this regard. Upon a favourable evaluation of the objection, we will ensure that the relevant result is corrected.
• Request compensation for damages in case you suffer a loss due to unlawful processing of your personal data - In case you suffer damages due to unlawful processing of your personal data, you have the right to request compensation for your loss.

You can always contact us for more information about the scope of your rights and to exercise your rights. If you submit your request regarding your rights to us, we will finalise your application as soon as possible and within thirty days at the latest, taking into account the nature of your request.

We request you to complete Application Form for Protection of Personal Data and send it to us so we can determined whether you are entitled to apply or we can respond to your request efficiently.

We do not charge you a separate fee for exercising your rights. However, if your request requires an additional cost, we may charge you the fee in the tariff determined by the Law. In such a case, you will also be informed about the additional cost.

XI Questions About the Policy

This Policy has been prepared to inform the relevant persons on all matters related to the processing of your personal data. However, it is one of the general principles of the Company to answer all questions regarding personal data in a transparent and understandable manner within the scope of this Policy.

Therefore, if you have any questions regarding the Policy, you can contact us via the contact information below:

Address: Şerifali Mah. Kale Sok. No:41 34775 Ümraniye – İstanbul

Telephone: +90216 969 25 00

E-mail: kvkk@tr.mee.com