PRIVACY AND PERSONAL DATA PROCESSING AND PROTECTION

POLICY

INTRODUCTION

Purpose and Scope

As Vante Engineering Software Import Export and Trade Limited Company, we attach utmost importance to protecting the personal data of all individuals we come into contact with during our operations, including our customers, employees, visitors, and business partners, as a constitutional right, and to ensuring compliance with the regulations stipulated in Personal Data Protection Law No. 6698.

In this regard, as the Data Controller, we take all necessary technical and administrative measures to prevent the unlawful processing of personal data, unlawful access to such data, and to ensure the safeguarding of personal data.

As Vante Engineering Software Import Export and Trade Limited Company, with this Privacy and Personal Data Processing and Protection Policy, we aim to inform you about our systems and fundamental principles for processing, transfer, protection, storage, and destruction of personal data.

This Policy covers all physical and electronic data recording systems and media used for the processing of personal data and special categories of personal data, either automatically or non-automatically, provided that they are part of any data recording system.

Definitions

Explicit Consent: Consent based on information and expressed freely on a specific subject.

Constitution: Constitution No. 2709 of the Republic of Turkey.

Relevant Person: The natural person whose personal data is processed.

Destruction: The deletion or destruction of personal data.

Personal Data: Any information relating to an identified or identifiable natural person.

Personal Data Processing Inventory: Personal data processing activities carried out by data controllers in connection with their business processes; This is a personal data processing inventory, which is created by associating personal data with the purposes of processing, the data category, the recipient group to which it is transferred, and the data subject group. It details the maximum period required for the purposes for which personal data is processed, the personal data planned to be transferred to foreign countries, and the measures taken for data security.

Anonymizing Personal Data: Anonymizing personal data means rendering personal data incapable of being associated with an identified or identifiable natural person, even when matched with other data.

Destruction of Personal Data: The process of deleting, anonymizing, or destroying personal data.

Deletion of Personal Data: The process of rendering personal data inaccessible and reusable by the relevant users.

Destruction of Personal Data: Destruction of personal data is the process of rendering personal data inaccessible, irretrievable, and reusable by anyone.

KVK Board: The Personal Data Protection Board.

KVKK: Law No. 6698 on the Protection of Personal Data.

Special Personal Data: Data related to an individual's race, ethnic origin, political views, philosophical beliefs, religion, sect or other beliefs, appearance and dress, membership in associations, foundations or unions, health, sexual life, criminal convictions, and security measures, as well as biometric and genetic data.

Periodic Destruction: This refers to the process of deleting, destroying, or anonymizing personal data, which is carried out ex officio at recurring intervals, as specified in the storage and destruction policy, if all personal data processing conditions stipulated in the KVKK cease to exist.

Policy: This refers to the Privacy and Personal Data Processing and Protection Policy.

Product or Service Recipient: This refers to a natural or legal person who has a contractual relationship with Vante.

Vante: This refers to Vante Engineering Software Import Export and Trade Limited Company.

Data Processor: This refers to a natural or legal person who processes personal data on behalf of the data controller based on the authorization granted by the data controller.

Data Recording System: A recording system in which personal data is structured and processed according to specific criteria.

Data Controller: The natural or legal person responsible for determining the purposes and means of processing personal data and for establishing and managing the data recording system.

GENERAL PRINCIPLES REGARDING THE PROCESSING OF PERSONAL DATA

In accordance with Article 20 of the Constitution and Article 4 of the Personal Data Protection Law (KVKK), Vante processes personal data in accordance with the law and principles of fairness, accurately and, where necessary, up-to-date, pursuant to specific, clear, and legitimate purposes, in a purpose-related, limited, and proportionate manner. In this context, in accordance with Article 5 of the KVKK, Vante processes personal data based on one or more of the conditions stipulated in Article 5 of the KVKK regarding the processing of personal data.