Personal Data Protection and Processing Policy

VOLT TEKNOLOJİ GELİŞTİRME VE MÜHENDİSLİK A.Ş.

PERSONAL DATA PROTECTION AND PROCESSING POLICY

For:

All-natural persons except employees of Volt Teknoloji Geliştirme Ve Mühendislik A.Ş. whose personal data is processed by Volt Teknoloji Geliştirme Ve Mühendislik A.Ş.

Prepared by:

Volt Teknoloji Geliştirme Ve Mühendislik A.Ş.

Approved by:

Volt Teknoloji Geliştirme Ve Mühendislik A.Ş. administrative board.

VERSION: 2.0

Date of Effect: 23/03/2022

© Volt Teknoloji Geliştirme Ve Mühendislik A.Ş., 2022

This document cannot be reproduced or distributed without the written permission of Volt Teknoloji Geliştirme Ve Mühendislik A.Ş.

 

CONTENT

1.INTRODUCTION…………………………………………………………………………………………………………………………………………- 5 –

1.1Introduction………………………………………………………………………………………………………………………………….- 5 –

1.2Aim of the Policy………………………………………………………………………………………………………………………………….- 5 –

1.3Scope of the Policy………………………………………………………………………………………………………………………………….- 5 –

1.4Definitions………………………………………………………………………………………………………………………………….- 5 –

1.5Enforcement of the Policy………………………………………………………………………………………………………………………………….- 7 –

2.PROTECTION OF PERSONAL DATA…………………………………………………………………………………………………………………………………………- 8 –

2.1Security of Personal Data………………………………………………………………………………………………………………………………….- 8 –

2.2Supervision………………………………………………………………………………………………………………………………….- 8 –

2.3Privacy………………………………………………………………………………………………………………………………….- 8 –

2.4Unauthorized Disclosure of Personal Data………………………………………………………………………………………………………………………………….- 8 –

2.5Protection of the Legal Rights of Data Subjects………………………………………………………………………………………………………………………………….- 8 –

2.6Protection of Sensitive Personal Data………………………………………………………………………………………………………………………………….- 8 –

3.PROCESSING AND TRANSFER OF PERSONAL DATA…………………………………………………………………………………………………………………………………………- 9 –

3.1General Principles of Processing and Transfer of Personal Data………………………………………………………………………………………………………………………………….- 9 –

3.1.1Conforming with the Law and Good Faith………………………………………………………………………………………………………………………………- 9 –

3.1.2Being Accurate and Up to Date If Necessary………………………………………………………………………………………………………………………………- 9 –

3.1.3Being Processed for Specified, Explicit, and Legitimate Interests………………………………………………………………………………………………………………………………- 9 –

3.1.4Being Relevant, Limited and Proportionate to the Purpose for which Data is Processed………………………………………………………………………………………………………………………………- 9 –

3.1.5Being Stored Only for the Time Specified in Relevant Legislation or Required for the Processing Purpose………………………………………………………………………………………………………………………………- 9 –

3.2Conditions of Processing Personal Data………………………………………………………………………………………………………………………………….- 10 –

3.2.1It is expressly permitted by any law………………………………………………………………………………………………………………………………- 10 –

3.2.2It is necessary to protect the life or physical integrity of the data subject or another person where the data subject is physically or legally incapable of giving consent………………………………………………………………………………………………………………………………- 10 –

3.2.3It is necessary to process personal data of parties of a contract, provided that the processing is directly related to the execution or performance of the contract………………………………………………………………………………………………………………………………- 10 –

3.2.4It is necessary for compliance with a legal obligation which our company is subject to………………………………………………………………………………………………………………………………- 10 –

3.2.5The relevant information is manifestly made public by the data subject himself/herself………………………………………………………………………………………………………………………………- 10 –

3.2.6It is necessary for the institution, usage, or protection of a right………………………………………………………………………………………………………………………………- 10 –

3.2.7It is necessary for the legitimate interests of the data controller, provided that the fundamental rights and freedoms of the data subjects are not harmed………………………………………………………………………………………………………………………………- 11 –

3.3Conditions of Processing Sensitive Personal Data………………………………………………………………………………………………………………………………….- 11 –

3.3.1It is expressly permitted by any law………………………………………………………………………………………………………………………………- 11 –

3.3.2Planning and management of health services and financing for public health protection, preventive medicine, medical diagnosis, treatment and care services………………………………………………………………………………………………………………………………- 11 –

3.4Conditions of Personal Data Transfer………………………………………………………………………………………………………………………………….- 11 –

3.4.1Conditions of Personal Data Transfer Abroad………………………………………………………………………………………………………………………………- 12 –

4.PERSONAL DATA CATEGORIES AND DATA SUBJECTS…………………………………………………………………………………………………………………………………………- 12 –

4.1Personal Data Categories………………………………………………………………………………………………………………………………….- 12 –

4.2Data Subjects………………………………………………………………………………………………………………………………….- 13 –

5.METHODS OF COLLECTING PERSONAL DATA AND CAUSE OF ACTION…………………………………………………………………………………………………………………………………………- 15 –

5.1Method of Collecting Personal Data………………………………………………………………………………………………………………………………….- 15 –

5.2Cause of Action………………………………………………………………………………………………………………………………….- 15 –

6.PROCESSING PURPOSES OF PERSONAL DATA…………………………………………………………………………………………………………………………………………- 16 –

6.1Matching Data Subject Groups with the Processing Purposes Related to Personal Data Categories………………………………………………………………………………………………………………………………….- 16 –

6.2Personal Data Processing Activities Performed in Physical Spaces………………………………………………………………………………………………………………………………….- 19 –

6.3Personal Data Processing Activities Performed on the Website………………………………………………………………………………………………………………………………….- 19 –

6.4Personal Data Processing Activities Performed Through Communication Channels………………………………………………………………………………………………………………………………….- 19 –

7.TRANSFER PURPOSES OF PERSONAL DATA AND RECIPIENTS                    – 19 –

7.1Transfer Purposes of Personal Data………………………………………………………………………………………………………………………………….- 19 –

7.2Recipients………………………………………………………………………………………………………………………………….- 20 –

8.DESTRUCTION AND STORAGE PERIODS OF PERSONAL DATA…………………………………………………………………………………………………………………………………………- 20 –

8.1Destruction of Personal Data………………………………………………………………………………………………………………………………….- 20 –

8.2Storage Periods of Personal Data………………………………………………………………………………………………………………………………….- 21 –

9.INFORMING DATA SUBJECTS AND THEIR RIGHTS UNDER THE LAW OF KVK            – 21 –

9.1Informing Data Subjects………………………………………………………………………………………………………………………………….- 21 –

9.2Cases in which the Policy and the Law shall not apply wholly or partly………………………………………………………………………………………………………………………………….- 21 –

9.3Rights of Data Subjects under the Law of KVK………………………………………………………………………………………………………………………………….- 22 –

 

1. INTRODUCTION

1.1 Introduction

Volt Teknoloji Geliştirme Ve Mühendislik A.Ş. (“Company”) attaches the utmost importance to protecting the fundamental rights and freedoms of persons in the protection and processing of personal data, especially the right to privacy as set out in Article 20 of the Constitution. In this context, it pays attention to protect and process personal data under the Law No. 6698 on Protection of Personal Data (“Law” or “Law of KVK”) and acts with this understanding in all its planning and activities.

Our company does not only evaluate the protection and processing of personal data, which is the basis of the right to privacy, within the scope of compliance with the legislation, but puts the value it gives to persons based on its approach. Acting with this awareness, our company takes all necessary administrative and technical measures for the protection and processing of personal data under the Law.

1.2 Aim of the Policy

The purpose of the Personal Data Protection and Processing Policy (“Policy”) is to protect the fundamental rights and freedoms of persons to the maximum extent, especially the right to privacy as set out in Article 20 of the Constitution, in the protection and processing of personal data, which is processed wholly or partly automatic ways under the purpose of the law, or by non-automatic means being part of any data filing system and is to inform the data subjects about the obligations, procedures and principles of our company and under the law. The main goal is to ensure full compliance with the legislation in the protection and processing of personal data performed by our company and to protect the right to privacy and data security right of the data subject.

1.3 Scope of the Policy

This policy is prepared for and shall be under the specified persons being a natural person: Potential Employees, Trainees, Authorized Persons/Employees of Customer, Authorized Persons/Employees of Potential Customer, Shareholders/Partners, Authorized Persons of the Company, Authorized Persons/Employees of Business Partner, Authorized Persons/Employees of Subcontractor, Authorized Persons/Employees of Supplier, Family Members of Employees/Authorized Persons, Visitors, and Third Parties. By publishing this Policy on our website, we inform these data subjects about the Law. This Policy shall not be applied to legal entities in any capacity whatsoever. For employees of our company, the “Personal Data Processing Policy for Employees” shall apply.

This policy shall apply to the above-mentioned persons if their data is processed by our company in a wholly or partly automated way, or in a non-automated way being a part of any data filing system. This policy shall not be applied if the data is not included in the scope of “Personal Data” or if the personal data processing performed by our company are not covered by the above-mentioned means.

1.4 Definitions

The concepts used in the enforcement of this policy mean the following meanings:

Explicit Consent

Freely given specific and informed consent.

Manifestly Made Public

The concept of manifestly made public in the sense of “making it known to all“ is considered as one of the exceptions in Article 5 of the Law No. 6698, “the requirement to obtain the explicit consent of the natural person whose personal data is processed”, which is necessary for the processing of personal data.

Obligation to Inform

The data controller must inform the persons to whom their data may be processed, for which purposes and for which legal reasons, and for which purposes it may be transferred.

Relevant User

The person who processes personal data within the data controller organization or under the authority and instruction received from the data controller, except for the person or unit who is technically responsible for storing, protecting and backing up data.

Destruction

It refers to the deletion, destruction, or anonymization of personal data.

Processing of Personal Data

Any operation which is performed upon personal data such as collection, filing, storage, preservation, alteration, adaptation, disclosure, transfer, retrieval, making available for collection, categorization or blocking its use by wholly or partly automatic means or otherwise than by automatic means which form part of a filing system.

Board

Personal Data Protection Board

Relevant Persons / Data Subjects

It refers to Potential Employees, Trainees, Authorized Persons/Employees of Customer, Authorized Persons/Employees of Potential Customers, Shareholders/Partners, Authorized Persons of the Company, Authorized Persons/Employees of Business Partners, Authorized Persons/Employees of Subcontractor, Authorized Persons/Employees of Suppliers, Family Members of Employees/Authorized Persons, Visitors and Third Parties whose personal data is processed (including sensitive personal data).

Personal Data

Any information related to an identified or identifiable natural person.

Authority

Personal Data Protection Authority

Processing Data Automatically

It is a self-performing processing activity performed by processor-owning devices such as computers, phones, watches, without human intervention within the scope of algorithms prepared in advance through software or hardware features.

Sensitive Personal Data

Data related to race, ethnic origin, political opinions, philosophical beliefs, religion, sect or other beliefs, appearance and dressing, membership of an association, foundation or trade-union, health, sexual life, criminal conviction and security measures, and biometrics and genetics are sensitive personal data.

Registry

Data Controllers’ Registry

Company

Volt Teknoloji Geliştirme Ve Mühendislik A.Ş.

Data Processor

Natural or legal person who processes personal data based on the authority granted by and on behalf of the data controller.

Filing System

Any recording system through which personal data is processed by structuring according to specific criteria.

Data Categories

It is a class of personal data belonging to a group or groups of people, in which personal data is categorized according to their common characteristics.

Data Subject

A natural person whose personal data is processed.

Data Controller

Natural or legal person who determines the purposes and means of the processing of personal data, and who is responsible for the establishment and management of the filing system.

1.5 Enforcement of the Policy

The Policy, which came into force on 01.04.2017 and regulated by Volt Teknoloji Geliştirme Ve Mühendislik A.Ş. is published on the company’s website (www.voltteknoloji.com.tr) and made available to data subjects.

2. PROTECTION OF PERSONAL DATA

1.

2.1 Security of Personal Data

Under the Law, our company takes all necessary administrative and technical measures to ensure the appropriate level of security to store personal data securely and to prevent the illegal processing and access of personal data. The administrative and technical measures taken regarding the security of personal data are detailed in the Personal Data Storage and Destruction Policy of our company.

Our company has established the “Personal Data Protection Management System” to ensure compliance with the regulations in the Law and other legislation and it has created Personal Data Protection Committee within its body to ensure the implementation of the policy and other related policies.

2.2 Supervision

Our company conducts the necessary supervision to establish the data security described above and to ensure the regularity and continuity of the measures taken. The Personal Data Protection Committee supervises the measures taken for the security of personal data.

2.3 Privacy

Our company takes all necessary administrative and technical measures according to technological facilities and application costs to ensure that the relevant data controllers and processors do not disclose their data to anyone in violation of the provisions of Law and Policy and do not use it for processing. In this context, information and training activities about the Law and Policy are carried out for the employees of the company, and confidentiality agreements are signed as part of the recruitment processes of the employees.

2.4 Unauthorized Disclosure of Personal Data

If the personal data processed by our company is obtained by others in ways that are not under the law, our company shall take the necessary actions to inform the data subject and the Board within the periods determined by the Board of this situation. If necessary, this shall be announced on the website of the Board or by any other method deemed appropriate by the Board.

2.5 Protection of Legal Rights of Data Subjects

Our company respects and takes all necessary measures to protect the legal rights of data subjects concerning the enforcement of the Policy and the Law.

2.6 Protection of Sensitive Personal Data

Data related to race, ethnic origin, political opinions, philosophical beliefs, religion, sect or other beliefs, appearance and dressing, membership of an association, foundation or trade-union, health, sexual life, criminal conviction and security measures, and biometrics and genetics are sensitive personal data. Our company is aware of the fact that sensitive personal data is data that, if learned by others, could cause the data subject to be suffered or discriminated, and therefore takes the appropriate measures determined by the Board to protect such personal data, which is processed under the law, with precision. Within this framework, it has a separate policy (Security Policy of Sensitive Personal Data) and a systematic procedure, clearly defined, manageable, and sustainable.

3. PROCESSING AND TRANSFER OF PERSONAL DATA

2.

3.1 General Principles of Processing and Transfer of Personal Data

Personal data is processed by our company under the procedures and principles set out in the Law and this policy. Our company complies with the following principles when processing personal data.

3.1.1 Conforming with the Law and Good Faith

Our company processes and uses personal data under the relevant legislation and the requirements of good faith. Following the principle of conforming with the good faith, our Company considers the interests and reasonable expectations of data subjects when trying to achieve its objectives in data processing. It acts in a way that prevents the appearance of results that the data subject does not expect and does not need to expect. Under the principle, it also ensures that the data processing in question is transparent for the data subject and acts under the notifying and warning obligations.

3.1.2 Being Accurate and Up to Date if Necessary

Our company ensures that the personal data it processes is accurate and up-to-date, taking into account the fundamental rights and legitimate interests of data subjects. In this context, it considers carefully the issues such as certainty of sources from which data is obtained, confirmation of its accuracy, evaluation of whether it needs to be updated. Our company keeps channels open to ensure that information of the data subject is accurate and up-to-date at all times under the due diligence. Keeping personal data accurate and up-to-date is essential in protecting the interests of our company as well as in protecting the fundamental rights and freedoms of data subjects.

3.1.3 Being Processed for Specified, Explicit, and Legitimate Purposes

Our company determines the purpose of data processing clearly and precisely and ensures that this purpose is legitimate. If the purpose is legitimate, it means that the personal data our company processes is related to and necessary for the work it has performed or the service it has provided. Our company does not process data for other purposes other than those stated. In this respect, it is sensitive to compliance with the principle of certainty and clarity in legal transactions and texts in which personal data processing purposes are explained.

3.1.4 Being Relevant, Limited and Proportionate to the Purposes for which Data is Processed

Our company considers the personal data processed to be convenient for the achievement of the stated objectives and avoids the processing of data that is not relevant to the achievement of the purpose or that is not needed. Our company does not collect or process personal data for purposes that do not exist and are considered to occur later. It performs the processing conditions set out in the act as if it is the first time it has started processing data to fulfill the needs that are likely to arise later. It also limits the processed data to only what is needed to achieve the purpose. Within the scope of the principle of proportionality, it creates a reasonable balance between data processing and its intended purpose.

3.1.5 Being Stored Only for the Time Specified in Relevant Legislation or Required for Processing Purpose

Our company complies with these conditions if there is a period stipulated in the relevant legislation to store the data; otherwise, it shall only store the personal data for the period required for the purpose for which it is processed. In the absence of a valid reason for further storage of personal data by our company, such data is deleted, destroyed or anonymized. The procedures for storing and destroying personal data are detailed in the Personal Data Storage and Destruction Policy of our company.

3.2 Conditions of Processing Personal Data

Our company does not process personal data without the explicit consent of the data subject. Personal data may only be processed in the event of one of the following conditions without the explicit consent of the data subject:

3.2.1 It is expressly permitted by any law

Our company may process personal data without seeking the explicit consent of the data subject, as expressly permitted by any law.

3.2.2 It is necessary to protect the life or physical integrity of the data subject or another person where the data subject is physically or legally incapable of giving consent

Our company may process personal data without seeking explicit consent to protect the life or physical integrity of data subjects where they are physically or legally incapable of giving consent.

3.2.3 It is necessary to process personal data of parties of a contract, provided that the processing is directly related to the execution or performance of the contract

If the processing of personal data of the parties of a contract is necessary directly related to the execution or performance of a contract, as a natural flow of life, our company may process personal data of data subjects without explicit consent, limited to this purpose.

3.2.4 It is necessary for compliance with a legal obligation which our company is subject to

Our company may process the personal data of the data subject without seeking explicit consent when it is necessary to fulfill its legal obligations as a data controller.

3.2.5 The relevant information is manifestly made public by the data subject herself/himself

Our company may process the personal data of data subjects, which is manifestly made public by them, in other words, revealed to the public in any way, only for this purpose (manifestly made public) in case it is accepted that the legal interest which should be protected in the processing of such data, which is manifestly made public by data subjects and thus becomes known to all, has been eliminated.

3.2.6 It is necessary for the institution, usage, or protection of a right

Our company may process the personal data of data subjects without explicit consent where it is legally necessary to process data for the usage or protection of a legitimate right.

3.2.7 It is necessary for the legitimate interests of the data controller, provided that the fundamental rights and freedoms of the data subject are not harmed

Our company may process the personal data of data subjects in cases where the processing of personal data is necessary to ensure the legitimate interests of the data controller, without harming the fundamental rights and freedoms protected under the Law and Policy. Our company is sensitive to comply with the basic principles regarding the protection of personal data and to observe the balance of interests between our company and data subjects. Legitimate interest is an effective, specific, and already existing one that can compete with the fundamental rights and freedom of the data subject. Our company takes additional protective measures to prevent damage to the rights of the data subject. A reasonable balance is achieved between the interests of our company and the fundamental rights and freedoms of the data subject.

3.3 Conditions of Processing Sensitive Personal Data

Our Company does not process sensitive personal data without the explicit consent of the data subject. Sensitive personal data may only be processed in the event of one of the following conditions without the explicit consent of the data subject:

3.3.1 It is expressly permitted by any law

Sensitive personal data other than the health and sexual life of the data subject may be processed without the explicit consent of the data subject, where it is expressly permitted by law.

3.3.2 Planning and management of health services and financing for public health protection, preventive medicine, medical diagnosis, treatment, and care services

Sensitive personal data related to the health and sexual life of the data subject may be processed by persons under the obligation to keep secrets or by authorized institutions and organizations, for public health protection, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing.

3.4 Conditions of Personal Data Transfer

Our company may transfer personal data to third parties based on one or more of the following personal data processing conditions under Article 8 of the Law by taking the necessary security measures:

§ The explicit consent of the data subject,

§ A clear regulation regarding the transfer of personal data in the law,

§ Personal data transfer is necessary for the protection of the life or physical integrity of the data subject or anyone else, and when the data subject is physically or legally incapable of giving consent, or his/her consent is not granted legal validity,

§ It is necessary to transfer personal data of parties of a contract, provided that it is directly related to the execution or performance of the contract,

§ It is necessary to transfer personal data for our company to fulfill its legal obligation,

§ The relevant information manifestly made public by the data subject herself/himself,

§ It is necessary to transfer personal data for the institution, usage, or protection of a right,

§ It is necessary to transfer personal data for the legitimate interests of our company, provided that the fundamental rights and freedoms of the data subject are not harmed.

Sensitive personal data may be transferred based on one of the following conditions and provided that adequate measures are taken on a limited basis:

§ The explicit consent of the data subject,

§ A clear regulation in the Law regarding the transfer of sensitive personal data of the data subject other than the health and sexual life,

§ Sensitive personal data related to the health and sexual life of the data subject may be transferred by persons under the obligation to keep secrets or by authorized institutions and organizations, for public health protection, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing.

1.1.

3.4.1 Conditions of Personal Data Transfer Abroad

Our company may transfer personal data abroad with the explicit consent of the data subject under Article 9 of the Law by taking the necessary security measures.

Besides, in case of the existence of one of the conditions specified in Article 5(2) and Article 6(3) of the Law, our company may transfer personal data without the explicit consent of the data subject only to foreign countries declared to have adequate protection by the Board or in the absence of adequate protection, to foreign countries where data controllers in Turkey and the relevant foreign country undertake adequate protection in written and have the permission of the Board without prejudice to the provisions of the International Convention to which Turkey is a party.

4. PERSONAL DATA CATEGORIES AND DATA SUBJECTS

3.

3.1.

4.1 Personal Data Categories

Personal data is processed by our company by categorized as follows:

2.

2.1.

2.2.

Identity

Data containing information about the identity of the data subject: first name, last name, ID number, marital status, parents names, place and date of birth, and other identifying information including driving license, ID card and passport copies, tax number, social security number, signature, etc.

Communication

Contact details of data subjects: phone number, address, e-mail address, registered e-mail address, fax number, etc.

Location

Information about the location of data subjects: Location information obtained when using vehicles or devices belong to Company and group companies; location data obtained from systems such as OGS (automatic toll collection system), vehicle identification and meal cards, etc.

Personnel Information

Information processed to obtain information that will be fundamental to the protection of personal rights of data subjects: CV, title, certificate of employment/termination, social security/retirement, payroll, declaration of property, disciplinary proceeding, and performance evaluation reports, etc.

Legal Process

Data processed within the scope of determination of the company’s legal claims and rights, prosecution, and performance of its debts and legal obligations: power of attorney, court and administrative authority decisions, correspondences with judicial authorities, case files, etc.

Customer Operation

Information related to natural persons within the scope of commercial activities: Customer number; order, request and instructions; call center records; invoice, note, check; box office receipts etc.

Safety of Physical Space

Personal data related to records and documents obtained when entering and inside physical spaces of the company: Entrance-exit records, magnetic card records, security camera records, license plates, etc.

Process Security

Personal data related to administrative, legal, and commercial security of data subject and the company while the company activities are performed: IP address, website traffic information, website access records, codes and passwords, etc.

Finance

Personal data processed related to information, documents, and records showing the results of any financial relationship the company has established with data subjects and information related to bank account, credit, balance sheet, financial profile, assets and insurance, etc.

Professional Experience

Information related to degree, transcript, education/course/certificate, driving license, foreign language, reference, etc. recorded during and after recruitment of data subjects.

Marketing

Information related to marketing activities of the company: Shopping history, survey, cookie records, campaigns etc.

Visual and Auditory Records

Photographs, camera, and voice records that can be received except the safety of physical space of data subjects, as well as other documents in which this data is transferred: photographs attached to documents, video interviews and meeting records, etc.

Correspondence

Information obtained from the company’s communication and information systems: Corporate phone call records, registered mail and e-mail records and contents etc.

SENSITIVE PERSONAL DATA

Health

Health information related to data subjects: examination information, bill of health, disability status, health permits, blood group etc.

Criminal Conviction and Security Measures

Documents related to information on criminal conviction and security measures decisions about data subjects: criminal records.

4.2 Data Subjects

Only natural persons may benefit from the protection of this Policy and the Law. Data subjects in this scope are categorized as follows:

Potential Employee

Natural persons who have applied to our company in any way or who have opened their CV and related information to our company’s review.

Trainee

Natural persons who learn their job by practicing in our company to improve their professional knowledge and gain experience.

Authorized Person of Customer

Authorities of natural persons or legal persons such as dealers, distributors, sales points who deliver our company’s products to the end consumer within the scope of the contractual relationship.

Employee of Customer

An identified or identifiable employee of natural persons or legal persons such as dealers, distributors, sales points who deliver our company’s products to the end consumer within the scope of the contractual relationship.

Authorized Person of Business Partner

Authorities of natural persons or legal persons not involved in categories such as Customer, Subcontractor and Supplier and are independent of our company with whom our company has a business relationship.

Employee of Business Partner

Employees of natural persons or legal persons not involved in categories such as Customer, Subcontractor and Supplier and are independent of our company with whom our company has a business relationship.

Employee/Authorized Person of Potential Customer

Employees/authorized persons of natural persons who have requested or are interested in using our products and services, or who have been assessed by the custom of trade and good faith for which they may have such interest.

Shareholder/Partner

Persons who are shareholders/partners of Volt Teknoloji Geliştirme Ve Mühendislik A.Ş.

Authorized Person of the Company

Persons who are board members of Volt Teknoloji Geliştirme Ve Mühendislik A.Ş. and other authorized persons.

Authorized Person of Subcontractor

Authorities of natural persons or legal persons with whom our company has established a relationship between the primary employer and the sub-contractor through a contract.

Employee of Subcontractor

An identified/identifiable employee of natural persons or legal persons with whom our company has established a relationship between the primary employer and the sub-contractor through a contract.

Authorized Person of Supplier

Authorities of natural persons or legal persons who provide input, raw materials or products to our company to provide a product or service.

Employee of Supplier

An identified/identifiable employees of natural persons or legal persons who provide input, raw materials or products to our company to provide a product or service.

Family Members of Employee/Authorized Person

Family members of Employee/Authorized Person of our company.

Visitor

All-natural persons who have entered the physical spaces owned by our company for various purposes or who have visited our websites for any purpose.

Third Parties

Other persons who are not covered by Volt Teknoloji Geliştirme Ve Mühendislik A.Ş. Personal Data Protection and Processing Policy for Employees, which is prepared for company employees and by any other data subject groups in this Policy. (e.g those who apply for claims and complaints, references, person reporting side effects)

5. METHOD OF COLLECTING PERSONAL DATA AND CAUSE OF ACTION

5.1 Method of Collecting Personal Data

Our company collects personal data for the purposes specified in Article 6.1 wholly or partly by automatic or non-automatic means; in all kinds of oral, written, electronic media; through, but not limited to, the following channels:

§ Job application forms,

§ Customer information forms,

§ Various documents submitted to the company,

§ Mails, e-mails and forms sent to the company,

§ Company website,

§ Social media tools,

§ Thirds parties such as the person and companies who/which our Company provides service to or from, and business partners, subcontractors, companies that provide services/products and group companies,

§ Employment companies and job-seeking portals,

§ Corporate communication accounts and devices,

§ Information systems and devices,

§ Security cameras,

§ Systems such as GPS, OGS, vehicle information, and meal cards.

5.2 Cause of Action

Our company collects personal data under Articles 5 and 6 of the Law for one of the following cause of actions:

§ Explicit consent of the data subject,

§ It is expressly permitted by any law,

§ Related information is manifestly made public by the data subject herself/himself,

§ It is necessary to process personal data of parties of a contract, provided that the processing is directly related to the execution or performance of the contract

§ It is necessary to process personal data for our company to fulfill its legal obligation,

§ It is necessary to process personal data for the institution, usage, or protection of a right,

§ It is necessary to process personal data for the legitimate interests of our company, provided that the fundamental rights and freedoms of the data subject are not harmed.

6. PROCESSING PURPOSES OF PERSONAL DATA

6.1 Matching Data Subject Groups with the Processing Purposes Related to Personal Data Categories

Matching data subject groups described above with their processing purposes for personal data categories is provided below: (Natural persons can only be involved in one group.)

Potential Employee

Data Categories: Identity, Communication, Personnel Information, Professional Experience, Visual and Auditory Records, Health, Criminal Conviction and Security Measures

Processing Purposes: Managing the Selection and Recruitment of Potential Employee/Trainee, Managing the Application Processes of Potential Employees, Conducting Communication Activities, Conducting Audit / Ethical Activities

Trainee

Data Categories: Identity, Communication, Personnel Information, Visual and Auditory Records, Process Security, Finance, Correspondence, Security of Physical Space

Processing Purposes: Managing the Selection and Recruitment of Potential Employee/Trainee, Conducting Communication Activities, Conducting Emergency Activities, Conducting/Supervising Business Activities, Conducting Activities under the Legislation, Managing Performance Assessment Process, Conducting Audit / Ethical Activities, Ensuring Security of Physical Space, Managing Finance and Accounting Process, Fulfilling Obligations Arising from Employment Contract and Legislation for Employees, Managing Information Security Process, Managing Access Authorization

Shareholder/Partner

Data Categories: Identity, Communication, Safety of Physical Space, Finance, Correspondence

Processing Purposes: Managing Finance and Accounting Process, Conducting Activities under the Legislation, Managing Investment Process, Giving Information to Authorized Persons, Institutions and Organizations, Managing and Pursuing Legal Affairs, Conducting Communication Activities, Conducting Emergency Activities, Conducting/Supervising Business Activities, Managing Contract Process, Conducting Audit / Ethical Activities, Ensuring Security of Physical Space, Conducting Management Activities

Authorized Person of the Company

Data Categories: Identity, Communication, Location, Personnel Information, Legal Process, Process Security, Safety of Physical Space, Finance, Correspondence, Professional Experience, Visual and Auditory Records, Health

Processing Purposes: Managing Finance and Accounting Process, Conducting Activities under the Legislation, Managing Ancillary Rights and Benefits Process for Employees, Managing Investment Process, Giving Information to Authorized Persons, Institutions and Organizations, Managing and Pursuing Legal Affairs, Conducting Communication Activities, Conducting Emergency Activities, Conducting/Supervising Business Activities, Managing Contract Process, Conducting Audit / Ethical Activities, Managing Assignment Process, Planning Human Resource Process, Conducting Occupational Health / Safety Activities, Ensuring Security of Physical Space, Conducting Management Activities, Managing Information Security Process, Managing Access Authorization, Ensuring the Security of Movable Property and Sources

Authorized Person of Customer

Data Categories: Identity, Communication, Finance, Customer Operation, Correspondence, Legal Process

Processing Purposes: Conducting Activities under the Legislation, Managing Contract Process, Managing and Pursuing Legal Affairs, Giving Information to Authorized Persons, Institutions and Organizations, Managing Sale Process of Goods / Services, Managing After Sales Support Process of Goods / Services, Managing Customer Relationship Management Process, Conducting Activities Related to Customer Content, Managing Loyalty Process to Company/Product/Services, Following Demands/Complaints, Managing Advertisement/Campaign/Promotion Process, Conducting/Supervising Business Activities, Conducting Communication Activities, Managing Production and Operation Process of Goods / Services, Conducting Audit / Ethical Activities

Employee of Customer

Data Categories: Identity, Communication, Customer Operation, Correspondence

Processing Purposes: Managing Sale Process of Goods / Services, Managing After Sales Support Process of Goods / Services, Managing Customer Relationship Management Process, Conducting Activities Related to Customer Content, Managing Loyalty Process to Company/Product/Services, Following Demands/Complaints, Managing Advertisement/Campaign/Promotion Process, Conducting/Supervising Business Activities, Conducting Communication Activities, Managing Production and Operation Process of Goods / Services, Conducting Audit / Ethical Activities

Authorized Person of Business Partner

Data Categories: Identity, Communication, Professional Experience, Finance, Legal Process, Correspondence

Processing Purposes: Conducting/Supervising Business Activities, Managing Finance and Accounting Process, Conducting Activities under the Legislation, Managing Contract Process, Conducting Communication Activities, Conducting Audit / Ethical Activities, Giving Information to Authorized Persons, Institutions and Organizations, Managing Assignment Process, Managing Purchase Process of Goods / Services, Managing Production and Operation Process of Goods / Services, Following Demands/Complaints, Managing and Pursuing Legal Affairs

Employee of Business Partner

Data Categories: Identity, Communication, Professional Experience, Correspondence

Processing Purposes: Conducting/Supervising Business Activities, Managing Finance and Accounting Process, Conducting Activities under the Legislation, Managing Contract Process, Conducting Communication Activities, Conducting Audit / Ethical Activities, Managing Assignment Process, Managing Purchase Process of Goods / Services, Managing Production and Operation Process of Goods / Services, Following Demands/Complaints

Authorized Person of Subcontractor

Data Categories: Identity, Communication, Finance, Legal Process, Correspondence

Processing Purposes: Conducting Activities under the Legislation, Managing Contract Process, Conducting/Supervising Business Activities, Conducting Communication Activities, Conducting Audit / Ethical Activities, Following Demands/Complaints, Managing and Pursuing Legal Affairs, Giving Information to Authorized Persons, Institutions and Organizations

Employee of Subcontractor

Data Categories: Identity, Communication, Personnel Information, Professional Experience, Correspondence, Health, Legal Process

Processing Purposes: Managing Finance and Accounting Process, Conducting Activities under the Legislation, Managing Contract Process, Conducting/Supervising Business Activities, Conducting Communication Activities, Managing Assignment Process, Planning Human Resource Process, Conducting Audit / Ethical Activities, Conducting Emergency Activities, Conducting Occupational Health / Safety Activities, Managing Access Authorization, Following Demands/Complaints

Authorized Person of Supplier

Data Categories: Identity, Communication, Finance, Security of Physical Space, Correspondence

Processing Purpose: Conducting Activities under the Legislation, Managing Contract Process, Conducting/Supervising Business Activities, Conducting Communication Activities, Conducting Audit / Ethical Activities, Following Demands/Complaints, Managing and Pursuing Legal Affairs, Giving Information to Authorized Persons, Institutions and Organizations

Employee of Supplier

Data Categories: Identity, Communication, Correspondence

Processing Purposes: Conducting Audit / Ethical Activities, Following Demands/Complaints, Conducting/Supervising Business Activities, Conducting Communication Activities, Managing Purchase Process of Goods / Services, Managing Production and Operation Process of Goods / Services

Authorized Person/Employee of Potential Customer

Data Categories: Identity, Communication, Correspondence

Processing Purposes: Following Demands/Complaints, Conducting/Supervising Business Activities, Conducting Communication Activities, Conducting Audit / Ethical Activities

Family Members of Employee/Authorized Person

Data Categories: Identity, Communication, Finance

Processing Purposes: Fulfilling Obligations Arising from Employment Contract and Legislation for Employees, Managing Ancillary Rights and Benefits Processes for Employees, Conducting Activities under the Legislation, Giving Information to Authorized Persons, Institutions and Organizations, Conducting Emergency Activities, Conducting Audit / Ethical Activities, Conducting Communication Activities

Visitor

Data Categories: Identity, Safety of Physical Space, Process Security, Marketing

Processing Purposes: Ensuring Security of Physical Space, Creating and Following Visitor Records, Conducting Audit / Ethical Activities, Managing Information Security Process, Conducting Activities under the Legislation, Managing Marketing Analysis Process, Managing Advertisement/Campaign/Promotion Process

Third Parties

Data Categories: Identity, Communication, Correspondence, Legal Process

Processing Purposes: Managing the Selection and Recruitment Process of Potential Employee/Trainee, Following Demands/Complaints, Conducting/Supervising Business Activities, Conducting Communication Activities, Conducting Audit / Ethical Activities, Managing and Pursuing Legal Affairs, Managing Contract Process, Conducting Activities under the Legislation, Giving Information to Authorized Persons, Institutions and Organizations

6.2 Personal Data Processing Performed in Physical Spaces

To ensure security in our company’s buildings and facilities, entrances and exits are recorded and public areas are monitored with cameras. There is information about this in the areas where the camera is monitored.

Under Law No. 5651 on the Regulation of Internet Publications and Fight against Crimes Committed through These Publications and other legislation, records regarding internet access provided in our company’s buildings and facilities are kept. These records may be shared with authorized public institutions and organizations upon request and may be used for the fulfillment of relevant legal obligations in supervision if necessary.

6.3 Personal Data Processing Performed on the Website

Traffic information of online visitors who visit our website is processed automatically to manage information security processes. On the other hand, under Law No. 5651 and other legislation, hosting providers are obliged to record and store website traffic information.

Detailed descriptions of personal data processed through the website are available on the relevant website.

6.4 Personal Data Processing Performed Through Communication

Communication performed through the channels such as call center, mail, e-mail, etc. are supervised and recorded to conduct/supervise business activities and follow demands/complaints.

Relevant persons are required to use these channels only in the context of their business activities.

7. TRANSFER PURPOSES OF PERSONAL DATA AND RECIPIENTS

7.1 Transfer Purposes of Personal Data

Our company transfers personal data under the conditions set out in Articles 8 and 9 of the Law for the following purposes:

Potential Employee

Data Categories:

Identity name/surname, identity number, date of birth)

Communication, (e-mail address, phone number)

Personnel Information, (current salary)

Professional Experience, (educational background, degree, certificate)

Visual and Auditory Records, (photograph)

Health, (disease/disability status)

Criminal Conviction and Security Measures (criminal records)

Transfer Purposes: If explicit consent is obtained, it may be transferred for advice.

Recipients: Affiliates and subsidiaries, group companies

Trainee

Data Categories:

Identity, (name/surname, identity number)

Communication, (phone number, e-mail address)

Finance (bank account number, salary )

Process Security (internet access log)

Safety of Physical Space (camera records)

Transfer Purposes: Managing the Selection and Recruitment Process of Potential Employee/Trainee, Conducting/Supervising Business Activities, Conducting Activities under the Legislation, Managing Finance and Accounting Process, Fulfilling Obligations Arising from Employment Contract and Legislation for Employees

Recipients: Affiliates and subsidiaries, group companies, authorized public institutions and organizations, natural persons or private legal entities, business partners

Shareholder/Partner

Data Categories:

Identity (name/surname, identity/passport number, date of birth)

Communication (email address, phone number, information on corporate communication, address)

Finance (bank account number, assets)

Safety of Physical Space (camera records)

Transfer Purposes: Managing Organizations and Events, Making Reservations for Business Trips and Accommodations, Fulfilling Obligations Arising from Employment Contract and Legislation for Employees, Conducting Management Activities, Conducting/Supervising Business Activities, Conducting Activities under the Legislation, Managing Contract Process, Managing Investment Process, Managing Production and Operation Process of Goods / Services, Managing Finance and Accounting Process, Giving Information to Authorized Persons, Institutions and Organizations

Recipients: Natural persons or private legal entities, shareholders, business partners, affiliates and subsidiaries, group companies, authorized public institutions and organizations

Authorized Person of the Company

Data Categories:

Identity (name/surname, identity/passport number, date of birth)

Communication (e-mail address, phone number, address)

Finance (bank account number, assets)

Health (general health status, bill of health, occupational disease, occupational accident reports)

Process Security (internet access logs)

Safety of Physical Space (camera records)

Legal Process (documents related to the judicial process)

Transfer Purposes: Developing Services and Promotions for Employees, Managing Organizations and Events, Making Reservations for Business Trips and Accommodations, Fulfilling Obligations Arising from Employment Contract and Legislation for Employees, Managing Ancillary Rights and Benefits Processes for Employees, Conducting Occupational Health / Safety Activities, Conducting Emergency Activities, Conducting Management Activities, Conducting/Supervising Business Activities, Conducting Activities under the Legislation, Managing Contract Process, Managing Investment Process, Managing Production and Operation Process of Goods / Services, Managing Finance and Accounting Process, Giving Information to Authorized Persons, Institutions and Organizations, Managing and Pursuing Legal Affairs

Recipients: Natural persons of private legal entities, shareholders, business partners, affiliates and subsidiaries, group companies, authorized public institutions and organizations

Authorized Person of Customer

Data Categories:

Identity (name/surname, identity number)

Communication, (address, e-mail, phone number)

Finance (bank account number)

Legal Process (documents related to the judicial process)

Transfer Purposes: Conducting Management Activities, Conducting/Supervising Business Activities, Conducting Activities under the Legislation, Managing Contract Process, Managing Finance and Accounting Process, Following Demands/Complaints, Managing and Pursuing Legal Affairs, Giving Information to Authorized Persons, Institutions and Organizations

Recipients: Natural persons or private legal entities, shareholders, business partners, affiliates and organizations, group companies, authorized public institutions and organizations

Employee of Customer

Data Categories:

Identity (name/surname, identity number)

Communication, (e-mail, phone number)

Finance (bank account number)

Legal Process (documents related to the judicial process)

Transfer Purposes: Following Demands/Complaints, Managing and Pursuing Legal Affairs, Giving Information to Authorized Persons, Institutions and Organizations

Recipients: Natural persons or private legal entities, shareholders, business partners, affiliates and organizations, group companies, authorized public institutions and organizations

Authorized Person of Business Partner

Data Categories:

Identity (name/surname, identity number)

Communication, (address, e-mail, phone number)

Finance (bank account number)

Legal Process (documents related to the judicial process)

Transfer Purposes: Conducting Management Activities, Conducting/Supervising Business Activities, Conducting Activities under the Legislation, Managing Contract Process, Managing Finance and Accounting Process, Following Demands/Complaints, Managing and Pursuing Legal Affairs, Giving Information to Authorized Persons, Institutions and Organizations

Recipients: Natural persons or private legal entities, shareholders, business partners, affiliates and subsidiaries, group companies, authorized public institutions and organizations

Employee of Business Partner

Data Categories:

Identity (name/surname)

Communication (email, phone number)

Transfer Purposes: Following Demands/Complaints

Recipients: Group companies, affiliates and subsidiaries, business partners

Authorized Person of Subcontractor

Data Categories:

Identity (name/surname, identity number)

Communication (address, e-mail, phone number)

Finance (bank account number)

Legal Process (documents related to the judicial process)

Transfer Purposes: Conducting Management Activities, Conducting/Supervising Business Activities, Conducting Activities under the Legislation, Managing Contract Process, Managing Finance and Accounting Process, Following Demands/Complaints, Managing and Pursuing Legal Affairs, Giving Information to Authorized Persons, Institutions and Organizations

Recipients: Natural persons or private legal entities, shareholders, business partners, affiliates and subsidiaries, group companies, authorized public institutions and organizations

Employee of Subcontractor

Data Categories:

Identity (name/surname, identity number, date of birth)

Communication (e-mail, phone number)

Legal Process (documents related to the judicial process)

Safety of Physical Space (camera records)

Health (bill of health, occupational disease, occupational accident reports)

Transfer Purposes: Fulfilling Obligations Arising from Employment Contract and Legislation for Employees, Managing Ancillary Rights and Benefits Processes for Employees, Conducting Occupational Health / Safety Activities, Conducting Emergency Activities, Following Demands/Complaints, Managing and Pursuing Legal Affairs, Giving Information to Authorized Persons, Institutions and Organizations

Recipients: Business partners, affiliates and subsidiaries, group companies, authorized public institutions and organizations, natural persons or private legal entities

Authorized Person of Supplier

Data Categories:

Identity (name/surname, identity number)

Communication (address, e-mail, phone number)

Finance (bank account number)

Legal Process (documents related to the judicial process)

Transfer Purposes: Conducting Management Activities, Managing Finance and Accounting Process, Conducting/Supervising Business Activities, Conducting Activities under the Legislation, Managing Contract Process, Following Demands/Complaints, Managing and Pursuing Legal Affairs, Giving Information to Authorized Persons, Institutions and Organizations

Recipients: Natural persons or private legal entities, shareholders, business partners, affiliates and subsidiaries, group companies, authorized institutions and organizations

Employee of Supplier

Data Categories:

Identity (name/surname, identity number)

Communication (e-mail, phone number)

Transfer Purposes: Following Demands/Complaints

Recipients: Group companies, affiliates and subsidiaries, business partners

Authorized Person/Employee of Potential Customer

Data Categories:

Identity (name/surname)

Communication (e-mail, phone number)

Transfer Purposes: Following Demands/Complaints

Recipients: Group companies, affiliates and subsidiaries, business partners

Family Members of Employee/Authorized Person

Data Categories:

Identity (name/surname, identity number, date of birth, marital status)

Finance (income)

Transfer Purposes: Giving Information to Authorized Persons, Institutions and Organizations, Fulfilling Obligations Arising from Employment Contract and Legislation for Employees

Recipients: Authorized public institutions and organizations

Visitor

Data Categories:

Process Security (internet access logs)

Safety of Physical Space (camera records)

Transfer Purposes: Conducting Activities under the Legislation

Recipients: Natural persons or private legal entities, affiliates and subsidiaries, group companies, authorized institutions and organizations

Third Parties

Data Categories:

Identity (name/surname, identity number, title)

Communication (e-mail, phone number)

Legal Process (documents related to the judicial process)

Transfer Purposes: Following Demands/Complaints, Giving Information to Authorized Persons, Institutions, and Organizations, Following Demands/Complaints, if the explicit consent is obtained, it may be transferred for advice.

Recipients: Group companies, affiliates and subsidiaries, business partners, authorized public institutions and organizations, natural persons or private legal entities

7.2 Recipients

Our company may transfer personal data to the following persons and organizations, limited to data categories and data required for transfer:

§ Shareholders,

§ Group companies,

§ Affiliates and subsidiaries,

§ Business partners,

§ Suppliers,

§ Authorized public institutions and organizations

§ Natural persons or private legal entities (cooperated organizations: independent audit firms, insurance companies, law firms and banks, etc.)

8. DESTRUCTION AND STORAGE PERIODS OF PERSONAL DATA

8.1 Destruction of Personal Data

Without prejudice to the provisions of other laws relating to the destruction of personal data, our company deletes, destroys or anonymizes personal data processed under this Law and other provisions of the Law at the request of the relevant person, according to Personal Data Storage and Destruction Policy, if the reasons for processing are eliminated.

The deletion of personal data refers to the process of making personal data inaccessible and unusable for the users concerned in any way.

Destruction of personal data refers to the process of making personal data inaccessible, irreversible, and non-reusable by anyone.

Anonymization of personal data refers to the process of making personal data impossible to relate to a natural person whose identity is identified or identifiable under any circumstances, even if it is matched with other data by techniques such as masking, variable extraction, generalization, etc.

8.2 Storage Periods of Personal Data

Our company stores personal data following the periods prescribed by the Law and other legislation. If there is no storage period prescribed in the Laws and other legislation, personal data is stored under our company’s Personal Data Storage and Destruction Policy for the required time to achieve the purpose of processing that personal data, then it is deleted, destroyed or anonymized within the framework of periodic destruction periods.

9. INFORMING DATA SUBJECTS AND THEIR RIGHTS

9.1 Informing Data Subject

Under Article 10 of the KVK Law, our company provides information about the persons involved in obtaining personal data. In this context, it clarifies the identity of the company representative, the purpose for which the personal data will be processed, to whom and for what purpose it may be transferred, the method of collection and cause of action, and the rights of the data subject.

9.2 The cases in which the Policy and the Law shall not apply wholly or partly

The provisions of this Policy and Law shall not apply in the following cases:

§ Processing of personal data by natural persons entirely within the scope of activities related to them or their family members living in the same residence, provided that it is not given to third parties and that data security obligations are complied with,

§ Processing of personal data for purposes such as research, planning and statistics by anonymized with official statistics,

§ Processing of personal data for art, history, literature or scientific purposes or within the scope of freedom of expression, provided that it does not violate national defense, national security, public security, public order, economic security, right to privacy or personal rights or not constitute a crime,

§ Processing of personal data within the scope of preventive, protective and intelligence activities conducted by public institutions and organizations authorized by Law to ensure national defense, national security, public security, public order or economic security,

§ Processing of personal data by judicial or executive authorities concerning investigations, prosecutions, trials, or executions.

Under and proportionate to the purpose and basic principles of this Policy and Law, Article 10 regulating the informing obligation of the data controller, Article 11 regulating the rights of the data subject, except the right to claim damages, and Article 16 regulating the obligation to Registry of Data Controllers shall not apply in the following cases:

§ It is necessary to process personal data to prevent or investigate a crime,

§ Processing of personal data manifestly made public by the data subject,

§ It is necessary to process personal data for the supervision or regulation duties and disciplinary investigation or prosecution by the authorized institutions and organizations and professional organizations of the nature of public institutions, based on the authority given by the Law,

§ It is necessary to process personal data to protect the economic and financial interests of the Government concerning budget, tax, and fiscal matters.

9.3 Rights of the Data Subject under the Law of KVK

Under Article 10 of the Law, our company informs data subjects about their rights, provides guidance on how to exercise these rights, and performs the necessary internal procedures, administrative and technical arrangements for all these. According to Article 11 of the Law, data subjects have the right to:

§ Learn whether their data is processed,

§ Request related information if their data is processed,

§ Learn the purposes for processing personal data and whether it is used accordingly,

§ Know the third parties to whom their data is transferred domestically or abroad,

§ Request the rectification of their data if it is processed incompletely or improperly,

§ Request the deletion or destruction of personal data under the Article 7 of the Law,

§ Request the third parties who received personal data of the data subject to be notified about the transactions made (rectification and destruction) under Article 11 (d) and (e) of the Law,

§ Object to the outcome against the persons themselves by analyzing the processed data exclusively through automated systems,

§ Claim for damages if personal data is damaged due to illegal processing.

Requests and applications related to the enforcement of the Law can be submitted in person or can be sent via Notary to the address “Kemalpaşa OSB Mah. 31.Sk. No:8 Kemalpaşa 35735 – İzmir – Türkiye” by filling the application form on our website (www.vvoltteknoloji.com.tr). They can also be sent via registered e-mail address (voltteknoloji@hs01.kep.tr), or using a secure electronic signature or mobile signature.

Requests and applications can also be sent to the address (bilgi@voltteknoloji.com.tr) if there is an e-mail previously notified to our company by the data subject and registered in the company’s system.

The following information is obligatory in requests and applications:

§ First name, last name, and signature if the application is in writing,

§ Turkish National Identity Number for citizens of the Republic of Turkey, nationality, and passport number (national identification number if applicable) for other nationalities.

§ Permanent address or business address based for notifications,

§ E-mail address, phone and fax number if applicable to the notification,

§ Subject

Information and related documents should be attached to the application.

Our company shall respond to the requests in the application free of charge as soon as possible and within thirty days at the latest, depending on the nature of the request. However; if the transaction requires an additional cost, the fee in the tariff determined by the Board may be charged.

Our company may accept the request or reject it by explaining the reason and informs the data subject in written or electronically. If the request in the application is accepted, our company shall fulfill the requirements as soon as possible and inform the data subject. If the application is caused by the error of our company, the fee shall be refunded to the data subject.

If the application is rejected, the response is insufficient or the application is not responded in due time, the data subject has the right to make a complaint to the Board within thirty days from the date of receipt and, in any case, within sixty days from the date of application.