1. ARTICLE-INTRODUCTION

• Introduction

Law No. 6698 on the Protection of Personal Data (“Law“) imposes important obligations on personal data processors in order to protect the fundamental rights and freedoms of individuals, especially the right to privacy. Headquarters address Atatürk Mah. Ertuğrul Gazi Sokak Metropol İstanbul C1 Blok No:2 B/131 Ataşehir – İstanbul, Kaı Lojistik Limited Şirketi (“Company“), registered in the Istanbul Trade Registry, takes a meticulous and sensitive approach as Data Controller in order to fulfill the relevant obligations and to make all processes related to data processing in accordance with the legislation.

In light of this approach, the Company explains the processes of processing the personal data obtained about the Data Subject in all its dimensions and aims to enlighten and inform the Data Subjects with this text (“Clarification Text”).

• Scope

In this Clarification Text, the Data Subjects will be enlightened within the scope of the following questions regarding the Company’s personal data processing activities related to the Data Subjects:

1. What are the minimum credentials of the Company?
2. What is the method and legal reason for collecting personal data?
3. For what purposes are the personal data obtained in the Company processed?
4. To whom and for what purpose are the processed personal data transferred by the Company?
5. What are the rights of the Data Subject against the Company’s personal data processing activities?

2. ARTICLE – DEFINITIONS

“Buyer Group” Refers to the category of natural or legal person to whom personal data is transferred by the data controller.

 “Contact Person” Refers to persons whose personal data are processed and who contact the Company through contact forms on https://kailogistics.com/.

“Personal Data” Any information relating to an identified or identifiable natural person.

“Processing of Personal Data” It refers to all kinds of operations performed on personal data such as obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making available, classifying or preventing the use of personal data by fully or partially automatic means or by non-automatic means provided that it is part of any data recording system.

“Sensitive Personal Data” Data relating to race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, clothing, membership of associations, foundations or trade unions, health, sexual life, criminal convictions and security measures, and biometric and genetic data.

“Data Category” It refers to the class of personal data belonging to the data subject group or groups of persons in which personal data are grouped according to their common characteristics.

“Data Subject Person Group” Refers to the category of data subjects whose personal data are processed by data controllers.

“ Board”Personal Data Protection Board.

“Demand Management Procedure”It refers to the guiding procedure that determines the details of the Data Subject’s right to apply to the Company, which is the Data Controller recognized in Article 11 of the Law, and the Company’s response process regarding the application.

“Data Controller” It refers to the natural or legal persons who determine the purposes and means of processing personal data, who are responsible for the establishment and management of the data recording system, and the Company responsible for this activity in the context of this Clarification Text.

3. Method and Legal Grounds for Collecting Personal Data

The personal data requested from the Data Subject during sending a message from the contact form are processed by the Company in the categories of identity, communication and other (comments and opinions of the messenger) data in order to manage prospect offer request processes within various data recording systems in software and/or internet-based electronic environments open to the access of authorized employees of the Company, to ask questions and provide answers to the Company on various issues, especially its activities, trainings and events, to register for training, events and e-bulletins and to benefit from e-books, to respond to the messages of the relevant persons according to the subject of the message.

4. Purposes of Processing Personal Data of the Data Subject

Personal data of the Data Subject are processed by the Company electronically within various data recording systems within the scope of the personal data processing conditions and purposes specified in Articles 5 and 6 of the Law and for various legitimate purposes, especially the execution of the Company’s business processes. These purposes are listed below:

1. Carrying out the activities in accordance with the legislation and fulfilling the Company’s obligations within the scope of the Law No. 5651 on the Regulation of Publications on the Internet and Combating Crimes Committed through These Publications and the Turkish Commercial Code,
2. Execution of company / product / service loyalty processes,
3. Follow-up and execution of legal affairs and preparation of invoices, delivery notes and similar documents required for sales,
4. Carrying out communication activities and in this context, fulfillment of the Company’s rights and obligations arising from the Law on the Regulation of Electronic Commerce,
5. Execution/supervision of business activities,
6. Receiving and evaluating suggestions for improving business processes,
7. Execution of after-sales support services for goods/services,
8. Execution of goods / service sales processes,
9. Execution of goods/service production and operation processes,
10. Execution of customer relationship management processes,
11. Conducting activities for customer satisfaction,
12. Conducting marketing analysis studies and in this context, conducting studies to improve the user experience on the website,
13. Execution of advertising / campaign / promotion processes,
14. Execution of contract processes,
15. Follow-up of requests / complaints,
16. Managing request for proposal processes,
17. Asking questions and providing answers to the Company on various issues, particularly its activities, trainings and events,
18. Receiving registrations for trainings, events and e-bulletins and making use of e-books,
19. Responding to the messages of the relevant people according to the subject of the message,
20. Carrying out the marketing processes of the products/services and in this context, providing the display of the Company products and services of interest to the Data Subject,
21. Providing information to authorized persons, institutions and organizations.

5. Transfer to Third Parties

The Company hereby informs the Member about the processing of the Member’s personal data with this Clarification Text and will carry out data processing activities by obtaining explicit consent in a way that leaves no room for doubt.

Member personal data may be transferred to third parties for the purposes listed in the table below, provided that necessary measures are taken.

• Domestic Transfer

As a rule, the processed data can be transferred domestically with the explicit consent of the Data Subject.

Personal data may be transferred without the explicit consent of the Data Subject if there is a clear regulation in the legislation regarding the transfer of personal data. Personal data may be transferred without the explicit consent of the Data Subject;

1. If it is mandatory for the protection of the life or physical integrity of the personal data owner or someone else, and if the personal data owner is unable to disclose his consent due to actual impossibility or if his consent is not legally valid, it may be transferred to third parties.
2. Personal data may be transferred to third parties if it is necessary to transfer personal data belonging to the parties to the contract, provided that it is directly related to the establishment or performance of a contract.
3. If personal data transfer is mandatory for the Company to fulfill its legal obligation, personal data may be transferred to third parties.
4. If personal data has been made public by the personal data owner, it may be transferred to third parties limited to the purpose of publicization.
5. Personal data may be transferred to third parties if personal data transfer is mandatory for the establishment, exercise or protection of a right.
6. Provided that it does not harm the fundamental rights and freedoms of the Data Subject, personal data may be transferred to third parties if it is mandatory for the legitimate interests of the Company.

• Transfer Abroad

The Company transfers the personal data of the Data Subject abroad only if the Data Subject has given explicit consent.

The Company may also transfer the personal data of the Data Subjects abroad without explicit consent. In cases where the country or countries to which the personal data will be transferred (a) is one of the countries declared by the Board to have adequate protection or (b) if it is not one of the countries declared by the Board, permission has been obtained from the Board by obtaining a written commitment from the data controllers in the relevant foreign country providing adequate protection, personal data may be transferred abroad without explicit consent if one or more of the following conditions are present.

1. If there is a clear regulation in the legislation regarding the transfer of personal data, it can be transferred abroad.
2. If it is mandatory for the protection of the life or physical integrity of the personal data owner or someone else and if the personal data owner is unable to disclose his consent due to actual impossibility or if his consent is not legally valid, it may be transferred abroad.
3. Personal data may be transferred abroad if it is necessary to transfer the personal data of the parties to the contract, provided that it is directly related to the establishment or performance of a contract without the explicit consent of the Data Subject.
4. If personal data transfer is mandatory for the Company to fulfill its legal obligation, personal data may be transferred abroad.
5. If personal data is publicized by the owner, it may be transferred abroad limited to the purpose of publicization.
6. Personal data may be transferred abroad if personal data transfer is mandatory for the establishment, exercise or protection of a right.
7. Personal data may be transferred to third parties without the explicit consent of the Data Subject, provided that it does not harm the fundamental rights and freedoms of the Data Subject, if personal data transfer is mandatory for the legitimate interests of the Company.
8. Sensitive Personal Data;The Company may transfer the Personal Data abroad by taking the Explicit Consent of the Data Subject by applying administrative and technical measures and by complying with the special measures taken by the Board. In order for the Company to transfer Special Categories of Personal Data abroad even without obtaining the Explicit Consent of the Data Subject, the country or countries to which the personal data will be transferred (a) must be one of the countries declared by the Board to have adequate protection or (b) if it is not one of the countries declared by the Board, permission must be obtained from the Board by obtaining a written commitment from the data controllers in the relevant foreign country providing adequate protection, and (c) one or more of the following conditions must be present.
9. Sensitive Personal Data other than health and sexual life: The Company will be able to process Sensitive Personal Data other than health and sexual life without obtaining the explicit consent of the data subject if explicitly stipulated in the legislation.
10. Sensitive Personal Data related to health and sexual life: can be processed without seeking explicit consent by persons or authorized institutions and organizations under the obligation of confidentiality for the purposes of protecting public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing.

6. Rights of the Data Subject and Application to the Company

• Rights of the Relevant Person

The Data Subject has the right to apply to the Company regarding his/her personal data in the following matters;

1. Learn whether personal data is being processed,
2. Request information if their personal data has been processed,
3. To learn the purpose of processing personal data and whether they are used for their intended purpose,
4. To know the third parties to whom personal data are transferred domestically or abroad,
5. To request correction of personal data in case of incomplete or incorrect processing,
6. Request deletion or destruction of personal data,
7. In the event that personal data is incomplete or incorrectly processed, to request that third parties to whom personal data is transferred be notified of the transactions regarding the correction and/or deletion or destruction of personal data,
8. To object to the emergence of a result to the detriment of the person himself/herself by analyzing the processed data exclusively through automated systems,
9. In case of damage due to unlawful processing of personal data, to demand compensation for the damage.

• Application to the Company

The Company has prepared a Procedure in order to protect the rights of the Data Subject regulated in the Law and this Clarification Text and to fulfill its own obligations in this regard. In accordance with this Procedure, the Company makes maximum effort to provide the information requested by the Data Subject by applying to the Company regarding the personal data of the Data Subject free of charge as soon as possible, within thirty days at the latest. If the transaction requires an additional cost, the fee in the tariff determined by the Board may be charged to the Data Subject. As a result of the examination of the request, the Company accepts the request or rejects it by explaining its reasoning and notifies its response to the Relevant Person in writing or electronically. If the request in the application is accepted, the Company shall fulfill the requirements of the request. In case the application is caused by the Company’s error, the fee received shall be returned to the Relevant Person.

The Relevant Persons may exercise their rights specified in Article 8.1. by filling out the application form attached to the contentus.net domain address and submitting it with wet signature, via notary public, KEP or electronic mail to Esentepe Mah. Talatpaşa Cad. No:5 Şişli / Istanbul address or by hand delivery to the same address in person or by proxy or by sending it to the e-mail address info@kailogistics.com.

Documents proving his/her identity, documents supporting the request, if any, and if the Relevant Person wishes to exercise this right through his/her proxy, a copy of the power of attorney containing the special authorization in this regard must be attached to the form.