This Call Centre Privacy Policy and Personal Data Text(Policy) has been prepared by Endeksa Teknoloji Anonim Şirketi (Endeksa/Company) in order to enlighten and inform the Call Owners about the terms and conditions regarding the use of the data obtained and/or to be obtained from the Call Owners in any way through the Call Centre and the way the data is processed.

Endeksa adopts this Policy regarding the confidentiality and use of the information processed about the Call Owners through the Call Centre and other related issues.

1. Definitions and General Explanations

It's in Politics;

• Call Centre: The call centre made available to the Call Owners for contacting Endeksa for any reason, including providing support for products and services by Endeksa, managing information requests, or for Endeksa to contact individuals,
• Call Owners: customers, potential customers and/or other third parties who contact Endeksa through the Call Centre for any reason or who are contacted by Endeksa,
• Law Law No. 6698 on the Protection of Personal Data,
• Platform: One or both of the website https://www.endeksa.com and the mobile application named "Endeksa" that users can install on their mobile phones/devices through virtual stores;
• Relevant Person: The natural person whose personal data is processed,
• Data Controller: The natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system.

Personal data refers to any information relating to an identified or identifiable natural person. For this reason, the regulations regarding personal data in this Policy shall apply if the relevant information belongs to a natural person. If the relevant information belongs to legal entities, regulations other than the regulations on personal data in this Policy shall apply. In addition, the concept of "processing of personal data"; It refers to all kinds of operations performed on personal data such as obtaining, recording, storing, storing, storing, changing, rearranging, disclosing, transferring, taking over, making available, classifying or preventing the use of personal data by fully or partially automatic or non-automatic means provided that it is part of any data recording system.

Endeksa attaches importance to the confidentiality of data and takes care to be transparent about the storage of data. This Policy includes information on what kind of data is obtained, how this data is used, with whom this information is shared if necessary, what are the rights regarding personal data and how these rights can be exercised, and the principles adopted by Endeksa regarding confidentiality.

Personal data are processed in accordance with the following basic principles as regulated in the Law:

• Compliance with the law and honesty rules,
• Being accurate and up to date when necessary,
• Processing for specific, explicit and legitimate purposes,
• Being relevant, limited and proportionate to the purpose for which they are processed,
• Retention for the period stipulated in the relevant legislation or required for the purpose for which they are processed.

2. Enlightening and Informing the Relevant Person

Endeksa is obliged to enlighten/inform the natural persons whose data will be processed during the acquisition of personal data in accordance with Article 10 of the Law. The scope of this disclosure obligation is as follows:

• Identity of the Data Controller and its representative, if any,
• The purpose for which personal data will be processed,
• To whom and for what purpose the processed personal data may be transferred,
• Management and legal grounds for collecting personal data,
• Rights of the Person concerned.

3. Data Subject, Data Categories and Data Types

4. Legal Reasons

The above-mentioned personal data may be processed for the purposes listed below, which are subject to the disclosure of this data by the Call Owner to Endeksa; in accordance with the conditions and principles set out in Article 4 of the Law and repeated in this Policy; within the personal data processing conditions specified in Articles 5 and 6 of the Law. The legal reasons for each category of data are clearly stated below:

5. Methods of Collection of Personal Data

Endeksa obtains the personal data of the Relevant Persons in this Policy by automatic or non-automatic methods; by means of e-mail, mail, fax and other communication channels in audio, electronic or written form or by the Relevant Person sharing his/her personal data during his/her meetings with the Call Centre and by recording the conversations made.

6. Purpose of Processing Personal Data

Within the scope of this Policy, the personal data of the Call Owners in Article 3 are processed for the following purposes in accordance with the general conditions specified in this Policy:

7. Transfer of Personal Data

Endeksa may transfer the personal data of the Call Owner to its domestic servers, business partners/suppliers in order to perform the services provided by Endeksa and provided that it fulfils the obligations declared in the Policy. Endeksa may also transfer the personal data of the Call Owners to third parties for the following purposes:

8. Rights of the Relevant Person

The rights of the Relevant Person pursuant to Article 11 of the Law are set out below:

• To learn whether personal data is being processed,
• Request information if personal data has been processed,
• To learn the purpose of processing personal data and whether they are used in accordance with their purpose,
• To know the third parties to whom personal data are transferred domestically or abroad,
• To request correction of personal data in case of incomplete or incorrect processing,
• To request the deletion or destruction of personal data within the framework of the conditions stipulated in Article 7 of the Law,
• To request notification of the transactions made pursuant to subparagraphs (d) and (e) of Article 7 of the Law to third parties to whom personal data are transferred,
• To object to the emergence of a result to the detriment of the person himself/herself by analysing the processed data exclusively through automated systems,
• In case of damage due to unlawful processing of personal data, to demand compensation for the damage.

As Data Subjects, in order to specify your requests regarding your rights and to exercise your rights on your personal data; The Company's official e-mail address [email protected] or the Company's Ankara Technology Development Zone 1606. Door No:4 Cyberpark Cyberplaza A Blok 4th Floor No: A402C Bilkent Çankaya/Ankara Turkey address; you can carry out the necessary changes, updates and/or deletions and related requests by submitting the necessary changes, updates and/or deletions and related requests in a manner that meets the minimum application requirements in the Communiqué on Application Procedures and Principles to the Data Controller.

In the application containing your explanations regarding the right you have as Relevant Persons and that you will make in order to exercise your rights mentioned above and that you request to exercise; the matter you request must be clear and understandable, the subject you request must be related to you personally or if you are acting on behalf of someone else, you must be specifically authorised in this regard and your authorisation must be documented, and the application must meet the minimum application requirements in the Communiqué on Application Procedures and Principles to the Data Controller.

If you submit your requests to us with the specified methods, Endeksa will finalise the request free of charge as soon as possible and within thirty days at the latest, depending on the nature of your request. However, if the transaction requires an additional cost, Endeksa will charge the fee in the tariff determined by the Personal Data Protection Board.

Company Title: Endeksa Teknoloji Anonim Şirketi

Address: Ankara Technology Development Zone 1606. Gate No:4 Cyberpark Cyberplaza A Blok 4th Floor No: A402C Bilkent Çankaya/Ankara Turkey