The 10th titled "Obligation of the Data Officer to Disclosure" of the Law No. 6698 on the Protection of Personal Data published in the Official Gazette No. 29677 dated April 7, 2016, which aims to protect the fundamental rights and freedoms of individuals, especially the privacy of private life, in the processing of personal data. Article and in accordance with the Communiqué on Procedures and Principles for Fulfilling the Disclosure Obligation published in the Official Gazette dated March 10, 2018 and numbered 30356, this Disclosure Text and this Disclosure Text (hereinafter referred to collectively as "Misole") and the following As the 'Data Officer', we aim to inform you about your personal data. Misole takes all technical and administrative measures to ensure the appropriate level of security in order to prevent unlawful processing, access, and protection of your personal data. 1 PROCESSED PERSONS DATA Personal data refers to all kinds of information regarding an identified or identifiable person. Your processed personal data and the categories of data are listed below. Identity Information: Name, surname, Turkish ID number, place and date of birth, marital status, gender, nationality, passport number, photo. Contact Information: Telephone / fax number, e-mail address, address information. Subscription and Device Information: Subscriber identification information / contact information / marketing information, customer numbers, service numbers according to the service and product purchased, ￼￼￼personal data that can identify the subscriber such as subscription channel, segment information, e-billing information, profession, device identification information, device brand and model information, device features, device change dates information. Payment, Banking and Risk Information: Personal security information regarding payment instruments issued by institutions such as password, security question, certificate, encryption key and PIN, card number, expiration date, CVV2 / CVC2 code used in issuing the payment order or verifying the user identity, Bank information in the form of payment information, branch code, account number. Visual / Functional Record Information: Voice and / or video call recording made in call center, office and dealers, personal data obtained when you contact us. 1. PURPOSE OF PROCESSING PERSONAL DATA Your personal data; It can be processed for the following purposes in accordance with the processing conditions specified in Articles 5 and 6 of the Law and secondary regulations: Establishment, provision, continuity of our company's services, infrastructure / serviceability inquiries, • Managing Finance and Accounting Affairs, Conducting Communication Activities; Execution of Loyalty Process to Company / Products / Services; • Conducting Activities in Compliance with Legislation; Following and Execution of Legal Affairs; Conducting Business Continuity Activities; Business Execution and Control of Activities; Execution of Goods / Service Sales Processes; Execution of Goods / Service After Sales Support Services; Execution of Customer Relationship Management Processes; Conducting Activities for Customer Satisfaction; Execution of Advertising, Campaign and Promotion Processes; Execution of Custody and Archive Activities; Execution of Contract and Membership Processes; Tracking of Requests / Complaints; Planning and Execution of Commercial and / or Business Strategies; Performing the Necessary Works by Business Units to Benefit ￼￼ ￼￼￼from the Products and Services Offered and Carrying Out Related Business Processes; Informing Authorized Persons, Institutions and Organizations, • Membership establishment and other transactions made during the membership period, termination of membership, billing / charging / return / collection transactions, • Providing customer service, meeting customer complaints / requests, fulfilling all contract terms in this regard, • Keeping your Membership Agreement and your identity sample and other information that needs to be kept as per the relevant legislation, checking the accuracy of your identity information and documents you have declared, • Management, measurement, control and analysis of network traffic and network improvement / optimization studies, • Product, service and business development in conventional and digital channels within the scope of network and technological advances / improvements for better service provision, • Proactive / reactive detection of malfunctions that may occur during service presentation, finding the root cause of the problem and trying to prevent its recurrence, • Measuring customer satisfaction, researching customer trends and conducting surveys / analysis studies focused on increasing service quality, • Presentation of prize draw / contest / gift / thank you / celebration / reminder applications focused on ensuring customer satisfaction, • The campaigns and offers related to products and services are Preparation, presentation, promotion, follow-up, reporting according to usage and informing about the content of the campaign, • Informing our customers about new products / services and other innovations, informing and customer recovery activities, creating sales opportunities, ￼￼ ￼￼￼￼• Sharing the information / documents requested by regulatory and supervisory institutions, official authorities, and fulfilling the legal obligations in the relevant legislation and carrying out audit activities, • Establishing brand collaborations that come into contact with different sectors within the scope of increasing product and service diversity and enabling customers to benefit from various opportunities, • Ensuring contractual requirements and financial agreement regarding the products and services offered with our business partners or other third parties, • Legal follow-up and execution of legal processes Providing Guidance Services 1 TRANSFER OF PERSONAL DATA Your personal data within the scope of the Laws and other legislation and disclosed within the scope of the provisions of the Law regarding the transfer of personal data domestically and abroad, to the following third parties: • Gizem Nur Güt and all other group companies on the Misole website, • Companies, representatives, dealers that we have authorized, operating on behalf and account of our Company, • Regulatory and supervisory institutions, authorities that will determine your location in case of an emergency call, public institutions or organizations that are authorized to explicitly request your personal data in their laws, Third parties from whom we receive consultancy, including business partnerships, supplier and contractor companies, payment and e-money institutions, banks, financial institutions, institutions and organizations and auditors, • Lawyers, auditors, consultants and service providers, • Your attorney, guardian and representatives authorized by you, • T.C. banks and financial institutions, law firms, municipalities, business partners and suppliers that have your ID number, ￼ ￼￼￼￼￼1. COLLECTION METHODS OF PERSONAL DATA AND LEGAL REASONS Your personal data; Although the service varies according to the product and the nature of the activity, the companies operating on behalf and account of our authorized company can be procured and processed through our representatives, dealers, our website, our call center and mobile applications. Your personal data, during the establishment of your legal relationship with our Company and during the continuation of the relationship in question, through internet, telephone, e-mail, voice response, text message, provided that you, third parties and legal authorities; It is collected from physical, written, verbal and electronic channels in a fully / partially automatic or non-automatic way in order to provide the services within the framework specified in the provisions of the fifth, sixth and eighth articles of the Law written below. Your personal data are processed based on the following legal reasons: • Having your explicit consent, • It is clearly stipulated in other legislation that our company is subject to, especially the Electronic Communications Law No.5809, • National and international principles regarding the recognition of customers and To comply with the principles, to comply with the information storage, reporting and information obligations stipulated by the legislation and official authorities, • Provided that it is directly related to the establishment or execution of a contract, it is necessary to process the personal data of the parties to the contract, to be able to provide the requested products and services and to fulfill the requirements of the contracts you have concluded, • It is mandatory to fulfill the legal obligation, • It has been made public by the person concerned, • Data processing is mandatory for the establishment, use or protection of a right, ￼ ￼￼￼￼￼• If data processing is mandatory for the legitimate interests of the data controller, provided that the fundamental rights and freedoms of the data subject are not harmed. • In the event of actual impossibility, if you are unable to disclose your consent, or the data processing is mandatory for the protection of the life or body integrity of the person whose consent is not legally valid, or someone else's life, Your personal data of special nature are processed based on the following legal compliance reasons: • Having your explicit consent, • Special quality personal data other than health, without your explicit consent in cases stipulated by law, • Special quality personal data regarding health can only be without seeking the express consent of the person concerned by persons or authorized institutions and organizations under the obligation of secrecy for the purpose of protection, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing. 1 IF YOU WANT TO CONTACT US FOR YOUR RIGHTS AND REQUESTS In accordance with Article 11 of the Law regulating the rights of the person concerned, your requests are made by Misole to determine whether the application belongs to you or not, and thus to protect your rights, with the petition prepared in accordance with the conditions specified in the Communiqué on Application Procedures and Principles (Communiqué): • You can send it to the addresses given below regarding the relevant channel directly by hand, by mail or through a notary public. • By using a registered electronic mail (REP) address, secure electronic signature or texts that can be stored and sent with mobile signature, you can send them to the addresses specified below. Applications to be made in this context must be made by us. your requests will be concluded as soon as possible and within 30 days at the latest, depending on the nature of the request. If the application is answered in writing, no fee will be charged for up to 10 pages, and a ￼ transaction fee of 1 Turkish Lira may be charged for each page above 10 pages. If the answer to the application is given in a recording medium such as CD or flash memory, a fee may be charged in the amount of the cost of the recording medium. APPLICATION CHANNEL AND ADDRESSES Gizem Nur Güt Direct Application: Halaskargazi Mah. Rumeli Cad. No: 1 Nişantaşı Business Center K: 3 D: 13 Notary / Post Channel: CAP: Mail: [email protected] Misole Direct Application: Halaskargazi Mah. Rumeli Cad. No: 1 Nişantaşı Business Center K: 3 D: 13 Notary / Post Channel: CAP: Mail: STORAGE AND DESTRUCTION Our company has established a Retention and Destruction Policy for personal data storage and deletion processes. The storage and destruction of your personal data is carried out under this policy. Accordingly, if a period of time has been determined in the KVKK or in the relevant laws and other relevant legislation, the said data must be kept for at least this period. Considering the possibility of a possible court request or the request of an administrative authority authorized by law for the relevant data to reach us late or the occurrence of a dispute that we may be a party to, a period of 6 months to 1 year is added to the periods stipulated in the legislation for the storage of your data and the storage period of the data is determined and determined. At the end of the term, the data in question are deleted, destroyed or anonymized. ￼￼￼If a period of time is not stipulated for the storage period of the data we process in the legislation, taking into account possible disputes as a requirement of the relationship between us, your data will be deleted, destroyed or anonymized without any request after the expiry of the 10-year limitation period from the termination of our legal relationship. If all the processing conditions of personal data have disappeared or the storage period declared by us or specified in the legislation has expired, your data will be deleted, destroyed or anonymized on the first periodic destruction date or within 6 months at the latest. If you request the deletion of your data for a valid reason, your data will be deleted within 30 days at the latest as legally possible. If you request that your data whose storage period is specified in the legislation is deleted or destroyed before the stipulated periods, your request will not be fulfilled. YOUR RIGHTS Regarding your personal data within the scope of KVKK and related legislation; • Learning whether your personal data is processed, • Requesting information if your personal data has been processed, Learning the purpose of processing personal data and whether they are used appropriately for their purpose, • To know the third parties to whom your personal data are transferred, • If your personal data is incomplete or incorrectly processed, asking for correction, • Request the deletion or destruction of your personal data within the framework of the conditions stipulated in the KVKK legislation, ￼￼ ￼￼￼• When you request the correction of missing or incorrect data and the deletion or destruction of your personal data, to request that this situation be notified to third parties to whom we have transferred your personal data, • Object to the occurrence of a result against the person himself by analyzing the processed data exclusively through automated systems, • In the event that you suffer damage due to unlawful processing of personal data, you have the right to demand compensation for this damage. APPLICATION If you wish, by using the Relevant Person Application Form for your applications and requests regarding your personal data; • By sending it with a wet signature and a copy of the identity card to the address of Halaskargazi Mah Rumeli Cad No: 1 Nişantaşı İş Merkezi K: 3 D: 13 Şişli / İstanbul, • By applying to our Company in person with a valid identity document, • By sending the registered electronic mail (KEP) address and using a secure electronic signature or mobile signature to our registered e-mail address @ .kep.tr or • You can send it to Misole from your e-mail address previously notified to our company and registered in our system to our address [email protected] Pursuant to the Communiqué on the Principles and Procedures of Application to the Data Controller, the name and surname of these applications of the relevant persons, signature if the application is in writing, identification number (passport number if the applicant is a foreigner), place of residence or workplace address for notification, e-mail address for notification, if any, telephone number and fax number, and information on the subject of the request. The data subject should clearly and understandably state the subject requested in the application, which includes the explanations about the right that the data subject will make in order to exercise the rights ￼￼ mentioned above and the right to use. Information and documents regarding the application must be attached to the application. Although the subject of the request should be related to the person of the applicant, if acting on behalf of someone else, the applicant must be specially authorized in this regard and this authority must be documented (special power of attorney). In addition, the application must contain identity and address information and documents verifying the identity must be attached to the application. The requests made by unauthorized third parties on behalf of someone else will not be taken into consideration. Your claims regarding your personal data are evaluated and answered within 30 days at the latest from the date they reach our Company. If your application is negatively evaluated, the reasons for the reasoned rejection are communicated to the address you specified in the application, primarily via e-mail or mail, if possible, through the procedure in which the request was made.