Protection and Processing of Personal Data

1. Objective

This policy outlines the principles and practices of the Company regarding the protection and processing of personal data.

2. Scope

This policy encompasses all personal data processed within the scope of the Company's activities.

3. Fundamental Principles

The Company adheres to the following fundamental principles in the processing of personal data:

• Compliance with the law and principles of honesty: Personal data is processed in accordance with the law and principles of honesty.

• Accuracy and currency: Personal data is kept accurate and up-to-date.

• Limitation: Personal data is processed within the specified purposes and in a proportionate manner.

• Destruction or anonymization in the absence of purpose: Personal data is deleted, destroyed, or anonymized when the reasons requiring processing cease to exist.

• Explicit consent except for exceptions: Personal data cannot be processed without the explicit consent of the data subject, except for exceptions.

• Protection of the rights of the data subject: Data subjects have the rights to information, correction, deletion, transfer, and objection regarding their personal data.

4. Processing of Personal Data

The Company processes personal data only in compliance with the law. Personal data can be processed for the following purposes:

• Conducting the Company's commercial activities,

• Providing the Company's services,

• Managing the Company's customer relations,

• Conducting the Company's human resources activities,

• Fulfilling the legal obligations of the Company,

• Protecting the interests of the Company.

The Company retains personal data for the duration necessary for the purpose of processing.

5. Transfer of Personal Data

The Company may transfer personal data to third parties. Personal data can only be transferred in compliance with the law. Personal data can be transferred to third parties for the following purposes:

• Conducting the Company's commercial activities,

• Providing the Company's services,

• Managing the Company's customer relations,

• Conducting the Company's human resources activities,

• Fulfilling the legal obligations of the Company,

• Protecting the interests of the Company.

6. Protection of Personal Data

The Company takes necessary technical and administrative measures to protect personal data. Measures taken for the protection of personal data include:

• Implementation of access controls,

• Ensuring data security,

• Preserving the confidentiality of data,

• Prevention of unlawful processing of data.

7. Rights of the Data Subject

Data subjects have the following rights regarding their personal data:

• Knowing whether their personal data is processed,

• Requesting information if their personal data has been processed,

• Learning the purpose of the processing of personal data and whether it is used for its purpose,

• Knowing third parties to whom personal data is transferred domestically or abroad,

• Requesting correction if personal data is incomplete or incorrect,

• Requesting the deletion or destruction of personal data,

• Requesting restriction of the processing of personal data,

• Objecting to the processing of personal data,

• Requesting compensation for damages in case of harm due to the unlawful processing of personal data.

Data subjects can convey these rights to the Company in writing or by sending an email to the registered email address.

8. Changes

This policy may be amended by the Company if deemed necessary. Changes to the policy will be announced to the concerned parties by being published on the Company's website.

RUNITAS INFORMATION TECHNOLOGY INDUSTRY AND TRADE JOINT STOCK COMPANY