NEWS FROM US

YMB - PERSONAL DATA PRIVACY POLICY

26.06.2020

Dear Employees, Business Partners, Visitors, Job Applicants, and Employees; YMB Technological Products Marketing Inc. (“YMB” or “the Company”) values the amount of personal care you receive; and as the “data controller” under the Law No. 6698 on the Protection of Personal Data (“KVKK”), we wish to inform you with comprehensive information and personal lists stored.

This Policy aims to ensure the sustainability of the Company’s “principle of transparency.” This capability is achieved by defining the fundamental principles adopted by the Company in terms of compliance with the regulations in the Law No. 6698 on the Protection of Personal Data (“KVKK”) regarding data processing rates, and explaining the practices carried out by the Company.

This Policy is directed at natural persons whose personal data is processed by the Company, whether automatically or non-automatically as part of any data recording system.

This Policy is published on the Company’s website and made public. In case of any conflict between the provisions of this Policy and the relevant legislation, primarily the Law, the provisions of the legislation shall apply.

The Company reserves the right to amend this Policy in line with legal regulations.

DEFINITIONS

Company	YMB Technological Products Marketing Industry and Trade Inc.
Personal Data	Any information relating to an identified or identifiable natural person.
Special Categories of Personal Data	This includes data relating to race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, clothing, membership in associations, foundations or trade unions, health, sexual life, criminal convictions and security measures, as well as biometric and genetic data.
Processing of Personal Data	Personal data processing refers to any operation performed on data, such as obtaining, recording, storing, preserving, modifying, reorganizing, disclosing, transferring, acquiring, making available, classifying, or preventing the use of data, whether wholly or partly automated or non-automated, provided that it is part of a data recording system.
Data Subject/Relevant Person	This refers to company stakeholders and employees, company business partners, company officials, job applicants, visitors, company and group company customers, potential customers, third parties, and individuals whose personal data is processed by the company.
Data Recording System	This refers to a recording system where personal data is processed by structuring it according to specific criteria.
Data Controller	The data controller is the natural or legal person who determines the purposes and methods of processing personal data and is responsible for the establishment and management of the data recording system.
Data Processor	A natural or legal person who processes personal data on behalf of the data controller, based on the authority granted by the data controller.
Explicit Consent	This is consent given freely and based on informed knowledge regarding a specific matter.
Anonymization	This is the process of making data that was previously associated with an individual impossible to link to a specific or identifiable natural person, even when combined with other data.
The law	refers to the Law No. 6698 on the Protection of Personal Data.
Personal Data Protection Board	It is the Personal Data Protection Board.

CONTACT PERSONS

RELATED PERSON CATEGORIES		DESCRIPTION
1	Customer	This refers to natural or legal persons who benefit from the products or services offered by YMB.
2	Potential Customer	This refers to natural or legal persons who have shown interest in using the products or services offered by YMB, who have the potential to become customers, who express their intention to use the services through the website or other channels, and who request a quote.
3	Visitor	This refers to any natural person who visits any of the company's business premises and website.
4	Business Partners/Suppliers and Their Employees	This refers to parties with whom YMB establishes business partnerships for purposes such as conducting its commercial activities, or who, within this scope, provide goods or services to the Company in accordance with YMB's instructions and on a contractual basis, as well as the employees of these parties.
5	Job Applicant	Refers to individuals who have applied for a job at YMB.
6	Employee/Intern	This refers to individuals who provide services at YMB under an employment contract.
7	Shareholder/Partner	This refers to the shareholders and partners of the company.
8	Third Parties	The above-mentioned "Relevant Person" categories refer to natural persons, excluding YMB employees.

YOUR PERSONAL DATA THAT WE PROCESS

Your personal data may be processed as follows: your visits to YMB's website, the membership relationship established between you and our Company by accepting the membership agreement through the website, your e-newsletter subscription, the sales relationship established due to the products you have purchased through our website or our Company headquarters, your communications in telephone or email correspondence, your telephone conversations/communications with Customer Service, purchasing products/services from YMB through the contact forms you fill out or through our technical service, your visits to our workplaces, your job application, or otherwise entering into a legal or commercial relationship with us:

Identity Information: This data category includes types such as name, surname, Turkish Republic identity number, tax identification number, place and date of birth, and gender.
Contact Information: This data category refers to data types such as address, telephone number, email address, and fax number.
Special Category Personal Information: Link[HR1]This data category refers to data types such as (i) health data obtained from personnel within the scope of personnel and occupational safety, (ii) biometric data consisting of fingerprints of individuals, (iii) criminal records relating to criminal convictions of individuals.
Visual and Auditory Information: This data category refers to types of data such as images of individuals captured by security cameras in YMB's physical premises, and audio recordings of individuals' calls to the call center.
Personal Information: This data category is a type of data that includes the employee's identity and contact information, as well as their profession, education, and financial information, and is legally required to be created within the scope of the employment contract established with the employee.
Contract Information: This data category refers to data types such as signatures, signature circulars, and individual company information belonging to natural persons such as authorized personnel and employees of YMB's business partners, suppliers, and external sources with whom it has a legal or commercial relationship.
Financial Information: This data category refers to personal data processed in relation to information, documents, and records showing all financial outcomes created according to the type of legal relationship established by YMB with the Data Subject, as well as data types such as bank account numbers and IBAN numbers.
Location Information: This data category refers to all employee location data processed by YMB for internal audit purposes.
Performance Information: This data category encompasses all data processed internally for personnel performance and externally for business partners performance audits, for the purpose of internal auditing and improving efficiency.
Transaction Security Data: This includes data such as IP address, access logs, start and end time of the service provided, type of service used, and amount of data transferred.

METHOD AND LEGAL BASIS FOR OBTAINING YOUR PERSONAL DATA

Your personal data is collected and processed directly from you, both physically and electronically, through purchases you make from YMB's website or our company headquarters, your visits to our website, your membership relationship, your e-newsletter subscription, requests and complaints you share via the website, our call center, or email, your posts on our social media accounts, contracts you sign, order forms you fill out, quotation requests or forms you share with us, email correspondence, business card sharing, CVs you share as part of your job application, or job application forms you fill out. During your visits to our workplaces, your identity information and your image are recorded by security cameras for security reasons and processed only within the scope of this operation.

Personal data collected from both sources is recorded in our company's database and may be processed through automated and non-automated methods.

Within the scope of your commercial and/or contractual relationship with YMB (purchase of goods and/or services, membership agreement, workplace visits), your personal data may be processed for the purposes stated below and in accordance with Article 5 of Law No. 6698; for the establishment and performance of a contract, the establishment of a right, the fulfillment of legal obligations, and within the scope of our legitimate interests, provided that we protect your rights and do not cause any harm.

If you do not purchase goods or services from our company and no legal or commercial relationship is established between us, we may process your personal data mentioned above based on your EXPLICIT CONSENT in accordance with Article 5, Paragraph 1 of the Law. Your explicit consent will also be obtained by checking the permission/approval boxes in the membership area on the website and pressing the "send" button. You can withdraw your permissions at any time.

PURPOSES OF PROCESSING YOUR PERSONAL DATA

Your personal data is processed for the purposes stated below:

For Customers and Members;

Execution of Goods/Services Procurement Processes
Execution of Goods/Services Sales Processes
Execution of Goods/Services After-Sales Support Services
Execution of Customer Relationship Management Processes
Execution of Customer Satisfaction Activities
Ensuring Physical Security of Premises
Execution of Finance and Accounting Operations
Execution of Company/Product/Service Loyalty Processes
Execution of transactions and activities within the scope of commercial/contractual relationships and fulfillment of financial and legal obligations
Tracking of Requests/Complaints
Fulfillment of legal obligations
Fulfillment of warranty obligations within the scope of manufacturer's responsibility
Execution of legal processes
Promotion and marketing activities
Providing information to authorized persons, institutions and organizations
Sending commercial electronic messages
Execution of marketing analysis studies
Execution of advertising/campaign/promotion processes
Execution of information security, storage and archiving activities

For potential customers;

Your identity and contact information, obtained directly from you through your visits to our website, e-newsletter subscriptions, posts on our social media accounts, requests and complaints submitted to our call center, order and quote requests, and business cards you share (data on business cards is considered publicly disclosed), is processed in accordance with Article 5/2 of the Law for the purpose of creating offers for requested products, establishing contracts, and managing your requests and complaints; and, if you are not a merchant or tradesperson, for marketing purposes (for electronic commercial communication) to inform you about our company's products and services and to offer you specific products.

For Job Applicants;

YMB processes your personal data, obtained through CVs or application forms you submit via our websites www.ymb.com.tr, www.desiniahome.com, and www.fermada.com.tr, as well as through job applications made to our company headquarters, in accordance with Article 5 of the Law, for the purposes listed below, including the establishment and performance of our contracts and the legitimate interests of our company.

Managing the Selection and Placement Processes for Employee Candidates / Interns / Students
Managing the Application Processes of Employee Candidates
Managing Human Resources Operations, Especially Recruitment Processes
Managing Employee Satisfaction and Loyalty Processes
Managing Activities to Ensure Business Continuity
Ensuring Physical Security of the Workplace

For employees;

YMB processes your personal data for the purposes listed below, including creating personnel files in accordance with relevant legislation, concluding an employment contract with you, and within the scope of our company's legitimate interests.

Execution of Information Security Processes
Execution of Employee Satisfaction and Engagement Processes
Fulfillment of Obligations Arising from Employment Contracts and Legislation for Employees
Execution of Employee Benefits and Advantages Processes
Execution of Audit/Ethics Activities
Execution of Training Activities
Execution of Access Permissions
Ensuring Compliance with Legislation
Execution of Finance and Accounting Operations
Ensuring Physical Security of the Workplace
Execution of Assignment Processes
Follow-up and Execution of Legal Affairs
Planning of Human Resources Processes
Execution/Auditing of Business Activities
Execution of Occupational Health/Safety Activities
Receiving and Evaluating Suggestions for Improving Business Processes
Execution of Business Continuity Activities
Execution of Performance Appraisal Processes
Authorized Person, Institution and Providing Information to Organizations
Execution of Management Activities
Making Necessary Legal Notifications to Official Institutions, Benefiting from Incentives from Official Institutions, Notifying Relevant Authorities within the Scope of Official Institution Audits
Execution of Human Resources Operations and Especially Personnel Activities,
Ensuring Employee Supervision and Performing Necessary Data Processing Activities within the Scope of the Employer's Management Rights

For Suppliers/Business Partners;

YMB processes personal data of your company officials, partners, and employees within the scope of your commercial relationship, in accordance with Article 5 of the Law, for the purposes listed below, including: the establishment and performance of our contracts, the fulfillment of legal obligations, and the legitimate interests of our company, in compliance with the fundamental principles stipulated in the Law and within the conditions for processing personal data.

Execution of Contract Processes
Execution of Finance and Accounting Operations
Execution and Monitoring of Responsibilities and Legal Processes Arising from Legislation
Execution of Internal Company Operations
Strategy Planning & Business Partner/Supplier Management
Ensuring Physical Security of Premises
Execution of Logistics Activities
Management of Supply Chain Management Processes
Preservation of Your Information Required to be Retained According to Relevant Legislation; Copying and Backing Up to Prevent Information Loss; Ensuring the Consistency of Your Information; Taking Necessary Technical and Administrative Measures for the Security of Our Databases and Your Information

For visitors;

During your visits to our company, website, and other business premises, your visual data from security cameras in physical environments, your identity and contact information obtained through internet access provided to you during your visit to our business premises, and your digital footprints are processed for the following purposes, in order to ensure the security of our company and yourselves, as well as to fulfill our legal obligations and pursue our legitimate interests.

Conducting Audit and Security Activities
Implementing Information Security Processes
Creating and Tracking Visitor Records
Ensuring Physical Security of Premises
Providing Information to Authorized Persons, Institutions and Organizations
Ensuring the Security of Data Controller Operations
Providing Internet Access and Ensuring Access Security

PARTIES TO WHOM YOUR PERSONAL DATA IS TRANSFERRED AND THE PURPOSES OF THE TRANSFER

YMB may transfer your personal data to the following domestic recipient groups within the scope of the Law and other legislation for the purposes stated in this Policy:

To the A Group companies (Akplas, Aksem Kalıp, Akım Metal) that we are a part of,
To our suppliers and business partners with whom we work to provide or deliver the goods and services offered to you,
To our business partners, supplier companies, banks, and financial institutions with whom we cooperate and/or receive services for the presentation, promotion, and similar purposes of goods,
To the agencies from which we receive services for the management of our website and social media accounts,
To lawyers, auditors, consultants, and service companies,
To your authorized agents, guardians, and representatives,
To regulatory and supervisory bodies, courts, and enforcement offices, and other institutions or organizations authorized to request your personal data, and to the persons they designate.

COMMERCIAL ELECTRONIC COMMUNICATION

YMB may contact individuals by processing their identity and contact data in order to send electronic commercial communications (SMS, E-MAIL, mobile push, instant notifications) for commercial purposes such as advertising, campaigns, announcements, and promotions. YMB obtains electronic communication permission from the relevant individuals for this activity and carries out the said activity within the scope of this permission.

RIGHTS OF THE RELEVANT PERSONS AS LISTED IN ARTICLE 11 OF THE LAW

To find out whether your personal data is being processed,
You have the right to request information regarding the processing of your personal data.
To learn the purpose of processing personal data and whether it is being used appropriately for that purpose.
Knowing the third parties to whom your Personal Data is transferred, domestically or internationally,
You have the right to request the correction of your personal data if it has been processed incompletely or inaccurately.
You can request the deletion or destruction of your Personal Data within the framework of the conditions stipulated in the KVKK (Personal Data Protection Law) legislation.
You request that the actions taken under articles 5 and 6 be notified to third parties to whom your Personal Data has been transferred.
You have the right to object to an outcome that is unfavorable to you, resulting solely from the analysis of processed data by automated systems.
If you suffer damages as a result of the unlawful processing of your personal data, you have the right to claim compensation for those damages.

ENSURING THE SECURITY AND PRIVACY OF PERSONAL DATA

The company takes all necessary measures, within its capabilities and according to the nature of the data to be protected, to prevent the unlawful disclosure, access, transfer, or other security breaches of personal data.

In this context, the company takes all necessary (i) administrative and (ii) technical measures, (iii) establishes an internal audit system, and (iv) acts in accordance with the measures stipulated in the Personal Data Protection Law in case of unlawful disclosure of personal data.

DESTRUCTION OF PERSONAL DATA

Our company has prepared and published a DESTRUCTION POLICY that defines the procedures for destroying personal data. All destruction processes are carried out in accordance with this policy. In accordance with Article 7 of the Law, even if personal data has been processed lawfully, if the reasons requiring its processing cease to exist, the personal data will be destroyed automatically or upon the request of the Data Subject, in accordance with the Data Protection and Destruction Policy specifically prepared by the Company, the relevant legislation, and the guidelines published by the Authority.

The retention periods for each data type and process are clearly defined in the personal data inventory prepared by our company, which regulates all data processing processes, and these periods are taken as the basis for destruction processes.

MATTERS RELATING TO THE PROTECTION OF PERSONAL DATA

YMB, in accordance with Article 12 of the Personal Data Protection Law, takes the necessary technical and administrative measures to ensure an appropriate level of security to prevent the unlawful processing of personal data, unlawful access to data, and to ensure the preservation of data, and conducts or commissions the necessary audits in this regard.

YMB takes technical and administrative measures to ensure the lawful processing of personal data, in accordance with technological capabilities and implementation costs.

ADMINISTRATIVE MEASURES

The main technical measures taken by our company to ensure the lawful processing of personal data are listed below:

Personal data processing activities carried out within YMB are regularly audited.
Technical measures taken are periodically reported to the relevant parties as required by the internal audit mechanism.
Departments have been established for technical matters, and knowledgeable personnel are employed in this area.
New technological developments are monitored, and technical measures are taken on systems, especially in the field of cybersecurity; these measures are periodically updated and renewed.
Access and authorization solutions are implemented within the framework of the legal compliance requirements determined for each department within YMB.
Access permissions are restricted, and permissions are regularly reviewed. Access restrictions are applied to former employees, and accounts are closed.
Technical measures taken in accordance with YMB's internal procedures are reported to the relevant users, and issues posing risks are re-evaluated, and necessary technological solutions are produced.
Software and hardware including virus protection systems, data breach security, and firewalls are installed.
Expert personnel are employed in technical matters.
All information systems, including applications that collect personal data, are regularly subjected to external impact testing to identify security vulnerabilities, and any vulnerabilities found are addressed based on the results of these tests.

ADMINISTRATIVE MEASURES

Administrative measures taken by our company to ensure the lawful processing of personal data:

YMB employees, dealers, and authorized service personnel are informed and trained on personal data protection law and the lawful processing of personal data.
All personal data processing activities carried out by YMB are conducted in accordance with the personal data inventory and its appendices, which have been created through a detailed analysis of all business units.
The personal data processing activities carried out by the relevant departments within YMB, and the obligations to be fulfilled to ensure that these activities comply with the personal data processing conditions required by the KVKK (Personal Data Protection Law), are governed by written policies and procedures established by YMB. Each business unit has been informed about this matter, and the points to be considered specific to its activities have been determined.
The auditing and management of personal data security within YMB's departments are organized by Information Security Committees. Awareness is raised to ensure compliance with legal requirements determined on a unit-by-unit basis, and necessary administrative measures to ensure the auditing and continuous implementation of these requirements are put into practice through internal company policies, procedures, and training.
Service contracts and related documents between YMB and its employees include clauses providing information about personal data and data security, and additional protocols are being established. Efforts have been made to raise the necessary awareness among employees regarding this matter.
Within YMB, legal compliance, internal personal data access, and authorization processes are implemented for each department, taking into account personal data processing procedures.

COMMUNICATION

You can submit your request regarding your rights under the Personal Data Protection Law (KVKK) mentioned above by filling out the application form on YMB's website www.desiniahome.com and sending it to our company (i) by hand or by registered mail with return receipt to the postal address below with your wet signature, or (ii) by sending a copy with a secure electronic signature to kvkk@ymb.com.tr.

In cases where the data subjects submit their requests regarding their personal data to our company in writing, the company, as the data controller, will carry out the necessary processes to ensure that the request is processed as soon as possible and within thirty (30) days at the latest, in accordance with Article 13 of the KVKK, depending on the nature of the request.

In order to ensure data security, the company may request information to determine whether the applicant is the owner of the personal data in question. Our company may also ask questions regarding the data subject's application to ensure that the application is processed appropriately.

The data subject's application; The request may be rejected, with a stated reason, in cases where it is likely to infringe upon the rights and freedoms of others, requires disproportionate effort, or the information is publicly available.

ENTRY INTO FORCE OF THE POLICY

This Policy, prepared by YMB, came into effect on June 26, 2020. This Policy is published on YMB's website (www.ymb.com.tr) and is made available to data subjects upon request.

YMB TECHNOLOGICAL PRODUCTS MARKETING INDUSTRY AND TRADE INC. (Data Controller)

ADDRESS: Istanbul Tuzla Anatolian Side Organized Industrial Zone, Gazi Boulevard, No: 55 Tuzla/ISTANBUL

PHONE: 0850 811 6575

MERSIS:

WEB ADDRESS: www.ymb.com.tr

COOKIES

YMB TECHNOLOGICAL PRODUCTS MARKETING INDUSTRY AND TRADE INC. (“YMB”, “YMB”) uses only essential cookies to facilitate and personalize your use of our website. We want this text to help you understand why these technologies are used and how you can control them or delete them if you prefer.

What are cookies?

Almost all companies that offer products or services to their customers through websites use cookies on these websites. We also use cookies to provide you with a better, faster, and safer service experience and to improve our products and services in line with your requests and needs. A cookie is a small text file that is stored on your device (e.g., computer or mobile phone) when you visit a website. Cookies can be stored on your device via your browser during your first visit to a website. When you visit the same site again with the same device, your browser checks whether there is a cookie registered on your device for that site. If there is a record, it transmits the data in the record to the website you are visiting. In this way, the website understands that you have visited the site before and determines the content to be delivered to you accordingly.

Why are cookies used?

Some cookies allow the website to remember your preferences from previous visits, making your subsequent visits a much more user-friendly and personalized experience.

Controlling and Deleting Cookies

To change your preferences regarding the use of cookies, or to block or delete cookies, simply change your browser settings. Many browsers give you the option to control cookies by allowing you to accept or reject cookies, accept only certain types of cookies, or be warned by the browser when a website requests to store cookies on your device. It is also possible to delete cookies that have been previously saved to your browser. The procedures for controlling or deleting cookies may vary depending on the browser you are using.