1.INTRODUCTION

This clarification text has been prepared in order to inform the relevant persons regarding the processing of personal data collected by Gigatecq Software and Technology Inc. ("COMPANY"), acting as the data controller, in accordance with the Personal Data Protection Law No. 6698 ("KVKK").

THE COMPANY shows utmost sensitivity and effort regarding the processing, protection, and security of personal data.

Personal data may be collected by THE COMPANY through all kinds of auditory, written, visual, or electronic methods.

In this context, and in accordance with the Law, the personal data of the relevant persons may be processed by THE COMPANY as a Data Controller for the operations and processes that need to be carried out in accordance with the general principles stated in the Law.

2.PURPOSE OF PROCESSING PERSONAL DATA

Personal data is processed for the purposes below, in accordance with the processing conditions and objectives stated in Articles 5 and 6 of the Law, and is not limited to these.

The purpose of processing personal data is;

To carry out the necessary works to ensure maximum benefit from the services provided by THE COMPANY,

To ensure the legal obligations and service security of THE COMPANY and its stakeholders,

To maintain the services and strategies of THE COMPANY,

• To carry out human resources and employment policies

• To fulfill legal obligations

• To manage corporate communication and accessibility

• To implement internal security practices

• To execute information security and data protection processes

• To manage emergency situations, health, and safety processes

• Operational tasks such as equipment delivery, office entry-exit records

3.SHARING AND TRANSFER OF PERSONAL DATA

Within the framework of the conditions specified in Articles 8 and 9 of the Law, personal data may be shared with THE COMPANY's suppliers, service providers, data processors, and legally authorized institutions and organizations, in compliance with relevant legislation, in accordance with the conditions and purposes of personal data processing.

THE COMPANY makes great effort to take the necessary administrative and technical measures, and all security precautions, in the event of sharing personal data. Furthermore, THE COMPANY carries out studies related to the ISO 27001 Information Security Management System and other information and data security. THE COMPANY complies with its obligation of care and diligence regarding the transfer and sharing of your data and values your data and security.

4.METHOD OF COLLECTING PERSONAL DATA AND LEGAL BASIS

THE COMPANY collects personal data based on various legal grounds such as ensuring that the services provided by THE COMPANY conform to laws and relevant regulations and that THE COMPANY fulfills its contractual and legal obligations without fail, within the framework of the purposes stated in this clarification text, through all kinds of auditory, written, visual, and electronic environments, in accordance with the conditions specified in the Law. Provided that it does not harm the fundamental rights and freedoms of the relevant person, data processing is mandatory for the legitimate interests of the data controller.

5.RIGHTS OF PERSONAL DATA OWNERS AND PROTECTION OF RIGHTS

According to Article 11 of the Law, personal data owners have the right to;

Learn whether their personal data is being processed,

Request information regarding their personal data if it has been processed,

Learn the purpose of processing personal data and whether it is used in accordance with that purpose,

Know third parties to whom personal data is transferred, domestically or abroad,

Request correction of personal data in case of incomplete or inaccurate processing,

Request deletion or destruction of personal data under the conditions set forth in Article 7 of the Law,

Request that transactions made pursuant to Articles 5 and 6 be notified to third parties to whom personal data has been transferred,

Object to the emergence of a result against the individual by analyzing the processed data exclusively through automated systems,

Request compensation for damages in case of damage due to unlawful processing of personal data.

To exercise these rights, personal data owners must submit their requests to THE COMPANY in writing, and the requests will be concluded as soon as possible depending on the nature of the request, but in any case no later than 30 days. The address and contact information for applying to THE COMPANY are specified below. You can send your written application to Gigatecq Software and Technology A.Ş.'s Merkez mahallesi Abide-i Hürriyet caddesi No 211 Şişli/İstanbul address or via registered electronic mail at info@gigatecq.com.