“Law on Protection of Personal Data”

Confidentiality

and

Clarification Statement

Definitions

In this clarification text;

Personal Data: shall mean any information related to the identified or identifiable real persons,

Law on Protection of Personal Data (“LPPD”): shall mean the Law No. 6698 on the Protection of Personal Data, which entered into force after being published in the Official Gazette on April 7, 2016,

Data Processor: shall mean a natural or legal entity who processes personal data on his/her behalf on the basis of the authority conferred by the data controller,

Data controller: shall mean to real or legal person responsible for identifying the purposes and means of personal data processing and installing and managing data recording system,

Related person: shall mean the real person whose personal data is processed,

As Telateks Dış Ticaret ve Kompozit Sanayi A.Ş. (“Our Company”), our priority principles include the protection of fundamental rights and freedoms, the protection of privacy regarding private lives, the provision and protection of information security, and respect for ethical values. Therefore, within the scope of fulfilling our obligation to inform arising from the 10^th article of the Law on the Protection of Personal Data (“LPPD”), the following explanations are submitted for your information;

Data Controller

Data controller is the company titled “Telateks Dış Ticaret ve Kompozit Sanayi A.Ş.” which is registered at Istanbul Trade Registry with registration number of 532161, with Mersis (central registration system) number 837044163100018, and located in the address of “Orhanlı Mahallesi Gülsüm Sokak No:14 Tuzla/Istanbul”

Parties whose Data are Collected

Within the scope of the Personal Data Protection Law, we collect the data of the parties mentioned below who have a business relationship with our company. These are;

• Our Employees and prospective employees
• Family members and relatives of our employees and prospective employees,
• Our customers,
• Our suppliers,
• Our consultants,
• Our business partners,
• Our shareholders,
• Our company officials,
• Our company representatives
• Person(s) with whom we have a contractual relationship and their employees,
• Person(s) who are the addressee of legal proceedings,
• Survey participants,
• Our visitors,

Data Collected from the Parties and Processed by Our Company

Our company collects and processes the following data within the scope of the 5^th and 6^th Articles of the Law on the Protection of Personal Data. These are;

• Family and social life information,
• Education and training information,
• Employment Information,
• Information on request/complaint management,
• Information on legal affairs,
• Information on ethical values and compliance with the law,
• Financial information,
• Audit information,
• Electronic media usage information,
• Information on goods and services supplied and provided,
• Business activities information,
• Information on trade and other licenses and permits,
• Physical area security information,
• Visual and audio information (photograph, camera, sound recordings),
• Telecommunications records,
• E-mail and information systems services usage records,
• Entry logs,
• Health reports and health information,
• Biometric data, and
• Criminal record information

Data Collection Purposes of Our Company

We collect and process data in order to realize our company purposes, which we have stated below, on the condition that it is limited to the relevant purposes within the scope of the 5^th and 6^th Articles of the Law on the Protection of Personal Data. These are;

• Realization of our company’s commercial activities.
• Carrying out business processes related to commercial activities,
• Management and execution of relations with business partners and/or suppliers,
• Technical management of our company’s websites,
• Customer management and follow-up of complaints,
• Product surveys and follow-up of the questions you send to our company,
• Carrying out the necessary work by our business units in order to allow you to benefit from the products and services offered by our company,
• Planning and execution of sales, marketing and after-sales processes of products and/or services,
• Providing information about the contents of products and services,
• Sending commercial e-mail messages in compliance with the legislation and subject to consent,
• Conducting competitions, events and other organizations,
• Execution of legal and commercial relations with our Company and persons who have business relations with our Company and ensuring the security of these relations,
• Administrative operations for communication carried out by our company,
• Employee administration and management,
• Ensuring the physical security and control of the company’s locations,
• Planning of logistics activities,
• Conducting reputation research processes,
• Compliance with ethical values and law, and execution of legal business and procedures,
• Following up contract processes and legal requests
• Planning and executing Human Resources and personnel recruitment processes, and monitoring and realizing education and training activities,
• Planning and execution of occupational health and safety procedures
• Ensuring that our Company can benefit from incentives by conducting research and development activities,
• Planning and execution of corporate communication and corporate governance activities,
• Execution of information security management services,
• Carrying out activities for monitoring and auditing finance and/or accounting works and determining the financial risks of customers,
• Determining and implementing our company’s commercial and business strategies,
• Creating and tracking visitor records,
• For other purpose or purposes to be notified to the person concerned during the collection of the information,
• In order to ensure the fulfillment of legal obligations as required or mandated by the relevant legislation,

Transfer of Data Collected and Processed by Our Company within the scope of Purposes

Your personal data collected by our company within the framework of the personal data processing conditions and purposes set forth in the 8^th and 9^th Articles of the Law on the Protection of Personal Data, may be shared with our affiliates, shareholders, business partners (only anonymously), legally authorized public institutions and private individuals and other persons within the scope of the purposes detailed above.

Our Company’s Data Collection Method and Legal Reasons

Personal data are collected, used, recorded, stored and processed by our company by giving verbal, written and/or electronic information to the personal data subjects in a clear and understandable manner and by obtaining their express consents, if necessary, and through verbal, written and/or electronic means and in accordance with the law and rules of honesty, in connection with and limited to the legitimate purposes clearly stated above and within the scope of within the framework of the principle of proportionality.

We assure that your personal data will not be processed by our company for purposes other than those specified in this clarification document, and will not be transferred or stored to third parties in the country or abroad.

Storage Period of Data Collected by Our Company

Your personal data is stored within the storage periods specified in the relevant legislation, if no period has been determined in the relevant legislation, in accordance with the practices of our Company and the practices of commercial life or for the period required by the above-mentioned processing purposes and afterwards they are is deleted, destroyed or anonymized in accordance with the 7^th article of the Law on the Protection of Personal Data.

Security of Your Data Collected and Processed by Our Company

In order to ensure that your personal data is not exposed to unauthorized access, lost or damaged in the environments where they are processed and stored, the technical and administrative measures of the Information Security Management promoted by our management and Personal Data Protection Management System (ISO 27001, ISO 27701) requirements as well as the Personal Data Security Guideline requirements published by the LPPD board are constantly operated and developed by our management within the scope of continuous improvement.

Rights of Relevant Person whose Data is Collected and Processed

In accordance with the 11^th article of Law on Protection of Personal Data, everyone is entitled to apply to the data controller, regarding himself/herself,

1. a) To find out whether his/her personal data are processed,
2. b) To request information regarding this if his/her personal data are processed,
3. c) To learn the purpose of the data processing and if this data is used for intended purposes,

ç) To know about the third parties to whom personal data are transferred domestically or abroad,

1. d) To request the rectification of the incomplete or inaccurate data, if any,
2. e) To request his/her personal data to be erased or destroyed under the conditions stipulated in the 7^th Article,
3. f) To request notification of the operations carried out in compliance with subparagraphs (e) and (f) to third parties to whom his/her personal data has been transferred,
4. g) To object to consequences to her/his detriment, arising from the analysis of the processed data exclusively through automatic systems,

ğ) To claim compensation in case of suffering loss due to illegal processing of the personal data.

Application Methods within the scope of the Rights of the Related Person

In accordance with the 1^st item of 13^th Article of Law on Protection of Personal Data, you can make your request to exercise your above-mentioned rights with the following methods and information, pursuant to the “Communiqué on the Procedures and Principles of Application to Data Controller” published on March 10, 2018, numbered 30356.

Necessary information in the application content;

1. Name surname information of the applicant.
2. If the applicant is a citizen of the Republic of Turkey Turkish Identity Number if not his/her nationality with Passport number or the Identity number, if any.
3. The applicant’s domicile or business address for notification.
4. The applicant’s e-mail address, telephone or fax to be used for notification.
5. The subject of the applicant’s Claim
6. The information and documents regarding the subject of the claim of the applicant.

Application Methods;

1. The applicant can fill out the «Application Form» to the address of Telateks Dış Ticaret ve Kompozit Sanayi A.Ş. Orhanlı Mahallesi Gülsüm Sokak No:14 Tuzla Istanbul and putting it into a closed envelope and writing the note of «Information Request Pursuant to the Law on the Protection of Personal Data» on the envelope and deliver it to the information office by hand.
2. The applicant can give notice to the address of Telateks Dış Ticaret ve Kompozit Sanayi A.Ş. through a Notary but he/she must add the note of «Information Request Pursuant to the Law on the Protection of Personal Data» on the notice envelope.
3. He/she can apply by e-mailing to the address of telateksdis@hs01.kep.tr which is the Registered Electronic Address of our company with a «Secure Electronic Signature» as defined in Electronic signature law no 5070, and by typing «Information Request Pursuant to the Law on the Protection of Personal Data to the subject section of the e-mail.

*Address: Orhanlı Mahallesi Gülsüm Sokak No:14 Tuzla/Istanbul

You can obtain detailed information about the application and complaint process regarding your above-mentioned rights

And you can obtain the application form regarding your above-mentioned rights from the address of  here.