Corporate KVKK Disclosure

CLARIFICATION TEXT ON THE PROCESSING OF PERSONAL DATA CORPORATE GENERAL DISCLOSURE As ENGINSHIPYARD, within the scope of the Personal Data Protection Law No. 6698 ("KVKK") and the applicable legislation and legal regulations, we prepared this disclosure to inform our Visitors, Online Visitors, Customers, Potential Customers, Supplier Employees, and Supplier Representatives about how your personal data are processed, stored, and transferred. 1) Which Personal Data Categories Do We Process and For What Purposes? Your personal data are processed by ENGINSHIPYARD pursuant to Article 4.2 of KVKK, which requires that they be: (i) processed lawfully and fairly, (ii) accurate and, when necessary, kept up to date, (iii) collected for specific, explicit, and legitimate purposes, (iv) relevant, limited, and proportionate to the purposes for which they are processed, (v) retained for the period prescribed in the relevant legislation or required for the purposes of processing. In line with these principles, and within the business relationships we establish and maintain with our business partners (a person may fall under more than one category), your data may be processed for the purposes listed below. A. Our Visitors Identity information (e.g., name, surname) and physical premises security information (e.g., CCTV recordings) of our visitors will be processed: a) to create and monitor visitor records, b) to ensure the security of our physical premises. B. Our Online Visitors Transaction security information (e.g., your IP address), marketing information (e.g., purchase history, cookie records) and, if you share them with us*, other data of online visitors using our website will be processed: a) to conduct activities in compliance with legislation, b) to run information security processes, c) to provide information to authorized persons, institutions, and organizations, d) to enable your access to our website via the internet. C. Our Customers Identity information, contact information, customer transaction information (e.g., order data), physical premises security information, financial information (e.g., balance sheet data), legal transaction information, and marketing information (e.g., purchase history) of our real-person customers or the authorized persons and/or employees of our legal-entity customers will be processed: a) to conduct activities in compliance with legislation, b) to run finance and accounting operations, c) to conduct/audit business activities, d) to manage logistics operations, e) to provide post-sales support services, f) to run goods/services sales processes, g) to carry out marketing analysis studies, h) to conduct contract processes, i) to provide information to authorized persons, institutions, and organizations, j) to ensure the security of our physical premises, k) to resolve legal disputes, l) to conduct retention and archiving activities, m) to run risk management processes, n) to execute advertisement/campaign/promotion processes, o) to conduct loyalty processes tied to the company/products/services, p) to conduct communication activities. D. Our Potential Customers Identity information, contact information, customer transaction information, physical premises security information, and marketing information of potential real-person customers or the authorized persons and/or employees of legal-entity customers will be processed: a) to manage goods/services sales processes, b) to conduct contract processes, c) to ensure the security of our physical premises, d) to execute advertisement/campaign/promotion processes, e) to perform marketing analysis studies. E. Our Supplier Employees Identity information, contact information, and physical premises security information of our supplier employees will be processed: a) to conduct communication activities, b) to conduct/audit business activities, c) to ensure the security of our physical premises, d) to run supply chain management processes, e) to conduct logistics operations, f) to carry out activities in compliance with legislation, g) to conduct occupational health and safety activities. F. Our Supplier Representatives Identity information, contact information, physical premises security information, customer transaction information, financial information, marketing information, and legal transaction information of our real-person suppliers or the authorized persons of our legal-entity suppliers will be processed: a) to conduct/audit business activities, b) to run goods/services purchasing processes, c) to conduct finance and accounting operations, d) to manage contract processes, e) to carry out investment processes, f) to ensure the security of our physical premises, g) to follow up and conduct legal affairs. 2) How Do We Collect Your Personal Data? Your personal data specified above by category are collected through physical means such as order forms, contracts, and visitor forms, or through information systems and electronic devices (e.g., telecommunication infrastructure, computers, and phones), third parties (e.g., KKB and Findeks), our website, and other documents declared by the data subject, either automatically or non-automatically. 3) What Is the Legal Basis for Collecting Your Personal Data? Your personal data are processed by ENGINSHIPYARD for the purposes explained above on the legal grounds listed in Article 5 of KVKK: (i) it is explicitly prescribed by laws, (ii) it is necessary for the establishment or performance of a contract, provided that it is directly related to the parties to the contract, (iii) it is mandatory for the data controller to fulfill its legal obligation, (iv) it is necessary for the establishment, exercise, or protection of a right, (v) it is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject. If a data processing activity cannot be based on one of the legal grounds above, your personal data are processed on the basis of your explicit consent. 4) Do We Transfer Your Personal Data to Third Parties? a) Personal data of our visitors may be shared with law enforcement agencies and judicial authorities to resolve legal disputes and when required by the applicable legislation. b) Personal data of our online visitors may be shared with judicial authorities and authorized public institutions and organizations to resolve legal disputes and when required by the applicable legislation. c) Personal data of our customers, within the scope prescribed by legal regulations, may be transferred to authorized public institutions and organizations for conducting activities in compliance with legislation, following up and executing legal affairs, and providing information to authorized persons, institutions, and organizations; and to our group companies, IT company, suppliers, cargo companies, banks, and financial advisor to the extent necessary to conduct/audit business activities, run risk management processes, and properly perform our services. These personal data may also be transferred to the law firm we work with and judicial authorities so that they can be used as evidence in possible future legal disputes. d) Personal data of our potential customers may be transferred to the law firm we work with and judicial authorities so that they can be used as evidence in possible future legal disputes. e) Personal data of our supplier employees, within the scope prescribed by legal regulation, may be transferred to authorized public institutions and organizations for conducting activities in compliance with legislation, following up and executing legal affairs, providing information to authorized persons, institutions, and organizations, and conducting/auditing business activities; and to our group companies, IT company, suppliers, cargo companies, banks, and financial advisor to the extent necessary to properly perform the service. These personal data may also be transferred to the law firm we work with and judicial authorities so that they can be used as evidence in possible future legal disputes. f) Personal data of our supplier representatives, within the scope prescribed by legal regulation, may be transferred to authorized public institutions and organizations for conducting activities in compliance with legislation, following up and executing legal affairs, providing information to authorized persons, institutions, and organizations, and conducting/auditing business activities; and to our group companies, IT company, suppliers, cargo companies, banks, and financial advisor to the extent necessary to properly perform the service. These personal data may also be transferred to the law firm we work with and judicial authorities so that they can be used as evidence in possible future legal disputes. 5) Do We Transfer Your Personal Data Abroad? As ENGINSHIPYARD, we do not transfer your personal data abroad. 6) How Can You Exercise Your Rights Regarding Your Personal Data? You can submit your requests within the scope of Article 11 of KVKK, which regulates the rights of data subjects, via the "Data Controller Application Form" prepared for your convenience in accordance with the "Communiqué on the Principles and Procedures for the Application to the Data Controller" available at "www.enginshipyard.com". Data Controller: ENGINSHIPYARD Address: Hürriyet Mah. Bursa Cad. No:38/4 Altınova / Yalova Email: info@enginshipyard.com