Corporate KVKK Disclosure

CLARIFICATION TEXT ON THE PROCESSING OF PERSONAL DATA CORPORATE GENERAL NOTICE As Sac Denizcilik, within the scope of the Personal Data Protection Law No. 6698 (“KVKK”) and related legislation and regulations, we prepared this notice to inform our Visitors, Online Visitors, Customers, Potential Customers, Supplier Employees, and Supplier Representatives about the processing, storage, and transfer of your personal data. 1) Which Personal Data Categories Do We Process and For What Purposes? Your personal information may be processed by enginshipyard in line with Article 4.2 of KVKK: (i) Compliance with law and the rule of honesty, (ii) Accuracy and, when necessary, being up to date, (iii) Processing for specific, explicit, and legitimate purposes, (iv) Being relevant, limited, and proportionate to the purpose for which they are processed, (v) Retention for the period prescribed by relevant legislation or necessary for the purposes for which they are processed, in accordance with these principles, within the business relationships we establish and maintain with our partners (one person may fit multiple categories) and for the purposes listed below. A. Our Visitors Identity information (e.g., name, surname) and physical space security information (e.g., camera recordings) of our visitors; a) to create and track visitor records, b) to ensure physical site security. B. Our Online Visitors Transaction security information (e.g., your IP address), marketing information (e.g., purchase history, cookie records), and—if you share them with us*—of online visitors using our website a) to conduct activities in compliance with legislation, b) to run information security processes, c) to provide information to authorized persons, institutions, and organizations, d) to enable your access to our website via the internet. C. Our Customers Identity information, contact information, customer transaction information (e.g., order data), physical space security information, financial information (e.g., balance sheet data), legal transaction information, and marketing information (e.g., purchase history) of our real person customers or the authorized persons and/or employees of our legal entity customers; a) to conduct activities in compliance with legislation, b) to run finance and accounting operations, c) to conduct/audit business activities, d) to carry out logistics operations, e) to provide after-sales support services, f) to conduct goods/services sales processes, g) to conduct marketing analysis, h) to carry out contract processes, i) to provide information to authorized persons, institutions, and organizations, j) to ensure physical site security, k) to resolve legal disputes, l) to carry out retention and archiving activities, m) to run risk management processes, n) to execute advertisement/campaign/promotion processes, o) to conduct loyalty processes for company/products/services, p) to conduct communication activities. D. Our Potential Customers Identity information, contact information, customer transaction information, physical space security information, and marketing information of potential real or legal-entity customers’ authorized persons and/or employees; a) to manage goods/services sales processes, b) to run contract processes, c) to ensure physical site security, d) to conduct advertisement/campaign/promotion processes, e) to run marketing analysis studies. E. Our Supplier Employees Identity information, contact information, and physical space security information of our supplier employees; a) to conduct communication activities, b) to conduct/audit business activities, c) to ensure physical site security, d) to run supply chain management processes, e) to carry out logistics activities, f) to conduct activities in compliance with legislation, g) to run occupational health/safety activities. F. Our Supplier Representatives Identity information, contact information, physical site security information, customer transaction information, financial information, marketing information, and legal transaction information of our real person suppliers or legal entity supplier representatives; a) to conduct/audit business activities, b) to run goods/service purchasing processes, c) to conduct finance and accounting operations, d) to manage contract processes, e) to run investment processes, f) to ensure physical site security, g) to follow up and conduct legal affairs. 2) By What Methods Do We Collect Your Personal Data? Your personal data specified above by category are collected through physical means such as order forms, contracts, visitor forms, or through information systems and electronic devices (e.g., telecommunication infrastructure, computers and phones), third parties (e.g., KKB and Findeks), our website, and other documents declared by the data subject, by automated or non-automated means. 3) What Is the Legal Basis for Collecting Your Personal Data? Your personal data are processed by enginshipyard to realize the purposes explained above, based on the legal grounds in Article 5 of KVKK: (i) Explicitly stipulated in laws, (ii) Necessary for the establishment or performance of a contract, provided it is directly related to the parties to the contract, (iii) Necessary for the data controller to fulfill its legal obligation, (iv) Necessary for the establishment, exercise, or protection of a right, (v) Necessary for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject. If a data processing activity cannot be based on the legal grounds above, your personal data are processed based on your explicit consent. 4) Do We Transfer Your Personal Data to a Third Party? a) Personal data of our visitors may be shared with law enforcement and judicial authorities to resolve legal disputes and when required by relevant legislation. b) Personal data of our online visitors may be shared with judicial authorities and authorized public institutions and organizations to resolve legal disputes and when required by relevant legislation. c) Personal data of our customers, within the scope prescribed by legal regulations, are transferred to authorized public institutions and organizations for conducting activities in compliance with legislation, follow-up and execution of legal affairs, and providing information to authorized persons, institutions, and organizations; and to our group companies, IT company, suppliers, cargo companies, banks, and financial advisor to the extent necessary to execute business activities/audits, risk management processes, and to properly fulfill our services. These personal data may also be transferred to the law firm we work with and judicial authorities to be used as evidence in potential future legal disputes. d) Personal data of our potential customers may be transferred to the law firm we work with and judicial authorities to be used as evidence in potential future legal disputes. e) Personal data of our supplier employees, within the scope prescribed by legal regulation, are transferred to authorized public institutions and organizations for conducting activities in compliance with legislation, follow-up and execution of legal affairs, providing information to authorized persons, institutions, and organizations, and conducting/auditing business activities; and to our group companies, IT company, suppliers, cargo companies, banks, and financial advisor to the extent necessary to properly fulfill the service. These personal data may also be transferred to the law firm we work with and judicial authorities to be used as evidence in potential future legal disputes. f) Personal data of our supplier representatives, within the scope prescribed by legal regulation, are transferred to authorized public institutions and organizations for conducting activities in compliance with legislation, follow-up and execution of legal affairs, providing information to authorized persons, institutions, and organizations, and conducting/auditing business activities; and to our group companies, IT company, suppliers, cargo companies, banks, and financial advisor to the extent necessary to properly fulfill the service. These personal data may also be transferred to the law firm we work with and judicial authorities to be used as evidence in potential future legal disputes. 5) Do We Transfer Your Personal Data Abroad? As enginshipyard, we do not transfer your personal data abroad. 6) How Can You Exercise Your Rights Regarding Your Personal Data? You can submit your requests within the scope of Article 11 of KVKK, which regulates the rights of data subjects, via the “Data Controller Application Form” prepared for your convenience in accordance with the “Communiqué on the Principles and Procedures for the Application to the Data Controller” available at “www.enginshipyard.com”. Data Controller: enginshipyard Address: Hürriyet Mah. Bursa Cad. No:38/4 Altınova / Yalova Email: To be updated