SOZAL CHEMICAL INDUSTRY AND TRADE INC. JOINT STOCK COMPANY

FIRST PART

1.INTRODUCTION

1.1. Entrance

As Sözal Kimya Sanayi Ve Ticaret Anonim Şirketi (“Company”), we attach utmost importance to the legal processing and protection of personal data in accordance with the Law No. 6698 on the Protection of Personal Data (“Law”), and we act with such care in all our planning and activities. With this awareness, we present this Personal Data Processing and Protection Policy (“Policy”) to your information in order to fulfill the obligation of disclosure within the scope of Article 10 of the Law and to inform you of all the administrative and technical measures we have taken within the scope of processing and protection of personal data.

1.2. Purpose of the Policy

The main purpose of this Policy is to make explanations about the systems for processing and protecting personal data in accordance with the law and the purpose of the Law, in this context, Company Stakeholders, Company Officials, Company Business Partners, Employee Candidates, Visitors, Company and Group Company Customers, Potential To inform the persons whose personal data are processed by our Company, especially the Customers and Third Parties. In this way, it is aimed to ensure full compliance with the legislation in the processing and protection of personal data carried out by our Company and to protect all the rights of personal data owners arising from the legislation regarding personal data.

1.3. Scope of the Policy and Personal Data Owners

This Policy; Personal data of which are processed by our Company, especially Company Stakeholders, Company Officials, Company Business Partners, Employee Candidates, Visitors, Company and Group Company Customers, Potential Customers and Third Parties, automatically or by non-automatic means provided that they are part of any data recording system. It has been prepared for individuals and will be implemented within the scope of these specified persons. This Policy will in no way apply to legal entities and legal entity data.

Our company informs the Personal Data Owners about the Law by publishing this Policy on its website. These policies published on the company's website will also be applied to our company's employees. This Policy will not be applied if the data is not included in the scope of "Personal Data" within the scope specified below or if the Personal Data processing activity carried out by our Company is not carried out in the above-mentioned ways.

In this context, the personal data owners within the scope of this Policy are as follows:

1.4. Definitions

The terms used in this Policy have the following meanings:

1.5. Enforcement of the Policy

This Policy, which was issued by the Company and entered into force on 01/05/2018, has been updated on 28/09/2020 and is published on the Company's website (www.sozal.com.tr) and made available to the relevant persons upon the request of the Personal Data Owners.

SECOND PART

2. PROCESSING AND TRANSFERRING PERSONAL DATA

2.1. General Principles in the Processing of Personal Data

Personal Data is processed by the Company in accordance with the procedures and principles stipulated in the Law and this Policy. The Company acts with the following principles when processing Personal Data:

• Personal Data  is processed in accordance with the relevant legal rules and the requirements of the honesty rule  .
• It is ensured that Personal Data  is accurate and up-to-date  . In this context, issues such as determining the sources from which the data is obtained, confirming its accuracy, and evaluating whether it needs to be updated are carefully considered.
• Personal Data; processed  for specific, explicit and legitimate purposes  . Being legitimate means that the Personal Data processed by the Company is related to and necessary for the work it does or the service it provides.
• Personal Data is related to the purpose in order to achieve the purposes determined by the Company, and the processing of Personal Data that is not related to the realization of the purpose or is not needed is avoided. It limits the processed data only to what is necessary for the realization of the purpose. Personal Data processed within this scope  are related, limited and measured for the purpose for which they are processed .
• If there is a period stipulated for the storage of data in the relevant legislation, it complies with these periods; otherwise,  it retains Personal Data only for as long as is necessary for the purpose for which it was processed  . In the event that there is no valid reason for further preservation of Personal Data, such data is deleted, destroyed or anonymized.

2.2. Terms of Processing Personal Data

The Company does not process Personal Data without the explicit consent of the data owner. In the presence of one of the following conditions, Personal Data may be processed without seeking the explicit consent of the data owner.

• The Company may process the Personal Data of Personal Data Owners in cases expressly stipulated by law, even without express consent. (For example, in accordance with Article 230 of the Tax Procedure Law, the express consent of the person concerned will not be sought for the name of the person concerned to be included on the invoice.)
• Personal Data may be processed without explicit consent in order to protect the life or bodily integrity of the person or another person who are unable to express their consent due to actual impossibility or whose consent cannot be validated. (For example, in cases where the person is unconscious or his consent is not valid due to mental illness, during medical intervention in order to protect his life or body integrity), Personal Data of the Personal Data Owner may be processed. In this context, data such as blood type, diseases and surgeries, and medications used can be processed through the relevant health system.
• Personal Data of the parties to the contract may be processed, provided that it is directly related to the establishment or performance of a contract by the Company. (For example, according to a signed contract, the account number of the creditor can be obtained for the payment of money.)
• The Company may process the Personal Data of Personal Data Owners if it is necessary to fulfill its legal obligations as a data controller.
• Personal Data made public by the Personal Data Owners by the Company, in other words, disclosed to the public in any way, may be processed because the legal benefit that needs to be protected is no longer valid.
• The Company may process the Personal Data of Personal Data Owners without seeking explicit consent in cases where data processing is necessary for the exercise or protection of a legally legitimate right.
• The Company may process Personal Data of Personal Data Owners in cases where it is necessary to process Personal Data for their legitimate interests, provided that it does not harm the fundamental rights and freedoms of Personal Data Owners protected under the Law and Policy. The Company shows the necessary sensitivity to comply with the basic principles regarding the protection of Personal Data and to observe the balance of interests of the Personal Data Owners.

2.3. Conditions of Processing of Special Quality Personal Data

The Company does not process Sensitive Personal Data without the explicit consent of the person concerned. However, Personal Data other than health and sexual life may be processed without seeking the explicit consent of the person concerned, in cases stipulated by the laws. Personal Data regarding health and sexual life are only processed by the Company for the purposes of protecting public health, performing preventive medicine, medical diagnosis and treatment and care services, planning and managing health services and financing, without seeking the explicit consent of the person concerned, under the conditions under which we are under the obligation to keep secrets. The Company carries out the necessary actions to take adequate measures determined by the Board in the processing of Private Personal Data. 

2.4. Terms of Transfer of Personal Data

Our company may transfer Personal Data of Personal Data Owners and Private Personal Data to third parties in accordance with the Law by creating the necessary confidentiality conditions and taking security measures in line with the purposes of processing Personal Data. Our company acts in accordance with the regulations stipulated in the Law during the transfer of Personal Data. In this context, our Company is based on and limited to one or more of the Personal Data processing conditions listed below, specified in Article 5 of the Law, in line with the legitimate and lawful Personal Data processing purposes.

Personal Data to third parties:

• If the Personal Data owner has express consent;
• If there is a clear regulation in the law regarding the transfer of Personal Data, if it is necessary for the protection of the life or physical integrity of the Personal Data owner or someone else, and
• If the Personal Data owner is unable to express his consent due to actual impossibility or if his consent is not legally valid,
• If it is necessary to transfer the Personal Data of the parties to the contract, provided that it is directly related to the establishment or performance of a contract,
• If Personal Data transfer is mandatory for our company to fulfill its legal obligation,
• If the Personal Data has been made public by the Personal Data owner,
• If Personal Data transfer is necessary for the establishment, exercise or protection of a right,
• Provided that it does not harm the fundamental rights and freedoms of the Personal Data owner, Personal Data may be transferred if it is necessary for the legitimate interests of our Company.

2.4.1. Conditions for Transferring Personal Data Abroad

Our company may transfer the Personal Data and Special Qualified Personal Data of the Personal Data Owners to third parties abroad by taking the necessary security measures in line with the Personal Data processing purposes. Personal Data by our Company; It can be transferred to foreign countries that are declared to have sufficient protection by the KVK Board or, in the absence of sufficient protection, to foreign countries where the data controllers in Turkey and the relevant foreign country undertake an adequate protection in writing and where the permission of the KVK Board is available.

2.5. Terms of Transfer of Special Quality Personal Data

The company, by showing due diligence, taking the necessary security measures and taking the adequate measures prescribed by the KVK Board; In accordance with the legitimate and lawful Personal Data processing purposes, the Personal Data Owner may transfer the Personal Data of Special Quality to third parties in the following cases.

1. In case of explicit consent of the Personal Data Owner, or
2. In the presence of the following conditions, without seeking the explicit consent of the Personal Data Owner;

• Sensitive Personal Data of the Personal Data Owner other than his/her health and sexual life (data related to race, ethnicity, political opinion, philosophical belief, religion, sect or other beliefs, dress, association, foundation or union membership, criminal conviction and security measures) and biometric and genetic data), in cases stipulated by law,
• Persons or authorized institutions and organizations that are under the obligation to keep confidential, only for the purpose of protecting public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing. by.

2.5.1. Transfer of Private Personal Data Abroad

The company, by showing due diligence, taking the necessary security measures and taking the adequate measures prescribed by the KVK Board; In accordance with the legitimate and lawful Personal Data processing purposes, it can transfer the Personal Data of the Personal Data Owner to foreign countries where the data controller has adequate protection or undertakes adequate protection in the following cases.

1. In case of explicit consent of the Personal Data Owner, or
2. In the presence of the following conditions, without seeking the explicit consent of the Personal Data Owner;

• Sensitive Personal Data of the Personal Data Owner other than his/her health and sexual life (data related to race, ethnicity, political opinion, philosophical belief, religion, sect or other beliefs, dress, association, foundation or union membership, criminal conviction and security measures) and biometric and genetic data), in cases stipulated by law,
• Persons or authorized institutions and organizations that are under the obligation to keep confidential, only for the purpose of protecting public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing. by.
•  

THIRD PART

3. PURPOSE OF PROCESSING AND TRANSFERRING PERSONAL DATA, PERSONS TO BE TRANSFERRED

3.1. Purposes of Processing and Transferring Personal Data

Personal Data; In accordance with the law and the purpose of the Law, the Company,

• Planning and implementing human resources policies in the best way, 
• Accurate planning, execution and management of commercial partnerships and strategies,
• Ensuring the legal, commercial and physical security of itself and its business partners,
• Ensuring corporate functioning, planning and execution of management and communication activities,
• Making the best use of the products and services of the Personal Data Owners and recommending them by customizing them according to their demands, needs and wishes,  
• Ensuring the highest level of data security, 
• Creation of databases,
• Improving the services offered on the website and eliminating the errors that occur on the site,
• Communicating with Personal Data Owners who forwarded their requests and complaints to him and ensuring the management of requests and complaints,
• event management,
• Management of relations with business partners or suppliers,
• Execution of personnel procurement processes,
• Supporting Group Companies' personnel procurement processes and compliance with the relevant legislation,
• Planning and execution of audit activities in order to ensure that the activities of the Group Companies are carried out in accordance with the relevant legislation,
• Supporting the planning and execution of fringe benefits and benefits to be provided to him and the senior executives of the Group Companies,
• Supporting Group Companies in the realization of company and partnership law transactions,
• Execution/follow-up of financial reporting and risk management transactions,
• Execution/follow-up of company legal affairs,
• Carrying out studies to protect its reputation,
• Managing investor relations,
• Giving information to authorized institutions based on legislation,
• Creating and tracking visitor records.

It is processed within the scope of the personal data processing conditions specified in Articles 5 and 6 of the Law, limited to its purposes. If the processing activity carried out for the aforementioned purposes does not meet any of the conditions stipulated in the Law, your explicit consent is obtained by the Company regarding the relevant processing process.

3.2. Persons to whom Personal Data will be Transferred

Personal Data can be shared with our business and solution partners, banks and third parties who perform technical, logistics and other similar transactions on our behalf, in order to ensure that the services offered to you are complete and flawless, and only to the extent appropriate with the nature of the service. These third parties consist of persons who are obliged to have access to the relevant information in order to provide the relevant services completely and flawlessly.

Apart from these, your Personal Data is also required in cases where data has to be shared with other third parties in order to provide the service fully and flawlessly, if it is necessary for the Company to fulfill its legal obligations, if it is expressly stipulated in the laws, or if there is a judicial/administrative order given in accordance with the law. be transferred only to the person or institution concerned.

Some of the Personal Data may be shared with advertisers in an aggregate anonymized form, only together with information of other users, in order to ensure that advertisements can be tailored to the target audience.

Anonymized data is information that cannot be matched with you, our visitors/customers, and does not contain your identity information or make your identity identifiable. Your privacy is guaranteed in anonymized data.

CHAPTER FOUR

• 4. METHOD OF COLLECTION AND LEGAL REASON OF PERSONAL DATA, DELETING, DESTROYING AND MAKING ANNOUNCEMENT AND STORAGE PERIOD

4.1. Method and Legal Reason for Personal Data Collection

Personal Data; in all kinds of verbal, written, electronic media; By technical and other methods, various ways such as stores, sales points, call center, Company website, mobile application, in order to realize the purposes stated in the Policy, within the framework of legal reasons based on legislation, contract, demand and request, the responsibilities arising from the law are fully and accurately fulfilled. It is collected and processed by the Company or the data processors assigned by the Company.

4.2. Deletion, Destruction or Anonymization of Personal Data

Without prejudice to the provisions in other laws regarding the deletion, destruction or anonymization of Personal Data, the Company deletes the Personal Data ex officio or upon the request of the data owner, in case the reasons for processing disappear, although it has been processed in accordance with the provisions of this Law and other laws, destroy or anonymize. With the deletion of Personal Data, this data is destroyed in such a way that it cannot be used again in any way and cannot be restored. Accordingly, Personal Data is deleted from the tools such as documents, files, CDs, floppy disks, hard disks in which they are registered, in a way that cannot be recycled. Destruction of Personal Data means that the documents, files, CDs, floppy disks, It refers to the destruction of materials suitable for data storage, such as hard disks. By anonymizing the data, it is meant that the Personal Data cannot be associated with an identified or identifiable natural person, even if it is matched with other data.

4.3. Retention Period of Personal Data

The Company retains Personal Data for the period specified in this legislation, if required by the legislation. If a period of time is not regulated in the legislation regarding how long personal data should be kept, Personal Data is processed for a period of time that requires it to be processed in accordance with the Company's practices and commercial life practices, depending on the activity carried out while processing that data, and then deleted, destroyed or anonymized. is brought.

The purpose of processing personal data has ended; if the storage periods determined by the relevant legislation and the Company have also come to an end; Personal data can only be stored to provide evidence in possible legal disputes or to assert the right related to personal data or to establish a defense. Despite the expiry of the statute of limitations and the statute of limitations for asserting the aforementioned right in the establishment of the periods herein, retention periods are determined based on the examples previously submitted to the Company on the same issues. In this case, the stored personal data is not accessed for any other purpose, and only when necessary to use it in the relevant legal dispute, access to the relevant personal data is provided. Here, too, personal data is deleted after the aforementioned period expires,

Detailed regulations regarding the Company's techniques regarding the storage, deletion, destruction and anonymization of Personal Data are included in the Company's Personal Data Retention and Disposal Policy.

CHAPTER FIVE

5. MATTERS REGARDING THE PROTECTION OF PERSONAL DATA

In accordance with Article 12 of the Law, the Company takes the necessary technical and administrative measures to ensure the appropriate level of security in order to prevent the illegal processing of the Personal Data it processes, to prevent illegal access to the data and to ensure the preservation of the data, and in this context, it performs the necessary inspections or is making.

5.1. Ensuring the Security of Personal Data

5.1.1. Technical and Administrative Measures Taken to Ensure Legal Processing of Personal Data

The Company takes technical and administrative measures according to technological possibilities and implementation costs in order to ensure that Personal Data is processed in accordance with the law.

5.1.1.1 Technical Measures Taken to Ensure Legal Processing of Personal Data 

The main technical measures taken by the Company to ensure the legal processing of Personal Data are listed below:

• Personal Data processing activities carried out within the company are audited by established technical systems.
• The technical measures taken are periodically reported to the relevant person as required by the internal audit mechanism.
• Personnel knowledgeable in technical matters are employed.

• Administrative Measures Taken to Ensure Legal Processing of Personal Data

The main administrative measures taken by the Company to ensure the legal processing of Personal Data are listed below:

• Employees are informed and trained about the law on the protection of Personal Data and the processing of Personal Data in accordance with the law.
• All activities carried out by the Company are analyzed in detail specific to all business units, and as a result of this analysis, Personal Data processing activities are revealed, specific to the activities carried out by the relevant business units.
• Personal Data processing activities carried out by the Company's business units; The requirements to be fulfilled in order to ensure that these activities comply with the Personal Data processing requirements sought by the Law are determined by each business unit and the detailed activity it carries out.
• In order to meet the legal compliance requirements determined on the basis of the business unit, awareness is created specific to the relevant business units and the rules of practice are determined; Necessary administrative measures are implemented through in-house policies and trainings to ensure the supervision of these issues and the continuity of implementation.
• Except for the Company's instructions and the exceptions made by law, in the contracts and documents governing the legal relationship between the Company and the employees, records that impose the obligation not to process, disclose or use Personal Data are placed, and the awareness of the employees is raised in this regard, and the obligations arising from the Law are fulfilled by conducting audits.

5.1.2. Technical and Administrative Measures Taken to Prevent Unlawful Access to Personal Data

The Company takes technical and administrative measures according to the nature of the data to be protected, technological possibilities and the cost of implementation in order to prevent the imprudent or unauthorized disclosure, access, transfer or any other unlawful access to Personal Data.

• Technical Measures Taken to Prevent Unlawful Access to Personal Data 

The main technical measures taken by the Company to prevent unlawful access to Personal Data are listed below:

• Technical measures are taken in accordance with the developments in technology, the measures taken are periodically updated and renewed.
• Access and authorization technical solutions are implemented in accordance with the legal compliance requirements determined on the basis of the business unit.
• Access authorizations are limited and authorizations are reviewed regularly.
• The technical measures taken are periodically reported to the relevant person in accordance with the internal audit mechanism, the issues that pose a risk are reevaluated and the necessary technological solution is produced.
• Software and hardware including virus protection systems and firewalls are installed.
• Personnel knowledgeable in technical matters are employed.
• Security scans are regularly passed to detect security vulnerabilities in applications where Personal Data is collected. The vulnerabilities found are closed.

• Administrative Measures Taken to Prevent Unlawful Access to Personal Data

The main administrative measures taken by the Company to prevent unlawful access to Personal Data are listed below:

• Employees are trained on technical measures to be taken to prevent unlawful access to Personal Data.
• Personal Data access and authorization processes are designed and implemented within the Company in accordance with the legal compliance requirements for the processing of Personal Data on a business unit basis.
• Employees are informed that the Personal Data they have learned cannot be disclosed to others in violation of the provisions of the Law and cannot be used for purposes other than processing, and that this obligation will continue after they leave their job, and necessary commitments are taken from them in this direction.
• Contracts concluded by the Company with the persons to whom Personal Data are transferred in accordance with the law; Provisions are added that the persons to whom Personal Data are transferred will take the necessary security measures for the protection of Personal Data and ensure that these measures are complied with in their own organizations.

5.1.3. Storing Personal Data in Secure Environments

The Company takes the necessary technical and administrative measures according to the technological possibilities and implementation cost in order to keep the Personal Data in secure environments and to prevent its destruction, loss or alteration for unlawful purposes.

• Technical Measures Taken for Storing Personal Data in Secure Environments

The main technical measures taken by the Company to store Personal Data in secure environments are listed below:

• Systems suitable for technological developments are used to store Personal Data in secure environments.
• Technical personnel are employed.
• Technical security systems for storage areas are established, security tests and research are carried out to detect security vulnerabilities on information systems, existing or potential risky issues identified as a result of the tests and researches are eliminated. The technical measures taken are periodically reported to the relevant person as required by the internal audit mechanism.
• In order to ensure that Personal Data is stored securely, backup programs are used in accordance with the law.
• Access to the data is restricted to the environments where Personal Data is kept, and only authorized persons are allowed to access this data limited to the purpose of storing personal data. Accesses to data storage areas where Personal Data are stored are logged and inappropriate accesses or access attempts are instantly communicated to those concerned.

• Administrative Measures to Keep Personal Data in Secure Environments

The main administrative measures taken by the Company to store Personal Data in secure environments are listed below:

• Employees are trained to ensure that Personal Data is stored securely.
• Legal and technical consultancy services are obtained in order to follow the developments in the field of information security, privacy and protection of personal data and to take necessary actions.
• In the event that an external service is received by the Company due to technical requirements regarding the storage of Personal Data, the contracts concluded with the relevant companies to which the Personal Data are transferred in accordance with the law; Provisions are included that the persons to whom Personal Data are transferred will take the necessary security measures for the protection of Personal Data and that these measures will be complied with in their own organizations.

5.1.4. Supervision of the Measures Taken for the Protection of Personal Data

In accordance with Article 12 of the Law, the Company carries out or has had the necessary inspections made within its own body. The results of these audits are reported to the relevant department within the scope of the internal operation of the Company and necessary activities are carried out to improve the measures taken.

5.1.5. Measures to be Taken in Case of Unauthorized Disclosure of Personal Data

The Company operates the system that ensures that the Personal Data processed in accordance with Article 12 of the Law are obtained by others illegally, and this situation is reported to the relevant Personal Data Owner and the KVK Board as soon as possible. If deemed necessary by the KVK Board, this situation may be announced on the website of the KVK Board or by any other method.

5.2. Observing the Legal Rights of Personal Data Owners

The Company observes all legal rights of Personal Data Owners with the implementation of the Policy and Law and takes all necessary measures to protect these rights. Detailed information on the rights of Personal Data Owners is given in the sixth section of this Policy.

5.3. Protection of Private Personal Data

The law attaches special importance to certain Personal Data due to the risk of causing victimization and/or discrimination when processed unlawfully. These data are; Data related to race, ethnicity, political thought, philosophical belief, religion, sect or other beliefs, clothing, association, foundation or union membership, health, sexual life, criminal conviction and security measures, and biometric and genetic data. The Company pays maximum attention to the protection of the personal data of special nature, which are determined as "special quality" by the law and processed in accordance with the law. In this context, the technical and administrative measures taken by the Company for the protection of personal data are also implemented with the utmost care in terms of Special Quality Personal Data, and the necessary audits are provided within the Company in this regard.

CHAPTER SIX

• 6. RIGHTS OF PERSONAL DATA OWNER, USE AND ASSESSMENT OF RIGHTS

6.1. Disclosure of Personal Data Owner

The Company informs the Personal Data Owners during the acquisition of Personal Data in accordance with Article 10 of the Law. In this context, if any, it clarifies the identity of the Company representative, for what purpose the Personal Data will be processed, to whom and for what purpose the processed Personal Data can be transferred, the method of collecting Personal Data and the legal reason, and the rights of the Personal Data Owner.

6.2. Rights of the Personal Data Owner in accordance with the KVK Law

The Company informs you of your rights in accordance with Article 10 of the Law; It provides guidance on how to exercise these rights and carries out the necessary internal functioning, administrative and technical arrangements for all these. The Company, in accordance with Article 11 of the Law, to the persons whose Personal Data are received;

• Learning whether Personal Data is processed or not,
• If Personal Data has been processed, requesting information about it,
• Learning the purpose of processing Personal Data and whether they are used in accordance with its purpose,
• Knowing the third parties to whom Personal Data is transferred in the country or abroad,
• Requesting correction of Personal Data if it is incomplete or incorrectly processed,
• Requesting the deletion or destruction of Personal Data within the framework of the conditions stipulated in Article 7 of the Law,
• Requesting notification of the transactions made pursuant to subparagraphs (d) and (e) of Article 11 of the Law, to third parties to whom personal data has been transferred,
• Objecting to the emergence of a result against the person himself by analyzing the processed data exclusively through automated systems,
• Requesting the compensation of the damage in case of damage due to unlawful processing of Personal Data

explains that they have rights.

6.3. Circumstances in which the Personal Data Owner cannot assert his rights

Since the following cases are excluded from the scope of the Law pursuant to Article 28 of the Law, Personal Data Owners cannot claim their rights listed in article (6.2.) of this Policy in the following cases:

• Processing of Personal Data by real persons within the scope of activities related to themselves or their family members living in the same residence, provided that they are not given to third parties and that the obligations regarding data security are complied with.
• Processing Personal Data for purposes such as research, planning and statistics by making it anonymous with official statistics.
• Processing of Personal Data for art, history, literature or scientific purposes or within the scope of freedom of expression, provided that it does not violate national defense, national security, public security, public order, economic security, privacy of private life or personal rights or does not constitute a crime.
• Processing of Personal Data within the scope of preventive, protective and intelligence activities carried out by public institutions and organizations authorized by law to ensure national defense, national security, public safety, public order or economic security.
• Processing of Personal Data by judicial authorities or enforcement authorities in relation to investigation, prosecution, trial or execution proceedings.

Pursuant to article 28/2 of the Law; In the cases listed below, Personal Data Owners cannot claim their rights listed in article (6.2.) of this Policy, except for the right to demand the compensation of the damage:

• The processing of Personal Data is necessary for the prevention of crime or for criminal investigation.
• Processing of personal data made public by the Personal Data Owner.
• Personal Data processing is necessary for the execution of supervisory or regulatory duties and for disciplinary investigation or prosecution by authorized and authorized public institutions and organizations and professional organizations in the nature of public institutions, based on the authority granted by the law.
• The processing of Personal Data is necessary for the protection of the economic and financial interests of the State with regard to budgetary, tax and financial matters.

6.4. Exercise of Personal Data Owner's Rights

Relevant persons can submit an application containing the essential elements in the application procedures communiqué prepared by the Board, by filling out and signing the application form, with the information and documents that will identify their requests regarding their rights specified in this policy and with the methods specified below or other methods determined by the Personal Data Protection Board. SÖZAL KİMYA SANAYİ VE TİCARET ANONİM ŞİRKETİ free of charge.

Pursuant to the relevant article of the Law, in order to exercise the above-mentioned rights;
After completing the application form at https://sozal.com.tr/upload/doc/2020/10/16/d460e0ad-73dc-4b78-877e-785007bc0ce2.pdf, or after the application form has the information that must be reported in accordance with the legislation. forwarding a wet-signed copy of another written document to KOSAB Safe Sok.No:7 Kestel/Bursa, either by hand or by registered letter, or
https://sozal.com.tr/upload/doc/2020/10/16/d460e0ad-73dc-4b78-877e-785007bc0ce2.pdf filled in the application form or other information that is required to be reported in accordance with the legislation. After the written document or e-mail content is signed with your secure electronic signature within the scope of Electronic Signature Law No. 5070, the secure electronically signed form is registered at info@sozal.com.tr   or sozalkimya@hs03.kep.tr KEP address or in the systems, via your registered e-mail. sent to the same postal address.
In case the personal data owner forwards his request to the COMPANY in accordance with the procedure, the COMPANY will finalize the relevant request free of charge within thirty days at the latest, depending on the nature of the request. However, if the 10-page criterion is exceeded in responding to the request, the fee of 1 TL per page determined by the KVK Board or, if requested electronically, the cost of the media recording device will be requested from the person concerned.

SÖZAL CHEMICAL INDUSTRY AND TRADE INC (Data Controller)

Mersis: 0780067290800001

Address: Kosab Safe Street No: Kestel/Bursa

www.sozal.com.tr

info@sozal.com.tr / sozalkimya@hs03.kep.tr

Phone:0224 331 51 53

KVKK POLICY