We, as Matris Danışmanlık ve Yazılım Hiz. Tic. A.Ş.

, attach importance to the processing and retention of all kinds of your personal data in accordance with The Personal Data Protection Law numbered 6698 (the “PDPL”). Within such scope, we kindly would like to inform you regarding our purpose and methods on the collection, processing and transferring of personal data and accordingly regarding your rights arising out of the Law.

The Personal Data Protection Law numbered 6698 (hereinafter shall be referred to as the “PDPL”) was adopted on the 24th of March 2016 and was published in the Official Gazette dated 7th of April 2016 and with the number 29677. A part of the PDPL has been put into force on its publication date and a part of the same on the 7th of October 2016.

Informing as the data controller capacity

As per the PDPL numbered 6698 and as the Data Controller capacity; your personal data can be recorded, retained, updated within the framework explained under this page, can be disclosed /transferred, classified in the circumstance permitted by the legislation, and can be processed as stated under the PDPL.

As to how your personal data can be processed Pursuant to PDPL numbered 6698, your personal data that you share with our Company can be processed by us via obtaining the same, wholly or partially, automated means or provided that it’s a part of any data registry system through non-automated means and by registering, storing, changing, re-arranging, in short, as the subject matter of any processing performed on the data. All kinds of processes performed on the data within the scope of PDPL are considered as “personal data processing”.

Purposes of processing your personal data and their legal grounds

Personal data that you share shall be processed in accordance with PDPL numbered 6698 and related secondary regulations for the reasons stated below:

To perform the requirements of our services that we provide to our customers in accordance with the requirements of the agreement and technology, and to develop products and services provided;

To record the identity, address and other necessary information for detecting the information of the transaction owner within the scope of the Law on the Regulation of Electronic Commerce numbered 6563, the Law on the Consumer Protection numbered 6502 and the Regulation on Service Providers and Intermediary Service Providers in Electronic Commerce, which was issued on the basis of these regulations and published in the Official Gazette numbered 29457 and dated 26.08.2015, and the Regulation on Distance Contracts published in the Official Gazette numbered 29188 and dated 27.11.2014 and other relevant legislation;

To arrange payment systems, electronic agreements or hard copies of all records and documents that will be the basis of transaction which are obligatory in the field of Banking and Electronic Payment; to comply with the obligations on the retention of information, reporting and informing as the legislation and set forth by other relevant authorities;

To provide information to public prosecutors, courts and related public officials upon request and as required by the legislation, on public security issues and legal disputes

Providing information on third persons or organizations to which your personal data can be transferred
For the purposes stated above; the persons/organizations to which your personal data that you share with our Company are as follows; particularly with Hayal Akademisi Bilişim ve İletişim Hizmetleri Anonim Şirketi, which is the provider of the infrastructure of the website of our Company, persons and organizations that are related to the services provided such as suppliers, cargo companies, and program partner organizations with which we cooperate in order for us to conduct our activities and/or that we receive services from as the Data Processor, domestic/foreign organizations and other third persons.

Methods of collecting your personal data

Your personal data,

can be processed and collected via information such as name, surname, T.R. identification number, address, telephone, business or private e-mail address through the forms available on the website and mobile applications of our Company; preferences on the pages where logged in with a user name and password, IP records of transactions performed, the cookie data collected by the browser, and data containing the surfing time and details, location data;

can be processed and collected through oral, written or electronic environments via our channels such as sales and marketing department employees, our branch offices, our suppliers, other sale channels, forms on paper, business cards, digital marketing and call center;

can be processed and collected through a physical or virtual environment, face to face or remotely, orally or written or electronic environment obtained from persons who share their personal data through business cards, CVs, biddings and other means for the purposes of establishing business relationships with our Company, making an application to a job, making offers;

can also be processed and collected via data, e-bulletin reading or the click movements obtained indirectly through different channels, websites, blogs, contests, surveys, games, campaigns and (micro) websites used for similar purposes and social media, data presented by public databases, accounts and data publicly available on social media platforms.

Your personal data obtained before the PDPL entered into force

Prior to the effective date of PDPL, which is the 7th of April 2016, your personal data obtained legally through membership, electronic mail authorization, product/service purchase and other forms are processed and retained in accordance with the terms and conditions provided herein.

Transfer of your personal data abroad

Your personal data obtained by any of the methods listed above in order to be processed in Turkey or to be retained by processing outside Tukey can also be transferred to the service intermediaries located abroad (countries accredited by the Board of the Protection of Personal Data and where there is adequate protection for the protection of personal data) provided that it remains within the scope of PDPL and in accordance with the purposes of the agreement.

Retention and protection of personal data

Your personal data shall be retained as private under the database and systems in the structure of our Company as per Article 12 of the PDPL; shall not be shared with third persons under any circumstance except for the regulations stated herein. Our Company is obliged to take software precautions such as access management and physical security measures in order to prevent the unlawful processing of personal data as per Article 12 of the PDPL, the access of unauthorized persons to the same and systems and databases where your personal data is contained. If it is learned that the personal data has been obtained by others illegally, the situation will be immediately reported to the Personal Data Protection Board in accordance with the legal regulation and in writing.

Keeping personal data up-to-date and accurate

As per Article 4 of the PDPL, our Company has an obligation to keep your personal data accurate and up to date. In this context, in order for our Company to fulfil its obligations arising out of the current legislation, our Customers are required to share their accurate and up-to-date data or to update such data on the website/mobile application.

Rights of personal data owner as per the PDPL numbered 6698

Article 11 of the PDPL numbered 6698 entered into force on the 7th of October 2016, and the rights of the Personal Data Owner as of such date according to such article are as follows:

The Personal Data Owner has the right to apply to our Company (data controller) in order to;

Learn as to whether her/his personal data has been processed,

Request the relevant information if her/his personal data has been processed,

Learn the purpose of the processing of her/his personal data and as to whether those have been used for the intended purpose,

Learn the third parties to whom her/his personal data was transferred within Turkey or abroad,

Request the correction of her/his missing or inaccurate personal data processed, if any,

Request the erasure or destruction of her/his personal data under the requirements specified in Article 7 of the PDPL,

Request the correction, erasure or destruction transactions, if any, realized on her/his personal data be notified to third parties to which her/his personal data has been transferred,

Object to the emergence of a consequence against the person due to the analyzing the processed data exclusively through automated systems,

To request compensation for the damages in case she/he incurs damages due to unlawful processing of her/his personal data.

The Company, which is registered with [Istanbul] Chamber of Chamber with the registry numbered 485257, has the MERSIS (central registration system) number of 0613-0404-9440-0016 located at the address of Atatürk Mah. Ataşehir Bulvarı Gardenya 7/1 K:21 D: 131 Ataşehir – Istanbul and having the trade name of Matris Danışmanlık ve Yazılım Hiz. Tic. A.Ş., is the Data Controller under the scope of the PDPL.

The Data Controller Representative to be appointed by our Company will be announced in the Data Controller Registry and the website address where this document is located once the legal infrastructure has been provided. Personal Data Owners may direct their questions, opinions or requests to any of the following communication channels:

E-mail: info@matrisas.com

Telephone: 0216 456 55 00

Operator: 0216 456 55 00

Fax: 0216 456 55 01