HDDİZAYN Software Information Technologies (referred to as "hddizayn") will not share, sell, or use personal data transmitted electronically by users via the website www.wisecptheme.com ("Website") or mobile applications for different purposes, except for the cases specified in the "Law on Protection of Personal Data No. 6698" and the General Data Protection Regulation (GDPR).

hddizayn's “Personal Data and General Privacy Policy” is provided below.

IP Numbers: To identify problems related to the system, to promptly resolve issues that may arise on the website/mobile applications, and to report to legal authorities when necessary according to legal procedures and principles, hddizayn may identify and use users' IP addresses. IP addresses can also be used to generally (anonymously) identify users and collect comprehensive demographic information.

Anonymous Data: Information requested by hddizayn, information provided by the user, or information related to transactions conducted via the Website/Mobile Application can be used by hddizayn and its collaborators for various statistical evaluations, database creation, personalized packages/offers, and market research, provided that the user's identity is not disclosed.

Linking to Other Sites: hddizayn may provide links to other sites within the Website/Mobile Application. hddizayn holds no responsibility for the privacy practices and content of the accessed sites via these links.

Bank/Credit Card Information: hddizayn uses an SSL certificate (green bar) with a 256-bit encryption algorithm to ensure information security during data transmission. Users' bank/credit card information is used only by the bank or payment institution during the purchase transaction and is not stored in any database. To facilitate subsequent purchases, hddizayn may offer an infrastructure where card information can be stored through PCI DSS certified institutions. Bank/credit card information stored by PCI DSS compliant and Banking Regulation and Supervision Agency (BDDK) licensed Card Storage Services makes it easier to complete Authentication and Authorization steps, providing bank/credit card holders with a secure and convenient payment tool.

Disclosure of User Data: Personal data belonging to the user, including name, surname, address, phone number, email address, and any other identifying information, will not be disclosed to third parties other than those with whom hddizayn collaborates and affiliated companies, unless otherwise specified in this privacy policy. hddizayn may disclose user information to third parties in the following situations, deviating from this privacy policy:

• Compliance with legal obligations as stipulated by laws, statutory decrees, regulations, etc., issued and enforced by competent legal authorities.
• Fulfillment and enforcement of the requirements of the contracts concluded by hddizayn with its users.
• Providing information upon request during a duly conducted investigation or inquiry by authorized administrative and judicial authorities.
• Providing information when necessary to protect the rights or safety of users.

hddizayn commits to keeping confidential information strictly private and confidential, treating it as a secrecy obligation, and taking all necessary measures to ensure and maintain confidentiality, to prevent any part or the entire confidential information from entering the public domain or being used unauthorizedly or disclosed to a third party.

Status of Cookies: hddizayn may obtain information about users and their usage of the Website through a technical communication file (Cookie) prepared by itself or third parties. These technical communication files are small text files sent by a website to the user's browser to be stored in the main memory. The technical communication file stores session information, passwords, and preferences, keeping the session open and recognizing the user on the next visit, thus facilitating usage. The technical communication file helps to obtain statistical information about the number of people using the Website, the purpose of the visit, the number of visits, and the duration of the stay, as well as to produce dynamic advertisements and content from specially designed user pages. The technical communication file is not designed to retrieve data or any other personal information from the main memory or email. Most browsers are initially designed to accept technical communication files, but users can change the settings to reject cookies or alert them when cookies are sent if they wish.

Data Collected During Surveys, Competitions, and Similar Situations: Information requested from users who respond to periodic surveys and competitions organized by hddizayn within the Website is used by hddizayn and its collaborators to conduct direct marketing, statistical analysis, and database creation.

Newsletter Submissions and Announcements: hddizayn sends weekly newsletters to inform its users about economic developments, current events, and its fields of expertise. It may also send Campaign/Offer/Package announcements containing promotional and informative content when necessary or in agreement with third-party partners. When creating an account on our system for the first time, users automatically accept email and SMS communications. Users can prevent these emails from reaching them by clicking the link provided at the bottom of the email. Additionally, there are options to block these communications in the user panel. If you wish to unsubscribe from our daily email list at any time, you can easily do so by clicking the "To unsubscribe from our newsletter list, please click here" link at the bottom of the emails we send.

General Information About the Personal Data Protection Law: The Personal Data Protection Law No. 6698 was adopted on March 24, 2016, and published in the Official Gazette No. 29677 on April 7, 2016. The European Union General Data Protection Regulation (GDPR) came into force on May 25, 2018. As a data controller under the Personal Data Protection Law No. 6698 and the GDPR, we will record, classify, process, store, update your personal data, and disclose it to third parties when permitted by the legislation and your consent. We inform you about our mutual rights and obligations under these legal regulations.

Information as a Data Controller: As hddizayn, whose detailed corporate information is published below, we will process your personal data as described below as a data controller in accordance with the aforementioned laws. Your personal data will be recorded, stored, updated, disclosed/transferred to third parties when permitted by the legislation, classified, and processed within the scope of the law.

Definition of Personal Data Under the Law: Personal data includes any information that identifies or can identify you, such as identity (name, surname, date of birth, national ID number, etc.), contact information, information related to methods used during access to products (IP, mobile phone brand-model, browser type, version, social media information, actions performed on screens, etc.).

How Your Personal Data May Be Processed: Under the Personal Data Protection Law No. 6698 and the GDPR, your personal data shared with our company can be processed by obtaining, recording, storing, altering, rearranging, disclosing, transferring, taking over, making available, classifying, or preventing the use of your personal data, either fully or partially, automatically, or through non-automatic means, provided that it is a part of any data recording system. Any action performed on data within the scope of these laws is considered "processing of personal data."

Purposes and Legal Reasons for Processing Your Personal Data: The personal data you share will be processed in accordance with the Personal Data Protection Law No. 6698 and the GDPR, for purposes such as:

• Fulfilling the requirements of our services to our customers, in compliance with the requirements of technology and contracts.
• Issuing official invoices for products and services provided after purchase.
• Complying with information storage, reporting, and information obligations as required by legislation and other authorities.
• Providing information to prosecutors, courts, and relevant public officials upon request in matters related to public safety and legal disputes.
• Processing in accordance with the scope, procedures, and principles of the Personal Data Protection Law No. 6698 and the GDPR.

Information About Third Parties or Organizations to Which Your Personal Data May Be Transferred: Your personal data shared with our company may be transferred to persons/organizations such as our main shareholders, direct/indirect domestic/foreign affiliates, and other related persons and organizations for the purposes mentioned above. Additionally, your personal data may be transferred to program partner institutions and organizations we cooperate with, domestic/foreign organizations, and other third parties within the scope of our activities and/or as Data Processors, as well as to institutions and organizations with which we have a contractual relationship to store data in the cloud, institutions with which we have agreements for sending notifications to our customers, and other third parties.

Methods of Collecting Your Personal Data: Your personal data may be collected in the following ways:

• Through forms on our company's website and mobile applications, using details such as name, surname, citizenship number, passport number, address, phone, business or private email address, age, gender, profession, username, and password.
• Through data obtained from user preferences on pages accessed with username and password, IP records of transactions, cookie data collected by the browser, navigation duration and details.
• Through our sales and marketing department employees, agents, dealers, paper forms, business cards, digital marketing, and call center channels.
• By receiving personal data shared by individuals establishing a commercial relationship with our company, applying for a job, submitting offers, and sharing personal data for other purposes through physical or virtual environments, face-to-face or remotely, verbally or in writing or electronically.
• Additionally, data obtained indirectly from different channels such as the web, blogs, competitions, surveys, games, campaigns, and similar (micro) websites used for various purposes, social media, e-newsletter reading or clicking movements, public databases, social media platforms (Facebook, Twitter, Google, Instagram, Snapchat, etc.) where users share their profiles and data openly.

These data can be processed and collected in accordance with the above-mentioned methods and purposes.

Personal Data Collected Before the Enactment of Law No. 6698 and the EU General Data Protection Regulation (GDPR)

Personal data obtained before the enactment dates of Law No. 6698 (April 7, 2016) and the EU General Data Protection Regulation (GDPR) (May 25, 2018) were collected legally and are processed and stored under the terms and conditions outlined in this document on our servers located in a "24/7 secure and fully protected" data center in Germany.

Storage and Protection of Personal Data

Your personal data will be kept confidential in our company's database and systems in accordance with the requirements of Law No. 6698 and the EU General Data Protection Regulation (GDPR). Except for legal obligations and the provisions of this document, your personal data will not be shared with third parties. Our company is responsible for preventing unlawful processing, unauthorized access, and protecting the confidentiality of personal data as per Law No. 6698 and the GDPR by employing software measures such as hashing, encryption, transaction logging, and access management, as well as physical security measures. If it is discovered that personal data has been obtained illegally by others, the situation will be reported immediately and in writing to the Personal Data Protection Board as per the legal regulations.

Personal data will be retained as long as the purpose for which this information was provided remains valid. Your data will continue to be processed by us after you have received services from us in order to determine your needs, provide faster service, and meet your future service requests. The data will be retained in accordance with legal durations and reported or informed to legal authorities or relevant public bodies if required by legislation. Security measures will be taken to ensure that stored and recorded data is not lost, accessed by unauthorized persons, or used illegally.

Maintaining Accurate and Up-to-Date Personal Data

Under Article 4 of Law No. 6698, our company has an obligation to keep your personal data accurate and up-to-date. In this context, our customers need to share their accurate and current data or update it through the website/mobile application to ensure our company fulfills its obligations arising from the current legislation.

Rights of the Personal Data Owner Under Law No. 6698 and the EU General Data Protection Regulation (GDPR)

As the personal data owner, you have the right to:

1. Learn whether your personal data is being processed,
2. Request information if your personal data has been processed,
3. Learn the purpose of processing your personal data and whether it is being used in accordance with that purpose,
4. Know the third parties, either domestic or foreign, to whom personal data has been transferred,
5. Request correction of personal data if it has been processed incompletely or incorrectly,
6. Request deletion or destruction of personal data under the conditions stipulated in Article 7 of the KVKK,
7. Request notification of the actions taken under items 5 and 6 to third parties to whom personal data has been transferred,
8. Object to the occurrence of a result against you through the analysis of processed data exclusively by automated systems,
9. Request compensation for damages in case of unlawful processing of personal data.

A Data Controller Representative to be appointed by hddizayn will be announced in the Register of Data Controllers and at the internet address where this document is located once the legal framework is established.

Personal Data Owners can direct their questions, opinions, or requests to any of the following communication channels:

• Email: [email protected]
• Phone: +90 850 307 9 275

Responses to the submitted requests will be provided in writing or electronically, positively or negatively, with justification, within 30 days. The basic principle is that the necessary transactions regarding the requests are free of charge. However, if the transactions require a cost, HDDIZAYN reserves the right to request a fee. These fees will be determined based on the tariff set by the Personal Data Protection Board in accordance with Article 13 of the Personal Data Protection Law.