Personal Data Protection Policy

1. Purpose and Scope

This policy has been prepared by Oredata Yazılım A.Ş. ("Company") to define the principles and procedures for the protection of personal data in accordance with the Personal Data Protection Law (KVKK) and related legislation. It covers the personal data of company employees, business partners, customers, and all third parties.

2. Definitions

• Personal Data: Any information relating to an identified or identifiable natural person.
• Data Subject: The individual whose personal data is being processed.
• Data Controller: The natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system.

3. Collection and Processing of Personal Data

Personal data may be collected and processed verbally, in writing, or electronically for purposes such as conducting company operations, providing services, ensuring legal compliance, and maintaining internal workflows, in accordance with legal obligations or with the explicit consent of the data subject.

4. Transfer of Personal Data

Collected personal data may be transferred to third parties located domestically or abroad in line with the data processing conditions and purposes stated in the KVKK. Such transfers are made based on the explicit consent of the data subject or legal exceptions provided by law.

5. Measures for Protecting Personal Data

The Company takes all necessary administrative and technical measures to ensure data security, including but not limited to:

• Limiting access authorizations
• Technical safeguards against data loss, unauthorized access, and data leaks
• Regular KVKK compliance training for employees
• Implementation of data sharing protocols

6. Rights of the Data Subject

Under Article 11 of the KVKK, data subjects have the following rights:

• To learn whether their personal data has been processed
• If processed, to request information regarding such processing
• To learn the purpose of the processing and whether it is used in line with that purpose
• To know the third parties to whom data is transferred domestically or internationally
• To request correction of incomplete or inaccurate data
• To request deletion or destruction of personal data in accordance with KVKK
• To request that corrections and deletions be communicated to third parties to whom the data was transferred
• To object to outcomes against them resulting from automated systems
• To seek compensation in case of damages due to unlawful data processing

7. Policy Amendments

This policy may be updated by the Company in line with current needs and legislative changes. Any changes will come into effect once published on the Company's website.

8. Contact