KVKK INFORMATION NOTICE

In order to protect the fundamental rights and freedoms of individuals, especially the right to privacy, and to specify the obligations of real and legal persons who process personal data, Rapitek Bilişim Teknolojileri A.Ş., as the Data Controller, fulfills its obligations under Article 10, “Obligation of the Data Controller to Inform”, of the Law on the Protection of Personal Data No. 6698 (KVKK), regarding the processing, deletion, destruction, anonymization, transfer of personal data, informing the data subjects and ensuring data security.

As Rapitek, we would like to inform you regarding the processing, storage, and transfer of your personal data within the scope of activities arising from the Law No. 6698 on the Protection of Personal Data (KVKK) and relevant legal regulations for:

Our Potential Product or Service Buyers,
Persons/Representatives Receiving Products or Services,
Employees of Our Suppliers,
Authorized Representatives of Our Suppliers

Scope of the Information Notice

This Information Notice covers:

Purpose of Processing Personal Data
Methods and Legal Grounds for Collecting Personal Data
Categories of Data Subjects and Processed Personal Data
Business Processes and Purposes for Using Personal Data
Security Measures Taken for Personal Data
Transfer of Personal Data
Retention Periods and Destruction Methods of Personal Data
Rights of the Data Subject

Scope of the Information Notice

Rapitek

Methods and Legal Grounds for Collecting Personal Data

It is explicitly prescribed by law
It is directly related to the conclusion or performance of a contract
It is necessary for our Company as the data controller to fulfill its legal obligation
You have made your data public
It is necessary for the establishment, exercise or protection of a right
Provided not to harm your fundamental rights and freedoms, it is necessary for the legitimate interests of our Company, and where such grounds do not exist, based on your explicit consent

Categories of Data Subjects and Processed Personal Data

Our Potential Product or Service Buyers,
Persons/Representatives Receiving Products or Services,
Employees of Our Suppliers,
Authorized Representatives of Our Suppliers

a. Identity	Potential Product or Service Buyer (Website Visitors) Persons/Representatives Receiving Products or Services (Registered Members) Supplier Employees Supplier Representatives	Personal Data
b. Contact	Potential Product or Service Buyer (Website Visitors) Persons/Representatives Receiving Products or Services (Registered Members) Supplier Employees Supplier Representatives	Personal Data
c. Legal Transaction	Persons/Representatives Receiving Products or Services (Registered Members) Supplier Employees Supplier Representatives
d. Customer Transaction	Persons/Representatives Receiving Products or Services (Registered Members) Supplier Employees Supplier Representatives	Personal Data
e. Transaction Security	Persons/Representatives Receiving Products or Services (Registered Members) Supplier Employees Supplier Representatives	Personal Data
f. Finance	Persons/Representatives Receiving Products or Services (Registered Members) Supplier Employees Supplier Representatives	Personal Data
g. Marketing	Persons/Representatives Receiving Products or Services (Registered Members) Supplier Employees Supplier Representatives	Personal Data
h. Visual and Audio Records	Persons/Representatives Receiving Products or Services (Registered Members) Supplier Employees Supplier Representatives	Personal Data

Business Processes and Purposes for Using Personal Data

POTENTIAL PRODUCT OR SERVICE BUYERS (WEBSITE VISITORS)

Execution of Information Security Processes
Management of Access Rights
Follow-up and Execution of Legal Affairs
Execution of Product/Service Sales Processes
Execution of After-Sales Support Services
Execution of Communication Activities
Responding to Information Requests
Execution of Marketing and Analysis Activities
Execution of Product and Service Marketing Processes
Execution of Customer Relationship Management and Satisfaction Processes
Execution of Strategic Marketing Activities
Execution of Storage and Archiving Activities
Execution of Risk Management Processes
Tracking of Requests and Complaints
Ensuring the Operational Security of the Data Controller
Execution of Product and Service Marketing Processes

PERSONS/REPRESENTATIVES RECEIVING PRODUCTS OR SERVICES (REGISTERED MEMBERS)

Execution of Information Security Processes
Management of Access Rights
Execution of Activities in Compliance with Legislation
Execution of Financial and Accounting Processes
Follow-up and Execution of Legal Affairs
Execution of Communication Activities
Execution of Product/Service Procurement Processes
Execution of Product/Service Sales Processes
Execution of After-Sales Support Services
Execution of Product, Service, Production and Operation Processes
Management of Customer Relationship Processes
Execution of Customer Satisfaction Activities
Execution of Marketing and Analysis Activities
Execution of Advertising, Campaign and Promotion Processes
Execution of Risk Management Processes
Execution of Storage and Archiving Activities
Execution of Contract Processes
Tracking of Requests and Complaints
Execution of Product and Service Marketing Processes
Ensuring the Security of Data Controller Operations
Providing Information to Authorized Persons, Institutions, and Organizations
Execution of Management Activities

SUPPLIER EMPLOYEES

Execution of Finance, Accounting and Procurement Activities
Management of Access Rights
Execution of Information Security Processes
Execution of Activities in Compliance with Legislation
Execution of Storage and Archiving Activities
Follow-up and Execution of Legal Affairs
Execution/Inspection of Business Activities
Execution of Product/Service Procurement Processes
Execution of Product/Service Sales Processes
Execution of After-Sales Support Services
Execution of Product, Service, Production and Operation Processes
Execution of Supply Chain Management Processes
Execution of Communication Activities
Execution of Contract Processes
Execution of Information Security Processes
Providing Information to Authorized Persons, Institutions, and Organizations

SUPPLIER REPRESENTATIVES

Execution of Finance, Accounting and Procurement Activities
Management of Access Rights
Execution of Information Security Processes
Execution of Activities in Compliance with Legislation
Execution of Storage and Archiving Activities
Follow-up and Execution of Legal Affairs
Execution/Inspection of Business Activities
Execution of Product/Service Procurement Processes
Execution of Product/Service Sales Processes
Execution of After-Sales Support Services
Execution of Product, Service, Production and Operation Processes
Execution of Supply Chain Management Processes
Execution of Communication Activities
Execution of Contract Processes
Execution of Information Security Processes
Providing Information to Authorized Persons, Institutions, and Organizations

Security Measures Taken for Personal Data

As Rapitek, we attach utmost importance to taking the measures determined within the framework of Law No. 6698, relevant legislation, and decisions of the Personal Data Protection Board during the processing of your personal data. Rapitek takes necessary administrative and technical measures to prevent unauthorized access to personal data, illegal processing, disclosure, alteration or destruction of personal data due to risks arising within or outside the company. The following measures are taken by Rapitek while processing personal data:

Authorization Matrix
Authorization Control
Access Logs
User Account Management
Network Security
Application Security
Penetration Testing
Intrusion Detection and Prevention Systems
Log Records
Data Loss Prevention Software
Backups
Firewall
Updated Anti-Virus Systems
Deletion, Destruction or Anonymization

Despite the measures taken above, in the event that personal data is damaged or falls into the hands of unauthorized third parties as a result of possible attacks on our servers, Rapitek will immediately inform you and the Personal Data Protection Board and take the necessary precautions.

Transfer of Personal Data

Our company may transfer your personal data, collected for the above-mentioned data processing purposes, to relevant parties within the framework of the data processing conditions and purposes specified in Articles 8 and 9 of the KVKK, for the same purposes and due to legal obligations. Our company may share your personal data with domestic and foreign affiliates or partnerships that may be formed, initiatives; public institutions and organizations authorized by law to request such data; domestic or foreign institutions, suppliers, authorized dealers, distributors, and business partners with whom we cooperate, provided that sufficient confidentiality and security are ensured for the purpose of providing higher value-added products and services and improving our service quality. The nature of these transfers and the parties with whom data is shared may vary depending on the type and nature of the relationship between the data subject and Rapitek Bilişim Teknolojileri A.Ş., the purpose of the transfer, and the relevant legal basis. These parties generally include:

Business units within Rapitek for coordination, cooperation, and efficiency
Research companies for purposes such as customer satisfaction
Companies providing services for the execution of marketing activities
Banks and payment institutions enabling the execution of financial transactions
Natural persons or private law legal entities
Domestic/foreign companies providing cloud technology services, law offices and legal support institutions
Our business partners
Authorized public institutions and organizations
Our suppliers

Retention Periods and Destruction Methods of Personal Data

The retention principles for your personal data are as follows:

If a retention period is specified for the data in the relevant legislation relating to company activities, the data is kept for at least that period.
If no period is specified in the relevant legislation, it is retained for a period determined in accordance with the purposes specified and in line with the principles of Law No. 6698.

After the above periods, your personal data is destroyed using deletion, destruction, and anonymization methods.

Rights of the Data Subject

In accordance with Article 11 of Law No. 6698, data subjects whose data are processed may, at any time, exercise their rights listed below by applying to us:

To learn whether personal data is processed,
If personal data is processed, to request information about this,
To learn the purpose of processing personal data and whether they are used in accordance with this purpose,
To know the third parties to whom personal data is transferred domestically or abroad,
To request correction of personal data if it is incomplete or incorrectly processed,
To request the deletion or destruction of personal data within the framework of the conditions stipulated in Article 7 of the Law,
To request that transactions made pursuant to subparagraphs (d) and (e) of Article 11 be notified to third parties to whom personal data has been transferred,
To object to the emergence of a result against oneself by analyzing the processed data exclusively through automated systems,
To demand compensation for the damage arising from the unlawful processing of personal data

For your requests and applications regarding your personal data and the implementation of the Law, you may submit your requests by filling out the Personal Data Protection Law Data Subject Application Form and delivering it to the relevant office in person or via notary public, or by sending it to us via registered electronic mail (KEP) address, secure electronic signature, mobile signature, or by email to [email protected]. Our company will conclude your requests free of charge as soon as possible and at the latest within thirty days, depending on the nature of the request. However, if the transaction requires an additional cost, the fee determined by the Board may be charged.

Kind regards,

RAPİTEK BİLİŞİM TEKNOLOJİLERİ A.Ş.