Protection of Personal Data

INFORMATION ABOUT PRIVACY AND PERSONAL DATA PROTECTION

İzdemir Enerji Elektrik Üretim Anonim Şirketi (İZE) attaches utmost importance to protecting the fundamental rights and freedoms of individuals, especially the right to privacy, which is regulated in Article 20 of the Constitution. In this context, İZE pays attention to the protection and processing of personal data in accordance with the law and acts with this understanding in all its planning and activities.

IZE does not consider the protection and legal processing of personal data, which is the basis of privacy, only within the scope of compliance with the legislation, but also places valuing people at the center of its approach. Acting with this awareness, IZE takes all necessary administrative and technical measures to store personal data securely and prevent illegal processing of personal data.

In this context, information about the processing and transfer conditions of personal data generated or shared during the use of the www.izdemirenerji.com.tr website in accordance with the Personal Data Protection Law No. 6698 is presented below.

DEFINITIONS

• WEBSITE: the website located at “www.izdemirenerji.com.tr”.
• LAW: The Personal Data Protection Law 6698.
• PERSONAL DATA: Any information on an identified or identifiable person.
• ONLINE VISITOR/CONCERNED PARTY: All real individuals that access the website. In the relevant policies the Visitor is included in the scope of person group.
• BOARD: The Personal Data Protection Board.
• COMPANY: İzdemir Elektrik Üretim Anonim Şirketi
• HOSTING PROVIDER: Real or legal entities that provide or operate systems that contain services and content on the Internet.

PERSONAL DATA THAT IS PROCESSED

The personal data of the Online Visitor that is processed, depending on his/her access to the Website and his/her transactions on the Website, are presented below:

For Online Visitors visiting the Website,

• Transaction security information (IP address, website traffic info, etc.)

For Online Visitors who fill out the forms on the website,

• Identification Information (name, surname)
• Contact Information (e-mail address, telephone number, etc.)

Apart from those listed above, it is possible to process other data that may be mandatory for the operation, development and security of the Website in accordance with the Law.

METHOD AND LEGAL REASON FOR COLLECTING PERSONAL DATA

Personal data is collected by fully or partially automatic means using the Website and contact form, to be stored for the period necessary and the purpose of processing.

Personal data is processed based on the Online Visitor's explicit consent. However, as stated in clause 2 of article 5 under the Personal Data Law, personal data can also be processed without explicit consent based on one of the following legal grounds; (i) it is clearly set forth by law (ii) it is mandatory for the data controller to fulfill its legal obligation, (iii) data processing is mandatory for the establishment, exercise or protection of a right, (iv) It is mandatory to process data for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of personal data owners.

THE PURPOSES FOR PROCESSING PERSONAL DATA

Personal data may be collected if clearly provided for by law or within the framework of other conditions specified in clause 2 of Article 5 of the Law, depending on the transactions done by the Online Visitor of the Website;

• To conduct/supervise business operations, conduct customer relation management processes, follow up on requests/complaints and conduct communication operations in this scope if the “Identity and contact information” form is filled out,
• To conduct information security processes on “Website traffic information”. On the other hand, in accordance with Law No. 5651 and other legislation, the Host Provider has the obligation to record and store site traffic information.

Processing of personal data for the purpose of sending commercial electronic messages is subject to the express consent of the Online Visitor.

Third party cookies are not used on the Website. Only cookies that are necessary for the operation and security of the website may be used. Online Visitors may refuse to accept cookies or request receipt of a warning by changing their browser settings. When the use of cookies is stopped, certain functions of the Website may not work properly.

The below links contain information on how to manage (and disable) cookies in some common browsers:

• Chrome Browser: https://support.google.com/accounts/answer/61416?hl=tr
• Internet Explorer: https://support.microsoft.com/tr-tr/help/17442/windows-internet-explorer-delete-manage-cookies
• Mozilla Firefox: https://support.mozilla.org/tr/products/firefox/protect-your-privacy/cookies
• Safari: https://support.apple.com/tr-tr/guide/safari/manage-cookies-and-website-data-sfri11471/mac

TO WHOM AND FOR WHAT PURPOSE PROCESSED DATA CAN BE TRANSFERRED

Personal data may be transferred in the framework of conditions in the Law’s articles 8 and 9, to IZE's group companies, subsidiaries, affiliates, suppliers, business partners and authorized public institutions and organizations, limited to the purposes specified in the fourth article of this text, if one of the conditions in the 2nd paragraph of Article 5 of the Law is present and provided that the necessary security measures are taken.

In the absence of one of the conditions in the 2nd paragraph of Article 5 of the Law, the transfer of Personal Data is subject to the express consent of the Online Visitor.

RIGHTS OF THE PERSONAL DATA OWNER ACCORDING TO ARTICLE 11 OF THE LAW

IZE informs the data owner of their rights in accordance with Article 10 of the Law; provides guidance on how to exercise these rights and carries out the necessary internal functioning, administrative and technical arrangements thereof.

Per article 11 of the Law personal data owners have the right to-

• Find out whether or not personal data is being processed,
• Request information if personal data has been processed,
• Learn the purpose for processing personal data and whether it is used for the intended purpose,
• Know the third parties to whom personal data are transferred domestically or abroad,
• Request correction of personal data if they are incomplete or incorrectly processed
• Request the deletion or destruction of personal data within the framework of the conditions stipulated in Article 7 of the Law,
• Request that the transactions (correction and destruction of data) carried out in accordance with paragraphs (d) and (e) of Article 11 of the Law be notified to third parties to whom personal data have been transferred,
• Object when an unfavorable result arises by analyzing the processed data exclusively through automatic systems,
• Demand compensation for damages in case of damage due to unlawful processing of personal data.

Requests and applications regarding the implementation of the Law can be submitted in writing to Şair Eşref Bulvarı No:23 Kat:2 Çankaya Konak/İZMİR by filling out the Personal Data Owner Application Form or can be sent through a Notary Public or via registered electronic mail (KEP) to the address izdemirenerji@hs03.kep.tr or be transmitted electronically using a secure electronic signature or mobile signature.

Requests and applications can also be sent to kvk@izdemirenerji.com.tr if the data owner has an e-mail address previously notified to IZE and registered in IZE's system.

Requests and applications must include the following;

• Name, surname and signature if in writing,
• T.R. identification number if a Republic of Turkey national; nationality, passport number or identification number, if any, for foreigners,
• Place of residence or business address of official notification,
• E-mail address, telephone and fax number for official notification, if any,

Information and documents regarding the subject must be added to the application.

IZE finalizes the requests in the application free of charge as soon as possible and within thirty days at the latest, depending on the nature of the request. However, if the transaction in question requires an additional cost, the fee in the tariff determined by the Board may be charged.

IZE may accept the request or reject it by explaining the reason and notify the Concerned Party in writing or electronically of its response. If the request in the application is accepted, IZE shall fulfill the requirement as soon as possible and inform the Concerned Party. If the application is caused by IZE's error, the fee collected is refunded to the data owner.

In cases where the application is rejected, the response is found to be insufficient, or the application is not responded to in due time; the data owner has the right to complain to the Board within thirty days from the date of learning the response and, in any case, within sixty days from the date of application.

DATA SECURITY

IZE must take all necessary administrative and technical measures to prevent unlawful processing of personal data and unlawful access to personal data, to ensure the preservation of personal data, and to ensure the appropriate level of security.

If there are links on the website redirecting to other sites or applications, IZE has no knowledge of the compliance of the directed sites and applications with the legislation on the protection of personal data and is not responsible for their privacy policies and contents.

By using the Website, the Online Visitor declares that he/she has read all the terms written in this information text and is informed about the processing of his/her personal data.