1. Description

BOSPHOR BİLİŞİM VE DIŞ TİCARET LİMİTED ŞİRKETİ 's purpose as a requirement of the Privacy Policy is to protect the personal data of the members who use the website in order to make sure that the users benefit from the services provided safely. This Privacy Policy is intended to inform users in accordance with Law No. 6698 on the Protection of Personal Data. Purpose of this Privacy Policy Agreement determine the terms and conditions for the use of personal data generated during the use of the website in bosphor.com ,which is managed by BOSPHOR BİLİŞİM VE DIŞ TİCARET LİMİTED ŞİRKETİ In the text of the contract;

• “Privacy Policy Agreement” will be stated as “Agreement” from now on;

• Gayrettepe Mah., Balbaros Bulvarı, Koç Apt. , No: 161/7, Beşiktaş/İstanbul, resident of BOSPHOR BİLİŞİM VE DIŞ TİCARET LİMİTED ŞİRKETİ , will be stated as “BOSPHOR”;

• bosphor.com website is now stated as “Site”;

• As a member of the site, accepting the conditions, benefiting from the services and information of real / legal persons from now stated as “Member”;

• Real or legal persons who have reached the Site even though they are not a member, stated as “User”;

• “BOSPHOR” and the “Member”, in this agreement, time to time, may be referred as “Party” or together with “Parties”

By visiting the Site or as a Member, you fully agree to following terms:

• You agree that you have fully read and understood the terms of this agreement

• You accept all matters that may be subject to change in time with no objection

• You do not bring forward any objections and deficiencies in respect of all matters mentioned in the Site.

BOSPHOR may change any information and content contained in this Site at any time without notice. These changes will be periodically published on the Site and will be effective from the moment they are published. The Member / Users who declare and agree to the agreement hereunder shall be bound by all other agreements published on the Site.

  1. Purpose of Processed Data

For the purposes of this Privacy Policy Agreement and the Corporate Membership Agreement, your personal data is processed for the purposes specified in that law.

• Personal data,

• Making membership transactions,

• Contacting the Member / User based on the commercial electronic message permission,

• Improving the service provided through the site, detecting system errors and performing performance monitoring,

• Improvement of maintenance and support services and backup services,

• Identifying the preferences, tastes and needs of the Member / User and evaluating their criticism / suggestions,

• Internal recording, R & D and marketing activities,

• Ensuring information and transaction security and preventing malicious use

• Determination and implementation of commercial strategies of BOSPHOR,

• Ensuring compliance with legal processes and legislation,

• Responding to requests from official institutions,

• Management of accounting, collection and billing processes,

• Making the necessary arrangements to ensure that the processed data is current and accurate,

• Operation of internal audit, reporting and post-transaction service operating processes,

is used to carry out all kinds of activities related to its processes. Data collection and processing may not be limited to these.

Detailed information on the processing purposes of the categories of data listed above is provided below.

  1. Content of Processed Data

Below is the data which is processed by the BOSPHOR and which are considered as personal data in accordance with the Law. Unless otherwise expressly stated, the terms “personal data” in the terms and conditions provided under the Privacy Policy cover the following information.

• Identity Information: Name, surname, date of birth, gender, T.C. ID number, ID Copy and other similar data.

• Contact Information: Mobile phone, e-mail address, address, landline phone etc. data.

• Location Information: The data about the location of the city, data about the user’s location, in the case where Member / User approves, location data emerges from the GPS, IP and port address to provide localized ads. • Demographic data: Birth date, age, gender, preferred language, etc.

• Authentication Information: Users' membership information, passwords used to authenticate and to access the account, User Name, contact information, password hints, User numbers, listing numbers and so on.

• Member Transactions Information: Site entry records, documents requested for the product / brand is original, advertisement information, customer satisfaction and commercial communication permission, etc.

• Content Information: All user transaction, requested documents (invoice, guarantee certificate, etc.) related to the product / brand original, documents related to ownership or possession (license, trademark registration, etc.), advertisement information, membership information, notification statement, solution description, customer satisfaction, feedback, document submission, error information during use of the service, etc..

• Financial Information: Tax office, invoice information, payment information, invoices sent to the member and the samples of the payments received from the members, payment number, invoice number, invoice amount, invoice date, etc..

• Risk Management Information: IP address and so on.

• Marketing Information: Marketing-related SMS, e-mail messages, or calls made by the call center, sent by the contact person regarding the commercial electronic message permission.

• Legal Compliance Information: Legal texts and agreements that provide the scope, content, personal information of the services provided, procedure, commercial electronic communication permission given by the persons, authorized and authorized agreements and the use of the services provided by the BOSPHOR.

• Criticism / Suggestion Assessment Information: Messages left to Customer Service / Call Center, comments and complaints sent via e-mail.

• Data that is irreversibly anonymized in accordance with Articles 3 and 7 of the Law on the Protection of Personal Data shall not be considered as personal data in accordance with the provisions of the said law, and the processing activities relating to such data shall be made without being bound by the provisions of this Policy.

  1. Persons / Companies which Data Shared With

BOSPHOR only transfer personal data to third parties with the provisions of this Privacy Policy and in accordance with Articles 8 and 9 of the Law. The personal data of the Member / User and the secondary data gathered from these data; in accordance with this Privacy Policy Agreement, shared with the cargo and marketing companies, legal representatives, research companies, communication companies, IT companies, agencies, consulting companies, publishing companies, other companies in which BOSPHOR works and social media it is shared. The related clause of the Terms and Conditions of the E.7. In case of violation of the limits of the article may be valid only by the will of BOSPHOR. The contradictions in these and other matters will depend on the will of the BOSPHOR to be valid and will be evaluated separately by the BOSPHOR for each case. Along with the commercial electronic message approval of the Member / User, the consumer electronic profile is shared with the service provider in order to identify the consumer profile. Web site usage preferences and navigation history are shared with third parties which use cookie service in order to make organizational classification and to communicate with the Member / User and the consumer profile. Data sharing on this issue is made through secure communication channels between the third party and the Site. In order to ensure customer satisfaction and continuous relationship, the anonymous data belonging to the Member / User is shared with the research companies. In addition, the User Name and Contact Information and personal data obtained through cookies may be shared with the payment institutions to authenticate in accordance with the Regulation on Precautions for the Prevention of Laundering of Proceeds of Crime and Terrorism Financing published in the Official Gazette No. 26751 of 9 January 2008. BOSPHOR’s 'rights to share personal data are not limited to domestic but international level.

  1. Data Processing and Storing Places

Obtained personal data can be stored and processed in the country and abroad in another country with the establishment of BOSPHOR or its affiliates, subsidiaries or service providers. Your personal data collected under the Privacy Policy will be handled in accordance with the provisions contained herein and in accordance with the applicable legislation and the security measures envisaged in the country where the data is stored and processed.

  1. Rights of Members / Users on Personal Data

The rights of the Member / User pursuant to Article 11 of the Act on the data processed by the BOSPHOR are listed below;

• To learn whether personal data has been processed,

• Request personal information if personal data is processed,

• To learn the purpose of processing of personal data and to use them according to their purpose,

• Knowing the third parties in which personal data is transmitted at home or abroad;

• Requesting correction of personal data in case of incomplete or incorrect processing,

• Requesting the deletion or destruction of personal data under the conditions specified in the relevant legislation,

• Requesting that the correction, deletion and destruction performed in accordance with the relevant legislation be notified to third parties to which personal data is transferred,

• Objecting to the emergence of a result against the individual by analyzing the processed data exclusively through automated systems,

• In case of loss due to unlawful processing of personal data, it has the right to demand the remedy of the damage.

• With the communication channel specified in the ’Communication with the Site. Below, the user will be able to forward the above-mentioned requests to the Site. In accordance with these demands, BOSPHOR will be able to realize the reasoned positive / negative answer in written or digital environment.

In the case that the transactions require a cost, the Personal Data Protection Board may charge a fee on the tariff set out in Article 13 of the Law on the Protection of Personal Data No. 6698.

  1. Time to Retain Personal Data

BOSPHOR shall keep their personal data in accordance with the KVK Law for the periods stipulated in the relevant legislation or as required by the purpose of processing. These periods are as follows: • Registration and similar records: 10 years - Law No. 6098

• Financial information and accounting records: 10 years - Law No. 6102 - Law no.

• Cookies: Up to 540 days

• Commercial electronic message approval records: 1 year from the date of approval - Law No. 6563 and related legislation

• Call Center Voice Recordings: 3 years - Law No. 6563

• Personal data for suppliers / customers: 10 years after the legal relationship ends

• Traffic information for online visitors: 2 years - Law 5651

As mentioned under the title of “Force Majeure” in the other agreements in this Site, any cyber-attack etc. may not be liable for any legal or criminal liability for loss of or loss of personal data.

  1. Conditions for Deletion, Destruction and Anonymization of Personal Data

BOSPHOR maintains the personal data that it processes through the website, mobile application or mobile site for the periods required by the relevant laws and / or for the periods required by the processing purpose pursuant to Article 7, 17 and Article 138 of the Turkish Criminal Code. In the case of expiry of these periods, the wiper shall destroy, erase or anonymize in accordance with the provisions of the Regulation on the Deletion, Destruction or Anonymization of Personal Data. Deletion of personal data means that such data will not be accessible again. BOSPHOR takes necessary measures to perform the deletion in the database. The destruction of personal data refers to the process of rendering this data inaccessible, non-retrievable and non-re-usable. Deletion of personal data means that such data will not be accessible again. BOSPHOR takes necessary measures to perform the deletion in the database. The destruction of personal data refers to the process of rendering this data inaccessible, non-retrievable and re-usable. Anonymization of personal data implies that, even if the data is matched with other data, it can never be associated with a specific or identifiable real person. BOSPHOR describes in detail the methods and technical and administrative measures to erase, destroy and anonymize the Personal Data Storage and Disposal Policy prepared in accordance with the Regulation on the Deletion, Destruction or Anonymization of Personal Data. In this Policy, the period of periodic destruction to be carried out by the Regulation is set as 6 months.

  1. Measures and Commitments Regarding Data Security

BOSPHOR together with this Privacy Policy are committed to safeguarding your personal data in a secure manner. It is our responsibility to provide the appropriate level of security to ensure that personal data is kept in a legal manner. Your personal personal data is processed by taking adequate measures determined by the management. BOSPHOR will not disclose the personal data obtained about the users to anyone else in accordance with Privacy Policy and the Personal Data Protection Act No. 6698 and shall not use other than for processing purposes. BOSPHOR declares that, in case of sharing of personal data with outsourcing service providers and Users in accordance with the provisions of this Privacy Policy, such outsourcing suppliers shall also comply with the commitments under this Article. Please note that in the case of links to other applications through the Site, BOSPHOR does not bear any responsibility for the privacy policies and contents of the applications.

  1. Changes to the Privacy Policy

    BOSPHOR may update and modify this Privacy Policy at any time through the Site. The updates and changes made in the Privacy Policy of BOSPHOR shall be effective as of the date of publication on the Site.

Contact with the Site: Member / User undertakes that the information subject to this Privacy Policy Agreement is complete, accurate and up-to-date and, if any, changes immediately to bosphor.com. If the Member / User has not provided up-to-date information, the BOSPHOR shall not have any responsibility. In addition, BOSPHOR may contact with the members in order to make promotions and advertisements over e-mails and SMSs. Member / User may submit their requests mentioned above in contact Customer Service on bosforlogistics@gmail.com The Member / User may also request the suspension of processing of personal data under the Privacy Policy.