STATEMENT OF INFORMATION AND CONSENT ON THE PROTECTION OF PERSONAL DATA

Dear Customer,

As SUMMIT YAZILIM VE TEKNOLOJİ DANIŞMANLIK HİZMETLERİ ANONİM ŞİRKETİ (info@sumtech.io), we attach great importance to the protection of your personal data within the scope of the Law No. 6698 on the Protection of Personal Data. Within this framework, we present our clarification and explicit consent text concerning the processing of your personal data for your information.

Any kind of information that you share through summit.tech.tr or within the scope of your relationship with our company that makes your identity specific or identifiable ("Personal Data") will be processed by SUMMIT YAZILIM VE TEKNOLOJİ DANIŞMANLIK HİZMETLERİ ANONİM ŞİRKETİ as the Data Controller. The concept of "processing of personal data" refers to any kind of operation carried out on such data, such as obtaining, recording, storing, preserving, altering, disclosing, transferring, taking over, making it available, classifying or preventing its use.

With this clarification text, we aim to inform you about the data processing activities carried out within the scope of the Law and to obtain your explicit consent for the situations listed below.

As SUMMIT YAZILIM VE TEKNOLOJİ DANIŞMANLIK HİZMETLERİ ANONİM ŞİRKETİ, we ensure the highest level of security for your personal data and conduct all our activities with this awareness.

1. Purposes and Legal Grounds for Processing Your Personal Data

Personal data belonging to our customers are processed for the purposes listed below within the scope of the personal data processing conditions and purposes set out in Articles 5 and 6 of Law No. 6698:

• •Ensuring that relevant persons benefit from the products and services offered by Summit Yazılım ve Teknoloji
• •Planning and execution of business processes
• •Carrying out commercial activities
• •Planning and execution of our Company's commercial and/or business strategies
• •Ensuring the legal, technical and commercial security of our Company and the persons and institutions with which we have business relations
• •Customising and promoting products and services according to the preferences, usage habits and needs of our customers

In cases where the data processing conditions set out in Articles 5/2 and 6/3 of the Law cannot be met, your explicit consent is requested for the following purposes:

• •Creating customer-specific campaigns
• •Cross-selling and audience segmentation studies
• •Analyses intended to improve the user experience
• •Improving the performance of the website and mobile application
• •Direct or indirect marketing activities
• •Personalised segmentation, targeting, analysis and reporting
• •Market research and customer satisfaction studies
• •Planning and execution of customer relationship management processes

Within this scope, your personal data may be processed based on your explicit consent and shared with the parties specified in this Clarification and Consent Text.

2. Transfer of Your Personal Data

Your personal data may be transferred, limited to the purposes stated above, to the following parties in line with the personal data processing conditions and purposes regulated in Articles 8 and 9 of Law No. 6698:

• •Authorized personnel of SUMMIT YAZILIM VE TEKNOLOJİ DANIŞMANLIK HİZMETLERİ A.Ş.
• •Our business partners, suppliers and solution partners
• •Our affiliates and shareholders
• •Public institutions and private organisations that are legally authorised

3. Your Rights Under the PDPL

Pursuant to Article 11 of the Law, you may contact Summit Yazılım ve Teknoloji (info@sumtech.io) and exercise the following rights:

• •Learn whether your personal data are processed
• •Request information if your personal data have been processed
• •Learn the purpose of processing your personal data and whether they are used in line with the stated purpose
• •Know the third parties to whom your personal data are transferred domestically or abroad
• •Request correction if your personal data are incomplete or inaccurately processed
• •Request their deletion or destruction within the scope of Article 7 of the PDPL
• •Request that the transactions carried out be notified to third parties to whom your personal data are transferred
• •Object to any result that is to your detriment arising from the analysis of personal data exclusively through automated systems
• •Request compensation for the damage you suffer as a result of the unlawful processing of your personal data

4. Application Methods

In accordance with the provisions of the PDPL, you may submit your requests together with documents proving your identity through the channels stated below:

Your requests will be concluded as soon as possible and within 30 days at the latest, depending on the nature of the request.