Parny Privacy and Personal Data Protection Policy

1. Purpose and Scope

In accordance with the Law No. 6698 on the Protection of Personal Data (“KVKK”), your personal data may be processed by Parny Teknoloji Yönetim A.Ş. (“Parny”) as the Data Controller.

The purpose of this Personal Data Protection Policy (“Policy”) is to provide transparency by informing individuals whose data is processed by Parny about the systems adopted for lawful personal data processing and protection.

This Policy applies to all personal data processing and protection activities carried out by Parny, together with the relevant data procedures.

2. Principles for Processing Personal Data

Parny complies with the following general principles under Article 4 of the KVKK in all data processing activities:

• Processing lawfully, fairly, and transparently

• Collecting only for specific, explicit, and legitimate purposes

• Processing limited to the purpose, relevant, and proportionate

• Ensuring accuracy and keeping data up to date when necessary

• Retaining data only for the period required by law or the purpose of processing

3. Collection, Processing, and Purposes of Personal Data

Your personal data may be processed for the following purposes within the scope permitted by Articles 5 and 6 of the KVKK:

• Execution and fulfillment of contracts, post-contract services

• Notifications to official institutions and fulfillment of legal obligations

• Planning, monitoring, and execution of financial and accounting processes

• Ensuring IT and network security for Parny’s online services

For brand awareness:

• Organizing events, managing feedback and complaint processes

For corporate relations:

• Managing, developing, and executing relations with suppliers, customers, and partners

• Carrying out communication and training activities

For security and compliance:

• Ensuring physical and digital security of Parny and its stakeholders

• Keeping records of business relations and ensuring data accuracy

• Occupational health and safety compliance

• Managing legal obligations regarding website visitors

4. Methods and Legal Basis for Processing

Personal data may be obtained directly from the data subject or through authorized third parties, using methods such as collection, recording, storage, alteration, transfer, deletion, or anonymization.

Without explicit consent, data may still be processed if:

• Required by law

• Necessary to protect life or bodily integrity in emergencies

• Directly related to contract establishment or performance

• Required for legal obligations

• Made public by the data subject

• Necessary for the establishment, exercise, or protection of a legal right

• Required for the legitimate interests of the controller, provided fundamental rights are not violated

5. Cookie Policy

When you visit Parny’s website, cookies are placed on your device to enhance your online experience by remembering preferences. Cookies do not collect personal data, transmit personal information, or extract any data from your computer. They help identify areas of interest to improve services.

Parny may also use web beacons to measure engagement (e.g., how many users open an email). Third-party advertisers may use cookies or web beacons beyond Parny’s control.

Parny accepts no liability for damages resulting from disabling or bypassing protection systems through hacking, malware, or reverse engineering.

6. Retention and Deletion of Personal Data

Personal data is retained for the period required by law or for the purpose of processing. When the purpose no longer exists, or retention is no longer required, data is deleted, destroyed, or anonymized.

Retention purposes include:

• Information security

• Employment obligations

• Finance and accounting

• Contract management

• Occupational health and safety

• Compliance with legal authorities

Deletion occurs when:

• Legal obligations change or expire

• The purpose of processing no longer exists

• Consent is withdrawn (if processing was based solely on consent)

• Retention period expires without legal justification

7. Transfer of Personal Data

Personal data may be transferred, in accordance with Articles 8 and 9 of the KVKK, to:

• Public authorities

• Business partners, shareholders, service providers, banks

• Legal, financial, or audit advisors where necessary

Data may be shared without consent if legally required by law or under the KVKK.

8. Privacy and Security

Parny ensures the confidentiality and security of personal data through technical and administrative measures. Access is restricted to authorized employees only.

Administrative measures include risk assessments, awareness training, and data minimization.
Technical measures include cybersecurity, secure storage (including cloud), and compliance with IT standards.

9. Rights of Data Subjects

You may submit written requests to exercise your rights under Article 11 of the KVKK. Your rights include:

• Learning whether your data is processed and requesting information

• Learning the purpose of processing and its conformity

• Learning third-party transfers (domestic or abroad)

• Requesting correction of incomplete or inaccurate data

• Requesting deletion or destruction under Article 7

• Requesting notification of corrections/deletions to third parties

• Objecting to outcomes resulting from automated processing

• Seeking compensation if data is processed unlawfully

Requests will be finalized within 30 days, free of charge unless an additional cost is incurred.

10. Updating Your Information

Your personal data must be accurate and up to date. Any changes should be reported to Parny’s relevant department.

This Policy was prepared on December 01, 2022. Any modifications will be published with their effective date.