VESMEC MAKİNA SANAYİ MÜMESSİLİK DANIŞMALIK VE TİCARET LTD. ŞTİ.
PERSONAL DATA PROTECTION AND PROCESSING POLICY

1. OBJECT AND SCOPE
Vesmec Makina Sanayi Mümessillik Danışmanlık ve Tic. Ltd. Şti. (“Vesmec Company” or the “Company”) makes every effort to comply with all applicable legislation regarding the processing and protection of personal data.
Within the framework of Personal Data Protection and Processing Policy ("Policy") of Vesmec Makina Sanayi Mümessillik Danışmanlık ve Tic. Ltd. Şti., the principles adopted in the execution of personal data processing activities carried out by Vesmec Company are explained.
With the policy, it is aimed to sustain the principle of "conducting company activities in accordance with the law and honesty rules and in transparency" of Vesmec Company In this context, the basic principles adopted in terms of compliance of data processing activities of Vesmec Company with the regulations in the Personal Data Protection Law No.6698 ("PDPL") are determined and the practices implemented by Vesmec Company are explained.
The policy is directed to natural persons whose personal data are processed by Vesmec Company automatically or by non-automatic means provided that they are part of any data recording system.

2. POLICY PRINCIPLES
2.1. General Principles
The policy is published on the website of Vesmec Company (www.vesmec.com), open to the access of personal data owners. In parallel with the changes and innovations to be made in the legislation, the changes to be made in the Policy will be made accessible in a way that data owners can easily access.
In the event of a conflict between the legislation in force regarding the protection and processing of personal data and this Policy Vesmec Company accepts that the current legislation will apply.

2.2. PERSON GROUPS UNDER THE POLICY
The Related Person groups that are within the scope of the policy and whose personal data are processed by Vesmec Company are as follows:
● Employee Candidates
Persons who have not established a service contract with Vesmec Company, but applied to Vesmec Company for establishment.
● Business Partners, Authorities, Employees
Real person officials, shareholders and employees of organizations with which Vesmec Company has commercial relations.
● Company Visitors
Real persons who visit the buildings where Vesmec Company operates or the websites operated by Vesmec Company.
● Employees
Real persons with whom a service contract has been established with Vesmec Company.

3. PRINCIPLES ON THE PROCESSING AND PROTECTION OF PERSONAL DATA
3.1. COMPLIANCE WITH DATA PROCESSING CONDITIONS
While conducting the processing of personal data, the Company complies with the following: (i) the basic principles stated in Article 4 of the PDPL, (ii) the personal data processing conditions contained in Article 5, and (iii) the special quality personal data processing conditions specified in Article 6.
3.1.1. COMPLIANCE WITH THE BASIC PRINCIPLES

(1) Processing personal data in accordance with the law and good faith
The company mainly in the Constitution of the Republic of Turkey, in accordance with PDPL and related secondary legislation, personal data processing operations are executed in accordance with the law and good faith.
(2) Ensuring the accuracy and currency of the personal data processed
While the company carries out the processing of personal data, all necessary administrative and technical measures are taken to ensure the accuracy and currency of personal data within technical possibilities. In this context, the company has established mechanisms to correct and verify the accuracy of personal data of personal data owners in case their personal data are out of date or inaccurate.
(3) Processing personal data in a relevant, limited and measured manner
Personal data are processed by the company in connection with the data processing conditions and as necessary for the realization of the processing purpose of these services. In this context, the purpose of personal data processing is determined before starting the personal data processing activity, and data processing activity is not carried out with the assumption that it can be used in the future.
(4) Retaining personal data for the period stipulated in the relevant legislation or required for the purpose for which they are processed
The company preserves personal data for a limited period of time stipulated in the relevant legislation or required by the purpose of data processing. Accordingly, in the event that the period stipulated in the legislation is expired or the reasons requiring the processing of personal data disappear, the personal data are deleted, destroyed or anonymized by the Company. Based on the possibility of future use, personal data is not stored by the Company.
3.1.2. COMPLIANCE WITH PERSONAL DATA PROCESSING CONDITIONS
The company carries out its personal data processing activities in accordance with the data processing conditions set forth in Article 5 of the PDPL. In this context, personal data processing activities are performed in the presence of the personal data processing conditions listed below:

(1.2.1) Existence of the Explicit Consent of the Relevant Person
Personal data processing activity is carried out by the Company in the event that the Relevant Person gives his / her consent to the processing of his / her data freely and without any hesitation, having sufficient knowledge on a specific subject.
(1.2.2) Personal Data Processing Activity Being Clearly Stipulated by Laws
In case there is an explicit regulation in the laws regarding personal data processing, personal data processing activity may be carried out by the Company limited to the relevant legal regulation.
(1.2.3) Failure to Obtain the Explicit Consent of the Relevant Person Due to Actual Impossibility and Requiring Personal Data Processing
In cases where the relevant Person cannot explain his consent or his consent is not valid, if it is necessary to process personal data for the protection of the life or body integrity of the person, the data processing activity is carried out by the Company in this context.
(1.2.4) The Personal Data Processing Activity Being Directly Related to the Establishment or Performance of a Contract
In cases directly related to the establishment or execution of a contract, if it is necessary to process personal data belonging to the parties of the contract, data processing activity is carried out by the Company.
(1.2.5) Requirement for Vesmec Bilişim Company to Carry out Personal Data Processing Activity in Order to Fulfill its Legal Obligation
In case of the legal liability of the Company, which has adopted showing the necessary sensitivity about compliance with the law as the Company policy, personal data processing is carried out in order to fulfill the legal obligation.
(1.2.6) Relevant Person Making Personal Data Public
Personal data made public (disclosed to the public in any way) by the person concerned is processed by the company in accordance with the purpose of publicization.
(1.2.7) When Data Processing is Mandatory for the Establishment, Use or Protection of a Right
The establishment of a right to the processing of personal data, in case of compulsory for the use or preservation, these requirements with parallel personal data processing activities carried out by the Company.
(1.2.8) It is Necessary for Vesmec Company's Legitimate Interests to Carry Out Personal Data Processing, Provided That It Does Not Damage Fundamental Rights and Freedoms of the Relevant Person
If personal data processing is mandatory for the legitimate interests of the Company, data processing activity can be carried out if the fundamental rights and freedoms of the Relevant Person will not be harmed. In this context, the balance between the legitimate interest of Vesmec Communication Company and the fundamental rights and freedoms of the Relevant Person will be sought with the title of "data supervisor".
3.1.3. COMPLIANCE WITH SPECIAL QUALITY PERSONAL DATA PROCESSING CONDITIONS
Special attention is paid to the processing of sensitive personal data by the company. In this context, in the processing of special quality personal data, the Company determines whether there are data processing conditions with precision. Data processing activity is carried out after making sure that the requirement of compliance with the law exists.
Special quality / private personal data can be processed by the Company in the following situations, provided that sufficient measures determined by the Board are taken:
(1.3.1) Processing of Personal Health Data
Personal health data can be processed by the Company in the presence of one of the conditions listed below, provided that (i) take adequate measures to be stipulated by the Ministry of Health, (ii) comply with the general principles and (iii) under the obligation of secrecy:
– Existence of the written express consent of the Related Person,
– Protection of public health,
– Preventive medicine,
– Conducting medical diagnosis, treatment and care services,
– Planning and management of health services and financing.
(1.3.2) Processing of Private Personal Data Other than Health and Sexual Life
Private personal data other than health and sexual life can be processed by the Company with the explicit consent of the Relevant Person or in the cases stipulated in the laws.
3.1.4. COMPLIANCE WITH PERSONAL DATA TRANSFER CONDITIONS
In the personal data transfers to be carried out by the company, the personal data transfer conditions set out in Articles 8 and 9 of the PDPL are followed.
(1) Transfer of Personal Data Domestically
In accordance with Article 8 of the PDPL, the Company acts in accordance with the data processing conditions in data transfer activities to be carried out domestically. (See Policy 3.1.).
(2) Transfer of Personal Data Abroad
Personal data can be transferred abroad by the company in accordance with Article 9 of the PDPL provided to be (i) in accordance with the personal data processing requirements (See Policy 3.1.) and (ii) if the country to be transferred is from countries with sufficient protection declared by the Board and in the absence of adequate protection in the relevant foreign country, the data can be transferred abroad if the data supervisors in Turkey and abroad make a commitment in writing to ensure adequate protection, and the data can be transferred abroad with the permission of the Board.
(3) Groups of Persons to whom Personal Data are Transferred by the Company
In accordance with Articles 8 and 9 of the PDPL, the company may transfer the personal data of the data owners within the scope of the Policy to the person groups listed below for the purposes specified. (See Policy 2.2.):
(i) To third party service providers who process personal data on behalf of the company, in order to fulfill the commercial activities of the company, with limits
(ii) To company business partners in order to establish and maintain the business partnership, with limits
(iii) To company suppliers, in order to fulfill the commercial activities of Vesmec Company, with limits
(iv) To authorized public institutions and organizations and authorized private law persons for the purposes requested by the relevant persons within the legal authority, with limits
(v) To third parties. in accordance with personal data transfer terms.

4. DISCLOSURE OF PERSONAL DATA OWNERS
The company carries out the necessary processes to ensure that data owners are informed during the acquisition of personal data, in accordance with Article 10 of the PDPL. In this context, the information listed below is included in the clarification texts provided by the Company to data owners:
(1) The title of the company,
(2) The purpose for which the personal data of data owners will be processed by the company,
(3) To whom and for what purpose the processed personal data can be transferred,
(4) Method and legal reason for collecting personal data,
(5) The rights of the Relevant Person listed below;
– Learning whether your personal data is processed or not
– Requesting information if personal data has been processed,
– Learning the purpose of processing personal data and whether they are used appropriately for their purpose,
– To know the third parties to whom personal data are transferred domestically or abroad,
– To request correction of personal data in case of incomplete or incorrect processing, and to request notification of the transaction made to third parties to whom personal data are transferred,
– Although it has been processed in accordance with the provisions of PDPL and other relevant laws, in case the reasons requiring the processing is no valid anymore, to request notification of the processes regarding the correction, deletion or destruction of personal data to third parties to whom personal data have been transferred,
– Object to the occurrence of a result against the person himself by analyzing the processed data exclusively through automated systems,
– To request the compensation of the damage in case of damage due to the processing of personal data illegally.

5. CONCLUSION OF REQUESTS OF PERSONAL DATA OWNERS
In case the data owners submit their requests regarding their personal data to the Company in writing by filling out the documents proving their identity and the application form at www.vesmec.com in accordance with Article 13 of the PDPL, the company carries out the necessary processes as data supervisor to ensure that the request is concluded as soon as possible and within thirty (30) days at the latest, depending on the nature of the request.
Within the scope of ensuring data security, the company may request information to determine whether the applicant is the owner of the personal data subject to the application. The Company may also ask a question to the Relevant Person regarding the application in order to ensure that the application of the Relevant Person is concluded in accordance with the request.
In cases where the application of the Relevant Person is likely to hinder the rights and freedoms of other people, requires disproportionate effort, the information is public information, the request may be rejected by the Company by explaining its justification.
5.1. RIGHTS OF PERSONAL DATA OWNERS
In accordance with Article 11 of the PDPL, you can make a request by applying to the Company on the following issues.
(1) Learning whether your personal data is processed or not
(2) Requesting information if personal data has been processed,
(3) Learning the purpose of processing personal data and whether they are used appropriately for their purpose,
(4) To know the third parties to whom personal data are transferred domestically or abroad,
(5) To request correction of personal data in case of incomplete or incorrect processing, and to request notification of the transaction made to third parties to whom personal data are transferred,
(6) Although it has been processed in accordance with the provisions of PDPL and other relevant laws, in case the reasons requiring the processing is no valid anymore, to request notification of the processes regarding the correction, deletion or destruction of personal data to third parties to whom personal data have been transferred,
(7) Object to the occurrence of a result against the person himself by analyzing the processed data exclusively through automated systems,
(8) To request the compensation of the damage in case of damage due to the processing of personal data illegally.

5.2. CASES EXCLUDING THE RIGHTS OF PERSONAL DATA OWNERS PURSUANT TO THE LEGISLATION
In accordance with Article 28 of the PDPL, since the following situations are not covered by the PDPL, personal data owners will not be able to assert their rights in the following matters:
(1) Processing of personal data for artistic, historical, literary or scientific purposes or within the scope of freedom of expression. Provided that it does not violate national defense, national security, public security, public order, economic security, privacy of private life or personal rights or constitute a crime.
(2) Processing personal data for purposes such as research, planning and statistics by anonymizing them with official statistics.
(3) Processing personal data within the scope of preventive, protective and intelligence activities carried out by public institutions and organizations authorized by law to ensure national defense, national security, public security, public order or economic security.
(4) Processing of personal data by judicial authorities or execution authorities in relation to investigation, prosecution, trial or execution proceedings.
In accordance with article 28/2 of PDPL, it will not be possible to claim RIGHTS OF PERSONAL DATA OWNERS, except to demand compensation in the cases listed below:
(1) Processing of personal data is necessary for the prevention of crime or for a criminal investigation.
(2) The processing of personal data made public by the Relevant Person.
(3) The processing of personal data is necessary for the execution of supervision or regulation duties and for disciplinary investigation or prosecution by the authorized and authorized public institutions and organizations and professional organizations that qualify as public institutions, based on the authority granted by the law.
(4) Processing of personal data is necessary for the protection of the economic and financial interests of the State regarding budget, tax and financial issues..
6. ROLES AND RESPONSIBILITIES
6.1. 6.1. THE COMPANY’S SUPERIOR COMMITTEE ON THE PROTECTION OF PERSONAL DATA (PDP)
The Vesmec Company PDP Senior Committee, established within the Company, is responsible for the implementation of the Vesmec Company's Personal Data Protection and Processing Policy in all company-wide activities and processes. In order to fulfill this responsibility, the Company's PDP Senior Committee has established the Vesmec Company Personal Data Protection Committee, which will provide the necessary coordination within the Company within the scope of ensuring, preserving and maintaining compliance with the legislation on protection of personal data within the Company. Vesmec Personal Data Protection Committee, consisting of representatives from the Financial Affairs Department, Legal Affairs Department, Audit Department, Human Resources Department, Corporate Relations and Communication Coordinator and Information Technologies Coordinator, convened under the chairmanship of the Risk Management Coordinator, compliance with PDPL throughout Vesmec Company will prepare the necessary regulations and guides within the scope of. All employees and units of Vesmec Company are obliged to ensure the implementation of this Policy and compliance with the Policy.
6.2. COMPANY’S PDP COMMITTEE
"COMPANY'S PDP COMMITTEE" has been established by the company, which will provide the necessary coordination within the Company within the scope of ensuring, preserving and maintaining compliance with the legislation on protection of personal data. COMPANY'S PDP COMMITTEE is responsible for the execution and improvement of the systems established for ensuring the unity between the Company units, ensuring the compliance of the activities carried out with the legislation on protection of personal data.
In this context, the basic duties of COMPANY'S PDP COMMITTEE are as follows:
– To prepare and put into effect the basic policies regarding the protection and processing of personal data within the company,
– To decide how the policies regarding the protection and processing of personal data within the company will be implemented and how the supervision will be carried out, to make internal assignments and coordination within the company,
– To determine the issues to be done in order to comply with the PDPL and the relevant legislation, to monitor its implementation and to ensure its coordination,
– To raise awareness within the Company and in the presence of cooperating institutions regarding the protection and processing of personal data,
– To determine the risks that may occur in the personal data processing activities of the Company and ensuring that the necessary measures are taken; to offer improvement suggestions,
– To design and execute trainings on the protection of personal data and the implementation of policies,
– To decide on the applications of personal data owners,
– To coordinate the execution of information and training activities to ensure that personal data owners are informed about the Company's personal data processing activities and legal rights,
– To prepare and put into effect the changes in basic policies regarding the protection and processing of personal data,
– To follow the developments and regulations regarding the protection of personal data, to advise the senior management on the things to be done in the Company operations in accordance with these developments and regulations,
– To manage the relations with the Institution and the Board,
– To carry out the other duties that the Company PDP Supreme Committee will give regarding the protection of personal data.
– To regularly report to the Company PDP Supreme Committee on compliance with the PDPL.
7. SECURITY AND PRIVACY OF PERSONAL DATA
All necessary measures are taken by the company, depending on the nature of the data to be protected, within the possibilities to prevent the unlawful disclosure, transfer, unlawful access of personal data or security deficiencies that may occur in other ways.
In this context, all necessary (i) administrative and (ii) technical measures are taken by the Company, (iii) an audit system is established within the company and (iv) in case of unlawful disclosure of personal data, actions are taken in accordance with the measures prescribed in the PDPL.

(1) Administrative Measures Taken by Vesmec Company to Ensure the Legal Processing of Personal Data and to Prevent Unlawful Access to Personal Data
– The company trains its employees and raises their awareness regarding the law of personal data protection.
– In cases where personal data are subject to transfer, it is ensured that records are added to the contracts concluded by the Company with the persons to whom the personal data are transferred, stating that the party to whom the personal data is transferred will fulfill its obligations to ensure data security.
– The personal data processing activities carried out by the company are examined in detail, reviewed periodically and updated when necessary. In this context, the steps to be taken to ensure compliance with the personal data processing conditions stipulated in the PDPL are determined.
– The company determines the applications to be carried out in order to comply with the PDPL, arranges these applications with internal policies, periodically reviews them and updates them when necessary.

(2) Technical Measures Taken by Vesmec Company to Ensure the Legal Processing of Personal Data and to Prevent Unlawful Access to Personal Data
– Regarding the protection of personal data, reasonable technical measures are taken by the company to the extent that technology allows, and the measures taken are updated and improved in parallel with the developments.
– In technical matters, expert personnel are employed or supported by expert consultants when necessary.
– Inspections are conducted at regular intervals for the implementation of the measures taken.
– Software and systems are established to ensure security.
– The authority to access personal data being processed within the company is limited to the relevant employees in line with the specified processing purpose.

(3) Auditing Activities for the Protection of Personal Data by the Company
The functioning of the technical and administrative measures taken by the company within the scope of protecting and ensuring the security of personal data is audited and practices are carried out to ensure the continuity of the process. The results of the audit activities carried out within this scope are reported to COMPANY'S PDP COMMITTEE and the relevant department within the company. In line with the audit results, activities are carried out to develop and improve the measures taken for data protection.
(4) Measures to be Taken in Case of Unlawful Disclosure of Personal Data
Within the scope of the personal data processing activity carried out by the Company, in cases where it is determined that the personal data is unlawfully obtained by unauthorized persons, the situation will be reported to the Board and the relevant data owners without delay.
8. PURPOSE OF PROCESSING PERSONAL DATA AND PERSONAL DATA GROUPS SUBJECT TO DATA PROCESSING ACTIVITY
8.1. PERSONAL DATA CATEGORIES
The personal data in the following groups are partially or completely automatically processed by the company or non-automatic as part of the data recording system.

PERSONAL DATA CATEGORIES EXPLANATION
Identity Information Name-surname, T.C. identity number, nationality information, mother's name and father's name, place of birth, date of birth, marital status, identity card and passport, tax number, SSI number, signature information, etc.
Communication information Information such as telephone number, address, e-mail address, fax number.
Physical Space Security Information Records taken at the entrance to the physical space, clearly belonging to an identified or identifiable natural person and included in the data recording system.
Transaction Security Information Personal data processed to ensure our technical, administrative, legal and commercial security while conducting our commercial activities.
Risk Management Information Personal data processed by means of methods used in accordance with the generally accepted legal, commercial custom and good faith in these fields to manage commercial, technical and administrative risks.
Financial Information Processed personal data regarding information, documents and records showing all kinds of financial results created according to the type of legal relationship our company has established with the personal data owner.
Legal Procedure and Compliance Information Personal data processed within the scope of the determination, follow-up and execution of the legal receivables and rights of the Company and compliance with the legal obligations and Company policies.
Audit and Inspection Information Personal data processed within the scope of our company's legal obligations and compliance with company policies.
Special Quality / Private Personal Data Data specified in article 6 of PDPL (for example; health data including blood group, biometric data, religion and membership association information)
Request / Complaint Management Information Personal data regarding the receipt and evaluation of any request or complaint directed to our company.
Reputation Management Knowledge Associated with the contact and protect the personal data collected purposeful company's business reputation (eg sharing, which are related to the Company)



8.2. PURPOSE OF PROCESSING PERSONAL DATA
Personal data is processed by the Company for the purposes listed below in accordance with data processing terms and principles. Existence of the following purposes may vary for each Related Person.
The personal data obtained are processed by the Company within the scope of the personal data processing conditions specified in articles 5 and 6 of the PDPL and within the following purposes:
– Planning and / or Execution of In-Company Training Activities,
– Planning and Execution of Emergency Management Processes,
– Planning and Execution of Corporate Sustainability Activities,
– Planning Human Resources Processes,
– Following Up the Legal Affairs,
– Planning and Execution of Business Activities,
– Creating and Managing Information Technology Infrastructure,
– Planning Information Security Processes,
– Planning and Execution of Corporate Relations and Communication Activities,
– Planning and Execution of In-Company Orientation Activities,
– Planning and / or Execution of Activities of Efficiency / Productivity and / or Appropriateness Analysis of Business Activities,
– Ensuring that the data are correct and up-to-date,
– Recruitment / Employment,
– Ensuring the Security of Company Premises and / or Facilities,
– Creating Visitor Records and Tracking,
– Follow-up of Contract Processes and / or Legal Requests,
– Planning and / or Execution of Business Continuity Activities,
– Planning and Execution of Company Audit Activities,
– Planning and Execution of the Operational Activities Required to Ensure that the Company's Activities are carried out in accordance with Company Procedures and / or Relevant Legislation,
– Realization of Company and Partnership Law Transactions,
– Ensuring the Safety of Company Operations,
– Management and / or Supervision of Relations with Affiliates,
– Execution of Personnel Recruitment Processes,
– Planning and Execution of Corporate Governance Activities,
– Execution of Strategic Planning Activities,
– Planning and Execution of Training Activities Outside the Company.

8.3. CATEGORIES OF SHARED PARTY
Vesmec Company may transfer the personal data of the data owners within the scope of the Policy in accordance with the principles included in the PDPL and especially the 8th and 9th articles of the PDPL to the person groups listed below for the purposes specified below. (See Section 2.2.):
- Company suppliers,
- Company business partners,
- Third parties who process personal data on behalf of the company,
- Authorized public institutions and organizations and authorized private legal persons,
- To other third parties in accordance with the data transfer conditions.

The scope of the above-mentioned persons transferred and the possible data transfer purposes are stated below.

PERSONS TO WHOM THE DATA CAN BE TRANSFERED DEFINITION DATA TRANSFER PURPOSE
Business Partner Parties with which the company has established a business partnership for purposes such as conducting its commercial activities In order to ensure the fulfillment of the objectives of the establishment of the business partnership, with limits
Supplier Parties providing services to the Company on a contractual basis and in accordance with the orders and instructions of the Company within the scope of carrying out the commercial activities of the Company In order to provide the Company with the services required by the Company to fulfill the commercial activities of the company and procured from the supplier as external sources, with limits.
Affiliates Companies in which the company is a shareholder In order to ensure the execution of commercial activities that require the participation of the company's affiliates, with limits.
Legally Authorized Public Institutions and Organizations Public institutions and organizations authorized to receive information and documents from the Company according to the provisions of the relevant legislation For the purpose requested by the relevant public institutions and organizations within the legal authority, with limits.
Legally Authorized Private Law Persons Private law persons authorized to receive information and documents from the Company in accordance with the provisions of the relevant legislation For the purpose requested by the relevant private law persons within the legal authority, with limits.



9. USE OF CLOSED CIRCUIT CAMERA (CCTV)
In the building where the headquarters of Vesmec Company is located, your visual and audio data can be obtained through the closed circuit camera system for purposes such as preventing criminal behavior, ensuring the safety of the building, its surroundings, tools and equipment, visitors and employees, and it is only necessary for these purposes. can be stored for a period of time. All technical and administrative measures required to ensure the security of personal data obtained through closed circuit camera system will be taken by the Company.

10. USE OF THE INTERNET SITE
Internet activities of visitors within the site are recorded on the websites owned and managed by the Company in order to ensure that those who visit these sites perform their visits on the sites in an appropriate manner for their visit purposes, to provide them with customized content, to provide social media features, to facilitate the visit by being remembered if they visit the relevant website again..

The company may opt out of using the cookies it uses on websites owned and managed. It can change their type or function or add new cookies. The Company will process the personal data obtained through the said cookies in accordance with the PDPL and the terms and conditions of this Policy. Detailed explanations on the protection and processing of personal data in terms of the said websites are included in the "Privacy Policy" texts of the relevant websites.

11. 11. REVIEW
This Policy will be reviewed by COMPANY'S PDP COMMITTEE at least once a year and updated if necessary. The Company PDP Senior Committee is authorized and responsible for the enforcement, amendment, execution and abolition of this Policy.
12. DEFINITIONS
DEFINITIONS of the terms used in the policy is given below.

Open Consent: Consent on a specific subject, based on information and declared with free will,
Anonymization : Making personal data unrelated to a certain or identifiable natural person under any circumstances, even by matching other data,
Regulation on the Processing of Personal Health Data: Regulation on the Processing of Personal Health Data and Ensuring Privacy, published in the Official Gazette dated October 20, 2016 and numbered 29863
Personal Health Data: All kinds of health information regarding an identified or identifiable natural person.
Personal Data: All kinds of information regarding an identified or identifiable real person,
Related / Relevant person: The natural / real person whose personal data is processed. For example; Customers and employees.
Processing of Personal Data : Any operations performed on data such as obtaining and saving personal data by fully or partially automatic means or non-automatic means provided that they are part of any data recording system, storing, preserving, changing, rearranging, disclosure, transfer, taking over, making available, classifying or preventing the use of personal data.
PDPL: Personal Data Protection Law No. 6698, dated March 24, 2016, published in the Official Gazette dated April 7, 2016 and numbered 29677.
Board: Personal Data Protection Board
Authority: Personal Data Protection Authority
Private Personal Data: Data on race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, dress and association, association, foundation or union membership, health, sexual life, criminal conviction and security measures, and biometric and genetic data,
Policy: Personal Data Protection and Processing Policy of Vesmec Makina Sanayi Mümessillik Danışmanlık ve Tic. Ltd. Şti.
Vesmec Company / Company : Vesmec Makina Sanayi Mümessillik Danışmanlık ve Tic. Ltd. Şti.
Vesmec Company Business Partners : Parties with which Vesmec Company establishes business partnerships for various purposes while conducting its commercial activities.
Vesmec Company Suppliers: Parties providing services to Vesmec Company on a contract basis.
Constitution of Turkey: the Constitution of Turkey dated November 7, 1982 and numbered 2709, published in the Official Gazette dated 9 November 1982 and numbered 17863.
Turkish Penal Code: Turkish Penal Code, dated September 26, 2004 and numbered 5237, published in the Official Gazette dated 12 October 2004 and numbered 25611.
Data Supervisor : Refers to the real or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system.