The purpose of this Privacy Policy is, Fonzip Yazılım A.Ş. Regarding the use of personal data provided to the Company by Customer officers (“Users”) authorized by the Customer using the Fonzip online software service (“System”) provided by the (“Company”) and/or obtained from Users during the use of the System. to determine the terms and conditions. The definitions in the Fonzip Terms of Use shall be taken into account when interpreting the terms not defined in this Privacy Policy. The User will become bound by this Privacy Policy upon the Customer's acceptance of the Fonzip Usage Agreement.

The Company uses the personal data transferred by the Customer and Users to the System only to fulfill the tasks given by the Users on behalf of the Customer. For example: It enables the association to send mass e-mails to the members of the association, but the Company cannot use the personal data of an association's members for its own commercial purposes in any way and cannot share it with 3rd party persons and institutions.

The information given below refers to the Company's privacy policies regarding the data of Users authorized on behalf of the Customer. For example, it is about the administrators of an association, that is, admin or system administrators, who use the System.

Which Data is Processed?

Under this heading, the data processed within the scope of the System offered by the Company and considered as personal data in accordance with the Law on the Protection of Personal Data are listed. Unless expressly stated otherwise, the term "Personal Data" defines the information below within the scope of the terms and conditions provided under this Privacy Policy.

The Company collects the following data provided by the User in the digital environment during membership login.

• Name, surname, TR Identity Number, work or private e-mail address, residence address, telephone number, education and graduation information, gender, blood type and other User information to be determined by the institution of which the User is a member or customer.
• Password and similar security information used for authentication and account access

The Company can obtain information about the User's use of the System by using cookies ( Cookies ), which are a technical communication file . The following data is collected through cookies in order to determine the access and usage habits of the services offered on the system.

• Scanner Type
• ROPE
• OS
• System Logins
• Display Time

Data that has been irreversibly anonymized pursuant to Articles 3 and 7 of the Personal Data Protection Law will not be considered as personal data in accordance with the provisions of the aforementioned law, and the processing activities regarding this data will be carried out without being bound by the provisions of this Privacy Policy.

For What Purposes Are The Data Used?

The Company, the personal data provided by the User and the new data produced by the Company using this personal data, the User's ability to benefit from the System, the provision and improvement of the services subject to the System, the personal data usage purposes set out in this Privacy Policy and Fonzip Usage Agreement, and It can operate for the realization of these purposes, the fulfillment of the obligations arising from the nature of the services and the fulfillment of all kinds of legal obligations within the scope of the relevant legislation.

The Company may obtain information about the User's use of the System by using cookies, which is a technical communication file, process the data in this context, and transmit it to third parties for the purpose of processing within the scope of analysis services offered by third parties, only to the extent required by these analysis services. Said technical communication files are small text files that the System sends to the User's browser to be stored in the main memory. The technical communication file saves the status and preference settings about a website, making it easier to use the internet in this sense. Technical communication file, to obtain statistical information about how many people use the System in a temporal proportion, for what purpose, how many times a person visits the System and how long they stay, and to help generate advertisements and content dynamically from user pages specially designed for Users. designed and used for these purposes. The technical communication file is not designed to receive any other personal data from the main memory. Most of the browsers are initially designed to accept the technical communication file, but users can always change the browser settings so that the technical communication file does not arrive or a warning is given when the technical communication file is sent.

The Company determines and uses the IP address of the Users when necessary, in order to identify the problems related to the system and to solve the problems immediately. IP addresses can also be used to provide system login authorizations, to identify Users in a general way and to collect comprehensive demographic information.

Who Can Access the Data?

The Company may share the personal data within the scope of this Privacy Policy with third parties with whom it cooperates in order to fulfill its obligations under the System Usage Agreement and to perform the related services.

The Company may also process and share the data with third parties without obtaining the User's separate consent, in accordance with Articles 5 and 8 of the Personal Data Protection Law and/or in case of exceptions in the relevant legislation. The main of these situations are listed below:

• clearly stipulated in the law,
• It is compulsory for the protection of the life or physical integrity of the person or another person, who is unable to express his consent due to actual impossibility or whose consent is not legally valid,
• It is necessary to process personal data, provided that it is directly related to the establishment or performance of a contract, including the System Usage Agreement,
• Obligatory for the fulfillment of legal obligations,
• Being made public by the User himself,
• Data processing is mandatory for the establishment, exercise or protection of a right,
• Data processing is mandatory for the Company's legitimate interests, provided that it does not harm the fundamental rights and freedoms of the User.

Limited to the fulfillment of the above-mentioned purposes, the Company provides personal data to its servers located anywhere in the world other than the country of residence of the User (servers may belong to itself, its affiliated Customers, subcontractors or outsource service providers) in order to receive hosting service.

About Right of Access to Data and Correction Requests

The User has the following rights regarding itself by applying to the Company:

• Learning whether personal data is processed or not,
• If personal data has been processed, requesting information about it,
• Learning the purpose of processing personal data and whether they are used in accordance with the purpose,
• Knowing the third parties to whom personal data is transferred at home or abroad,
• Requesting correction of personal data if it is incomplete or incorrectly processed,
• Requesting the deletion or destruction of personal data within the framework of the conditions stipulated in the relevant legislation,
• Requesting the notification of the correction, deletion and destruction processes made in accordance with the relevant legislation to the third parties to whom the personal data has been transferred,
• Objecting to the emergence of a result against the person himself by analyzing the processed data exclusively through automated systems,
• To request the compensation of the damage in case of loss due to the unlawful processing of personal data,

The user may send the above-mentioned requests in writing to the Company address. In accordance with the above-mentioned requests, the company may give its reasoned positive/negative response in writing or digitally. It is essential that no fee is charged for the necessary transactions regarding the requests. However, if the transactions require a cost, it is possible to charge a fee based on the tariff determined by the Personal Data Protection Board in accordance with Article 13 of the Personal Data Protection Law.

The user undertakes that the information subject to this Privacy Policy is complete, accurate and up-to-date, and that he will update them immediately if there is any change in this information. The Company will not have any responsibility if the User does not provide up-to-date information.

The User accepts that the Customer may not be able to benefit from the services specified in the System and System Usage Agreement, in case his personal data is not used by the Company, and declares that all responsibility arising in this context will belong to him.

Retention Period of Personal Data

The Company, in order to fulfill the obligations arising from the nature of the System and related services, determined in this Privacy Policy and Fonzip Usage Agreement, in order for the Customer and the User to benefit from the System and to provide the services subject to the System, the personal data provided by the User. will be retained for as long as it is provided.

In addition, in case of any dispute that may arise from the Fonzip Usage Agreement, the Company will be able to keep personal data limited to the purpose of making the necessary defenses within the scope of the dispute and during the statute of limitations determined in accordance with the relevant legislation.

Data Security Precautions and Commitments

The company, in the conditions determined in the relevant legislation or expressed in this Privacy Policy, electronically transmitted to it through the System,

• personal data is not processed unlawfully,
• unlawful access to personal data, and
• In order to ensure the protection of personal data, it undertakes to take the necessary technical and administrative measures to ensure the appropriate level of security and to carry out the necessary inspections.

The Company cannot disclose the personal data obtained about the Users to others in violation of the provisions of this Privacy Policy and the Law on the Protection of Personal Data, and cannot use it for purposes other than processing.

In case of linking to other sites and applications through the system, the Company does not bear any responsibility for the privacy policies and contents of such sites and applications.

Changes to the Privacy Policy

The Company may change the provisions of this Privacy Policy at any time by publishing it on the System. The provisions of the Privacy Policy that the Company has amended take effect on the date of publication.