GENERAL PERSONAL DATA PROTECTION POLICY

SKYDAGGER ELEKTRONİK SANAYİ VE TİCARET ANONİM ŞİRKETİ

GENERAL PERSONAL DATA PROTECTION POLICY

INTERLOCUTOR:

SKYDAGGER ELEKTRONİK SANAYİ VE TİCARET ANONİM ŞİRKETİ tarafından Kişisel Verileri işlenen gerçek kişiler

PREPARER:

SKYDAGGER ELEKTRONİK SANAYİ VE TİCARET ANONİM ŞİRKETİ

APPROVED BY:

SKYDAGGER ELEKTRONİK SANAYİ VE TİCARET ANONİM ŞİRKETİ Yönetim Kurulu tarafından onaylanmıştır.

Contents

INTRODUCTION
AIM
SCOPE
DEFINITIONS
GENERAL PRINCIPLES REGARDING THE PROCESSING OF PERSONAL DATA
TERMS OF PROCESSING OF PERSONAL DATA
CONDITIONS FOR PROCESSING SPECIAL PERSONAL DATA
COMPANY'S DISCLOSURE OBLIGATION
OBTAINING EXPRESS CONSENT
ISSUES RELATED TO THE PROTECTION OF PERSONAL DATA
RESERVING THE RIGHTS OF THE RELATED PERSON AND EVALUATING THEIR REQUESTS
CASES WHERE THE RELATED PERSON CANNOT ASSERVE HIS RIGHTS PARTIALLY OR FULLY
USE OF THE RIGHTS OF THE RELATED PERSON AND APPLICATION FORM TO THE DATA CONTROLLER
TRANSFER OF PERSONAL DATA AND PROCESSING BY THIRD PARTIES
DATA TRANSFER TO THIRD PARTIES LOCATED IN Türkiye
DATA TRANSFER TO THIRD PARTIES LOCATED ABROAD
STORAGE PERIOD OF PERSONAL DATA
STORAGE AND DESTRUCTION OF PERSONAL DATA
AUDIT
WHAT NEEDS TO BE DONE FOR THE POLICY TO BE IN EFFECT AND KEEP IT CURRENT

INTRODUCTION

SKYDAGGER ELEKTRONİK SANAYİ VE TİCARET ANONİM ŞİRKETİ (“Company”) attaches utmost importance to protect fundamental rights and freedoms of individuals, especially the privacy of private life regulated in Article 20 of the Constitution, in the protection and processing of personal data. In this context, in accordance with the Personal Data Protection Law No. 6698 (“Law” or “KVK Law”), it takes care to protect and process personal data in accordance with the law and acts with this care in all its planning and activities.

Our company does not consider the protection and processing of personal data only within the scope of compliance with the legislation, but also puts the value it attaches to people as the basis of its approach.
This policy sets out the principles to be adopted by the company regarding the processing and protection of personal data and to be taken into account at the point of implementation.

AIM

In order to comply with the Personal Data Protection Law No. 6698, the decisions of the Personal Data Protection Board and secondary legislation regarding the processing and protection of personal data, it is aimed to carry out the activities within the company in accordance with the legal regulations and to inform the persons whose personal data are processed in a transparent and accurate manner.

SCOPE

This policy covers all activities regarding personal data processed by the company and applies to such activities.

DEFINITIONS

Explicit Consent	It is consent regarding a certain subject, based on informed consent and expressed with free will.
Publicization	The concept of publicization, which means "making known to everyone", is listed in Article 5 of Law No. 6698 as one of the exceptions to the "requirement to obtain the explicit consent of the natural person whose personal data is being processed", which is necessary for the processing of personal data.
Anonymise	It means making personal data impossible to associate with an identified or identifiable natural person in any way, even by matching it with other data.
Lighting Obligation	It is the obligation of the data controller to inform the persons whose personal data it processes, by whom, for what purposes and on what legal grounds these data may be processed, and to whom it may be transferred and for what purposes.
Related User	Persons who process personal data within the data controller organization or in line with the authority and instructions received from the data controller, excluding the person or unit responsible for the technical storage, protection and backup of the data.
Destruction	It refers to the deletion, destruction or anonymization of personal data.
Processing of Personal Data	Obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making available, classifying or using Personal Data by fully or partially automatic or non-automatic means provided that it is part of any data recording system. It is any operation performed on data, such as blocking.
KVK Board/Board	It is the Personal Data Protection Board.
Organisation	It is the Personal Data Protection Authority consisting of the Board and the Presidency.
Related Person	They are real persons whose personal data is processed.
Personal Data	It is any information regarding an identified or identifiable natural person.
Automatically Processing Data	Computer, phone, watch, etc. It is a processing activity that takes place automatically, without human intervention, within the scope of pre-prepared algorithms through software or hardware features, carried out by devices with processors.
Special Personal Data	Data regarding race, ethnic origin, political thought, philosophical belief, religion, sect or other beliefs, appearance, association, foundation or union membership, health, sexual life, criminal conviction and security measures, as well as biometric and genetic data are special data.
Record	It is the Data Controllers Registry.
Company / Our Company	SKYDAGGER ELEKTRONİK SANAYİ VE TİCARET ANONİM ŞİRKETİ
Data Processor	It is a natural or legal person who processes Personal Data on behalf of the data controller, based on the authority given by the data controller.
Data Recording System	It refers to the recording system in which Personal Data is structured and processed according to certain criteria.
Data Controller	It is the natural or legal person who determines the purposes and means of processing Personal Data and is responsible for establishing and managing the data recording system.
Data Category	It is a class of personal data attributable to a group or groups of data subjects in which personal data are grouped according to their common characteristics.

GENERAL PRINCIPLES REGARDING THE PROCESSING OF PERSONAL DATA

Compliance with Law and Honesty Rules	Our company processes personal data in accordance with the relevant legislation and the requirements of the code of honesty and uses it within these limits. It acts to prevent the emergence of consequences that the person concerned does not expect and does not need to expect. Ensures that such data processing activity is transparent in accordance with the Principle; Acts in accordance with its information and warning obligations.
Be Accurate and Up to Date When Necessary	Our company ensures that the personal data it processes are accurate and up-to-date, taking into account the fundamental rights and legitimate interests of personal data owners. In this context, it carefully takes into account issues such as determining the sources from which the data is obtained, confirming its accuracy, and evaluating whether it needs to be updated. In accordance with its active duty of care, our company always keeps the channels open to ensure that the personal data owner's information is accurate and up-to-date.
Processing for Specific, Clear and Legitimate Purposes	Our company clearly and precisely determines the purpose of data processing and ensures that this purpose is legitimate. The legitimacy of the purpose means that the personal data processed by our Company is related to and necessary for the work it performs or the service it offers. Our company does not process data for purposes other than these stated purposes. In this respect, it shows sensitivity in complying with the principle of certainty and clarity in legal transactions and texts in which the purposes of personal data processing are explained.
Being Related to the Purpose for Processing, Limited and Proportionate	Our company ensures that the personal data processed are suitable for the achievement of the specified purposes and avoids the processing of personal data that is not relevant or needed to achieve the purpose. Our company does not collect or process personal data for purposes that do not exist and are expected to occur later. In order to process data to meet possible needs that may arise later, it fulfills the processing conditions of personal data regulated in the Law, as if it is starting the processing for the first time. It also limits the data processed to only what is necessary to achieve the purpose. Within the scope of the principle of proportionality, it establishes a reasonable balance between data processing and the purpose it is intended to achieve.
Preservation for the Period Envisaged in the Relevant Legislation or Necessary for the Purpose for which they are Processed	If there is a period stipulated in the relevant legislation for the storage of data, our company complies with these periods; Otherwise, it retains personal data only for the period necessary for the purpose for which they are processed. If there is no valid reason for further storage of personal data by our company, the data in question is deleted, destroyed or anonymized. Procedures regarding the storage and destruction of personal data are regulated in detail in our Company's Personal Data Storage and Destruction Policy.

TERMS OF PROCESSING OF PERSONAL DATA

Personal data can only be processed by the company within the scope of the procedures and principles specified below.

In order for personal data processing to be carried out in accordance with the law, the processing activity must meet the following three elements: Compliance with general principles, being based on one of the data processing conditions, and informing the relevant person.

Personal data can be processed by obtaining the explicit consent of the relevant person after the obligation to inform the relevant person is fulfilled. Explicit consent is obtained in accordance with the KVK Law regulations. In cases where processing of personal data is foreseen without explicit consent within the scope of the KVK Law, personal data will be processed without the explicit consent of the relevant person. Personal data may be processed without explicit consent in the following cases (Art. 5/2):

Clearly Provided in Laws	Our company processes personal data without obtaining the explicit consent of the relevant person in cases clearly stipulated by law.
It is Necessary for the Protection of the Life or Physical Integrity of the Person Who Is Unable to Express His/Her Consent Due to Actual Impossibility or whose Consent Is Not Recognized as Legally Valid.	Our company processes personal data without explicit consent to protect the life or physical integrity of individuals in cases where consent cannot be expressed or is not valid.
It is Necessary to Process Personal Data of the Parties to a Contract, Provided That It is Directly Related to the Establishment or Performance of a Contract	If it is necessary to process the personal data of the parties to the contract directly related to the establishment or execution of a contract, our company processes the personal data of the relevant person without explicit consent, limited to this purpose, as a matter of ordinary course of life.
It is mandatory for our company to fulfill its legal obligations	Our company, as the data controller, processes the personal data of the relevant person without explicit consent when necessary in order to fulfill its legal obligations.
It has been made public by the relevant person himself/herself.	Our company; may process the personal data of the relevant persons, which have been made public by them, in other words, which have been disclosed to the public in any way, on a limited basis for the purpose of making them public.
Data Processing Is Necessary for the Establishment, Exercise or Protection of a Right	Our company processes the personal data of the relevant persons without explicit consent in cases where data processing is mandatory for the exercise or protection of a legally legitimate right.
It is Mandatory for Our Company to Process Data for Its Legitimate Interests, Provided That It Does Not Harm the Fundamental Rights and Freedoms of Personal Data Owners	Our company may process the personal data of relevant persons in cases where processing of personal data is necessary to ensure their legitimate interests, provided that it does not harm the fundamental rights and freedoms of the relevant persons. Our Company shows the necessary sensitivity to comply with the basic principles regarding the protection of personal data and to observe the balance of interests of the people related to our Company. What is meant by legitimate interest; It is a legitimate, effective, specific and readily existing interest that competes with the fundamental rights and freedoms of the person concerned. Our company takes additional protective measures to prevent harm to the rights of relevant persons. A reasonable balance is maintained between the interests of our company and the fundamental rights and freedoms of the person concerned.

CONDITIONS FOR PROCESSING SPECIAL PERSONAL DATA

When processing special personal data, precautions determined by the Board are taken.

COMPANY'S DISCLOSURE OBLIGATION

Our company informs personal data owners during the collection of personal data in accordance with Article 10 of the KVK Law. In this context, it clarifies the identity of the Company representative, if any, the purpose for which personal data will be processed, to whom and for what purpose the processed personal data can be transferred, the method and legal reason for collecting personal data, and the rights of personal data owners.

OBTAINING EXPRESS CONSENT

Our company carries out personal data processing activities by obtaining the explicit consent of the relevant person, in cases where it is not based on one of the processing conditions listed in Article 5/2. It never obtains explicit consent from the relevant person when one of the conditions specified in Article 5/2 is present and thus avoids misleading the relevant person.

Even if personal data is processed based on explicit consent, the company still fulfills its obligation to inform; It carries out the processes of obtaining explicit consent and providing information as separate processes.

Explicit consent is obtained through written/printed or electronically available express consent texts.

ISSUES RELATED TO THE PROTECTION OF PERSONAL DATA

In accordance with the Law, our company takes all necessary administrative and technical measures to ensure the appropriate level of security in order to store personal data securely and to prevent unlawful processing and access of personal data. These administrative and technical measures are regulated in detail in our Company's Personal Data Storage and Destruction Policy.

Our company regularly carries out compliance activities with the "Personal Data Protection Law" to ensure compliance with the regulations in the Law and other legislation.

Our company takes all necessary administrative and technical measures, according to technological possibilities and implementation costs, to ensure that relevant data controllers and data processors do not disclose their personal data to anyone else in violation of the provisions of the Law and Policy and do not use it for purposes other than processing. In this context, information and training activities about the Law and Policy are carried out, relevant employees are made to sign confidentiality agreements as part of the recruitment process, and other data controllers and data processors are made to sign confidentiality and commitment agreements.

If the personal data processed by our Company is obtained by others through unlawful means, our Company carries out the necessary procedures to notify the relevant person and the KVK Board within the periods determined by the KVK Board. If deemed necessary by the KVK Board, this situation is announced on the KVK Board's website or by another method deemed appropriate by the KVK Board.

Our company observes all legal rights of the relevant persons regarding the implementation of the Policy and the Law and takes all necessary measures to protect these rights.

Data regarding individuals' race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, appearance and clothing, membership of associations, foundations or unions, health, sexual life, criminal convictions and security measures, as well as biometric and genetic data of special quality is personal data. Our company is aware that special personal datas are datas that may cause the relevant person to be victimized or discriminated against if learned by others, and therefore, it carefully takes adequate measures determined by the Board to protect such personal data processed in accordance with the law.

RESERVING THE RIGHTS OF THE RELATED PERSON AND EVALUATING THEIR REQUESTS

Our company responds to the following requests of the relevant person whose personal data it holds, in accordance with the KVKK regulations:

Learning whether personal data is processed by the company,
If it has been processed, request information about it,
Learning the purpose of processing and whether they are used for their intended purpose,
Knowing the third parties to whom personal data is transferred at home or abroad,
Requesting correction of personal data if it is incomplete or incorrectly processed,
Requesting notification to third parties to whom personal data has been transferred if correction and destruction procedures have been carried out by the company,
Requesting the deletion, destruction or anonymization of personal data by the company when the reasons for processing personal data are eliminated.
Objecting to the emergence of a result that is unfavorable to the individual by analyzing the processed data exclusively through automatic systems,
Request compensation for the damage if the relevant person suffers damage due to unlawful processing of personal data.

CASES WHERE THE RELATED PERSON CANNOT ASSERVE HIS RIGHTS PARTIALLY OR FULLY

The provisions of this Policy and the Law will not apply in the following cases:

Processing of personal data by natural persons within the scope of activities related to themselves or their family members living in the same residence, provided that they are not given to third parties and obligations regarding data security are complied with,

Processing of personal data for purposes such as research, planning and statistics by anonymizing them with official statistics,

Processing of personal data for artistic, historical, literary or scientific purposes or within the scope of freedom of expression, provided that it does not violate national defence, national security, public security, public order, economic security, privacy of private life or personal rights or constitute a crime,

Processing of personal data within the scope of preventive, protective and intelligence activities carried out by public institutions and organizations authorized by law to ensure national defence, national security, public safety, public order or economic security,

Processing of personal data by judicial authorities or enforcement authorities regarding investigation, prosecution, trial or enforcement proceedings.

Provided that it is in accordance with and proportionate to the purpose and basic principles of this Policy and the Law, the 10th article, which regulates the data controller's obligation to inform, the 11th article, which regulates the rights of the data subject, except for the right to request compensation for damage, and the 16th article, which regulates the obligation to register in the Data Controllers Registry, are as follows: It will not be applied in cases where:

Processing personal data is necessary for the prevention of crime or criminal investigation,

Processing of personal data made public by the relevant person,

Processing of personal data is necessary for the execution of auditing or regulatory duties and disciplinary investigation or prosecution by public institutions and organizations and professional organizations that are public institutions, based on the authority granted by the law,

Personal data processing is necessary to protect the economic and financial interests of the State regarding budget, tax and financial matters.

USE OF THE RIGHTS OF THE RELATED PERSON AND APPLICATION FORM TO THE DATA CONTROLLER

Requests and applications regarding the implementation of the Law can be made by filling out the relevant person application form on our website (https://www.fpvdronemarket.com) and sending it to İKİTELLİ OSB MAH. METAL İŞ 15. BLOK SK. It can be deposited in writing in person at METAL İŞ SANAYİ 15. BLOK NO: 5 BAŞAKŞEHİR/ İSTANBUL, sent through a notary public, or transmitted electronically by using registered electronic mail (KEP), secure electronic signature or mobile signature.

Requests and applications can also be sent to info@fpvdronemarket.com if there is an e-mail address of the relevant person who has been previously notified to our Company and registered in the Company's system.

In requests and applications,

Name, surname and signature if the application is written,

T.R. for citizens of the Republic of Turkey. identification number, nationality for foreigners, passport number or identification number, if any,

Residence or workplace address subject to notification,

If available, notification e-mail address, telephone and fax number,

Demand subject,

It is mandatory to be present.

Information and documents regarding the subject must be added to the application.

Our company finalizes the requests in the application free of charge as soon as possible and within thirty days at the latest, depending on the nature of the request. However, if the transaction in question requires an additional cost, the fee in the tariff determined by the Board may be charged.

Our company may accept the request or reject it by explaining the reason and notify the relevant person in writing or electronically of its response. If the request in the application is accepted, our Company will fulfill the requirements as soon as possible and inform the relevant person. If the application is due to our Company's error, the fee received will be refunded to the relevant person.

In cases where the application is rejected, the response is found to be insufficient, or the application is not responded to in due time; The relevant person has the right to lodge a complaint with the Board within thirty days from the date of learning the answer and, in any case, within sixty days from the date of application.

TRANSFER OF PERSONAL DATA AND PROCESSING BY THIRD PARTIES

The company may transfer personal data to a third natural or legal person in accordance with KVK regulations.

In this case, the company ensures that the third parties to whom it transfers personal data comply with this policy.

Necessary protective regulations are added to contracts concluded with third parties.

DATA TRANSFER TO THIRD PARTIES LOCATED IN TÜRKİYE

Personal data may be transferred to third parties within Turkey without obtaining explicit consent in exceptional cases specified in KVKK Article 5/2 and special categories of personal data in Article 6/3, and in other cases, provided that express consent is obtained.

Company employees and the data controller representative are jointly responsible for ensuring that this transfer complies with KVKK.

DATA TRANSFER TO THIRD PARTIES LOCATED ABROAD

Personal data may be transferred to third parties abroad, provided that explicit consent is obtained.

In exceptional cases specified in Articles 5/2 and 6/3 of the Law, personal data may be transferred to third parties abroad without obtaining explicit consent, if there is sufficient protection in the country to which data will be transferred (Countries with adequate protection are announced by the Board).

If there is not sufficient protection in the country to which data will be transferred, personal data may be transferred to third parties abroad without explicit consent, provided that our company and the data controller in the country to which data will be transferred undertake adequate protection and permission is obtained from the Board.

Company employees and the data controller representative are jointly responsible for ensuring that this transfer complies with KVKK.

STORAGE PERIOD OF PERSONAL DATA

According to Law No. 6698, even though personal data has been processed in accordance with the provisions of this law and other relevant laws, if the reasons requiring processing are eliminated, it is deleted, destroyed or anonymized by the company automatically or upon the request of the relevant person.

Deletion is the process of making personal data inaccessible and unusable in any way for the relevant users.

Destruction is the process of making personal data inaccessible, irretrievable and unusable by anyone.

Anonymization is the process of making personal data impossible to associate with an identified or identifiable natural person in any way, even if it is matched with other data.

Without prejudice to the provisions regarding the destruction of personal data in other laws, our Company will delete the personal data it has processed in accordance with the provisions of this Law and other laws, ex officio or upon the request of the relevant person, in accordance with the Personal Data Storage and Destruction Policy, in case the reasons requiring processing are eliminated. , destroys or anonymizes.

STORAGE AND DESTRUCTION OF PERSONAL DATA

Our company stores personal data in accordance with the periods stipulated in laws and other legislation. If there is no retention period stipulated in the laws and other legislation, personal data is stored for the period required to achieve the purpose of processing that personal data, in accordance with our Company's Personal Data Storage and Destruction Policy, and is then deleted, destroyed or anonymized within the framework of periodic destruction periods. .

AUDIT

Our company carries out the necessary inspections and has them carried out in order to ensure compliance with the legislation and data security and the regularity and continuity of the measures taken.

WHAT NEEDS TO BE DONE FOR THE POLICY TO BE IN EFFECT AND KEEP IT CURRENT

The Policy, which was issued by SKYDAGGER ELEKTRONİK SANAYİ VE TİCARET ANONİM ŞİRKETİ and entered into force on ../../2024, is published in any medium accessible to the relevant persons and made available to the relevant persons.

If deemed necessary by the company, this policy may be changed with the approval of the Board of Directors.

Even if the policy is changed, the old version is kept within the company.