Page 7 - POLICY FOR THE PROTECTION AND PROCESSING OF PERSONAL DATA OF NUROL GROUP EMPLOYEES
P. 7

6.     SECTION 6 – GENERAL POINTS PERTAINING TO THE PROTECTION OF PERSONAL DATA

               In line with Article 12 of the Law, our Company takes the necessary measures in accordance with the
               nature of the data to be protected so as to prevent illegal disclosure, access and transfers of personal
               data,  or  any  other  security  vulnerabilities  that  may  arise  from  other  sources.  In  this  regard,  our
               Company takes administrative measures, and conducts audits or has other parties conduct audits, in
               order to ensure the required level of security defined in the guides published by the Board.

               The technical and administrative measures taken by our Company for the protection of personal data
               are  also  implemented  for  the  protection  of  private  personal  data,  with  all  necessary  inspections
               conducted internally within our Company.

                   6.1 Increasing and Inspecting the Awareness of Business Units Regarding the Protection and
               Processing of Personal Data

               Our Company carries out the necessary training activities in its business units in order to increase
               awareness of the safekeeping of data and the prevention of illegal access to and the illegal processing
               of personal data.

               Our Company establishes the necessary systems to raise awareness among both current employees
               and newly-hired employees regarding the protection of personal data, and works with consultants
               with experience in this field, if required. To this end, our Company considers participation in potential
               training events, seminars and informative meetings, and organizes new training activities in parallel
               with amendments to the relevant legislation.

               7.     SECTION 7 – RIGHTS OF PERSONAL DATA OWNERS AND THE EXERCISING OF SUCH RIGHTS

                   7.1 RIGHTS OF PERSONAL DATA OWNERS

               Personal data owners retain the right:

                   1)  To learn whether your personal data has been processed,
                   2)  To request information about how your data has been processed,
                   3)  To learn the purpose behind the processing of your personal data, and whether it is being used
                      in accordance with this purpose,
                   4)  To learn about the third parties, both in Turkey and abroad, to which your personal data is
                      being transferred,
                   5)  To request corrections to your personal data in the event of it being incomplete or having been
                      processed erroneously, and to demand that the third parties receiving your personal data are
                      informed of such corrections,
                   6)  Even if your data has been processed in accordance with the Law and the provisions of other
                      laws, to request that your personal data be deleted or destroyed should the initial reasons that
                      required it to be processed no longer be valid, and to demand that any third parties receiving
                      your personal data are informed of such requests,
                   7)  To  raise  an  objection  in  the  event  of  an  analysis  of  your  processed  data  by  exclusively
                      automatic systems resulting in an outcome that is disadvantageous to you,
                   8)  To ask for compensation in the event of harm suffered due to the processing of your personal
                      data in a manner that is contrary to the law.



                                                            6
   2   3   4   5   6   7   8   9   10   11   12