GRETSCH-UNITAS YAPI ELEMANLARI SANAYİ VE TİCARET ANONİM ŞİRKETİ

INFORMATION NOTICE REGARDING THE PROTECTION AND PROCESSING OF PERSONAL DATA

The website with the domain name https://www.g-u.com/tr-en is operated by GRETSCH-UNITAS YAPI ELEMANLARI SANAYİ VE TİCARET ANONİM ŞİRKETİ. The purpose of this Information Notice Regarding the Protection and Processing of Personal Data (“Information Notice”) is to fulfill the disclosure obligation stipulated in Article 10 of the Law on the Protection of Personal Data No. 6698 (“Law on the Protection of Personal Data – KVKK”) regarding the use of personal data obtained during the use of or received from third parties through the website https://www.g-u.com/tr-en operated by GRETSCH-UNITAS YAPI ELEMANLARI SANAYİ VE TİCARET ANONİM ŞİRKETİ (“Website”).

1. DATA CONTROLLER
   With this Information Notice on the Protection and Processing of Personal Data (“Information Notice”), as Gretsch-Unitas Yapı Elemanları Sanayi ve Ticaret A.Ş. (“Company” or “G-U”), we would like to inform our valued customers within the framework of our disclosure obligation as the Data Controller in accordance with the Law on the Protection of Personal Data No. 6698 (“KVKK”).

2. DEFINITIONS
   In this Information Notice:
   Data Subject: Refers to the natural person whose personal data is processed.
   Website: Refers to the website with the domain name https://www.g-u.com/tr-en
   Law: Refers to the Law on the Protection of Personal Data No. 6698.
   Personal Data: Refers to any information relating to an identified or identifiable natural person.
   Processing of Personal Data: Refers to any operation performed on personal data such as obtaining, recording, storing, retaining, altering, reorganizing, disclosing, transferring, taking over, making available, classifying, or preventing the use of personal data, wholly or partially by automated means, or by non-automated means provided that it forms part of a data recording system.
   Authority: Refers to the Personal Data Protection Authority.
   Communiqué: Refers to the “Communiqué on the Procedures and Principles of Application to the Data Controller” published in the Official Gazette dated 10/03/2018 and numbered 30356.
   Data Controller: Refers to the natural or legal person who determines the purposes and means of processing personal data and is responsible for establishing and managing the data recording system.

3. LEGAL BASIS AND METHOD OF COLLECTING PERSONAL DATA
   Our Company may process your personal data for specific, explicit, and legitimate purposes in accordance with Articles 4 and 5 of the Law on the Protection of Personal Data No. 6698 and in compliance with the law and the principles of good faith.

While processing your data, we rely on the following legal grounds: “It is necessary for the data controller to fulfill its legal obligation,” “It is necessary for the establishment, exercise, or protection of a right,” “It is necessary for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject.”

Regarding online visitors, we process your cookie records (navigation information, device information (ID), and traffic data) and transaction security data (log records, IP address) related to actions performed on the Website based on the legal grounds “it is necessary for the data controller to fulfill its legal obligations” and “explicitly stipulated by law” to ensure information security, prevent misuse, carry out activities in compliance with the legislation, and fulfill other legal obligations towards competent and authorized public authorities. For details on this matter, please refer to our Cookie Information Notice available on our website.

Apart from these, your personal data may be processed by G-U based on your explicit consent or in other cases legally permitted under KVKK for the following purposes: issuing invoices after sales transactions carried out within the scope of our commercial activities and fulfilling tax and other legal obligations (identity, contact, customer transaction, legal transaction information); fulfilling the requirements of contracts concluded with you; selling all products manufactured and/or imported by G-U and delivering them according to your preferred delivery method; performing return and exchange transactions when necessary; sharing information with you through your preferred communication channel regarding the products you purchased and recording transaction details; creating and maintaining a membership registration on our company’s website and applications upon your request; conducting promotional/informational, marketing, and campaign activities, sending newsletters if you have given communication consent; conducting data analysis and research; transferring and tracking your complaints/requests to our Company, backing up/archiving, storing, and preserving transaction records; complying with the obligations to retain, report, and inform in accordance with relevant legislative provisions and fulfilling our legal obligations.

G-U will not use your personal data for purposes other than those specified here and will not transfer and/or disclose it to third parties without your explicit consent or without reasons stipulated in the relevant legislation.

Cases Where Explicit Consent is Not Required
Pursuant to Article 5(2) of the Law No. 6698, personal data may be processed without seeking explicit consent in the presence of one of the following conditions: it is explicitly stipulated by law; it is necessary to protect the life or physical integrity of the person who is unable to express consent due to actual impossibility or whose consent is not legally valid; it is necessary for the processing of personal data belonging to the parties of a contract, provided that it is directly related to the establishment or performance of the contract; it is necessary for the data controller to fulfill its legal obligation; the personal data have been made public by the data subject; it is necessary for the establishment, exercise, or protection of a right; it is necessary for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject.

1. TO WHOM AND FOR WHAT PURPOSE PERSONAL DATA MAY BE TRANSFERRED
   The non-transfer and non-disclosure of personal data is our priority. However, personal data may be transferred within the framework of laws and other regulations and for the purposes stated as follows: to our group companies; to the companies and representatives authorized to act on behalf of our Company; to regulatory and supervisory institutions, and to public institutions or organizations authorized by law to request your personal data; to business partners, suppliers, contractors, banks, credit risk and financial institutions, and other real or legal persons within the scope of the commercial relationship established with you; to tax and similar consultants, legally required parties and institutions in relation to legal proceedings, and to auditors including third parties from whom we receive consultancy services. Your personal data may be transferred within and outside the country to business partners, third-party service providers, and authorized persons and organizations for the purposes mentioned above.

2. HOW LONG DO WE PROCESS YOUR PERSONAL DATA?
   Our Company retains your personal data for as long as required by the law and relevant regulations, to fulfill legal obligations and conduct lawful operations, or for as long as necessary to protect and exercise possible legal rights in potential future legal proceedings. At the end of these periods, your personal data will be deleted, destroyed, or anonymized.

Personal data processed for the purposes stated in our Company’s policy will be deleted, destroyed, or anonymized by our Company once the purpose requiring their processing ceases to exist and the periods specified under the “Regulation on the Deletion, Destruction, or Anonymization of Personal Data” published in the Official Gazette dated October 28, 2017, and numbered 30224, and the Turkish Commercial Code No. 6102, have expired.

1. RIGHTS OF THE DATA SUBJECT UNDER ARTICLE 11 OF KVKK AND EXCEPTIONS
   Details on the right of application and procedures are regulated in the “Communiqué on the Procedures and Principles of Application to the Data Controller” published in the Official Gazette dated 10/03/2018 and numbered 30356. Pursuant to the Communiqué, natural persons whose personal data are processed have the right to apply to the data controller. However, according to Article 4(2) of the said Communiqué, the exercise of this right depends on the application being made in Turkish.

According to Article 11 of the Law, data subjects have the right to learn whether personal data are processed; request information if their personal data have been processed; learn the purpose of processing and whether they are used in accordance with their purpose; know the third parties to whom personal data are transferred domestically or abroad; request correction if personal data are incomplete or incorrectly processed and request notification of such correction to third parties to whom personal data have been transferred; request deletion or destruction of personal data in case the reasons requiring processing cease to exist even though they have been processed in compliance with the Law and other relevant laws, and request notification of such deletion or destruction to third parties; object to the occurrence of a result against the person by analyzing the processed data exclusively through automated systems; request compensation for the damage arising from the unlawful processing of personal data.

However, pursuant to Article 28 of the Law on the Protection of Personal Data, except for the right to claim compensation for damages, the above-mentioned rights may not be exercised in the following cases: when processing personal data is necessary for the prevention of crime or for criminal investigation; when personal data are processed by the data subject himself/herself and made public; when processing personal data is necessary for the execution of supervisory or regulatory duties and disciplinary investigation or prosecution by public institutions and organizations authorized by law and professional organizations in the nature of public institutions; when processing personal data is necessary for the protection of the State’s economic and financial interests in relation to budget, tax, and financial matters.

Applications regarding the above-mentioned rights shall be submitted to the Company as the data controller in writing or through other methods determined by the Personal Data Protection Board (“Board”).

In this regard, you may submit your request containing explanations regarding the right you wish to exercise to the e-mail address or postal address given below, which may be updated from time to time, via your registered electronic mail (KEP) address, secure electronic signature, mobile signature, or by using the e-mail address previously notified to the Company and registered in the Company’s system (by attaching identity-verifying documents to your application form). You may also deliver a wet-signed petition with identity-verifying documents in person or send it via a notary to our postal address below.

Your application must clearly state the issue you request, must relate to you personally (or if you act on behalf of someone else, you must be specifically authorized and able to document this authorization), and must include your identity and address information.

Our Company will conclude the requests in the applications free of charge as soon as possible and within thirty days at the latest, depending on the nature of the request. However, if the transaction requires an additional cost, a fee may be charged according to the tariff determined by the Personal Data Protection Board. If the response to the application exceeds ten (10) pages, a transaction fee of 1.00 TL per page will be charged. If the response is requested to be provided on a recording medium such as CD or flash drive, a fee may be charged according to the cost of the requested medium.

Data Controller: GRETSCH-UNITAS YAPI ELEMANLARI SANAYİ VE TİCARET ANONİM ŞİRKETİ
Phone: 0216 311 79 39
KEP Address: gretsch@hs01.kep.tr
Postal Address: Osman Gazi Mah. Sevil Cad. No: 2 Sancaktepe/Istanbul
E-mail: g-u@g-u.com.tr

GRETSCH-UNITAS CONSTRUCTION ELEMENTS INDUSTRY AND TRADE INC.

1.COOKIE CLARIFICATION TEXT

As Gretsch-Unitas Yapı Elemanları Sanayi ve Ticaret Anonim Şirketi (hereinafter referred to as the “Company”), we use certain technologies (“cookies”) on the website https://www.g-u.com/tr-en (the “Site”), on the Site’s extensions, in our applications, or in other similar online or offline media we make available to you (all referred to together as the “Platform”), in order to improve your experience during your visit or use.

This text has been prepared by us as the data controller within the scope of Article 10 of the Law on the Protection of Personal Data No. 6698 (“KVKK”) and the Communiqué on the Procedures and Principles to Be Followed in Fulfillment of the Obligation of Disclosure.

The purpose of this Cookie Clarification Text is to inform you, with regard to the processing of personal data obtained automatically through the placement of cookies on your device, about the purposes for which we use which types of cookies and how you can manage these cookies.

You can visit our website without providing any personal information, obtain information about our products and services, and meet your needs. During visits, some cookies are used to collect information about site usage. Our purpose is to make it easier for users visiting our website and to improve the functioning of the site.

1. WHAT IS COOKIE TECHNOLOGY?

Cookies are small-sized, rich-text formatted text files that allow certain information about users to be stored on their terminal devices when an internet page is visited. The use of cookies and similar technologies is carried out in compliance with the applicable legislation, especially the Personal Data Protection Law No. 6698 (“KVKK” or “Law”).

The purpose of this Cookie Clarification Text is to provide you with information regarding the processing of personal data through cookies used when accessing digital platforms.

In this text, we explain for which purposes and which types of cookies we use on our website and applications, and how you can control these cookies.

As the Company, we may cease using cookies, change their types or functions, or add new cookies to our website and applications, if necessary. Therefore, we reserve the right to change the provisions of this Cookie Clarification Text at any time, provided that it is published on our website beforehand and the necessary disclosure is made.

Any changes made to the current Cookie Clarification Text will become effective upon being published on the website, application, or any public medium.

You can find the date of the last update at the end of the text.

For detailed information about the purposes for which your personal data are processed by our Company, you may refer to the Clarification Text on the Protection and Processing of Personal Data available on our website.

2. TYPES OF COOKIES AND PURPOSES OF USE

Cookies are categorized according to their parties, storage periods, and intended purposes.
According to their purpose of use, cookies are classified as mandatory, functional, performance, and advertising/marketing cookies.
According to their storage period, cookies are divided into session cookies and persistent cookies.
According to their source (party), cookies are classified as first-party or third-party cookies.

Cookies by duration of use

Our website uses both session cookies and persistent cookies.
A session cookie is used to maintain session continuity and is deleted when the user closes the browser.
A persistent cookie, however, is not deleted when the browser is closed and is automatically deleted at a specific date or after a specific period of time.

First-party and third-party cookies

Whether a cookie is first-party or third-party depends on the domain that places the cookie.
First-party cookies are placed directly by the website the user visits (the address shown in the browser’s address bar).
Third-party cookies, on the other hand, are placed by a domain different from the one visited by the user.

Cookies by purpose of use

Our website uses the following types of cookies according to their purposes:

Mandatory Cookies
These cookies are loaded when you connect to our website or fill in a specific form or click a certain button.
Mandatory cookies are used to ensure that https://www.g-u.com/tr-en functions properly — i.e., to enable shopping transactions, to create memberships upon request, to benefit from member services, to request a service offered through the site, to ensure security, and to prevent downtime.

The legal basis for processing personal data with these cookies is the necessity of establishing or performing a contract or the legitimate interest of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject.
These cookies may include both first-party and third-party (Oracle) cookies. They are used for purposes such as security and authentication and are not used for marketing purposes.

Cookies Necessary for Functionality
These cookies allow the website to remember the preferences of users who visit it.
For example, they enable remembering a visitor’s language preference or text font size.
If the use of these cookies is not permitted, some features specific to you may not be available, and your preferences may not be remembered.

Cookies Necessary for Performance, Function, and Analysis
These cookies help improve our website.
They collect information about how visitors use the site, are used to check whether the site works properly, and to identify any errors encountered.

2.1. For What Purposes Are Cookies Used?
As the Company, we use various cookies on our website and applications and process your personal data through these cookies for the following main purposes:

• To perform the basic functions necessary for the operation of the Site and applications.
  For example, to ensure that members who log in to the Site do not have to re-enter their password when navigating between different pages.

• To analyze the Site and applications and increase their performance.
  For example, to integrate the Site with the servers it runs on, to determine the number of visitors to the Site and adjust performance accordingly, or to make it easier for visitors to find what they are looking for.

• To increase the functionality of the Site and applications and provide ease of use.
  For example, remembering the username or search queries of a visitor during their next visit.

• To carry out personalization and targeting.
  For example, displaying advertisements related to the interests of visitors based on the pages and products they view.

2.2. Cookies Used on Our Website and Applications – Performance and Analysis Cookies
Thanks to these cookies, we can analyze your use of our website and applications and improve the services we provide to you.
For example, these cookies allow us to see which pages are most viewed, whether our site is working properly, and to identify possible issues.

3. WHAT IS THE CONCEPT OF MANDATORY COOKIES?

Mandatory cookies are cookies that are essential for the functioning of our website.
If these cookies are blocked, certain parts of our website may not function properly.

It is not possible to manage preferences regarding cookies that are mandatory for the use of our website.

4. METHOD AND LEGAL BASIS FOR COLLECTING PERSONAL DATA

Your personal data are collected electronically through cookies during your visit to our website or use of our applications, based on the legal ground of the legitimate interest of our Company.
Promotional activities carried out through targeting and profiling are performed only if you have given your explicit consent.
Your collected personal data may also be processed for the purposes specified in this Cookie Policy within the scope of the personal data processing conditions and purposes set forth in Articles 5 and 6 of the Law.

4.1. To Whom and for What Purpose Personal Data May Be Transferred

As the Company, we may share your personal data collected under this Cookie Policy with legally authorized public institutions, only to the extent necessary for achieving the purposes mentioned above and in compliance with the law.

5. HOW CAN I CHANGE MY COOKIE PREFERENCES?

Our Company attaches great importance to ensuring that you, our valued visitors, are able to freely exercise your preferences regarding which of your personal data may be collected.

To change your preferences regarding the use of cookies or to block cookies, you only need to modify your browser settings.
To partially or completely disable cookies on our website, you can click the “Cookie Preferences” button and make the desired adjustments.

Please note that if you disable cookies partially or completely, some features and services on our website may not function properly, and you may not obtain the full benefit of our site.

Information about managing and adjusting cookies in commonly used browsers is provided in the table below: