Policies

Company Privacy Policy
DEBAK DENİZLİ BAGALİT KALIP SAN. VE TİC. A.Ş. has explained the data collected, processed and transferred from its internal stakeholders in the Clarification Text for Personnel and the data collected, processed and transferred from its

external stakeholders in the General Clarification Text on Personal Data. DEBAK A.Ş. takes all necessary administrative and technical measures within the framework of the principle of utmost care to protect the confidentiality of all

personal data processed and stores these data in physical and/or electronic media in accordance with the measures. DEBAK A.Ş. processes, stores or shares all personal data collected in accordance with the relevant legislation and company

policies and under the conditions specified in the aforementioned clarification texts. In the event that DEBAK A.Ş. shares information with institutions or organizations with which it cooperates, DEBAK A.Ş. takes the necessary measures to

ensure that these companies comply with DEBAK A.Ş.'s privacy standards and conditions. DEBAK A.Ş. takes the necessary measures to ensure that all employees act in accordance with the privacy policy and show the necessary sensitivity in this regard.

Our employees are informed about the protection of both their personal data and the personal data of stakeholders through trainings. The commitments in this policy apply to the information shared through DEBAK A.Ş.'s website and other channels.

In the event that links to other websites are provided on this website or other channels, the privacy policies and terms of use of the linked websites are valid and DEBAK A.Ş. is not responsible for any damages that may be incurred due to visiting

the relevant websites. DEBAK A.Ş. reserves the right to change the matters regulated in this policy without prior notice in order to keep the principles regarding the privacy policy up to date and to make it compliant with the relevant legislation and company policies.

Social Media Usage Policy
DEBAK DENİZLİ BAGALİT KALIP SAN. VE TİC. A.Ş. maintains its own pages/channels on the following social media platforms. If another platform is added, the changing policy will be announced on our website: - Facebook - Instagram - The authorization to open and manage

LinkedIn Pages belongs to the IT Officer. Accounts and pages opened outside of this are not related to our company. In case of detection, DEBAK A.Ş. may take legal action. Photos and videos taken during

company activities (factory-wide, production activities, events such as fairs, social activities, etc.) are shared on the pages. In addition, messages of celebration / commemoration of national and religious

holidays can be published. On social media pages, the necessary parameters and privacy settings are made by the IT Officer. Images of our employees in photos and videos can only be published if their explicit

consent has been obtained, otherwise the images of our customers, suppliers and visitors are not included unless their permission is obtained. The names of our employees are not tagged in the posts, and no personal data is shared without their consent.

Apart from this, the rules that our employees should pay attention to in the use of social media are explained below: a) If an opinion is expressed on a subject related to DEBAK A.Ş. or the sector on social networks,

it must be stated that it is your personal opinion. b) The company must protect the reputation of its colleagues and itself. Any discrediting comments will be avoided. c) No discrediting comments will be made about

customers, competitors, suppliers, public or private institutions and organizations. d) No information about DEBAK A.Ş. employees, customers, suppliers and other stakeholders will be shared. e) No photos of other people should be

shared and their names should not be tagged on social networks unless approval is obtained. f) Discriminatory, harassing, racist, religious or sexual, offensive and disturbing comments will not be posted. g) The Company's social media pages will not advertise any commercial

product or propagandize for any political party. h) People, offices, meetings, details of work content, places, etc. within the Company will not be tagged on social media. For example, it will not be written on Facebook: "We are in training for XXX purposes with X, Y and Z at XXX Hotel". This may create risks in terms of privacy, security and competition. i) Photographs showing other

people, products, equipment, etc. are not taken in the work areas, nor are they shared on any social media platform. j) If there is any doubt about a content to be shared, the Human Resources Officer will be consulted. k) Care should be taken when uploading any content (text, images, videos, etc.) to social media platforms. Trademarks or copyrights may be violated without realizing it. l) Employees are personally responsible for the content they share and publish on social media. m) In case written messages on social media are misunderstood, spelling rules will be followed.

n) Unauthorized persons should never present themselves as the official spokesperson of the company. o) Negative messages written by others about the company will not be written, and will be treated with common sense and kindness. p)

Be aware that what is shared on the internet cannot be completely removed, even if it is removed or deleted. Our employees can consult the IT Officer about the parameters and privacy settings on their personal social media pages.

Personal Data Storage and Destruction Policy
PURPOSE OF THE POLICY: This policy has been prepared on the basis of the Regulation on the Deletion, Destruction or Anonymization of Personal Data in order to define our company's approach to

managing the storage and destruction of personal data received and processed by our company. DEFINITIONS Destruction: Deletion, destruction or anonymization of personal data Recording medium: Any medium containing

personal data that is fully or partially automated or processed by non-automated means, provided that it is part of any data recording system Periodic destruction: The process of deletion, destruction or anonymization to be

carried out ex officio at recurring intervals specified in the personal data retention and destruction policy in the event that all of the conditions for processing personal data specified in the Law disappear Data recording system: It refers to

the recording system in which personal data is structured and processed according to certain criteria. REASONS FOR STORAGE and DISPOSAL, STORAGE and DISPOSAL PERIODS: Our Company securely stores the personal data it processes in physical and/or electronic environments

within the retention periods determined by the Personal Data Inventory and publicly announced in VERBIS (Data Controllers Registry) in order to fulfill its legal obligatory activities and commercial activities. In the Personal Data Inventory,

the environments in which each personal data is processed, stored and the methods by which it is destroyed are defined. Personal data are stored in accordance with the Personal Data Protection Law No. 6698, Labor Law No. 4857,

Occupational Health and Safety Law No. 6331 and all legislation requirements concerning our company activities. In determining personal data retention periods, the legal justification or purpose of processing

personal data is taken into account. If personal data is collected and processed in accordance with legal requirements, the retention period is defined in the Personal Data Inventory as the period specified in the relevant legislation. For other data, in accordance with the purpose of processing, periods that will ensure the fulfillment of the relevant
activities are determined and defined in the Personal Data Inventory. While retention periods are sometimes defined as "month", "year", for some personal data, they may be defined as ".... At the end of", "until ............". For this reason, for each personal data, a different retention period may apply for the period stipulated in the relevant legislation or required for the purpose for which they are processed. Personal data are stored by taking "Data Security Measures" publicly announced in VERBIS. In addition to administrative measures such as preparing

authorization matrix for employees, conducting trainings, making confidentiality agreements with employees and data processors, technical data security measures such as the use of up-to-date antivirus systems, firewall use, backup, encryption, etc. are taken. In the destruction of personal data, according to the method chosen, the process of deletion, destruction, anonymization is carried out in such a way that it is not possible to access, retrieve, use or associate the personal data with the data owner again. Personal data whose retention period has expired are destroyed according to the specified

destruction methods and the process is recorded using the Data Destruction Record. These records are kept for at least 3 years. In the storage and destruction of personal data, the responsible persons determined by the "Personal Data Inventory" and "Authorization Matrix and Authorization Management Table for Personal Data" take part. Those who take part in destruction operations are recorded in the Data Destruction Record. Our Company reviews personal data every 3 months (March, June, September and December), identifies the data whose retention period has expired and deletes, destroys or anonymizes personal data in the first periodic destruction process following the date when the obligation to delete, destroy or anonymize personal data arises.

This period shall not exceed six months. Personal data owners may request information about their data by using the communication methods in our General Clarification Text on Personal Data. In case this request is for the deletion of personal data: a) If all personal data processing conditions have been eliminated, the personal data subject to the request shall be destroyed. The request of the relevant person is finalized within 30 days at the latest and informed in writing / electronically. b) If all of the personal data processing conditions have been eliminated and the data subject to the request has been transferred to the data processing parties, our company notifies the Data Processor and ensures that the destruction procedures are carried out. c) If not all of the personal data

processing conditions have been eliminated, it is rejected by our company by explaining the reason and the rejection response is notified in writing / electronically within 30 days at the latest.
General Clarification Text about Personal Data
About the Law on the Protection of Personal Data: This "General Clarification Text", DEBAK DENIZLI BAGALIT KALIP SANAYI ve TIC. A.Sh. ("DEBAK A.Sh.") as per the Personal Data Protection Law No. 6698 ("KVKK"), in the capacity of Data Controller, in accordance with the 10 entitled "The Obligation of the Data Controller to Inform" contained in the KVKK. and 11 entitled "Rights of the Person Concerned". within the framework of Article 11 of the KVKK; for what purpose your personal data will be processed, to whom and for what purpose your processed personal data can be transferred, the method and legal reason of collecting your personal data and. it is provided for the purpose of providing you with information about your other rights listed in this article and obtaining your consent in the following matters. We attach importance to protecting the confidentiality and security of the personal data you provide to us. Accordingly,

we take the necessary technical and administrative security measures to protect your personal data against unauthorized access, damage, loss or disclosure. The information about the personal data of our employees is provided with a Clarification Text for the Staff. 2. Your Personal Data We Collect and Our Processing Purposes: DEBAK A.Sh., website (www.debak.com.tr ) and processes your personal data that you have shared through other channels included in this lighting text, again limited to the purposes specified in this lighting text. From the point of view of KVKK, our Company operates as a "Data Controller". DEBAK A.Sh.' what happens when you visit the website belonging to and/or DEBAK A.Sh. when you share your personal data with us for use within the scope of the processing purposes specified in this clarification text, you are deemed to have been informed about the provisions contained in this clarification text and the privacy policy contained on our website. DEBAK A.Sh. as a Data Controller,

we collect personal data in the capacity of Personal Data Protection Law No. 6698 ("KVKK"), Turkish Penal Code No. 5237, Law No. 5651 on the Regulation of Publications Made on the Internet and Combating Crimes Committed Through These Publications, as well as related secondary legislation and all legal obligations arising from the relevant legislation, without limitation, and in the transactions we perform in order to maintain our company activities. a) Personal Data Collected from our Customers (Domestic and International): Name-surname, e-mail address, address, phone number, photo if taken, security camera images if visited our facility, vehicle license plate number, etc. data. b) Personal Data we Collect from our Suppliers: Name-surname, contact information (Phone, e-mail), security camera images in case of visiting our facility, vehicle license plate number, etc. during the product or service purchase process, supplier officials and employees. data. In addition, if the service to be provided is required, in order to meet the requirements of occupational health and safety legislation, the supplier personnel's identity information, training records, insurance notifications and health examination records, etc. data. c) Occupational Safety Specialist, Workplace Physician, Environmental Officer, etc.: Name-surname, Turkish ID No, professional title, contact information (Phone, e-mail),

security camera footage in case of visiting our facility, vehicle license plate number, etc. data. d) Personal Data that We Collect from Website Visitors: The actual IP address of the user who made the connection request, the internet browser information from which the connection request was made (e.g. Such as explorer/chrome), operating system version information, date and time of visit of our website, etc. e) Personal Data we Collect from Job Applicants: Identity, communication, professional experience (Education, training and work history), criminal record, identity and communication data of references, nationality, place and date of birth, gender, marital status, military service status, health / disability status, etc. The candidate may have personal data in his/her resume, which he/she shared at his/her own request. DEBAK A.Sh., does not process this data, does not use it for evaluation and does not share it with another person, institution or organization. f) Other Stakeholders: Name-surname, contact information, security camera footage, vehicle license plate number, etc. received from other parties contacted during the execution of business activities. data.

Our Processing Objectives: (All of them are available on a categorical basis in our VERBIS registration) Our processing objectives, except for the following, are: a) To fulfill our legal obligations regulated by the legislation b) To understand the needs of our customers and to be able to offer the right offer c) To improve communication with customers and to provide more effective and high-quality services d) To be able to carry out marketing and sales processes e) To maintain production, quality control, sales and after-sales services f) An authorized person, providing information to institutions and organizations g) Performing risk management h) Performing legal processes i) Performing communication processes j) Performing billing and collection k) Managing job application processes and evaluating the candidate (Candidates applying for a job) l) Conducting purchasing processes (For suppliers) m) Being able to conduct our business processes (Other parties) These personal data are DEBAK A.Sh. in order for you to benefit from the services we offer, in accordance with your explicit consent or in accordance with the legal legislation to which we are subject, KVKK 5. 2 of the article. in other cases stipulated in the paragraph,

this Personal Data will be processed by taking all necessary
information security measures and will be stored for the duration of legal storage or for the period required by the purpose of processing and will be destroyed or used anonymously at the end of the period required by the purpose of processing, provided that it is not used outside the purposes and scope determined by the Information about the Protection of Personal Data. 3. By Which Means We Collect Your Personal Data: Your personal data is collected verbally, in writing or electronically, within the scope of the above-mentioned purposes and for the purpose of fulfilling legal obligations and terms of service. DEBAK A.Personal data provided directly by you to Ş: All information and documents you have submitted, requests for proposals, contracts, orders, job application forms or resumes, professional qualification documents belonging to supplier personnel, etc. Personal data collected during production, sales, service provision: Correspondence, e-mail correspondence, telephone or face-to-face meetings, etc. Personal data collected in organizations: Information and documents collected in industry fair organizations or mutual visits, negotiations. Personal data that we collect through cookies and similar technologies: Your personal data, provided that it complies with the Law www.debak.com.tr it can be

collected electronically by automatic means through it. DEBAK A.Sh.' what personal data are collected during your visits: From the moment of security entry, images taken with a security camera are recorded in areas with a security camera sign. Vehicle license plate number, visitor name-surname, etc. information is also received. If a Wifi connection is used, the IP Number is saved. 4. Who We Share Your Personal Data With: DEBAK A.Sh., your personal data in question, based on your

explicit consent or in accordance with the KVKK art, in particular the legislation to which we are subject. 5/f.in other cases stipulated in paragraph 2, it may share and transfer with the relevant parties, provided that adequate measures are taken within the framework of the security and confidentiality principles specified in the KVKK. Your personal data that you have shared with us will not be shared with third parties except for the purposes of processing and sharing provided for in the KVKK or without your explicit consent. Your personal data stored electronically is transferred to our company's servers and data storage units (domestic). The job application forms of the employee candidates,

the information they transmit via our website or the resumes they send by hand / e-mail are not transferred to other persons and organizations without their explicit consent.. Personal data collected from other parties may be transferred to authorized persons, institutions or organizations by obtaining the explicit consent of the data owner or in accordance with the legal requirement or the requirement for processing without explicit consent in cases where it is necessary to transfer it for the purpose of processing. 5. Rights of the Data Owner (Related Person) In accordance with the KVKK, as the data owner, your personal data: " Learn whether it has been processed " Request information if it has been processed " Learn the purpose of processing and whether it has been used in accordance with the purpose " Know the third parties to which it has been transferred domestically or abroad " Request correction if it has been processed incompletely or incorrectly or has changed " In accordance with Article 7 of the KVKK, request deletion or destruction " Request notification of transactions made from third parties to which it was transferred " You have the right to object to the occurrence of an adverse result due to its analysis exclusively by automated systems and " Request compensation for damage if it suffers damage due to processing contrary to the KVKK.

The requests you will make in this context must be in writing within the scope of the Personal Data Protection Law 6698. For this purpose, together with the documents identifying your identity, your request containing the explanations about your right that you want to use info@debak.com.tr you can send it by e-mail to his address. Paid October 19, 2019, If the application you make for these purposes requires an additional cost, you may need to pay the fee amount in the tariff to be determined by the Personal Data Protection Board. Your requests contained in your application will be finalized as soon as possible and no later than 30 (thirty) days, depending on the nature of the request. The User / Users must ensure that they have read the Company's Privacy Policy, Personal Data Storage and Destruction Policy and the General Clarification Text related to the above-mentioned Personal Data contained on the site before making transactions on our Company's website, that they will comply with all the issues stated in these texts, the contents contained on the website and the DEBAK A.Sh.they have accepted, declared and committed as an informal

recourse that all electronic media and computer records belonging to them will be considered conclusive evidence in accordance with Article 193 of the Code of Civil Procedure.