Personal Data and General Confidentiality Agreement

Version: 1.0
Updated Date: May 11, 2024

1. Personal Data Protection Law

Personal Data Protection Law No. 6698 (KVKK) was accepted on 24 March 2016 and published in the Official Gazette No. 29677 dated 7 April 2016. Some of the KVKK entered into force on the date of publication, and some on October 7, 2016.

Nokta Bilgisayar Sistemleri Sanayi Ticaret Limited Şirketi (Company) is the data controller within the scope of subparagraph (i) of the first paragraph of Article 3 of the Personal Data Protection Law No. 6698. The electronic system used by the 
company to collect and process information within the scope of subparagraph (h) of the first paragraph of Article 3 of the KVKK Law is the Data Recording System. The company collects personal data for specific, clear and legitimate purposes 
and processes it by structuring it according to certain criteria. Within the scope of subparagraph (ğ) of the first paragraph of Article 3 of the KVKK law, both the company institution and the company employees serve as data processors.

2. Purpose of the Policy

Personal Data Protection Policy has been prepared to determine the procedures and principles regarding the work and transactions regarding data storage carried out at Nokta Bilgisayar Sistemleri Sanayi Ticaret Limited Şirketi.

Personal data of company customers, company employees, employee candidates, service providers, visitors and other third parties are transferred to the Republic of Turkey. It has prioritized processing in accordance with the Constitution, 
international conventions, Personal Data Protection Law No. 6698 and other relevant legislation and ensuring that relevant persons exercise their rights effectively. Work and transactions regarding the storage and destruction of personal 
data are carried out in accordance with the Policy prepared accordingly by the Company.

3. Scope of the Policy

Personal data belonging to customers, Company employees, employee candidates, service providers, visitors and other third parties are within the scope of this Policy, and this policy applies to all recording environments where personal 
data owned or managed by the Company is processed and activities related to personal data processing.

4. Definitions

Anonymization: Making personal data impossible to associate with an identified or identifiable natural person in any way, even by matching it with other data.

Explicit Consent: Consent regarding a specific issue, based on information and expressed with free will.

Relevant Person: Natural person whose personal data is processed.

Personal Data: Any information regarding an identified or identifiable natural person.

Processing of Personal Data: Obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making available personal data by fully or partially automatic or non-automatic means provided that it is part 
of any data recording system, Any action performed on data, such as classifying or preventing its use.

Data Processor: Natural or legal person who processes personal data on behalf of the data controller, based on the authority given by the data controller.

Data Recording System: A recording system in which personal data is structured and processed according to certain criteria.

Data Controller: The natural or legal person who determines the purposes and means of processing personal data and is responsible for establishing and managing the data recording system.

Law/KVKK: Personal Data Protection Law No. 6698.

Deletion of Personal Data: Deletion of personal data; making personal data inaccessible and unusable in any way for Relevant Users.

Destruction of Personal Data: The process of making personal data inaccessible, irretrievable and unusable by anyone.

Personal Data of Special Qualification: Data regarding individuals' race, ethnic origin, political thought, philosophical belief, religion, sect or other beliefs, appearance and attire, association, foundation or union membership, health, sexual life, 
criminal conviction and security measures, as well as biometric data and genetic data.

5. Processing of Personal Data

Nokta Bilgisayar Sistemleri Sanayi Ticaret Limited Şirketi processes the personal data of real persons in accordance with Articles 4 and 5 of the Personal Data Protection Law. In this context, it collects and processes the data of its customers, 
employees and other real persons with whom it is in contact within the scope of business relations. The company is responsible for processing and protecting the data of the real persons it is in contact with within the scope of the Personal Data 
Protection Law No. 6698 and relevant legislation.

The Company processes personal data within the scope of paragraphs (a) (b) (c) and (d) of the first paragraph of Article 4 of the Personal Data Protection Law (KVKK). Company personal data;

Processing in Compliance with Law and Honesty: The Company acts in accordance with the principles brought by legal regulations and general rules of trust and honesty in the processing of personal data. In this context, the Company does not 
use personal data for purposes other than processing.

Ensuring that Personal Data is Accurate and Up-to-Date When Necessary: ​​The Company ensures that the personal data it processes are accurate and up-to-date, taking into account the fundamental rights of personal data owners and its own 
legitimate interests.

Processing for Specific, Clear and Legitimate Purposes: The Company clearly and precisely determines the legitimate and lawful purpose of processing personal data. The Company processes personal data in connection with and as necessary 
for the domain name and other services it offers.

Being Relevant, Limited and Proportionate to the Purpose for which they are Processed: The Company processes personal data in a manner suitable for the achievement of the specified purposes and avoids the processing of personal data that 
is not relevant or needed to achieve the purpose.

Preservation for the Period Envisaged in the Relevant Legislation or Necessary for the Purpose of Processing: The Company retains personal data only for the period specified in the relevant legislation or necessary for the purpose for which they 
are processed. If the period expires or the reasons requiring processing disappear, personal data is deleted, destroyed or anonymized by the Company. Personal data and documents obtained in domain name transactions and other transactions 
are subject to T.R. in case of possible disputes. It is kept in the database and backup system for the necessary time to be submitted to the relevant courts upon the request of the courts.

6. Enlightening and Informing the Personal Data Owner

In accordance with Article 10 of the Personal Data Protection Law, the Company informs personal data owners during the collection of personal data. There is also a general information text at www.noktacloud.com.tr. In this context, the Company 
determines the identity of the data controller, the identity of its representative, if any, the purpose for which personal data will be processed, to whom and for what purpose the processed personal data can be transferred, the method and legal basis 
of personal data collection and the rights of the personal data owner, according to the nature of the data owner and the data processing process. provides illumination. Along with this policy, the company website includes cookie usage policy, general 
information text, privacy policy, and explicit consent texts and information texts in areas where customer information is obtained.

7. Deletion, Transfer or Anonymization of Personal Data

The data collected and processed by Nokta Bilgisayar Sistemleri Sanayi Ticaret Limited Şirketi must be deleted or anonymized within certain periods of time in accordance with the personal data protection law and the regulation on deletion, 
destruction or anonymization of personal data. Storage periods may vary depending on the activity carried out by the company while processing the data and the nature of the data.

Personal data and documents obtained in the allocation of some domain names and other services are stored in the database and backup system for the necessary time in order to be presented to the relevant courts upon the request of the courts 
in possible cases.

Personal data is processed by individuals, institutions and organizations permitted by the legislation during domain name registration processes; other third parties; Our business partners resident at home and/or abroad and the organizations from 
which we receive services to carry out our company activities; It can be shared directly and/or indirectly with public institutions and organizations to which we are legally obliged.

In accordance with the legislation to which our institution is subject, relevant data can be transferred to persons and institutions that have been given permission to request and obtain, within the framework of the personal data processing conditions 
and purposes specified in Articles 8 and 9 of the KVK Law. Personal data may be shared with the new panel officer due to transfers between accounts performed by the Customer Panel officer.

8. Data Owner Rights

The rights that natural persons whose personal data are processed have in accordance with Article 11 of the KVKK are as follows;

Learning whether personal data has been processed, Requesting information if personal data has been processed, Learning the purpose of processing personal data and whether they are used for their intended purpose, Knowing the third parties 
to whom personal data are transferred domestically or abroad, Requesting correction of personal data if they are incomplete or incorrectly processed. and to request that the transaction made within this scope be notified to third parties to whom 
personal data has been transferred, to request the deletion or destruction of personal data in case the reasons requiring processing are eliminated, even though it has been processed in accordance with the provisions of KVKK and other relevant laws, 
and to request that the transaction made within this scope be notified to third parties to whom personal data has been transferred. , Objecting to the emergence of a result against the person by analyzing the processed data exclusively through 
automatic systems, Requesting the compensation of the damage in case of damage due to the unlawful processing of personal data. To exercise your rights stated above, you can apply to Nokta Bilgisayar Sistemleri Sanayi Ticaret Limited Şirketi 
by writing a petition containing your request and contact information. Your request will be concluded within 30 (thirty) days at the latest.

9. Contact Information

Company Address: Nokta Bilgisayar Sistemleri Sanayi Ticaret Limited Şirketi ( Nokta CLOUD ) / Orta Mahalle Şirin Sokak No.5 Kat.3 D.5-6 34030 Bayrampaşa, Istanbul
E-mail Address: info@noktabilgisayar.com.tr
Phone: +90 850 346 46 64 - +90 212 567 57 50