GENERAL INFORMATION TEXT ABOUT THE PROTECTION AND PROCESSING OF PERSONAL DATA

At the Collective Research Association (“CORE” or the “association”), we place utmost importance on the security of your personal data. In this context, we attach great significance to the processing and preservation of personal data belonging to real persons who interact with the association, in compliance with the Law on the Protection of Personal Data No. 6698 (“Law”), secondary regulations to be issued in accordance with the Law (regulations, notifications, circulars), and decisions made and to be made by the Personal Data Protection Board. As part of our responsibility and as defined in the Law as the “Data Controller,” we process your personal data within the limits prescribed by the legislation and as explained below in the context of relevant commercial relationships.

Information Regarding the Data Controller

Under the Law, the Collective Research Association (CORE), registered at the Istanbul Associations Desk and located at Osmanağa Mh. Söğütlüçeşme Cd. No:56/5, is the Data Controller.

Purposes of Processing Personal Data

Your personal data is processed by the association within the limits specified in the Law and in a manner that is legal, honest, and always relevant, limited, and proportionate to the purposes mentioned here. These include conducting the necessary studies by the association’s business units and carrying out activities in accordance with the association’s social or commercial activities, laws, and association policies; determining, planning, and implementing the association’s sustainability policies for the short, medium, and long term; designing and conducting human resource activities; fulfilling obligations arising from relevant legislation; managing customer relations and corporate communication processes; and ensuring the commercial and legal security of real and legal persons in communication and business relationships with the association.

Transfer of Personal Data

Your personal data, within the scope of the purposes mentioned above, may be transferred to legally authorized public institutions, judicial and administrative authorities, private legal entities and individuals permitted by other legislation, institutions and organizations authorized to audit the association, payment organizations agreed upon for fulfilling payments and financial obligations, business partners and suppliers engaged in or necessary for the conduct and development of the association’s activities, provided that data security measures specified in the Law are taken.

Method and Legal Reason for Collecting Personal Data

Your personal data is collected by the association’s authorized units and employees through automatic and non-automatic methods, verbally, in writing, visually, or electronically. In this context, personal data categorized under identity, communication, location, customer transaction, physical space security, transaction security, risk management, finance, professional experience, visual, and auditory records are processed based on legal grounds, such as being directly related to the establishment or execution of a contract, necessity for data processing to fulfill the legal obligations of the data controller, public disclosure by the individual, and necessity for data processing for the legitimate interests of CORE without harming the fundamental rights and freedoms of the individual.

Rights of Data Subjects under the Law At any time, you may apply to CORE to:

• Find out whether your personal data is being processed,
• Request information if your personal data has been processed,
• Learn the purpose of data processing and whether it is used for its intended purposes,
• Know the third parties to whom personal data is transferred domestically or internationally,
• Request correction if personal data is processed incompletely or inaccurately,
• Request deletion or destruction of personal data within the framework of conditions set forth in Article 7 of the Law,
• Request notification of the operations made in accordance with subparagraphs (d) and (e) of Article 11 of the Law to third parties to whom personal data has been transferred,
• Object to an outcome that is to your detriment by means of analysis of processed data exclusively through automated systems,
• Request compensation for damages in case of loss due to unlawful processing of personal data.

You can submit your requests regarding your rights and the application of the Law by filling out the application form available at the workplace or www.core.org.tr, and sending it to the address Osmanağa Mh. Söğütlüçeşme Cd. No:56/5 Kadıköy / Istanbul via notary, registered mail, or in person, or by sending the electronically filled application form signed with your mobile or secure electronic signature to the KEP address or the e-mail address registered in CORE’s data recording system at info@core.org.tr. If CORE responds to these requests in writing, it will do so free of charge for up to ten pages; for each page beyond ten, a transaction fee of 1 Turkish Lira will be charged. If the response to the application is given on a recording medium such as a CD or flash drive, the fee requested by the association shall not exceed the cost of the recording medium.