GDPR Information Text – Biocore

At Core Sports İç ve Dış Ticaret Limited Şirketi (“the Company” or “We”), the security and protection of your personal data is one of our top priorities. We take great care to process and protect all types of personal data belonging to all natural persons associated with our Company, including those who benefit from our products and services, in full compliance with the Law No. 6698 on the Protection of Personal Data (“KVKK”).

This text has been prepared in accordance with Article 10 of the Personal Data Protection Law and the Communiqué on the Procedures and Principles to be Followed in Fulfilling the Obligation to Inform, published in the Official Gazette on March 10, 2018. Our aim is to provide transparent information about the scope, purposes, and recipients of your personal data, as well as your rights.

In this text, the terms "we" and "our" represent Biocore.

Definition of Personal Data

According to Article 3/I(d) of the Personal Data Protection Law, "personal data" refers to any information relating to an identified or identifiable natural person. For example:

• Your name, surname, and Turkish Republic Identity Number.
• Your address, phone number, email address
• Your date of birth, IP address, transaction information, etc.

In addition, special categories of personal data include more sensitive categories such as race, ethnicity, political opinion, religious belief, health information, biometric and genetic data.

Information that has been anonymized or cannot be linked to a specific individual is not considered personal data.

What is the processing of personal data?

According to Article 3/I(e) of the Personal Data Protection Law, all operations such as obtaining, recording, storing, modifying, disclosing, transferring, and deleting personal data, whether through automated or non-automated methods, fall within the scope of "processing of personal data".

Identity of the Data Controller

According to the Personal Data Protection Law, the natural or legal person who determines the purposes and methods of processing personal data and is responsible for the establishment and management of the data recording system is defined as the "Data Controller".

Our company's corporate identity information:

• Company Name: Core Sports Internal and External Trade Limited Company
• Tax Office: Kadıköy Tax Office
• Tax Number: 2121076020
• Headquarters Address: Rasimpaşa Mah. Rıhtım Cad. Derya İş Merkezi A Blok No:28/80, İstanbul, Turkey
• Phone: 0542 515 70 71
• Website: www.biocore.com.tr
• Email: info@biocore.com.tr

Collection, Processing, and Purposes of Processing Personal Data

Your personal data is collected through various channels, including our offices, branches, dealers, call center, website, social media accounts, and mobile applications, using automated or non-automated methods, verbally, in writing, or electronically.

Your personal data is processed for the following purposes:

• Fulfillment of legal obligations
• Formation and performance of contracts
• Protecting our legitimate interests
• Adapting and recommending our company's products and services to you.
• Conducting administrative operations, ensuring physical security.
• Ensuring legal and commercial security with business partners, suppliers, and customers.
• Implementation of human resources policies
• Developing business strategies and plans.

Your personal data is processed in accordance with the conditions specified in Articles 5 and 6 of the Personal Data Protection Law and other applicable laws.

Transfer of Personal Data

Your collected personal data may be transferred to the following individuals and organizations:

• Legally authorized administrative and official authorities
• Independent auditing and consulting firms
• Tax consultants, lawyers, insurance companies
• Business partners, suppliers, shareholders
• Domestic and international third-party service providers
• To foreign countries declared by the Personal Data Protection Board to have adequate protection, or to foreign countries that, with the permission of the Personal Data Protection Board, undertake to provide adequate protection.

Transfers are made in accordance with the provisions of the Personal Data Protection Law and other relevant legislation.

Method and Legal Basis for Personal Data Collection

Your personal data is collected through audits, consultations, applications, website, telephone, social media and other communication channels.

The data collected is stored for the legally mandated periods and used to fulfill contractual and legal obligations.

Data Subjects' Rights

According to Article 11 of the Personal Data Protection Law, data subjects have the following rights:

• To find out whether your personal data is being processed.
• Request information if it has been processed.
• To learn the purposes of processing and whether it is being used for its intended purpose.
• Learning about domestic and international data transfers.
• Requesting correction of incomplete or incorrectly processed data.
• Requesting the deletion or destruction of data if the reasons requiring its processing no longer exist.
• Requesting that deletion and destruction processes be notified to third parties.
• Objecting to data analyzed through automated systems
• Claiming compensation for damages resulting from an unlawful act.

If you submit your requests to our company, they will be processed free of charge within a maximum of 30 days. However, if a fee is determined by the Personal Data Protection Board, that fee may be applied.

At Biocore, we continue to take all necessary measures within the legal framework to ensure the security and protection of your personal data. For any questions or claims, you can contact us through the communication channels listed above.