A. INTRODUCTION

Data privacy is extremely important to 7ELT, and we attach particular importance to openness and transparency in our processing of your personal data.

For this reason, we explain in this Privacy and Personal Data Protection Policy (“Policy”) how your personal data is processed and protected. Please read carefully and review your privacy settings.

Before we start, here are our commitments:

• We take your privacy seriously.

• We protect the security of your personal data.

• We comply with data privacy laws.

• We only use your personal data as described in this document.

• We do not collect unnecessary data.

• We stop processing your data when it is no longer needed.

• We inform you of your rights to control your personal data.

---

A.1. WHO IS RESPONSIBLE FOR YOUR PERSONAL DATA?

Data Controller:
SEVEN GÜVENLİK SİSTEMLERİ TİC. LTD. ŞTİ.
Certificate Number: 0764032813300018
(“7ELT” or “COMPANY”)

Contact Information:
• Address: İkitelli OSB Mah. 6. Cadde Beyaz Tower No:1 D:30 Başakşehir – İstanbul, TURKEY
• Phone: 0212 255 47 35
• Email: info@7elt.com

---

A.2. POLICY PURPOSE

This Policy regulates the principles adopted by 7ELT in compliance with the Personal Data Protection Law No. 6698 (KVKK), especially regarding the processing and protection of personal data.

It applies as an integral part of the membership agreement and distance sales contract conducted through the website www.7elt.com.

---

A.3. POLICY SCOPE

This Policy applies to:

• Customers and potential customers

• Employees, interns, candidates

• Representatives of corporate users

• Business partners, suppliers

• Visitors (physical or virtual)

• Members, and all third parties

• Anyone accessing, sharing or processing personal data with/on behalf of the Company

It covers all automated or non-automated personal data processing that forms part of any data recording system.

---

A.4. DEFINITIONS

Explicit Consent: Permission on a specific subject, given freely and based on information.
Processing of Personal Data: Any operation performed on personal data (collecting, storing, transferring, etc.).
Personal Data Owner: The natural person whose data is processed.
Personal Data: Any information relating to an identified or identifiable natural person.
Special Personal Data: Sensitive data (race, religion, political opinion, health, biometric data, etc.).
Data Controller: The person/entity determining why and how data is processed.
Data Processor: The person/entity processing data on behalf of the controller.
Data Recording System: System in which personal data is structured.
Anonymization: Making data impossible to link to a person.

---

B. PRINCIPLES ON THE PROCESSING OF PERSONAL DATA

7ELT complies with all data protection laws and fundamental privacy principles.

---

B.1. TYPES OF PERSONAL DATA COLLECTED

1. Credentials & Contact Information

Examples: name, date/place of birth, ID details, signature, photo, gender, email, address, phone.

2. Customer Transaction Information

Examples: payment card info, call records, billing details, IBAN, account activity.

3. Financial Information

Examples: bank/payment institution info, financial performance, account data.

4. Marketing Information

Examples: communication history, shopping history, surveys, cookies, campaign data.

5. Location Information

Examples: transaction location.

6. Risk Management Information

Examples: risk assessment data.

7. Process Security & Complaint Management Information

Examples: IP address, login info, cookies, device info, operating system, logs, documents, photos, receipts.

---

B.2. PURPOSES OF PROCESSING PERSONAL DATA

Your personal data may be processed for:

• Fulfilling requests and applications

• Updating identity/contact information

• Providing products/services

• Order processing, delivery, returns

• Improving website/app usability

• Direct and indirect marketing

• Market research, segmentation, CRM

• Financial transactions and invoicing

• Security, risk management, fraud prevention

• Verifying membership

• Customer support and complaints

• Legal obligations, audits, reporting

• Sending marketing communications (SMS, email, phone)

• Online behavioral advertising, remarketing

All processing is based on lawful bases such as:

• Performance of a contract

• Legal obligations

• Legitimate interests

• Explicit consent (when required)

---

B.3. GENERAL PRINCIPLES

7ELT processes personal data according to these principles:

1. Lawfulness and fairness

2. Accuracy and up-to-date data

3. Specific, clear and legitimate purposes

4. Data minimization

5. Limited retention period

---

B.4. CONDITIONS FOR PROCESSING PERSONAL DATA

With Explicit Consent

When legally required.

Without Explicit Consent (legal exceptions):

• Required by law

• Protection of life or physical integrity

• Necessary for contract formation/performance

• Legal obligations

• Personal data made public by the owner

• Establishment/protection of a legal right

• Legitimate interests (without harming rights/freedoms)

---

C. PROCESSING OF SPECIAL PERSONAL DATA

Special personal data is processed only:

• With explicit consent, or

• In legally mandated situations

And with additional security measures.

---

D. DELETION, DESTRUCTION, OR ANONYMIZATION

Personal data is deleted, destroyed, or anonymized when:

• The purpose of processing no longer exists

• Retention period expires

• Upon request of the data owner (unless legally required to keep)

Methods include:

• Cutting, erasing, overwriting

• Encryption removal

• Destroying physical media

• Anonymization techniques (K-Anonymity, L-Diversity, etc.)

---

E. TRANSFER OF PERSONAL DATA

7ELT may transfer data to:

• Domestic and foreign service providers

• Business partners

• Legal authorities

• Call centers

• SMS/email service providers

• Cloud storage providers

• Payment institutions

Transfers follow Articles 8 and 9 of KVKK.

E.1. Domestic Transfers

To partners, suppliers, subcontractors, public authorities.

E.2. International Transfers

With explicit consent or legal basis, ensuring adequate security.

---

F. CLARIFICATION OBLIGATION

During data collection, 7ELT informs data subjects about:

• Identity of the data controller

• Purpose of processing

• Legal basis

• Transfers

• Rights under Article 11 KVKK

Information is provided via website, membership process, pop-ups, and email.

---

G. ENSURING DATA SECURITY

7ELT implements:

• Technical measures

• Administrative measures

• Physical security measures

To prevent unlawful access, alteration, or loss of personal data.