PRIVACY AND PERSONAL DATA PROTECTION POLICY

Protection of personal data is an important issue for Kolektif House Gayrimenkul İşletmeciliği ve Hizmetleri Ticaret Anonim Şirketi ("Company") (https://www.planetos.io/). As a data controller, the Company adopts the principles stipulated by the PDPL in order to comply with the Personal Data Protection Law No. 6698 (the "PDPL"), and fulfils its obligations regarding the processing, deletion, destruction, anonymization, transfer of personal data, informing the data subject and ensuring data security. The Privacy and Personal Data Protection Policy prepared within this scope is made available to the real persons ("Data Subjects") whose personal data are processed.

1. Scope and Purpose of the Privacy and Personal Data Protection Policy

This Privacy and Personal Data Protection Policy sets out:

a. methods and legal grounds for collecting personal data;
b. principles to be applied to the processing of personal data;
c. which groups of persons' personal data are processed and which categories of personal data are processed in relation to these groups of persons (Data Categories) and sample data types;
d. in which business processes and for what purposes these personal data are used;
e. technical and administrative measures taken to ensure the security of personal data;
f. to whom and for what purpose personal data may be transferred;
g. retention periods for personal data,
h. profiling and segmentation;
i. what are the rights of the Data Subjects on their personal data and how they can exercise these rights;
j. how the Data Subjects can change their positive or negative preferences for receiving electronic commercial messages;
k. sharing personal data with public authorities;
l. cookie usage and management.
m. Google User Data Collection and Usage.

a. Methods and Legal Grounds for Collecting Personal Data

Kolektif House Gayrimenkul İşletmeciliği ve Hizmetleri Ticaret Anonim Şirketi collects personal data through websites, mobile applications of the websites, social media accounts, cookies, call centres, notifications received from administrative and judicial authorities, and other communication channels in audio, electronic or written form in compliance with the legal grounds specified in Article 5 of the Personal Data Protection Law No. 6698. These legal grounds include:

explicit provision in the laws;
necessity of processing personal data directly related to the establishment or performance of a contract, provided that it is limited to the parties to the contract;
personal data made public by the data subject themselves;
necessity of processing personal data for the legitimate interests of the data controller, provided that it does not prejudice to the fundamental rights and freedoms of the data subject;
necessity of processing personal data for the establishment, exercise, or protection of a legal right.

b. Principles Applicable to the Processing of Personal Data

Kolektif House Gayrimenkul İşletmeciliği ve Hizmetleri Ticaret Anonim Şirketi adheres to the following principles in the collection, processing, and analysis of personal data:

b.1 Compliance with the Law and Principles of Integrity

Kolektif House Gayrimenkul İşletmeciliği ve Hizmetleri Ticaret Anonim Şirketi will collect and process personal data in a lawful and fair manner, ensuring the protection of data subjects' rights. The principles of proportionality and necessity will be taken into account in carrying out these activities.

b.2. Purpose-Specific Limitation

Personal data may only be processed for the purposes defined before its collection. Additional changes to the purpose can only be made to a limited extent and with justification.

b.3. Transparency and Disclosure

Data subjects should be informed in detail before collection and processing of their personal data. Prior to data collection, data subjects should be informed about the following:

identity of data controller and its representative, if any;
purpose of processing personal data;
recipients of the processed personal data and the purpose of such transfers;
method and legal ground for collection of personal data;
rights of the data subject under Article 11 of the PDPL.

b4. Data Economy

Before the processing of personal data, it should be determined whether the transaction is necessary to achieve the purpose and to what extent it is necessary. If the purpose is acceptable and proportionate, anonymous or statistical data may be used.

b.5 Deletion of Personal Data

Personal data that is no longer necessary is deleted, destroyed, or anonymized after the expiration of the retention periods stipulated by relevant laws and for the purposes of evidence.

b.6. Accuracy and Data Up-To-Dateness

Personal data must be accurate, complete, and up-to-date if it is is correct, complete and known. Inaccurate or incomplete data should be deleted, corrected, completed or updated.

b.7. Privacy and data security

Personal data should be stored and kept as confidential information. Personal Data should be protected and kept confidential on a personal level by taking necessary administrative and technical measures to prevent unauthorized access, illegal transactions, sharing, accidental loss, alteration or destruction.

c. Which Groups of Persons' Personal Data are Processed, and Categorization of Data Subject Groups of Persons

Kolektif House Gayrimenkul İşletmeciliği ve Hizmetleri Ticaret Anonim Şirketi categorizes the data subject groups whose personal data are processed in its personal data processing processes and related activities as follows. However, personal data of other groups may also be processed in accordance with the personal data processing requirements stipulated in Articles 5 and 6 of the Personal Data Protection Law (the ''PDPL'') and within the legal grounds specified in this Personal Data Protection, Privacy, and Cookies Policy.

d. Data Categories and Sample Data Types

1 a) Member Customer

Identity Information:First name, last name, date of birth, national identification number,
Location Information:City, district related to residence and purchased product, notification address, if necessary, current location information
Contact Information:Mobile phone number, landline phone number, email address, company's notification address (if applicable), individual's residential address, postal code
Financial Information:Tax office and number, invoice details, payment card information
Customer/Member Information:Membership information, membership ID number, specific current code assigned to the member in the company's billing system
Customer/Member Transaction Information:Purchased product(s), purchase amount, purchase date, call centre conversation records, consent for commercial electronic communication, campaigns/contests utilized, coupons used, order-related information
Risk Management Information:IP address
Transaction Security Information:Password information
Marketing Information:Cookie records, targeting information, evaluations indicating preferences and interests
Audio and Visual Data:Call centre conversation records, camera recordings obtained in mandatory areas owned by the company
Legal Procedure and Compliance Information:Start and end time of the service provided, type of the service utilized, transferred data amount, consent for commercial electronic communication given by the Data Subject, membership agreement approved , corporate membership agreement, other legal texts and contracts enabling the use of services provided by Kolektif House Gayrimenkul İşletmeciliği ve Hizmetleri Ticaret Anonim Şirketi
Direct Marketing Information:Marketing-related SMS, email messages, or calls made by the call centre based on the consent for commercial electronic communication given by the Data Subject
Request/Complaint Management/Reputation Management Information:Records related to complaints and/or requests submitted by the Data Subject regarding the product or service purchased via the website, mobile application, social media accounts, or call centre, and the processes of evaluation or management of these requests

b) Guest Customer (users who make purchases on the website without registering as members)

Identity Information:First name, last name, date of birth, national identification number,
Location Information:City, district of residence (delivery address for the purchased product made through planetos.io and its subdomains
Contact Information:Mobile phone number, email address, address, postal code, landline phone number
Financial Information:Tax office, invoice details
Guest Customer Transaction Information:Purchased product(s), purchase amount, purchase date, call enter conversation records, consent for commercial communication, campaigns utilized, order-related information
Risk Management Information:IP address
Transaction Security Information:Password information
Marketing Information:Cookie records, targeting information, evaluations indicating preferences and interests
Audio Data:Call centre conversation records
Legal Procedure and Compliance Information:Start and end time of the service provided, type of the service utilized, amount of data transferred, consent for commercial electronic communication given by the Data Subject, other legal texts and contracts enabling the use of services provided by planetos.io and its subdomains
Direct Marketing Information:Marketing-related SMS, email messages, or calls made by the call centre based on the consent for commercial electronic communication given by the Data Subject
Request/Complaint Management/Reputation Management Information:Records related to complaints and/or requests submitted by the Data Subject regarding the product or service purchased via the website, mobile application, social media accounts, or call centre, and the processes of evaluation or management of these requests

2 Online Visitors

Transaction Security Information:Password, mobile phone, e-mail password information
Legal Procedure Information/Risk Management Information:IP address
Legal Procedure and Compliance Information:Start and end time of the service provided, type of the service utilized, amount of data transferred

3 The Person on Whose Behalf the Product Purchased will be Delivered

Identity Information:First name, last name, date of birth, national identification number,
Location Information:City, district of residence (delivery address for the purchased product made through planetos.io and its subdomains.
Contact Information:Mobile phone number, e-mail address, address, postal code, landline phone number
Financial Information:Tax office, invoice details

4 Seller/Supplier/Seller Candidate/Seller or Supplier Employee or Representative

Identity Information:National identification number, first name, last name
Contact Information:E-mail address, landline phone number, REM address, address, mobile phone number
Financial Information:Account Number, Tax Office, Tax Identification Number, tax board, IBAN Number
Legal Procedure and Compliance Information:Circular of signature, certificate of activity,
Special Categories of Personal Data/Legal Procedure Information:Signature

e. In Which Business Processes and for Which Purposes Personal Data are Used

Carrying out membership procedures;
Improving the services offered through the e-commerce platforms "https://www.planetos.io/" and "https://kolektifhouse.planetos.io/" [the ''platform''] operated by Kolektif House Gayrimenkul İşletmeciliği ve Hizmetleri Ticaret Anonim Şirketi, developing new services, and providing information related thereto;
For the purpose of the performance of the Membership Agreement entered into with the Member Customer, analysing the preferences, interests and needs of the Member Customers and providing special promotions, opportunities and benefits to the Member Customers who have given their consents to receive commercial electronic messages;
Conducting re-marketing, targeting, profiling, and analysis based on the express consents of the Member Customers, promoting and marketing applications, goods/products, and services according to the preferences and likes of the Member Customers;
Resolving Member Customer issues and complaints;
Improving the Member Customer experience on both the platform and mobile application;
Tracking accounting and purchasing transactions;
Ensuring compliance with legal processes and regulations;
Responding to information requests from administrative and judicial authorities;
Ensuring information and transaction security and preventing misuse;
Making necessary arrangements to ensure that the data processed is up-to-date and accurate.

2 Personal Data of Online Visitors

Processing of online visitors data as per the Law No. 5651;
Ensuring compliance with legal processes and regulations;
Responding to information requests from administrative and judicial authorities;
Ensuring information and transaction security and preventing misuse;
Fulfilling legal obligations.

3 Personal Data of the Person on Whose Behalf the Product Purchased will be Delivered

Carrying out product-delivery processes;
Tracking accounting and purchasing transactions;
Ensuring compliance with legal processes and regulations;
Responding to information requests from administrative and judicial authorities;
Ensuring information and transaction security and preventing misuse;
Making necessary arrangements to ensure that the data processed is up-to-date and accurate,
Fulfilling legal obligations.

4 Personal Data of Seller/Supplier/Seller Candidate/Seller or Supplier Employee or Representative

Conducting contract processes;
Tracking accounting and purchasing transactions;
Ensuring compliance with legal processes and regulations;
Responding to information requests from administrative and judicial authorities;
Ensuring information and transaction security and preventing misuse;
Making necessary arrangements to ensure that the data processed is up-to-date and accurate,
Fulfilling legal obligations.

f. Technical and Administrative Measures Taken to Ensure the Security of Personal Data

Kolektif House Gayrimenkul İşletmeciliği ve Hizmetleri Ticaret Anonim Şirketi is committed to taking all necessary technical and administrative measures to ensure the privacy, integrity, and security of personal data.

Kolektif House Gayrimenkul İşletmeciliği ve Hizmetleri Ticaret Anonim Şirketi takes necessary precautions to prevent unauthorized access to, misuse, unlawful processing, disclosure, alteration, or destruction of, personal data. Kolektif House Gayrimenkul İşletmeciliği ve Hizmetleri Ticaret Anonim Şirketi uses generally accepted security technology standards such as security firewalls and Secure Socket Layer (SSL) encryption when processing personal data. Additionally, when you send your personal data through the website, mobile application, or mobile site of Kolektif House Gayrimenkul İşletmeciliği ve Hizmetleri Ticaret Anonim Şirketi, these data are transferred using SSL.

To ensure the prevention of unauthorized access to, unlawful processing of, personal data, and the preservation of personal data, Kolektif House Gayrimenkul İşletmeciliği ve Hizmetleri Ticaret Anonim Şirketi:

protects all areas on the website or mobile application where personal data are received with SSL;
establishes and implements access authorization and control matrices for its employees to prevent the unlawful processing of personal data collected through the website or mobile application;
conducts penetration tests and tests the system's resilience to unauthorized access to ensure that personal data are not accessed unlawfully;
ensures that personal data in paper form is stored in locked cabinets and accessed only by authorized individuals;
Personal data processed through cookies owned by third-parties from which services are received are deleted from the systems of these third-parties when the membership ends.

Although Kolektif House Gayrimenkul İşletmeciliği ve Hizmetleri Ticaret Anonim Şirketi has taken the necessary information security measures, in the event that personal data are damaged as a result of attacks on the platforms operated by the Company or the Company's system or in the hands of unauthorised third-parties, the Company shall immediately notify you and the Personal Data Protection Board and take the necessary measures.

g. To Whom and for What Purposes Personal Data may be Transferred

Kolektif House Gayrimenkul İşletmeciliği ve Hizmetleri Ticaret Anonim Şirketi only transfers personal data to third-parties in accordance with the purposes stated in this Personal Data Protection, Privacy, and Cookies Policy and in compliance with Articles 8 and 9 of the Personal Data Protection Law. In this context, Member Customer/Guest Customer data processed and the information about the person to whom the product purchased will be delivered are shared with the seller and the shipping company, and these data can also be accessed by the call centre if necessary. The information about the person to whom an invoice will be issued is shared with the shipping company for the purpose of delivering the invoice to the relevant person.

The mobile phone number and/or email address details of Member Customers/Guest Customers are shared with the commercial electronic communication infrastructure service provider based on the consent for commercial electronic communication, in order to promote and advertise based on shopping preferences, likes, and habits and to provide benefits and opportunities through commercial electronic communication.

Website or mobile application usage preferences and browsing history are shared with domestic and international business partners providing cookie services for segmentation purposes and for contacting Member Customers/Guest Customers based on their preferences and likes. Personal data transfers carried out within this scope take place through secure environments and channels provided by the relevant third-party.

Data related to Member Customers/Guest Customers are shared with research companies to enhance Member Customer/Guest Customer satisfaction and loyalty.

In addition, your personal data will be shared with our international business partners for the provision of business development services, statistical and technical services, and the conduct of customer relations.

If Member Customers/Guest Customers/Online Visitors contact Kolektif House Gayrimenkul İşletmeciliği ve Hizmetleri Ticaret Anonim Şirketi via the corporate Whatsapp line, since the Whatsapp platform is a service provided from abroad, they will have sent their personal data abroad. If Member Customers/Guest Customers/Online Visitors do not want to send their personal data abroad using Whatsapp, they can use other communication channels provided by Kolektif House Gayrimenkul İşletmeciliği ve Hizmetleri Ticaret Anonim Şirketi.

The personal data transferred domestically and abroad as mentioned above are legally protected through provisions in compliance with the PDPL in our contracts, taking into account the fact that the counterparty of the legal relationship is the data controller or data processor.

When transferring personal information to countries outside of Turkey during information sharing as mentioned above, the data are transferred in accordance with this policy and as permitted by the applicable data protection laws.

g. Personal Data Retention Periods

Kolektif House Gayrimenkul İşletmeciliği ve Hizmetleri Ticaret Anonim Şirketi retains the personal data it processes in compliance with the Personal Data Protection Law (the ''PDPL'') for the periods prescribed in the relevant legislation or as required by the processing purpose. Additionally, your personal data may be retained to the extent necessary for the implementation of the necessary defences in case of any disputes between you and the Company.

You can review our Cookies Policy for the retention periods of personal data obtained through cookies.

h. Profiling and Segmentation

Kolektif House Gayrimenkul İşletmeciliği ve Hizmetleri Ticaret Anonim Şirketi processes the personal data related to Member Customers/Guest Customers in order to:

h.1. carry out profiling and segmentation for Member Customers/Guest Customers who have given their consents for receiving commercial electronic messages, in order to prepare more suitable contents, advertisements, promotions, and discounts according to their preferences.
h.2. carry out profiling and segmentation for Member Customers/Guest Customers who have not given their consents for receiving commercial electronic messages, in order to:
- a. improve products (determining the most sold or unsold product categories);
- b. organise campaigns for customer groups that have the potential to buy a certain product by making modelling by analysing their shopping preferences and uploading them to the system;
- c. take actions to increase sales potential.

Within the scope of profiling and segmentation activities, the personal data of Member Customers/Guest Customers, such as name, surname, mobile phone, email, or address information, are not directly used. Instead, they are processed with Member Customer/Guest Customer IDs assigned to them. The use of Member Customer/Guest Customer IDs, or in other words, pseudonymized data, ensures the protection of the personal data of the Customer/Member. Member Customer/Guest Customer IDs are accessible only to the relevant individuals or departments within https://kolektifhouse.planetos.io/. These IDs assigned to Member Customers/Guest Customers are stored encrypted in the system by Kolektif House Gayrimenkul İşletmeciliği ve Hizmetleri Ticaret Anonim Şirketi, and access to this section is limited to authorized individuals.

i. Rights of Data Subjects on Personal Data and How to Exercise These Rights

The rights that the data subjects have under Article 11 of the PDPL regarding their personal data processed by Kolektif House Gayrimenkul İşletmeciliği ve Hizmetleri Ticaret Anonim Şirketi are listed below:

right to know whether their personal data are being processed;
right to request information if their personal data have been processed;
right to know the purpose of processing their personal data and whether they are used for their intended purpose;
right to know about the third-parties to whom their personal data are transferred home or abroad;
right to request the correction of their personal data if it has been processed in an incomplete and incorrect manner;
right to request the deletion or destruction of their personal data within the framework of the requirements stipulated in Article 7 of the PDPL;
right to request that the actions taken under sub-paragraphs (d) and (e) be notified to the third-parties to whom their personal data have been transferred;
right to object to any result against them that arises from the analysis of personal data exclusively through automated systems;
right to demand compensation in case of damages due to the unlawful processing of their personal data.

j. How Data Subjects can Change their Preferences for Receiving Electronic Commercial Messages

By accessing the "Communication Preferences" section at any time, you can change or update your preferences you have made regarding receiving commercial electronic communications when you became a member to the website or mobile application of the electronic commerce platforms operated by Kolektif House Gayrimenkul İşletmeciliği ve Hizmetleri Ticaret Anonim Şirketi, or at any later time.

Terminating your membership does not mean revoking your consent to receive commercial electronic communications. Therefore, please ensure that you have completed all the procedures to revoke your consent.

Regarding cookie management, you can follow the steps specified in our Cookies Policy.

k. Sharing Personal Data with Public Authorities

Kolektif House Gayrimenkul İşletmeciliği ve Hizmetleri Ticaret Anonim Şirketi may share your personal data related to your visits or membership to the electronic commerce platforms and mobile applications operated by it, as well as your traffic information such as browsing data, with public institutions and organizations authorized to legally request such information, to fulfil its obligations under company laws (in cases where there is a legal or administrative obligation to notify or provide information, including but not limited to combating crime, threat to state and public security).

l. Cookie Usage and Management

We use cookies on our website to monitor users' preferences. Cookies are small files that are left on your computer's hard drive. They simplify navigation and make the website much more convenient to use. Cookies also help us identify the most popular areas on our website. In this way, we can create the content of our websites to better meet your needs, so we can improve the service we provide to you. Cookies can also be used to determine if our website has been accessed from your computer before.

You can also use our website without cookies, you can prevent the storage of cookies on your computer's hard disk by selecting the * block cookies * setting in your browser settings. However, we would like to draw your attention to the fact that many browsers automatically accept cookies and if you do not accept cookies, your use of our website may be limited.

m. Google User Data Collection and Usage

PlanetOS uses the Google Calendar API to integrate with users’ Google Calendars for the following purposes:

1.Basic User Information

Email Address (userinfo.email): We collect your primary Google Account email address to identify your account within PlanetOS and for communication purposes.
Profile Information (userinfo.profile): We collect basic profile information, such as your name, to personalize your PlanetOS experience.
OpenID (openid): We use OpenID to verify your identity securely.

2.Google Calendar Permissions

Calendar Creation and Management (calendar.app.created): We create secondary Google calendars on your behalf and manage events on these calendars, as needed by PlanetOS.
Calendar List Viewing (calendar.calendarlist.readonly): We access your list of Google calendars to provide a comprehensive view within PlanetOS.
Full Calendar Access and Editing (calendar): We access your Google Calendar events to allow you to view, edit, create, and delete events as part of our service.
Calendar Sharing Permissions (calendar.acls and calendar.acls.readonly): We may view and manage calendar sharing permissions to ensure proper access controls on calendars created through PlanetO
Event Management (calendar.events): We view, create, modify, and delete events on your Google calendars to synchronize with the scheduling features within PlanetO
Calendar Properties (calendar.calendars, calendar We view calendar titles, descriptions, and time zones for a seamless experience in PlanetO

How We Use Google User Data
The Google user data accessed by PlanetOS is used exclusively to:

Facilitate Google Calendar integration within the PlanetOS app.
Allow users to manage, share, and edit events seamlessly.
Ensure that calendar settings and permissions align with user preferences.
Data Retention and Security
We retain Google user data only for as long as necessary to provide our services. We employ industry-standard security measures to protect all user data and prevent unauthorized access. PlanetOS does not share your Google user data with third parties unless explicitly requested by the user.

User Control and Consent
PlanetOS respects your privacy and allows you to control your data. You may revoke access to your Google account at any time by visiting your Google Account Permissions.

2. Requirements for Deletion, Destruction and Anonymization of Personal Data

Kolektif House Gayrimenkul İşletmeciliği ve Hizmetleri Ticaret Anonim Şirketi retains the personal data processed through its website, mobile application, or mobile site in accordance with Article 7, 17 of the Personal Data Protection Law (the ''PDPL'') and Article 138 of the Turkish Penal Code, as well as for the periods required by the processing purpose. After the expiration of these periods, the Company will delete, destroy, or anonymize personal data in accordance with the Regulation on Deletion, Destruction, or Anonymization of Personal Data.

Deleting personal data by Kolektif House Gayrimenkul İşletmeciliği ve Hizmetleri Ticaret Anonim Şirketi refers to making personal data inaccessible and unusable for the respective users. Kolektif House Gayrimenkul İşletmeciliği ve Hizmetleri Ticaret Anonim Şirketi establishes and implements an access authorization and control matrix at the user level for this purpose and takes necessary measures for the deletion process in the database.

Destroying personal data by Kolektif House Gayrimenkul İşletmeciliği ve Hizmetleri Ticaret Anonim Şirketi refers to making personal data inaccessible, irretrievable, and unusable by anyone in any way.

KAnonymizing personal data by Kolektif House Gayrimenkul İşletmeciliği ve Hizmetleri Ticaret Anonim Şirketi refers to rendering personal data unattributable or non-identifiable to any real person, even if it is matched with other data.

Kolektif House Gayrimenkul İşletmeciliği ve Hizmetleri Ticaret Anonim Şirketi provides detailed information on the methods, technical and administrative measures taken for deletion, destruction, and anonymization within the scope of the Personal Data Storage and Destruction Policy prepared in accordance with the Regulation. In this policy, the time interval for periodic destruction required by the Regulation is six (6) months.

3. Changes to the Privacy/Personal Data Protection Policy

Kolektif House Gayrimenkul İşletmeciliği ve Hizmetleri Ticaret Anonim Şirketi may make changes to this Privacy/Personal Data Protection Policy at any time. These changes will take effect immediately upon the publication of the modified Privacy/Personal Data Protection Policy. In order to be aware of the changes in this Privacy/Personal Data Protection Policy, necessary notifications will be provided to our members.

4. Obligation to Register with the Data Controllers Registry

Kolektif House Gayrimenkul İşletmeciliği ve Hizmetleri Ticaret Anonim Şirketi has registered with the Data Controllers Registry as specified in Article 16 of the Turkish Personal Data Protection Law (the ''PDPL''). Accordingly, the information and documents submitted to the Board for registration are as follows:

Identity and address information of Kolektif House Gayrimenkul İşletmeciliği ve Hizmetleri Ticaret Anonim Şirketi as the data controller and, if any, its representative;
Descriptions regarding the purpose of processing personal data;
Explanations about the groups of data subjects and their data categories;
Recipients or recipient groups to whom personal data may be transferred;
Personal data allowed to be transferred to foreign countries
Measures taken for personal data security;
Maximum time period required for the purpose for which personal data are processed.

PERSONAL DATA PROTECTION, PRIVACY AND COOKIES POLICY