Confidentiality Agreement

1. INTRODUCTION

This policy has been prepared to ensure the lawful processing and protection of the personal data of our customers, potential customers, employees, job candidates, visitors, employees of institutions we collaborate with, and third parties.

In this context, BEEBIRD Technology Inc. ("BEEBIRD") has adopted the following fundamental principles in the processes of personal data processing:

• Processing of personal data within the scope of consent,

• Processing in accordance with the rules of law and integrity,

• Keeping it accurate and up to date,

• Processing for specific, clear, and legitimate purposes,

• Processing that is related to the purpose, limited, and measured,

• retained for the period specified in the relevant legislation or as necessary for the purpose,

• Enlightening and informing data owners,

• Establishing infrastructure to enable the exercise of rights,

• Taking necessary measures for protection,

• Compliance with legislation in the transfer to third parties and in determining the purpose of processing,

• Special attention should be given to the processing and protection of specially qualified personal data.

---

2. SCOPE OF THE POLICY

This policy covers all personal data processed by automated means or by non-automated means as part of a data recording system, and it came into effect in October 2023.

---

2.1. For BEEBIRD Customers

Personal information belonging to customers is collected directly through means such as the website, in-store purchases, phone, and email communications. The collected data includes:

• Identity Data (First name, last name, TCKN/Passport number),

• Contact Information (Email, address, phone, IP address),

• Shopping and Service Data (Purchased products, shopping time, campaign information),

• Visual and Auditory Data (Store cameras),

• Digital Trace Data (Website and mobile application usage),

• Financial Data, Body Data, Location Data are included.

Data is processed for the establishment/fulfillment of the contract within the scope of KVKK article 5/2, the fulfillment of legal obligations, and for legitimate interest purposes. In cases where explicit consent is required, written or digital approval is obtained from the customer.

The customer can cancel the consent given at any time:

Contact: 444 24 95 | Email: info@beebird.io

Customer data can only be transferred to authorized institutions and business partners in accordance with the law and with adequate security measures in place.

---

3. MATTERS RELATING TO THE PROTECTION OF PERSONAL DATA

BEEBIRD, in accordance with Article 12 of the KVKK, regarding the protection of personal data:

• Taking administrative and technical measures,

• Providing training to its employees,

• Taking cybersecurity measures,

• Implementing data security policies,

• Access control, encryption, logging, and penetration testing are being performed.

---

4. PROTECTION OF SPECIAL CATEGORIES OF PERSONAL DATA

Special categories of data (race, ethnic origin, political opinion, health, sexual life, etc.) are protected under KVKK with additional measures. Confidentiality agreements have been signed with relevant users and special training has been conducted.

---

5. MATTERS REGARDING THE PROCESSING OF PERSONAL DATA

BEEBIRD:

• Processes personal data in accordance with the Constitution and the principles of the KVKK.

• It collects for specific and legitimate purposes,

• It complies with the principles of appropriateness and proportionality.

• It will be kept for the necessary duration.

---

6. INFORMING THE DATA SUBJECT

BEEBIRD informs data subjects when personal data is obtained:

• The identity of the data controller,

• Purpose of data processing,

• Persons to be transferred,

• Collection method and legal reason,

• Rights of the data owner

informs about the topics.

---

7. TRANSFER OF PERSONAL DATA

Personal data:

• With the explicit consent of the data owner,

• Or in accordance with the provisions of KVKK article 5/2 and 6/2,

• It can be transferred to countries with adequate protection.

---

8. STORAGE PERIODS OF PERSONAL DATA

• It will be kept for the duration specified in the legislation.

• If there is no duration specified in the legislation, it is retained for as long as required by the purpose of the process.

• When the time is up, it is deleted, destroyed, or anonymized.

---

9. DESTRUCTION OF PERSONAL DATA

When the reasons requiring processing are eliminated:

• Personal data is deleted, destroyed, or anonymized,

• Transactions will be carried out in accordance with the relevant laws and regulations.

---

10. RIGHTS OF RELEVANT PERSONS

Data owners under Article 11 of the KVKK:

• Learning whether personal data is processed,

• If the data has been processed, request information regarding this,

• Learning the purpose of processing,

• Knowing the individuals transferred domestically/internationally,

• Requesting the correction of incorrectly/incompletely processed data,

• Do not wish for it to be erased or destroyed,

• Appeal against the outcome of automatic systems.

• In case of damage due to unlawful action, they have the right to claim compensation.

10.1 Cases Where Rights Cannot Be Used

According to Article 28 of the KVK Law, in certain situations, the relevant person cannot exercise these rights. For example:

• Official statistical studies,

• Data processed in areas such as personal security, national defense, etc.

• Data processed for the purpose of crime prevention/investigation.

10.2 Application Methods

Relevant persons can submit their requests:

• Elden or by mail: Dudullu OSB, 34775 Ümraniye / Istanbul

• Email: info@beebird.io (Secure electronic signature)

• Web: https://beebird.io/ application form at the address

they can transmit.
BEEBIRD will process applications free of charge within a maximum of 30 days.