Clarification Text and Privacy Policy

AYLARA POWER SOLUTIONS INC.

Personal Data Processing, Collection, Storage, Clarification, Privacy Policy, and Other Management Policies

Clarification Statement

1. Definitions and Terms:

  1. Personal Data:Any information relating to an identified or identifiable natural person. This includes name, surname, date of birth, national ID number, phone number, email address, IP address (a unique set of numbers assigned to each device connected to packet-switched networks using the Internet), etc.
  2. Data Controller:A natural or legal person who determines the purposes and means of processing personal data and is responsible for establishing and managing the data recording system.
  3. Data Processor:A natural or legal person who processes personal data on behalf of the Data Controller based on the authority granted by them.
  4. Explicit Consent:Consent based on specific information and given freely.
  5. Anonymization:The process of making personal data impossible to associate with an identified or identifiable person, even when combined with other data.
  6. Processing of Personal Data:Any operation performed on personal data, such as obtaining, recording, storing, preserving, modifying, rearranging, disclosing, transferring, taking over, making available, classifying, or preventing its use.
  7. Sensitive Personal Data:Data concerning race, ethnicity, political opinions, philosophical beliefs, religion, sect, or other beliefs, appearance, association, foundation or union membership, health, sexual life, criminal convictions, and security measures, as well as biometric and genetic data.
  8. Data Breach:The unauthorized disclosure, alteration, or destruction of personal data as a result of unlawful processing, access, or loss.
  9. Data Processing Inventory:An inventory containing personal data processing activities carried out by Data Controllers, including processing purposes, data categories, recipient groups, and data subject groups, as well as the methods used in processing.
  10. Authority:Refers to the Personal Data Protection Authority, an independent regulatory body that oversees data protection regulations and enforcement.
  11. Data Subject:The natural person whose personal data is processed. The data subject is also referred to as the “concerned individual.”
  12. Concerned Individual:The natural person whose personal data is processed and who has the right to request information and exercise their rights regarding data processing.
  13. Third Party:Natural or legal persons to whom personal data may be transferred, excluding the Data Controller and Data Processor.
  14. Data Recording System:A system where personal data is structured and processed according to specific criteria.

2. Data Management and Representation (Identity of the Data Controller)

Pursuant to the Personal Data Protection Law No. 6698 (KVKK), AYLARA POWER SOLUTIONS INC. (hereinafter referred to as “AYLARA”) processes your personal data as the Data Controller. AYLARA strictly fulfills its obligation to protect customer privacy and ensure that such information is not shared with unauthorized persons.

All employees of our company are committed to using the information they learn only within the legal limits and in line with their job responsibilities. Employees are also responsible for complying with legal regulations regarding customer privacy and personal data protection.

For more detailed information on the protection and processing of personal data, you can visit our company’s website. Our policies are carefully prepared to ensure the security of your data and are regularly updated. These updates can be accessed through our website.

3. Processing of Personal Data, International Transfer, and Purposes

Under KVKK, prior notification and explicit consent are required before processing personal data. However, certain exceptional situations are exempt from this rule, including:

  • Public Interest:When required by public institutions such as government agencies.
  • Legal Obligation:When explicitly permitted by other laws.
  • Emergency Situations:When it is necessary to protect the life of a person unable to provide consent.
  • Contractual Obligations:When necessary for fulfilling contractual obligations.
  • Legal Compliance:When necessary for the Data Controller to fulfill legal obligations.
  • Public Data:When the individual has already made the data publicly available.
  • Legal Rights Protection:When necessary for the establishment, exercise, or protection of a legal right.
  • Legitimate Interest:When processing is necessary for the legitimate interests of the Data Controller, provided it does not infringe on fundamental rights and freedoms.

Beyond these exceptions, explicit consent is required for personal data processing.

Aylara Power Solutions Inc. (“AYLARA”) processes your personal data within the framework set by the Personal Data Protection Law (KVKK) to provide high-standard services in the technical service and energy sector in Turkey and to ensure customer satisfaction, for the following purposes:

  1. Legal and Regulatory Compliance: Ensuring full compliance with local and international regulations, as well as the regulations of the supervisory authorities to which our parent company is subject. Compliance with internal customer identification and risk management policies in the fight against money laundering. Additionally, due to the use of Amazon and Microsoft products for international data transfers, a standard contract has been signed to regulate these processes.

    -Conducting audits, maintaining ethical standards, managing receivables, assessing creditworthiness, and ensuring legally compliant operations.
    -Effectively conducting internal audits, investigations, intelligence activities, and risk management processes.
    -Managing administrative activities, strategic planning, securing data controller operations, and overseeing procurement processes for goods and services.
    -Evaluating special cases such as risk group identification under competition and social security regulations.

  2. International Work Support: Managing the governance processes between individuals who wish to work abroad and companies, including preparing and sharing relevant information and documents.

  3. Human Resources Management: Ensuring the effective implementation of human resources policies, recruiting suitable personnel, and fulfilling occupational health and safety obligations.

    -Maintaining smooth internal communication and operational activities.
    -Managing evaluation processes related to customers and business partners.
    -Continuously monitoring risk analyses and legal compliance processes.
    -Ensuring the security of goods and service production, including the transfer and processing of data of individuals working abroad.
    -Managing document recording processes, job placement, and employee placement activities.


    These processes aim to enhance organizational efficiency and ensure customer satisfaction.

  4. Operational Efficiency and Communication:

    -Maintaining smooth internal communication and operational activities.
    -Managing evaluation processes related to customers and business partners.
    -Continuously monitoring risk analyses and legal compliance processes.
    -Ensuring the security of goods and service production, including the transfer and processing of data of individuals working abroad.
    -Managing document recording processes, job placement, and employee placement activities.

    These processes aim to enhance organizational efficiency and ensure customer satisfaction.

  5. Customer Relations and Marketing:

    -Customizing products and services to match customer preferences.
    -Developing effective marketing strategies.
    -Carrying out activities to improve customer satisfaction.
    -Supporting these processes through information security measures and after-sales support services.

  6. Strategic Planning and Business Development:

    -Defining and implementing the company’s overall commercial and business strategies.
    -Supporting sectoral analyses and market research.

  7. Financial and Administrative Management:

    -Coordinating financial, communication, and market research activities.
    -Managing internal systems, application management, procurement, and legal processes.

  8. Corporate Reputation and Relationship Management:

    -Managing partnerships and supplier relations.
    -Supporting corporate social responsibility projects.
    Preserving and enhancing the company’s public image.

  9. Business and Contract Management:

    -Processing personal data of contracting parties.
    -Receiving and evaluating suggestions for business process improvement.
    -Conducting communication activities.

  10. Physical and Information Security:

    -Ensuring physical facility security.
    -Managing information security processes.
    -Overseeing legal affairs.

4. Transfer of Personal Data

Aylara Power Solutions Inc. (“AYLARA”) processes and stores personal data in accordance with the Personal Data Protection Law (KVKK), ensuring compliance with legal and ethical principles. Personal data is processed for specific, explicit, and legitimate purposes and is retained only within the scope of these purposes. The data is kept accurate, up to date, and stored for the necessary duration required by its processing purposes.

This process is carried out in accordance with the legal conditions specified in Articles 8 and 9 of KVKK. AYLARA takes necessary security measures during the transfer of personal data and processes this data in domestic and international servers or other electronic environments that comply with appropriate security standards. These transfers are conducted within the scope of the predefined purposes outlined in the “Purposes of Processing Personal Data”section, and the data is stored for the periods required by relevant laws.

Within this framework, AYLARA may transfer your personal data to third parties both domestically and internationally. These transfer activities are structured to ensure data protection, and the process is governed by standard contracts to maintain the highest level of security for your personal data. Each transfer operation is carried out in compliance with the relevant legal regulations and under the technical and administrative measures determined by the Personal Data Protection Authority, MASAK (Financial Crimes Investigation Board), EPDK (Energy Market Regulatory Authority), SPK (Capital Markets Board), and SGK (Social Security Institution).

5. Collection, Method, and Legal Basis for Personal Data Processing

Your personal data is collected in accordance with the Capital Markets Law No. 6362 and other related regulations through contracts, disclosure forms, and other documents related to the investment and capital market services provided by Aylara Power Solutions Inc. (“AYLARA”). This data collection process is carried out through your consent and/or electronic signature, notifications made by you, written or digital applications to sales teams, and similar methods.

Data Collection Channels:

  • Head Office
  • Online form and document submissions
  • Physical mail
  • Customer interviews
  • Phone call recordings and other verbal, written, or electronic environments

These processes are conducted partially or fully through automated systems or non-automated methods as part of a data recording system. Your personal data may also be obtained by:

  • Our domestic and international subsidiaries
  • Partner institutions and organizations with which we cooperate
  • Third-party service providers
  • Government institutions
  • Domestic and international banks, investment firms, stock exchanges, financial markets, and depository institutions

AYLARA ensures that personal data collection and processing activities comply with relevant regulations and implements all necessary security measures to protect your data. The collected data is used to improve service quality and enhance customer experience.

Aylara Power Solutions Inc. (“AYLARA”), as a leading organization in Turkey’s capital markets sector, collects and processes your personal data in compliance with KVKK. This process is essential for the effective provision of our products and services and the execution of our investment and capital market services.

Data Collection Channels and Purposes:

We collect your personal data through various channels, including:

  • Head Office, Call Centers, Websites, Mobile Applications, ATMs (if applicable), and Electronic Transaction Platforms

The collected data includes:

  • Identity information
  • Contact details (address, phone number, email address)
  • Account details
  • Biometric and health data
  • Tax identification number
  • Other personal information necessary for accurate identification and processing of transactions

Legal Obligations and Security Requirements:

Your personal data is processed to comply with information retention, reporting, and notification obligations imposed by authorities such as:

  • Capital Markets Board (SPK)
  • Borsa Istanbul (BIST)
  • Turkish Capital Markets Association (TSPB)
  • Central Bank of the Republic of Turkey (TCMB)
  • Financial Crimes Investigation Board (MASAK)
  • Revenue Administration (GIB)
  • Investor Compensation Center (YTM)
  • Takasbank and Central Securities Depository (MKK)
  • KVKK (Personal Data Protection Authority)
  • Turkish Employment Agency (İŞKUR)
  • Social Security Institution (SGK)
  • Other relevant judicial and administrative authorities

Additionally, this data may be processed for security, crime prevention, and legitimate business interests, in line with legal regulations.

Conditions for Personal Data Processing:

AYLARA processes your personal data under the legal conditions set out by KVKK, ensuring that fundamental rights and freedoms are not harmed.

  • Sensitive personal data is processed only with the relevant legal permissions, under standard contracts, and in compliance with strict confidentiality and protection measures.
  • This data is used to fulfill contractual obligations and improve the quality of services provided to you.
  • AYLARA takes all necessary security measures to protect and lawfully process your data.

Identity Verification and Use of Biometric Data:

Our application may use various biometric authentication methods to ensure security and verify identity. These may include:

  • Identity scanning (e.g., scanning ID cards, passports, or other official documents)
  • Biometric data (e.g., facial recognition and fingerprint scanning)
  • Liveness detection (e.g., short video recordings or photos taken via camera to confirm identity)

User Consent and Notification:

The security and privacy of our users are our top priorities. Therefore, we provide the following information regarding identity verification and biometric data usage:

  • Notification: We will provide clear and understandable information about the processes where identity verification and biometric data are used.
  • Consent: We will obtain explicit consent from users before initiating these verification processes.
  • Data Security: Collected biometric data will be secured with high-level protection measures and used only for identity verification purposes.

Contact Information:

If you have any questions or concerns regarding identity verification and biometric data usage, you may contact us using the information provided in this document.

6. Rights of the Data Subject

As Aylara Power Solutions Inc. (“AYLARA”), we recognize the following rights of data subjects under the Personal Data Protection Law (KVKK):

  1. To learn whether their personal data is being processed.
  2. To request detailed information regarding processed personal data.
  3. To inquire about the purpose of personal data processing and whether it is used in accordance with its intended purpose.
  4. To learn to whom personal data has been transferred, domestically or internationally.
  5. To request the correction of incomplete or inaccurate personal data and to ensure that such corrections are communicated to relevant third parties.
  6. To request the deletion or destruction of personal data when the reasons for its processing no longer exist and to ensure that relevant third parties are informed of this action.
  7. To object to decisions made solely based on the automated processing of personal data if the outcome is unfavorable to the data subject.
  8. To demand compensation for damages incurred due to the unlawful processing of personal data.

To exercise these rights, the data subject must complete the form provided by AYLARA, sign it with a wet signature, and send it by postal mail to the company’s physical address below. Alternatively, the request can be submitted via email to the designated contact address.

Requests will be reviewed and finalized within a maximum of thirty (30) days, provided that they meet procedural requirements. If the requested action incurs additional costs, fees may be charged in accordance with the tariff set by KVKK.

Your Rights Regarding Your Personal Data

Data subjects must first submit a request to the Data Controller to exercise their rights regarding their personal data. Under Article 14 of the Law, direct complaints cannot be filed with the Personal Data Protection Authority.

According to the law, you have the following rights concerning your personal data:

  1. To learn whether your personal data is being processed.
  2. To request information if your personal data has been processed.
  3. To inquire about the purpose of processing your personal data and whether it is used in accordance with its intended purpose.
  4. To know the third parties, both domestic and international, to whom your personal data has been transferred.
  5. To request the correction of incomplete or inaccurate personal data.
  6. To request the deletion or destruction of personal data when the reasons requiring its processing no longer exist.
  7. To request that corrections or deletions made under items (5) and (6) be communicated to third parties to whom the data has been transferred.
  8. To object to unfavorable outcomes resulting from the exclusive analysis of your processed data through automated systems.
  9. To request compensation if you suffer damages due to the unlawful processing of your personal data.

You can exercise these rights by submitting a request to the Data Controller, which in this case is us.

Application Methods to the Data Controller

You can submit your application through the following methods:

  • Data Controller: AYLARA GÜÇ ÇÖZÜMLERİ ANONİM ŞİRKETİ
    ● Address: Adatepe Mah. Doğuş Cad. No: 207Z, İç Kapı No: 1, 35400 Buca/İZMİR
    ● Email: info@aylarapower.com

Your application must include the following information:

  1. Your full name and, if the application is in written form, your signature.
  2. Your Turkish ID number if you are a Turkish citizen; if you are a foreign national, your nationality, passport number, or identity number (if available).
  3. Your residential or workplace address for notifications.
  4. Your email address, telephone number, and fax number (if applicable) for correspondence.
  5. The subject of your request.

If relevant, any supporting documents or additional information should also be attached to your application.

Your application will be processed within thirty days and may result in:
● (i) Acceptance, with information provided regarding your request, or
● (ii) Rejection, with a justification for the decision.

For more details on the procedure and principles of application, you can refer to the “Communiqué on the Procedures and Principles of Application to the Data Controller” issued by the Personal Data Protection Authority.

Privacy Rights (Policy)

Our users have the following rights regarding the processing of their personal data:

 Access and Correction: You have the right to access and correct your personal data.
 Deletion: You may request the deletion of your personal data under certain conditions.
 Objection: You have the right to object to the processing of your personal data.

Privacy Policy

1. Introduction

Aylara Güç Çözümleri Anonim Şirketi (“AYLARA”) is committed to ensuring the privacy of our customers, employees, and other relevant individuals’ personal data. This Privacy Policy clearly defines our obligations regarding the protection of personal data and the rights of data subjects.

2. Data Controller and Data Processor

In accordance with Articles 3 and 4 of the Turkish Personal Data Protection Law (KVKK), AYLARA is responsible for implementing necessary measures for the processing and protection of your personal data. As the data controller, our company ensures that data is processed lawfully and that processes are managed effectively.

3. Methods and Purposes of Collecting Personal Data

Your personal data may be collected through the following methods:
● Physical forms, call centers, our company website, and mobile applications.
● Emails and various digital platforms.

The collected data may be processed for the following purposes:
● Improving service delivery and operational processes,
● Fulfilling legal obligations,
● Managing human resources and operational processes,
● Ensuring data security.

4. Transfer of Personal Data Domestically and Internationally

Your personal data may be shared with domestic and international third parties in the following cases:
● Due to contractual obligations with service providers,
● To fulfill legal obligations.

When transferring data, AYLARA complies with Articles 8 and 9 of KVKK and takes the necessary technical and administrative measures.

5. Data Subject Rights

Pursuant to Article 11 of KVKK, data subjects have the following rights:
● To learn whether personal data is being processed,
● To inquire about the purpose of processing and whether it is used in line with that purpose,
● To request correction of incomplete or incorrect data,
● To request deletion or destruction of personal data,
● To object if the processing results in a negative outcome for them.

You can exercise these rights by contacting us via the following channels:
 Data Controller: AYLARA GÜÇ ÇÖZÜMLERİ ANONİM ŞİRKETİ
 Address: Adatepe Mah. Doğuş Cad. No: 207Z, İç Kapı No: 1, 35400 Buca/İZMİR
 Email: info@aylarapower.com

6. Data Security

To ensure the security of your personal data, AYLARA implements the following, among other measures specified in the KVKK Data Security Guide:
 Technical measures: Encryption, authorization systems, and up-to-date antivirus software.
 Administrative measures: Employees receive training on personal data protection.

Modifications

This policy and other related documents may be updated in accordance with changes in legislation. All updates will be shared on our website.

Last update date: 03.03.2025

AYLARA POWER SOLUTIONS INC.