Agreements

PROTECTION AND PROCESSING OF PERSONAL DATA
GENERAL CLARIFICATION TEXT
This General Clarification Text on the Protection and Processing of Personal Data (“Clarification Text”) has been prepared by the Kerim Education, Culture and Health Foundation (“Foundation”) to inform real persons whose personal data is processed by the Foundation, in accordance with the Law on the Protection of Personal Data No. 6698 (“KVKK”).
As the Foundation, we aim to serve society in the fields of education, health, and culture, contribute to the formation of a conscious society, and develop projects that can be a model for the private sector in these fields; within the scope of these activities, we attach maximum importance to the protection of personal data and ensuring privacy.
1. Identity of the Data Controller
In accordance with the KVKK, your personal data is processed by;
Kerim Education, Culture and Health Foundation
Address: Bağdat Cad. No:167/2 Çatırlı Apt. B Blok Kat:2 D:4 Göztepe Kadıköy Istanbul
Phone: +90 (216) 359 40 91
E-mail: kerimvakfi@kerimvakfi.org
in the capacity of data controller, within the scope and purposes explained below.
2. Basic Principles Regarding the Processing of Personal Data
Your personal data is processed by the Foundation in accordance with the following principles;
Compliance with the law and rules of integrity,
Being accurate and up-to-date when necessary,
Processing for specific, explicit, and legitimate purposes,
Being connected, limited, and measured relevant to the purpose for which they are processed,
Retention for the period stipulated in the relevant legislation or required for the purpose for which they are processed.
3. Categories of Personal Data Processed
The following personal data may be processed within the scope of Foundation activities:
Identity Data: Name, surname, T.C. identity number (when necessary), signature, etc.
Contact Data: Phone number, e-mail address, postal address, etc.
Donation and Transaction Data: Donation type, donation date, donation amount, transaction records
Financial Data: Limited information regarding payment transactions
Legal Transaction Data: Information regarding requests, applications, and legal processes
Website Usage Data: IP address, log records, visit and transaction information
4. Purposes of Processing Personal Data
Your personal data is processed for the following purposes within the framework of the legal grounds specified in Articles 5 and 6 of the KVKK:
Planning, execution, and development of the Foundation’s activities in the fields of education, health, and culture,
Execution, recording, and accounting of donation processes,
Ensuring communication with donors, supporters, and relevant persons,
Execution of information, announcement, and feedback processes regarding Foundation activities,
Provision and improvement of services offered through the website,
Fulfillment of legal, financial, and administrative obligations,
Ensuring the legal and transaction security of the Foundation and relevant persons.
5. Transfer of Personal Data
Your collected personal data may be transferred, in line with the purposes stated above and in accordance with Articles 8 and 9 of the KVKK, to;
Authorized public institutions and organizations,
Relevant organizations within the scope of tax, accounting, and audit processes,
Banks and licensed payment service providers for the execution of donation and payment transactions,
Consultants and service providers from whom legal, financial, and technical services are received.
6. Method and Legal Reason for Personal Data Collection
Your personal data is collected via the Foundation website, online donation and communication forms, e-mail, telephone, and similar communication channels, through automated or non-automated methods.
Your personal data is processed based on the legal grounds specified in Articles 5 and 6 of the KVKK, namely;
Being clearly provided for in the laws,
Being directly related to the establishment or performance of a contract,
Fulfillment of legal obligations,
Legitimate interest of the data controller.
7. Storage Period of Personal Data
Your personal data is retained for the period stipulated in the relevant legislation or required for the purpose for which they are processed; upon the expiration of this period, they are deleted, destroyed, or anonymized in accordance with the KVKK and relevant legislation.
8. Rights of the Data Subject under KVKK
Pursuant to Article 11 of the KVKK, as a personal data owner, you have the right to;
Learn whether your personal data is processed,
Request information if it has been processed,
Learn the purpose of processing and whether it is used in accordance with its purpose,
Know the third parties to whom it is transferred domestically or abroad,
Request correction if it is incomplete or incorrectly processed,
Request its deletion or destruction if the reasons requiring its processing cease to exist,
Object to a result against you arising from analysis exclusively by automated systems,
Request compensation for damages in case you suffer damage due to unlawful processing.
9. Application Method
If you submit your requests regarding your rights under the KVKK in writing along with information verifying your identity;
In writing to the address: Bağdat Caddesi No:167/2 Çatırlı Apt. B Blok Kat:2 D:4 Göztepe Kadıköy Istanbul,
Via e-mail to: kerimvakfi@kerimvakfi.org,
your applications will be concluded within the periods stipulated in the legislation.
Kerim Education, Culture and Health Foundation

PRIVACY AND DATA SECURITY POLICY

As Kerim Education, Culture and Health Foundation (“Foundation”); within the scope of our activities in the fields of education, health, and culture, we attach great importance to the privacy and security of information and data belonging to persons who visit our website, contact the Foundation, or make donations to our Foundation. This Privacy and Data Security Policy (“Policy”) has been prepared to explain the general principles regarding the protection of the privacy of information and data obtained during the use of the kerimvakfi.org website and the technical-administrative measures taken. Detailed information regarding the legal framework for the processing of personal data, data categories, and the rights of relevant persons can be found in the KVKK General Clarification Text.

GENERAL PRINCIPLES The Foundation adopts; Protection of privacy, Ensuring information security, Prevention of unauthorized access, Prevention of unlawful data use as basic principles. Data obtained through the website is processed only for purposes in accordance with the relevant legislation and to the extent necessary.

COLLECTED DATA AND FRAMEWORK OF USE During visits to the website, making donations, or filling out communication forms; Identity and contact information, (name, surname, age, e-mail address, phone number, etc.) Donation and transaction information, Transaction security data (IP address, access and transaction logs) can be collected electronically. This data is used for the purposes of carrying out the Foundation’s activities, managing donation processes, ensuring system security, and fulfilling legal obligations.

TECHNICAL AND ADMINISTRATIVE SECURITY MEASURES To ensure the security of personal data, the Foundation; Takes technical measures to ensure system and infrastructure security, Implements administrative measures to reduce unauthorized access risks, Aims to prevent data loss and unlawful processing. Systems used in this context are regularly checked and updated.

DONATION AND PAYMENT SECURITY In donation transactions made via the Foundation website: Credit card and debit card information is not stored in Foundation systems, Payment transactions are carried out through the secure infrastructures of the relevant bank or licensed payment service providers, Communication is encrypted with SSL and similar secure protocols. During donation transactions, you can look for the lock icon or https phrase in your browser to understand that you are on a secure website. These indicators mean that data transmission between the website and the user is carried out over a secure connection and the transmitted information is protected by encryption. Information regarding the credit card and debit card used in the donation process is encrypted with up-to-date security protocols such as 256-bit SSL (Secure Sockets Layer) and transmitted directly to the relevant bank or licensed payment service provider. The validity and availability of card information are verified by the relevant bank or payment institution; if verification is provided, the donation transaction is completed. Information regarding credit cards and debit cards is not viewed or recorded by Foundation systems. Therefore, it is not possible for card information to be stored by the Foundation or seized by third parties. Information regarding the payment process is used solely for the realization of the donation transaction and in accordance with the instructions given by the donor.

PROCESSES REGARDING BANKS AND PAYMENT INSTITUTIONS Payment transactions are subject to the approval of the relevant bank or payment institution. In cases where the transaction is rejected, delayed, or canceled due to the security policies of banks or payment service providers, these processes are the responsibility of the relevant institutions. The Foundation cannot be held responsible for delays related to such technical or financial processes.

USER RESPONSIBILITY Transactions carried out via the website are performed on the user’s own device. Therefore; ensuring device security, taking necessary precautions against malicious software, and preventing third-party access are the user’s responsibility.

ELECTRONIC COMMUNICATION SECURITY In case of contact with the Foundation via e-mail or other electronic communication tools, it is recommended not to share credit card information or secret passwords. Users should be careful against the possibility of electronic messages being viewed by third parties.

COOKIES The Foundation website may use cookies to facilitate site usage and perform statistical analyses. Cookies help obtain anonymous information about how users use the site. Users can limit or block the use of cookies through browser settings. Detailed information regarding cookies can be found in the Cookie Policy.

THIRD-PARTY LINKS The website may contain links to third-party websites. The Foundation is not responsible for the privacy practices and content of these sites. The privacy policies of third-party sites apply.

EXCEPTIONAL CIRCUMSTANCES In cases permitted by legislation and when necessary; data may be shared with relevant persons or institutions for the purposes of meeting the demands of authorized public institutions and organizations, fulfilling legal obligations, and protecting legal rights.

POLICY CHANGES The Foundation may update this Policy when it deems necessary. The updated text enters into force on the date it is published on the website.

CONTACT For any questions and requests regarding this Policy: Kerim Education, Culture and Health Foundation Address: Bağdat Cad. No:167/2 B Blok D:4 Çatırlı Apt. Kat:2 Göztepe Kadıköy / Istanbul E-mail: kerimvakfi@kerimvakfi.org Phone: +90 216 359 10 20

ONLINE DONATION AND PAYMENT TERMS AGREEMENT

This Online Donation and Payment Terms Agreement (“Agreement”) has been established electronically between the Kerim Education, Culture and Health Foundation (“Foundation”) and the real or legal person who voluntarily donates via the Foundation’s website (“Donor”), within the framework of the terms and conditions specified below. ARTICLE 1 – PARTIES 1.1. The Foundation Title: Kerim Education, Culture and Health Foundation Address: Bağdat Cad. No:167/2 Çatırlı Apt. B Blok Kat:2 D:4 Göztepe Kadıköy Istanbul Phone: +90 (216) 359 40 91 E-mail: kerimvakfi@kerimvakfi.org 1.2. The Donor Is the real or legal person donating via the Foundation’s website. By approving this Agreement electronically, the Donor declares that they have read, understood, and accepted the provisions of the Agreement. ARTICLE 2 – SUBJECT OF THE AGREEMENT 2.1. The subject of this Agreement is; the Donor’s making of a gratuitous and voluntary donation via the Foundation’s website in line with the Foundation’s charter and activity purposes, the collection of the donation amount via electronic payment methods, and the determination of the rights and obligations of the parties regarding this process. 2.2. This Agreement does not constitute the sale of any goods or services and is not a commercial sales contract. ARTICLE 3 – NATURE AND PURPOSE OF USE OF THE DONATION 3.1. The donation made is a gratuitous and voluntary payment made by the Donor’s free will. 3.2. Donation amounts will be used for the purpose of carrying out, developing, and ensuring the sustainability of the Foundation’s activities in the fields of education, health, and culture. 3.3. The Donor accepts that the payment made is not in exchange for any product or service. ARTICLE 4 – PAYMENT METHOD AND SECURITY 4.1. Donation payments are carried out electronically via credit card, debit card, or licensed payment service providers with whom the Foundation has an agreement. 4.2. Information regarding credit cards and debit cards is not recorded by the Foundation; payment transactions are carried out through the secure infrastructures of the relevant bank or payment service providers. 4.3. While the Foundation takes up-to-date technical measures for the security of payment transactions; processes related to the payment infrastructure are the responsibility of the relevant banks and payment institutions. ARTICLE 5 – ELECTRONIC APPROVAL AND TRANSACTION RECORDS 5.1. The Donor accepts that they have read and approved this Agreement electronically before completing the donation transaction via the website. 5.2. Approval given in the electronic environment is sufficient for the establishment of a valid and binding contract between the parties. 5.3. Electronic records regarding donation transactions may be used as evidence when necessary. ARTICLE 6 – MATTERS REGARDING BANK AND PAYMENT PROCESSES 6.1. If the donation transaction is made by credit card or debit card; the payment is subject to the approval of the relevant bank or payment institution. 6.2. In the event that the Donor’s card information is used by unauthorized persons or the transaction is canceled by the bank for security reasons, the payment transaction may not be realized or may be canceled. 6.3. In refund transactions made by the bank or payment institution, the time for the refund amount to be reflected in the Donor’s account depends entirely on the transaction processes of the relevant bank or payment institution. The Foundation cannot be held responsible for delays regarding this period. ARTICLE 7 – REFUND OF DONATION 7.1. Since the donation is a gratuitous and voluntary payment, as a rule, it is not refunded. 7.2. However, in the event of a technical error, duplicate collection, or an obvious material error, if the Donor applies to the Foundation in writing, the request will be evaluated by the Foundation. ARTICLE 8 – PERSONAL DATA Personal data belonging to the Donor is processed in accordance with the Law on the Protection of Personal Data No. 6698. Detailed information regarding the processing of personal data can be found in the KVKK General Clarification Text. ARTICLE 9 – LIMITATION OF LIABILITY The Foundation does not guarantee that the website will work uninterruptedly or error-free. The Foundation cannot be held responsible for the failure to realize the donation transaction due to force majeure, technical infrastructure problems, or reasons beyond the Foundation’s control. ARTICLE 10 – DISPUTES AND JURISDICTION Turkish Law shall apply to disputes that may arise from this Agreement, and Istanbul Anatolian Courts and Execution Offices are authorized. ARTICLE 11 – ENFORCEMENT This Agreement enters into force upon the Donor completing the donation transaction via the website and giving electronic approval. Kerim Education, Culture and Health Foundation Donor

COOKIE POLICY

As Kerim Education, Culture and Health Foundation (“Foundation”), we use cookies to improve the experience of users visiting the kerimvakfi.org website, ensure the site works securely and effectively, and obtain statistical data regarding site usage. This Cookie Policy (“Policy”) has been prepared to explain for what purposes cookies are used and how users can manage their preferences in this regard. Detailed information regarding the processing of personal data can be found in the KVKK General Clarification Text and the Privacy and Data Security Policy.

WHAT IS A COOKIE? Cookies are small text files saved to your device via your browser when you visit a website. Thanks to cookies, the website can recognize the user and remember some information regarding site usage. Cookies alone do not directly identify your identity; however, in some cases, they may gain the quality of personal data when matched with other information.

FOR WHAT PURPOSES ARE COOKIES USED? Cookies are used on the Foundation website for the following purposes: To ensure the website works properly and securely, To measure and improve site performance, To obtain statistical information regarding the number of visitors and usage habits, To ensure system security and prevent abuse. Cookies intended to directly identify users or for behavioral advertising purposes are not used on the Foundation website.

TYPES OF COOKIES USED 3.1. Mandatory Cookies: These cookies are mandatory for the website to function properly. They are used for security, access, and performing basic site functions. The site cannot function properly without these cookies. 3.2. Analytical / Performance Cookies: These cookies are used to analyze how the website is used and to improve its performance. Anonymous data such as visitor numbers, page views, and usage times are obtained.

DATA COLLECTED VIA COOKIES Via cookies; IP address, Browser information, Visit date and duration, Site navigation information such data can be collected. This data is processed in accordance with the KVKK and only for the purposes stated above.

MANAGING COOKIES Users can change their preferences regarding the use of cookies at any time via browser settings. Through browser settings, they can: Block the acceptance of cookies, Ensure cookies are deleted, Set it to receive a warning when a cookie is sent. However, it should not be forgotten that if cookies are disabled, some functions of the website may not work properly.

THIRD-PARTY COOKIES Third-party cookies may be used to a limited extent on the Foundation website. These cookies are subject to the privacy and cookie policies of the relevant third parties. The Foundation does not have direct control over the processes regarding the use of third-party cookies.

PROTECTION OF PERSONAL DATA Data obtained via cookies is processed in accordance with the Law on the Protection of Personal Data No. 6698, and necessary technical and administrative measures are taken. Relevant persons may apply to the Foundation using the methods specified in the KVKK General Clarification Text to exercise their rights under Article 11 of the KVKK.

POLICY CHANGES The Foundation may update this Cookie Policy in case of legislative changes or when deemed necessary. The updated Policy enters into force on the date it is published on the website.

CONTACT For any questions and requests regarding the Cookie Policy: Kerim Education, Culture and Health Foundation Address: Bağdat Cad. No:167/2 B Blok D:4 Çatırlı Apt. Kat:2 Göztepe Kadıköy / Istanbul E-mail: kerimvakfi@kerimvakfi.org Phone: +90 216 359 10 20