WEBSITE PRIVACY POLICY 

The purpose of this Website Privacy Policy (the “Privacy Policy”) is to set forth the terms and conditions regarding the processing and transfer by the Company of any personal data generated or shared with the Company during the use of the contents provided at  www.bmc.com.tr, i.e., the official website of BMC Otomotiv Ticaret ve Sanayi Anonim Şirketi (the “Website”) by users/visitors/members and other people pursuant to the Law no. 6698 on Protection of Personal Data (the “Law”). 

Personal data are processed by our Company as the data controller pursuant to the Law on Protection of Personal Data as described below: 

1. Processed Personal Data 

The User’s personal data that are processed depending on their access to and the transactions that they execute on or through the Website are as presented below: 

- Transaction Security Data (user name, IP, etc.)

- Site Navigation/Transaction Data 

if relevant forms are completed; 

- Identity Data; 

- Contact Data; 

- Request/Complaint Management Data.

In addition to those listed above, other personal data that may be required for operation of the Website may also be processed in accordance with the Law. 

Cookies

Cookies are small text files sent by servers to the User via browsers. Cookies may track the User’s navigation details and usage history in order to provide personalized service to the User, to increase the service quality, and to improve the page contents according to the User; and to provide promotional and marketing suggestions; therefore, the Company may store cookies on the User’s device for the specified period. 

The User may reject cookies or opt to receive alerts about cookies by changing browser settings. 

1. Method and Legal Reason of Collection of Personal Data 

Personal data are collected by automated or non-automated means in part or in whole, electronically, and through the Website for the purpose of storage of such data for the necessary periods.

Personal data are processed based on the User’s explicit consent. However, personal data may also be processed without any need for explicit consent on the basis of one of the legal reasons specified in the 2^nd paragraph of article 5 of the Law, i.e., (i) if the processing of personal data is clearly provided for in the laws; (ii) if the personal data has been made public by the data subject themselves; (iii) if it is required for protection of life or physical integrity of the relevant person or someone else who is unable to express their consent due to actual impossibility; (iv) if the processing of personal data pertaining to contracting parties is required providing that it is directly related to the conclusion, fulfilment or implementation of a contract; (v) if it is required for the fulfilment of our Company’s legal obligations; (vi) if the processing of data is required for establishment, exercise or protection of any right; (vii) if the processing of data is required for protection of our Company’s legitimate interests, providing that such processing does not violate the fundamental rights and freedoms of data subjects. 

1. Purposes of Processing of Personal Data 

The Company processes the personal data collected through the Website for the purposes of fulfilment of the obligations clearly stipulated in the laws as well as the professional and legal requirements in case of existence of any of the conditions specified in paragraph 2 of article 5 of the Law; correct planning and management of our business relationships, partnerships, and strategies; ensuring proper operation and information security of our Company’s information systems and establishment of the necessary databases to this effect; improving the services provided on the Website and troubleshooting of the relevant errors; and ensuring the management of requests, claims and complaints.

If the User provides their consent, personal data may also be processed to allow the User to benefit from the products and services offered by the Company in the best manner possible (performing statistics, analysis, profiling and likes reporting) and to be informed thereof (provision of publicity, advertising, promotion, announcements and information); to customize products and services offered by the Company according to the User’s needs and requests; and to ensure the planning, development and execution of corporate communication activities.

1. Transfer of Personal Data 

Personal data may, in case of existence of any of the conditions specified in paragraph 2 of article 5 of the Law, be transferred to our group companies, affiliates, and business partners, and the companies from which we outsource services (in the fields of security, health, occupational safety, law, hosting, etc.) in order to fulfil our contractual or legal obligations, and to competent authorities and agencies, providing to be limited with the purposes specified in the 1^st paragraph of article (c) of this text, and by taking necessary security measures in accordance with the terms and conditions specified in articles 8 and 9 of the Law.

If the User provides their consent, personal data may be transferred to our group companies, affiliates and business partners, providing to be limited with the purposes specified in the 2^nd paragraph of article (c) of this text. 

1. Security of Data 

The Company must take any and all necessary technical and organizational measures to prevent unlawful processing of or unlawful access to personal data, to ensure the protection of personal data, and to provide an appropriate level of security. 

In case of provision of any links to other sites or applications through the Website, the Company neither has any information about the compliance of the redirected sites and applications with the legislation on protection of personal data nor assumes any responsibility with respect to their privacy policies and contents. 

Further information on the security of personal data is provided in the Personal Data Processing and Protection Policy. 

1. Data Subject’s Rights 

The Company informs the Data Subject of their rights pursuant to article 10 of the Law, provides guidance to them on how to use such rights, and performs all the necessary internal functioning, organizational and technical arrangements to this effect. 

Pursuant to article 11 of the Law, the Company informs the persons whose personal data are collected about the fact that they have the following rights: 

• To learn whether their personal data are processed or not; 
• If processed, to request information about the processing of their personal data; 
• To learn the purpose of processing and whether their personal data are used for intended purposes or not; 
• To know the third parties to whom their personal data are transferred at home or abroad; 
• To request for correction of personal data if they have been processed incompletely or inaccurately; 
• To request for erasure or destruction of personal data in accordance with the conditions stipulated in article 7 of the Law; 
• To request for notification of the actions taken pursuant to subparagraphs (b) and (e) of Article 11 of the Law (correction and destruction) to the third parties to whom the processed data have been transferred; 
• To object to any results that may arise to their detriment through analysis of the processed data exclusively via automated means; 
• To claim for compensation of any loss or damages that they may incur due to unlawful processing of personal data. 

The requests and applications regarding the implementation of the Law may be submitted by completing the application form provided on the Website and personally delivering it in writing or sending it via  notary public to “Sanayi Mahallesi, Teknopark Bulvarı, No:1/4C 301, 34906 Pendik, Istanbul” or sending it electronically to the registered mail (KEP) address (bmc.kisiselverikoruma@bmc.hs03.kep.tr.) by using secure electronic signature or mobile signature. 

The details on requests and applications and the application form are provided under the heading of Protection of Personal Data. 

By using the Website, the User represents that they have read all of the terms and conditions specified in the Privacy Policy; that they have been informed about the processing of personal data; and they have agreed and consented to the processing of personal data within the framework of the scope and purposes specified in the Privacy Policy. 

The Company reserves the right to change the provisions of the Privacy Policy as required by legislation or for organizational reasons without prior notice.