LİDYA MADENCİLİK SANAYİ VE TİCARET ANONİM ŞİRKETİ
GENERAL DISCLOSURE TEXT ON THE PROTECTION OF PERSONAL DATA

Your security is important to us! Pursuant to Article 10 titled “Disclosure Obligation of the Data Controller” of the Personal Data Protection Law No. 6698 (“Law”), which aims to protect the fundamental rights and freedoms of individuals, especially the right to privacy, in the processing of personal data. In accordance with Article 10 of the Law No. 6698 on the Protection of Personal Data (“Law”) and the Communiqué on the Procedures and Principles to be Followed in the Fulfillment of the Disclosure Obligation published in the Official Gazette dated March 10, 2018 and numbered 30356, we aim to inform you about your personal data processed by our Company LİDYA MADENCİLİK SANAYİ VE TİCARET ANONİM ŞİRKETİ (“Lidya” or “Company”) with this Disclosure Text.

1. DATA CONTROLLER

Our company Lidya has the title of Data Controller in accordance with the Law in terms of personal data obtained from our employees, employee candidates, visitors, officials and shareholders of suppliers / consultants / support service providers, employees and officials of our affiliates and shareholders of our Company, and you can reach us through the contact information below.
Address : Büyükdere Cad. No:163 Kat:6 Esentepe-Şişli, Istanbul
Telephone : (0 212) 306 52 46
Fax : (0 212) 212 28 85
E-mail : ik@lidyamadencilik.com

2. PROCESSED PERSONAL DATA

The following personal data are processed within the scope of your relationship with Lidya;
(i) Your Identity Information: name, surname, place of birth, date of birth, age, photograph, identity and identification number, identity card information, new identity card information, driver’s license information, passport information, HES code.
(ii) Your Contact Information: workplace address, home address, e-mail, telephone, mobile phone, residence, address registration system records, registered e-mail addresses (REM).
(iii) Your Education, Work and Professional Life Data: work history, name of employer, school of graduation, professional competencies, CV information.
(iv) Information on Family Status: marital status, number of children, data on spouses and relatives.
(v) Your data constituting the content of the personnel file: employee data including any questionnaires, reports, studies, information on training or interviews related to performance and career development, information on any fringe benefits or benefits to be offered to employees and other similar information.
(vi) Data on Audits and Inspections: audit and inspection records, audit and inspection reports, information on examinations conducted for audit and inspection purposes, and data and audio and video recordings that may be related to audits and inspections.
(vii) Your Data on Legal Proceedings: Information in correspondence with judicial and administrative authorities, information in the case file.
(viii) Your Data on Stakeholder Transactions: Invoice, promissory note, check information, information in box office receipts, order information, request information.
(ix) Your Bank Account Data: Bank account data such as bank account number, IBAN number.
(x) Data on the Security of our Company Campus: Entry and exit records and camera records;
(xi) Your Data Related to Cyber Security: Data related to cyber security including usernames, passwords, audit trails, IP address, website access logs and logs;
(xii) Risk Management: Information processed for the management of commercial, technical and administrative risks.

3. PURPOSES OF PROCESSING PERSONAL DATA

Your personal data obtained within the scope of your relationship with Lidya may be processed for the following purposes.
➢ Full and proper fulfillment of our contractual and legal obligations,
➢ Follow-up of lawsuits to which the Company is a party, review and execution of contracts, responding to requests from judicial and administrative authorities, sending notices and warnings, issuing power of attorney on behalf of the employee if necessary,
➢ Preparation of the resolutions of the General Assembly and the Board of Directors and the documents required by the Turkish Commercial Code No. 6102,
➢ Sustaining innovative idea generation, research and development and design activities,
➢ Realization of social activities and taking photos and videos during these activities,
➢ Use of the Company’s website, intranet, brochures and documents, social media accounts, term meetings and other events,
➢ Organizing domestic and international travels and accommodations, conducting visa and passport application processes,
➢ Private health insurance,
➢ Conducting audits, inspections and investigations in accordance with legal regulations and internal procedures,
➢ Issuance of the meal card in accordance with the company’s meal card application,
➢ Sending congratulations/condolences or get well soon messages to employees and their family members in cases of birth, death, marriage, serious illness and surgery,
➢ Providing financial, legal, computer technologies, human resources and administrative consultancy and support,
➢ Developing and diversifying our services,
➢ Conducting quality and standard audits,
➢ Meeting information requests from public institutions and organizations,
➢ Ensuring legal and commercial security,
➢ Planning, auditing and execution of information security processes,
➢ Follow-up of financial and/or accounting affairs,
➢ Ensuring facility and personnel security,
➢ Evaluating and responding to suggestions/wishes/complaints and requests to be communicated by stakeholders through all kinds of channels and making improvements in line with the notifications,
Determining and implementing commercial and business strategies,
➢ Carrying out works within the scope of contracts, powers of attorney and other legal transactions by the Procurement, Bidding, Contract and Legal departments for the realization of commercial activities carried out by the Company and carrying out related business processes,
➢ Protection of legal, technical and commercial confidential information of the Company and related persons who are in business relationship with the Company,
➢ Identity information, contact information, CCTV (Closed Circuit Television) camera system records, visitor records, entry and exit records to and from offices and facilities and data relating to the security of the Company premises during visits to the Company;
➢ Data relating to the systems of companies providing information technology services in Turkey and abroad and the execution of operational processes and obtaining support,
➢ Execution of our Human Resources processes and activities,
➢ Taking workplace health and safety measures.
➢ Creation and storage of personnel files,
➢ Evaluating the applications of job applicants,
➢ Conducting recruitment processes and measuring your suitability for the position you apply for,
➢ Sending job application forms and invitations to job interviews,
➢ Conducting job interviews,
➢ Conducting interviews and using recruitment assessment tools (personality inventory, general aptitude/foreign language/field knowledge tests, etc.) through consultancy services to assess suitability for the job,
➢ Contacting the references submitted to our Company and conducting the relevant reference checks,
➢ In the event that the job application is not evaluated positively, to be contacted in order to be evaluated in future positions suitable for the person,
➢ Examination of violations of business ethics rules,
➢ Creation and storage of the personnel file during the establishment, performance and termination of your employment contract,
➢ Fulfillment of legal obligations arising from the employment contract and the legislation to which our Company is subject,
➢ Ensuring business continuity and planning and execution of business activities,
➢ Planning and execution of financial and social benefits,
➢ Determination of working hours and disability and invalidity,
➢ Planning internal and external training activities and conducting evaluations as a result of training,
➢ Participation in conferences, seminars, meetings, trainings, summits, invitations, award ceremonies, promotional and advertising events.
➢ Transfer of signed contracts, protocols, technical texts or reports to suppliers, employees, stakeholders or business partners in Turkey or abroad.
➢ Reference and sharing of photographs taken at company events or meetings on social media, company intranet.
➢ Benefiting from campaigns and advantages offered by contracted companies,
➢ Planning and executing the access authorizations of employees, keeping log records of their entries and exits to and from places they have access to,
➢ Performing recruitment examinations, periodic examinations, return-to-work examinations and sickness examinations by the workplace physician or other health personnel, as well as pregnancy follow-up and postnatal return-to-work examinations of our pregnant employees,
➢ Sending collective congratulations/condolences or get well soon messages to employees and their family members in cases of birth, death, marriage, serious illness and surgery,
➢ Providing financial, legal, computer technologies, human resources and administrative consultancy and support.

4. TRANSFER OF PROCESSED PERSONAL DATA

Your personal data, the Law on the transfer of personal data and transfer of personal data abroad
for the purposes set forth in Article 3 of this Clarification Text within the scope of the provisions of
legally authorized public institutions and organizations, law enforcement agencies, courts and enforcement offices,
third party natural and legal persons, service providers and their authorized persons, business
partners, banks, shareholders of our Company, our group companies and subsidiaries, suppliers and
may be shared with domestic and international support services and cloud service providers. This data
Regulation on Deletion, Destruction or Anonymization of Personal Data
within the framework of our policies and procedures determined in accordance
limited to the period of time required by our company, and you are no longer associated with our company, you have no reasonable or legal
deleted or anonymized where not necessary or appropriate

5. METHODS AND LEGAL GROUNDS FOR COLLECTION OF PERSONAL DATA

Lidya may collect your personal data in order for you to contact our Company and/or to establish a legal relationship
partnerships, group companies, subsidiaries, affiliates, partnerships, group companies, subsidiaries and affiliates,
third parties, including solution partners with whom we cooperate or with whom we have a contractual relationship
call center, internet, mobile applications, social media, social media, social media and social media, provided that they are from people and legal authorities.
media and other public amecras or organized trainings, organizations and similar
The above-mentioned purposes and services through the events will be carried out in accordance with Articles 5, 6 and 6 of the Law, which are written below
8. It is collected in order to be provided within the framework stipulated in the provisions of Article 8.
➢ Explicit consent,
➢ It is clearly stipulated in the legislation to which our Company is subject, including the Labor Law, Occupational Health and Safety Law, Social Insurance and General Health Insurance Law, Trade Unions and Collective Bargaining Agreement Law, Insurance Law, Tax Procedure Law, Turkish Commercial Code, Mining Law, Land Registry Law,
➢ Provided that it is directly related to the establishment or performance of a contract, it is necessary to process the personal data of the parties to the contract, to provide the requested products and services and to fulfill the requirements of the contracts you have concluded,
➢ It is mandatory for the fulfillment of the legal obligation, it is made public by the person concerned,
➢ Data processing is mandatory for the establishment, exercise or protection of a right,
➢ Data processing is mandatory for the legitimate interests of the Data Controller, provided that it does not harm the fundamental rights and freedoms of the data subject. Your special categories of personal data are collected, stored and processed based on the following reasons for compliance with the law:
➢ Your explicit consent,
➢ Personal data other than health, without seeking explicit consent in cases stipulated by law,
➢ Personal data related to health can only be collected for the purposes of protecting public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing, by persons or authorized institutions and organizations under the obligation of confidentiality, without seeking the explicit consent of the person concerned. Collected Personal Data may be saved in software, central server, database of our Company and/or Website.

6. RIGHTS OF THE DATA SUBJECT WHOSE PERSONAL DATA IS PROCESSED

In accordance with the provisions of Article 11 of the Law, you have the following rights in relation to your personal data. Within this framework, the data subject may at any time apply to the data controller and request
➢ To learn whether personal data is processed or not,
➢ If personal data has been processed; to request information regarding this,
➢ To learn the purpose of processing personal data and whether they are used in accordance with their purpose,
➢ To know the third parties to whom personal data are transferred domestically or abroad,
➢ To request correction of personal data in case of incomplete or incorrect processing and to notify the third parties to whom personal data is transferred of the transaction made within this scope
Don’t ask,
➢ To request the deletion or destruction of personal data in the event that the reasons requiring its processing disappear, although it has been processed in accordance with the provisions of the Law and other relevant laws,
➢ In case of correction, deletion or destruction of personal data, to request notification of these transactions to third parties to whom personal data are transferred,
➢ To object to the occurrence of a result to the detriment of the data subject by analyzing the processed personal data exclusively through automated systems,
➢ In case of damage due to unlawful processing of personal data, it has the right to demand compensation for the damage.

7. IF YOU WISH TO CONTACT US FOR YOUR RIGHTS AND REQUESTS

Within the scope of the above-mentioned rights, you may submit your requests to our address given above with a petition in person in accordance with Article 11 of the KVKK and the Communiqué on the Procedures and Principles of Application to the Data Controller, or you may deliver it through a notary public. In addition, in accordance with Article 5 of the “Communiqué on the Procedures and Principles of Application to the Data Controller”, you can send it to lidyamadencilik@hs01.kep.tr by using the registered electronic mail (KEP) address, secure electronic signature, mobile signature or the e-mail address you have previously notified to our Company and registered in our systems. Personal applications to be made within this scope will be accepted following the identity verification to be made by us and your requests will be finalized as soon as possible and within 30 days at the latest, depending on their nature. In case of a written response to the application, no fee will be charged up to 10 pages, and for each page over 10 pages, the transaction fee specified in Article 7 of the Communiqué on the Procedures and Principles of Application to the Data Controller may be charged. If the response to the application is given in a recording medium such as CD, flash memory, a fee equal to the cost of the recording medium may be charged.

DATA RESPONSIBLE
LİDYA MADENCİLİK SANAYİ VE TİCARET ANONİM ŞİRKETİ
Version 2.0
Date 11/03/2019
Revision 19/02/2021