Kişisel Verilerin Korunması ve Gizlilik Politikası

As Kynic Agent, we process your personal data as a data controller in accordance with GDPR (General Data Protection Regulation) and relevant legislation for the following purposes: **Personal Data Collected:** • Identity Information: Name, surname, identification number (when required) • Contact Information: Email address, phone number, address • Customer Transaction Information: Order history, payment details, billing address • Transaction Security Information: IP address, cookie records, log files • Marketing Information: User preferences, interests, interaction data **Processing Purposes:** • Establishment and performance of service contracts • Fulfillment of legal obligations • Protection of our legitimate interests • Conducting communication activities • Customer satisfaction measurements

Your personal data is processed in accordance with the conditions specified in Articles 6 and 9 of GDPR: **Legal Basis:** • Your explicit consent • Necessity for the performance or establishment of a contract • Compliance with a legal obligation • Necessity for the purposes of legitimate interests **Data Processing Principles:** • Processed lawfully, fairly and transparently • Collected for specified, explicit and legitimate purposes • Adequate, relevant and limited to what is necessary • Accurate and kept up to date • Kept for no longer than necessary • Processed in a manner that ensures appropriate security

We implement appropriate technical and organizational measures to ensure the security of your personal data in accordance with Article 32 of GDPR: **Technical Security Measures:** • AES-256 bit encryption for data protection • TLS 1.3 protocol for secure data transmission • Hosting in secure data centers (Tier III/IV) • Regular security testing and penetration testing • Automatic backup and disaster recovery systems • Two-factor authentication (2FA) **Organizational Security Measures:** • Data processing policies and procedures • Staff privacy and security training • Access authorization and logging systems • Confidentiality agreements and undertakings • Regular audit and control mechanisms

Your personal data may be transferred to third parties domestically and internationally under the conditions specified in Articles 44-50 of GDPR: **Domestic Transfers:** • Our business partners (Payment systems, cloud service providers) • Legal advisors and auditors • Authorized public institutions and organizations • Courts and enforcement offices **International Transfers:** • AWS (United States, European Region) • Google Cloud Platform (European Region) • Transfers are made where adequate protection exists in the recipient country, or where adequate protection does not exist, with your explicit consent Confidentiality agreements are signed and adequate security standards are required for all data transfers.

As a data subject under Article 15-22 of GDPR, you have the following rights: **1. Right of Access** You have the right to obtain confirmation as to whether personal data concerning you is being processed. **2. Right to Information** If processed, you can request information about it. **3. Right to Know Processing Purpose** You can learn the purpose of processing and whether they are used in accordance with their purpose. **4. Right to Know Third Parties** You have the right to know third parties to whom personal data is transferred domestically or abroad. **5. Right to Rectification** You can request the rectification of incomplete or inaccurate personal data. **6. Right to Erasure** You can request the deletion or destruction of personal data under the conditions stipulated in Article 17 of GDPR. **7. Right to Notification** You can request that rectification, erasure or destruction operations are notified to third parties to whom personal data has been transferred. **8. Right to Object** You have the right to object to the processing of your personal data. **9. Right to Lodge a Complaint** You have the right to lodge a complaint with your supervisory authority. **Application Method:** To exercise your rights, you can apply in writing with identity verification documents to privacy@kynicagent.com or our company address. Your applications will be concluded free of charge within 30 days.

Cookies are used on our website to improve user experience: **Strictly Necessary Cookies:** These cookies are essential for the basic functions of the website. Used for session management and security purposes. **Functional Cookies:** Used to remember your preferences and provide personalized experience. **Analytics Cookies:** Used to collect website usage statistics with tools like Google Analytics. This data is collected anonymously. **Marketing Cookies:** Used to measure the effectiveness of advertising campaigns. Your explicit consent is required for these cookies. **Cookie Management:** You can delete or block cookies from your browser settings. However, in this case, some site features may not work. You can review our detailed Cookie Policy on our website.