As per the Law, personal data can only be processed in the presence if at least one of the conditions set forth under Articles 5 and 6 of the Law and/or required by international legislation. In this respect, as Vizio, we may rely on different legal bases, including: i) it is expressly provided for by the laws, ii) the necessity to establish a contractual relationship with you and to perform our obligations under a contract iii) complying with obligations under national and international regulations and iv) our legitimate interests provided that such interests do not have a negative impact on our customers’ fundamental rights and freedoms.

In addition to the above-listed conditions for processing personal data, we may request you to explicitly consent to the processing of your personal data. If this is the case, personal data will be processed limited to the scope of your freely given explicit consent. You may at any time revoke your explicit consent.

In this regard, personal data will be processed by Vizio, within the framework of national and international legislation, in accordance with the conditions for processing personal data set forth under Articles 5 and 6 of the Law and within the scope of the below-listed purposes:

• Establishing communication with our customer and customer relationship management

In certain circumstances, we are required to deliver certain information to our customers regarding our services. For instance, we may be required to establish communication with you via SMS, e-mail or telephone for the purposes of conveying service details.

Please be noted that the electronic messages transmitted for the purposes stated above, or for other similar service information and excluding messages transmitted for marketing purposes shall not require the consent of the recipient as per the Article 6 of the Regulation on Commercial Communication and Commercial Electronic Messages and may be transmitted to you by Vizio without obtaining your consent.

• Establishing communication with our customer and customer relationship management

Personal data relating to you may be processed for the purposes of taking necessary actions in order to provide responses to questions, requests or complaints conveyed by our customers through Digital Environments or by other written and verbal channels.

Opinions of our customers are of great importance for us. Therefore, we may process personal data while evaluating the responses provided by our customers to questions within customer satisfaction surveys, in order to evaluate the quality of our services.

• Personalization and improvement of your customer experience

In order to provide a personalized customer experience, we may process personal data for the purposes of customization of our products or services. In this regard, information concerning your previous projects, information provided within the scope of processes and communications and where deemed necessary, information obtained as a result of segmentation activities conducted upon your explicit consent may be processed for the purposes of estimating your preferences regarding your future projects and presenting customized offers.

• Notifications regarding products and services

Personal data may be processed upon consent obtained from you, in order to establish marketing communications for providing information concerning our software products and services.

• Complying with obligations to which we are subject in accordance with the related regulations and to provide information to competent authorities and organizations

Personal data relating to you may be processed for the purposes of preparing records and documents required to be prepared in accordance with the relevant legislation, in order to carry out our business activities, complying with the obligations concerning the retention of information, reporting, record keeping, informing, taxation, international sanctions and other obligations.

In this regard, personal data may be processed for the purposes of prevention, detection and investigation of crime including fraud and money laundering.

• Conducting financial and accounting operations

Personal data relating to you may be processed for the purposes of complying with obligations to inform, including identification and verification of identity and the prevention of fraudulent transactions, receiving payments and where deemed necessary, reimbursement.

• Establishing information technologies infrastructure and executing and auditing information security processes and operations

Personal data relating to you may be processed for the purposes of ensuring compliance with internal policies and procedures related to information security, management of information technologies systems as well as improving and optimizing such systems, ensuring the accessibility and reliability of such infrastructure and systems by way of back-ups and tests, improving products and services provided including statistical analysis and research on systems and programs.

• Specifying access authorizations for business partners and service providers

Within the scope of processes executed with business partners, personal data may be processed for the purposes of enabling access of business partners to required information and documentation within the framework of corporate relations, enabling access of executives and employees of third party service vendors to necessary information and documentation providing outsource services regarding technical support, customer relationship management, research and development.

Your personal data may be shared with parties who provide product or service to us or on behalf of our company and with our suppliers and business partners that we get support for the establishment, execution and termination of our relationship, including the parties collaborating with us for the purposes of providing products and services to you. Your personal data may also be shared with public institutions and private persons authorized by law within the scope of their authorization. In such cases, our company takes all precautionary measures to ensure that the parties carry processing and transfer activities in accordance with the rules stated in this Policy and other related law.

Personal data may be shared with group companies, business partners, public institutions and private persons authorized by law pursuant to conditions and purposes of processing personal data as stated under Article 8 and 9 of the Law, and may be transferred abroad, limited with the stated purposes and in accordance with the principles and procedures stated under Article 9 of the Law and decisions of the Personal Data Protection Board. In this context, your personal data may be shared with the relevant authorities and authorized third parties of the country in order to fulfill the operational requirements.

Your personal data may only be transferred abroad where;

• your explicit consent is obtained, or
• where your explicit consent is not obtained but one or more data processing condition(s) which stated in the Law are met,
• the transferred country found to be offering adequate protection by the Personal Data Protection Board decision or;
• Within the scope of the provisions in the relevant laws.
• in case of the protection in the transferred country found to be inadequate, a written undertaking to provide adequate protection between Vizio and the Data Controller that the data are being transferred to have been reached and the approval of the Personal Data Protection Board have been obtained.

Our company determines the retention periods by taking into consideration the applicable law and purposes of data processing. In this respect, where applicable, we particularly consider the issues of period of limitation and legal obligations regarding the processing of personal data. Once the purpose for processing personal data ceases, unless another legal reason or basis allowing the retention of the personal data exists, data will be deleted, destroyed or anonymized.

As Vizio, we utilize technologies such as cookies, pixels, GIFs (“Cookies”) to improve your user experience during your use of our websites and applications. The use of these technologies is in accordance with the Law and other related regulations that we are subjected to.

Your personal data may be processed while your use of Digital Platforms to manage and operate the Website, to perform activities for optimizing and improving the user experience related to the Website, to detect in what ways the Website is being used, to support and enhance the use of location based tools, to manage your online accounts and to inform you about the services offered near you.

In case you desire to benefit from the offered product and services, your personal data will be processed only to make you get such product and services.

You can easily use your rights mentioned above and easily communicate the related requests to us via contact information below.

We take all appropriate technical and organizational measures to safeguard your personal data and to mitigate risks arising in connection with unauthorized access, accidental data loss, deliberate erasure of or damage to personal data.

In this respect Vizio;

• Ensures data security by utilizing protection systems, firewalls and other software and hardware containing intrusion prevention systems against virus and other malicious software,
• Access to personal data within our company is carried out in a controlled process in accordance with the nature of the data and within the framework of the authority on the basis of unit / role / practice,
• Ensures the conduct of necessary audits to implement the provisions of the Law, in accordance with Article 12 of the Law,
• Ensures the lawfulness of the data processing activities by way of internal policies and procedures,
• In case of external access to personal data due to procurement of outsource services, Vizio obliges the relevant third party to undertake to comply with the provisions of the Law,
• It takes necessary actions to inform all employees, especially those who have access to personal data, about their duties and responsibilities within the scope of the Law.

Explicit Consent: Consent that is provided for a specific subject, upon being informed and freely given.

Anonymization: Rendering personal data by no means identified or identifiable with a natural person even by linking with other data.

Related Person/Data Subject: Refers to the natural person whose personal data are processed.

Personal Data: Refers to any information relating to an identified or identifiable natural person.

Processing of Personal Data: Refers to any operation that is performed upon personal data such as collection, recording, storage, preservation, alteration, adaptation, disclosure, transfer, retrieval, making available for collection, categorization or blocking its use by wholly or partly automatic means or otherwise than by automatic means which form part of a filing system.

Data Recording System: Refers to the registration system in which personal data is configured and processed according to certain criteria.

Data Controller: The natural or legal person determining the purposes and means of the processing of personal data and who is responsible for the establishment and management of a data recording system.