I. OBJECTIVE

As Papilon Savunma-Güvenlik Sistemleri Bilişim Mühendislik Hizmetleri İthalat İhracat Sanayi ve Ticaret A.Ş. (“Papilon” or “Our Company”) we attach great importance to ensuring the confidentiality and security of the personal data of our clients who get in contact with us personally or on behalf of a company or an institution, our investors (shareholders), our employees, suppliers and business partners as well as other real persons who establish a contact with us for job application or by visiting our website or in any other way. Within this scope, in order to explain our rules and policies regarding personal data processing activities carried out by our Company within the framework of the Law on the Protectioın of the Personal Data No.6698 ("KVK Law") and to inform the data owners and to ensure transparency, this Policy on the Protection of Personal Data ("Policy”) has been issued. Expressions such as "we" and "our" in this Policy are used to refer to Papilon, unless clearly stated otherwise.

II. FIELD OF APPLICATION

This Policy is in the nature of a general clarification notification prepared in accordance with Article 10 of the Law on Protection of the Personal Data, which sets the rules and policies to be applied by Papilon regarding the processing of personal data and the rights of the data owner. Depending on the type and nature of the relationship between Papilon and the data owner, it is possible for Papilon to provide data owners with different personal data policies and/or notifications from this Policy. These special policies and notifications provided to data owners may contain issues that are different from or in addition to the explanations in this Policy. In this case, the said specific policies and notifications provided to data owners should be considered first.

III. RULES FOR THE PROCESSING OF PERSONAL DATA

1. "Personal Data" Definition

In article 3/I (d) of the KVK Law, "personal data", is defined as all kinds of information about real persons whose identity is identified or can be identified. In this context, anonymous data and data that cannot be associated with a specific person are not considered as personal data within the scope of this Policy. Personal data are divided into two groups as general data and special data. Pursuant to Article 6 of the Law on KVK, a real person's race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, appearance, association, foundation or union membership, health, sexual life, criminal conviction and security measures, biometric and genetic data are considered special quality personal data. In the case of processing data of special nature, special rules stipulated in the KVK Law are followed.

2. General Principles Regarding the Processing of Personal Data

In accordance with Article 3/I (e) of the KVK Law, "data processing" refers to refers to all kinds of operations that can be performed on personal data such as; acquiring, recording, storing, preserving, changing, reorganizing, disclosing, transferring, taking over, making available, classifying or blocking the usage of the personal data through fully or partially automatic means or non-automatic means provided that they are part of any data recording system . As Papilon, we process personal data in accordance with the following principles, within the framework of the purposes stated under the heading of "Processing Purposes of Personal Data" of this Policy:

• Processing in accordance with the rules of law and honesty,
• Keeping them accurate and up-to-date when necessary,
• Processing for specific, clear, and legitimate purposes,
• Being relevant, limited, and proportionate to the purposes for which they are processed,
• Storing them for the period of time stipulated by the relevant legislation or the period deemed necessary for the purpose of the processing.

3. Data Processed by Papilon

Papilon may process general and special personal data with the explicit consent of the data owner or without explicit consent in cases stipulated in Articles 5 and 6 of the KVK Law. Which data will be processed by Papilon for each data owner may vary depending on various factors such as the type and nature of the relationship between the data owner and Papilon and the communication channels used. In this context, some of the general and special data processed by Papilon are given below.

• Data such as name-surname, profession, title, institution/organization information, educational background, employment history, gender, marital status, citizenship status and other personal information and information about the guardian, custodian and proxy, if any,
• Data such as date of birth, place of birth, ID number and photograph in identification documents such as identity card, passport, driver's license,
• Contact information such as address, telephone, e-mail and fax number of the home, workplace or temporary residence,
• Visual and audio recordings,
• Customer and procurement process data,
• Communication records such as electronic mail correspondence with Papilon;Visual and audio recordings,
• Internet protocol (IP) address, device ID, unique identifier information, device type, advertisement ID, unique device icon, statistics on web page views, incoming and outgoing traffic information, routing URL, internet log information, location information, information about the transactions and actions carried out through our visited sites and websites, our platforms, our internet network and our advertisements and electronic mail contents.

4. Purposes of Processing your Personal Data

As Papilon, we may process personal data for the following purposes and store for the period required by these purposes:

• To carry out the work and transactions requested by the data owner or to carry out the necessary work and transactions in line with their legitimate interests, provided that they are related to them.
• Establishment and execution of contracts,
• Establishing and developing the company's human resources policies, meeting the employee needs of the company within the framework of these policies, and executing and developing recruitment processes,
• Carrying out our activities in accordance with the legislation,
• Tailoring and improving our services to our customers, providing effective customer service,
• Ensuring and developing coordination, cooperation and efficiency in and between units within our company,
• Ensuring the security of our company's website and other electronic systems and physical environments,
• Conducting investor relations, organizing events for investor satisfaction within this scope,
• Participation in special day celebrations, sweepstakes or competitions, giving gifts and other similar events, promotions and campaigns in favor of the data owner,
• Conducting communication activities,
• Getting your opinion through surveys and voting,
• Investigating, detecting, preventing and reporting violations of the contract and the law to the relevant administrative or judicial authorities,
• Carrying out financial and accounting works,
• To follow up and execute legal affairs,
• Responding requests and enquiries.

5. Domestic and Abroad Persons and Organizations to which Personal Data can be Transferred

Papilon may transfer personal data to third parties at home and abroad for the purposes set out under the heading of this Policy "Purposes of Processing Personal Data" , provided that it complies with the conditions stipulated in the KVK Law and takes the necessary security measures and may store them on servers or other electronic media at home and abroad. Although the third parties to whom personal data can be transferred may vary depending on various factors such as the type and nature of the relationship between the data owner and Papilon, they are generally as follows:

• Real/legal entities to whom the data owner wants to be transferred
• Enterprise companies,
• Authorized institutions and organizations,
• Business partners,
• Suppliers,
• Sub-contractors.

Papilon does not share the acquired personal data with others for the promotion and marketing activities of third parties without the explicit and private consent of the data owner.

6. Methods of Collecting Personal Data

Papilon may collect personal data in written, verbal or other physical or electronic forms for the purposes specified under the heading "Processing Purposes of Personal Data" of this Policy. Although the type and nature of the relationship between the data owner and Papilon may vary depending on various factors, themethods used for collecting personal data are as follows in general:

• Directly from the data owner through physical and electronic media where the data owner communicates with our Company,
• The persons and institutions represented by the data owner/representing the data owner,
• Persons, institutions and organizations indicated as a reference in job applications or included in the applicant's work and education history,
• Through the company's subcontractors, business partners or other contracted persons and organizations,
• Through social media or other public channels.

7. Legal Reasons Regarding the Processing of Personal Data

As Papilon, we process your personal data based on your explicit consent or for the following legal reasons:

• In the event that it is clearly stipulated by the laws,
• When it is necessary to process your personal data since it is directly related to the establishment or performance of a contract with you,
• When it is compulsory for our legal obligation to be fulfilled,
• When the data has been made public by you personally,
• In the event that data processing is compulsory for the establishment, use or protection of a right,
• When data processing is compulsory for our legitimate interests, provided that it does not harm your fundamental rights and freedoms.

8. Storage Period of Personal Data

As Papilon, we store personal data only for the period necessary to achieve the purposes specified in this Policy, except where a longer period is legally required or a longer period is permitted. Personal data the storage period of which has expired are deleted, destroyed or anonymized by us within the framework of Article 7 of the KVK Law.

9. Rights of Data Owner

The personal data owners, in accordance with Article 11 of the Law, have the rights to learn whether their personal data is processed , to request information regarding this if it has been processed, to learn the purpose of the data processing and whether the data is used relevantly, to know the third parties to whom the data is transferred, to request correction in case the data is incomplete or incorrectly processed, to request deletion or destruction of the data if the reasons for processing the data disappear and to notify the third parties to whom the data is transferred, to object to the occurrence of a result against them by analyzing the processed data exclusively through automated systems, to claim compensation for damages in case they suffer damage due to unlawful processing of the personal data. As a data owner, if you want to use any of your rights specified in Article 11 of the KVK Law, you can fill in the Data Owner Application Form and send it to us by filling out for your requests to be evaluated more properly. Papilon will finalize the request of the data owners within thirty days at the latest, according to the 13th article of the KVK Law, depending on the nature of the request. Although the requests of the data owners will be concluded free of charge as a rule, if the response of the request requires an additional cost, the data owner may be requested to pay the fee determined within the framework of the relevant legislation.

IV. REVISIONS TO THE POLICY

Papilon may perform revisions in this Policy at various times. The updated version of the Policy prepared by our company can be accessed on the Papilon website and the revisions that can be made in the Policy can be followed on the Papilon website.

As a rule, revisions will be made by uploading them to Papilon's website and will become effective as of this date, but Papilon may notify these revisions in other ways it deems appropriate.

You acknowledge and declare that you understand that your personal data may be processed, transferred and stored in accordance with the Law on the Protection of Personal Data No.6698 (“Law”), by our website www.seesign.com.tr or the SeeSign App, the mobile application integrated to the website, by Papilon Savunma-Güvenlik Sistemleri Bilişim Mühendislik Hizmetleri İthalat İhracat Sanayi ve Ticaret A.Ş. (“Papilon” or “Our Company”) within the framework of the following purposes and conditions.

1. Purposes of Processing your Personal Data

As Papilon, we may process your personal data in accordance with the conditions stipulated in Articles 4, 5 and 6 of the Law on Protection of Personal Data; for the pursopes of creating and finalizing your user account, getting into contact with you, utilization, access development and improvement of www.seesign.com.tr website or the SeeSign App, which is a mobile application integrated to the website, fulfillment of our company's legal, administrative or contractual obligations, limited to the services provided by us performing any online transactions as you request as a user, receiving your opinion through surveys and polls, responding your requests and enquiries, to ensure the security of our company's website and other electronic systems and physical environments, even if you have not made any online transaction in case that you have created an account and we may keep said data by taking the necessary security measures for the period required by these purposes.

2. Contacts and Transfer Purposes for Transferring Your Personal Data

We may transfer your personal data to real/legal entities, enterprise companies, authorized public institutions and organizations, partners, suppliers or subcontractors where the Data owner requests the transfer of the personal data for the purposes limited to the purposes set out in Article (1) of this Notice above and by taking the necessary security measures. At Papilon, we may process and store your personal data on servers or other electronic media in Turkey or abroad, provided that all necessary security measures are taken.

3. Methods of Collecting Personal Data

We may acquire your personal data via the workplaces and other physical environments and websites, mobile applications, other electronic media, social media or other public channels, or through other enterprise companies or other contracted persons and institutions or authorized public institutions and organizations that you got in contact for creating a user account as well as in other ways.

4. Legal Reasons Regarding the Processing of Your Personal Data

We may process your personal data based on your explicit consent, or without your explicit consent in cases where (i) data processing is explicitly stipulated by law, (ii) data processing is required provided that it is directly related to the establishment or execution of a contract, (iii) data processing is compulsory for fulfilling a legal obligation, (iv) data is made public by you personally, (v) data processing is compulsory for the establishment, exercise or protection of a right, or (vi) data processing is compulsory for our legitimate interests provided that it does not harm your fundamental rights and freedoms.

5. Your Rights as Personal Data Owner

As a personal data owner, in accordance with Article 11 of the Law, you have the rights to learn whether your personal data is processed as, to request information regarding this if it has been processed, to learn the purpose of the data processing and whether your data is used relevantly, to know the third parties to whom your data is transferred, to request correction in case your data is incomplete or incorrectly processed, to request deletion or destruction of your data if the reasons for processing your data disappear and to notify the third parties to whom your data is transferred, to object to the occurrence of a result against you by analyzing the processed data exclusively through automated systems, to claim compensation for your damage in case you suffer damage due to unlawful processing of your personal data.In accordance with Article 13 of the Law, if you want to use any of your rights as a personal data owner, you can send your request to “Mebusevleri Mah. Ergin Sok. No: 9/1 Çankaya/Ankara” in person or through a notary public or by electronic mail (KEP) registered to our registered e-mail address papilon@hs01.kep.tr or info@papilon.com. You can send it to our e-mail address tr using secure electronic signature, mobile signature or the e-mail address you have previously notified to us and registered in our system.

I.GENERAL

As the Papilon Savunma-Güvenlik Sistemleri Bilişim Mühendislik Hizmetleri İthalat İhracat Sanayi ve Ticaret A.Ş. (“Papilon”, “we” or “Our Company”) we may use technologies such as cookies or pixel tags, flash cookies and web beacons and such that allow certain data to be recorded and collected on users' computers, mobile phones, tablets or other devices used for access while accessing the website on www.seesign.com.tr (“Website”), to our mobile applications, electronic platforms and other applications and to the electronic mail messages that we send to you or to the advertisements. In this Policy, the term "cookie" is used to refer to cookies and similar technologies that can be used by Papilon.

Although it is possible to acquire personal data of users through cookies, any data collected through cookies may not be qualified as personal data. If the data acquired through cookies are personal data within the framework of Turkish law, the provisions of Personal Data Protection Policy available at www.seesign.com.tr shall apply. In this context, we recommend that you read our Personal Data Protection Policy to learn about how your personal data can be processed and how you can exercise your rights in this context.

II.COOKIE TYPES

Cookies can be categorized in terms of duration or the domain name they belong to.

1.Cookies are classified into "session cookies" and "persistent cookies" in terms of duration:

1. Session Cookies:

   Session cookies are used in each session that the Website or Papilon's other applications or environments are visited and are automatically deleted upon leaving the Site or application.

2. Persistent Cookies

   Persistent cookies are saved on the computer or other device used by the user during access for a predetermined fixed period and are not automatically deleted when the session or application is closed. Persistent cookies are used when we need to remember who you are over more than one session.

2.Cookies are classified according to the domain they belong to in two groups as related party cookie and third party cookie:

1. Related party cookie:

   Related party cookies refer to cookies placed by the visited domain.

2. Third party cookie:

   Third party cookies refer to cookies placed by a domain other than the one visited. There is a third party cookie if people outside the visited domain, place cookies on the user's device over the visited domain.

III.COOKIES INTENDED USE

As Papilon, we may use the cookies we use on our website and other websites, platforms, applications, advertisements and messages for the following purposes:

1. Operational uses:

   We may use cookies that are deemed necessary for the control and security of our website and other sites, platforms, applications or services. Examples of cookies used for operational purposes are technologies that allow the use of functions on the website, applications and platforms, and cookies used to detect irregular behavior in these channels.

2. Functional uses:

   We may use necessary cookies to facilitate the use of the website and other sites, platforms, applications or services or to customize them for our users. Technologies that allow us to remember user information and preferences are examples of functional use of the cookies.

3. Performance uses:

   We may also use the necessary cookies to increase and measure the performance of the website and other sites, platforms, applications or services. Examples of cookies used for this purpose; Technologies that allow us to understand how users use our websites, applications, platforms and services, and analyze user behavior, that allow us to understand whether we interact with the messages we send with cookies.

4. Advertising uses:

   We may use related party cookies and third party cookies in order to transmit advertisements and similar content aimed at the interests of users through the websites, platforms and applications belonging to Papilon or third parties. Examples of uses for advertising purposes are cookies that measure the effectiveness of ads, and cookies that indicate whether a particular ad was clicked or how many times the ad was viewed.

IV.REJECTING AND DELETING COOKIES

Most browsers are set to automatically accept cookies by default. However, users can reject or delete cookies at any time by changing their browser settings. The method of changing the settings varies according to the browser used, and how to disable cookies should be learned from the service provider for the browser used. You can generally reject cookies in the following ways:

1. by changing your browser settings to notify you when you receive cookies,
2. by disabling existing cookies,
3. by setting your browser to automatically reject cookies.

If cookies are disabled, you may not be able to take advantage of some features of our Website and other websites, applications, platforms or services.

V.AUTHORIZED-SERVICE PROVIDERS

As Papilon, we can get assistance from some service providers authorized by us for the execution and promotion of our website, platforms, applications and services. These service providers authorized by our company can also place cookies and similar technologies (third party cookies) on users' computers and other devices and collect information such as IP address, unique identifier and device identifier to identify the user device.

VI.THIRD PARTY SITE, PRODUCTS AND SERVICES

Our website and our other websites, platforms or applications may contain links to third party websites, products and services. The links in question are subject to the cookies and privacy policies of third parties, and it should be aware that third parties and third party sites are independent from Papilon and Papilon is not responsible for third parties' cookies and privacy practices. In case of visiting the linked websites, we recommend reading the cookies and privacy policies of these sites.